From a34016184668ca14ae80ddc165db60cad5101c89 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Mon, 19 Nov 2007 00:17:56 +0000
Subject: Do not logout session if the user does not have access to a page.  We
 should also hide menu items that user does not have access to.

---
 etc/inc/authgui.inc | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc
index 9e83157..8d1b30f 100644
--- a/etc/inc/authgui.inc
+++ b/etc/inc/authgui.inc
@@ -115,8 +115,7 @@ if (!(isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']))) {
       echo "||Access to AJAX has been disallowed for this user.";
       exit;
     }
-
-
+    
     if ($pagereq <> "" && (in_array($pagereq, $allowed) || in_array("ANY", $allowed))) {
       pfSenseHeader("{$home}");
       exit;
@@ -145,14 +144,10 @@ if (!(isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']))) {
 function display_error_form($http_code, $desc) {
   global $config, $g;
   $g['theme'] = $config['theme'];
-
-	logout_session();
-
 	if(isAjax()) {
 		echo "Error: {$http_code} Description: {$desc}";
 		return;
 	}
-
   $htmlstr = <<<EOD
 <html>
   <head>
-- 
cgit v1.1