From 6b07c15ad870f24e783a23c4a64fbb73958543ad Mon Sep 17 00:00:00 2001
From: Matthew Grooms <mgrooms@pfsense.org>
Date: Fri, 1 Aug 2008 06:30:34 +0000
Subject: Rewrite the pfsense privilege system with the following goals in mind
 ...

1) Redefine page privileges to not use static urls
2) Accurate generation of privilege definitions from source
3) Merging the user and group privileges into a single set
4) Allow any privilege to be added to users or groups w/ inheritance
5) Cleaning up the related WebUI pages
---
 usr/local/www/carp_status.php                      |   8 +
 usr/local/www/diag_arp.php                         |   8 +
 usr/local/www/diag_backup.php                      |   8 +
 usr/local/www/diag_confbak.php                     |   8 +
 usr/local/www/diag_defaults.php                    |   8 +
 usr/local/www/diag_dhcp_leases.php                 |   8 +
 usr/local/www/diag_dump_states.php                 |   8 +
 usr/local/www/diag_ipsec.php                       |   8 +
 usr/local/www/diag_ipsec_sad.php                   |   8 +
 usr/local/www/diag_ipsec_spd.php                   |   8 +
 usr/local/www/diag_logs.php                        |   8 +
 usr/local/www/diag_logs_auth.php                   |   8 +
 usr/local/www/diag_logs_dhcp.php                   |   8 +
 usr/local/www/diag_logs_filter.php                 |   8 +
 usr/local/www/diag_logs_filter_dynamic.php         |   8 +
 usr/local/www/diag_logs_ipsec.php                  |   8 +
 usr/local/www/diag_logs_ntpd.php                   |   8 +
 usr/local/www/diag_logs_openvpn.php                |   8 +
 usr/local/www/diag_logs_relayd.php                 |   8 +
 usr/local/www/diag_logs_settings.php               |   8 +
 usr/local/www/diag_logs_slbd.php                   |   8 +
 usr/local/www/diag_logs_vpn.php                    |   8 +
 usr/local/www/diag_packet_capture.php              |   8 +
 usr/local/www/diag_ping.php                        |   8 +
 usr/local/www/diag_pkglogs.php                     |   8 +
 usr/local/www/diag_resetstate.php                  |   8 +
 usr/local/www/diag_routes.php                      |   8 +
 usr/local/www/diag_traceroute.php                  |   8 +
 usr/local/www/edit.php                             |   8 +
 usr/local/www/exec.php                             |  29 ++
 usr/local/www/exec_raw.php                         |   8 +
 usr/local/www/firewall_aliases.php                 |   8 +
 usr/local/www/firewall_aliases_edit.php            |   8 +
 usr/local/www/firewall_aliases_import.php          |   8 +
 usr/local/www/firewall_nat.php                     |   8 +
 usr/local/www/firewall_nat_1to1.php                |   8 +
 usr/local/www/firewall_nat_1to1_edit.php           |   8 +
 usr/local/www/firewall_nat_edit.php                |   8 +
 usr/local/www/firewall_nat_out.php                 |   8 +
 usr/local/www/firewall_nat_out_edit.php            |   8 +
 usr/local/www/firewall_nat_server.php              |   8 +
 usr/local/www/firewall_nat_server_edit.php         |   8 +
 usr/local/www/firewall_rules.php                   |   8 +
 usr/local/www/firewall_rules_edit.php              |   8 +
 usr/local/www/firewall_schedule.php                |   8 +
 usr/local/www/firewall_schedule_edit.php           |   8 +
 usr/local/www/firewall_shaper.php                  |   8 +
 usr/local/www/firewall_shaper_queues.php           |   8 +
 usr/local/www/firewall_shaper_vinterface.php       |   8 +
 usr/local/www/firewall_shaper_wizards.php          |   8 +
 usr/local/www/firewall_system_tunables.php         |   8 +
 usr/local/www/firewall_system_tunables_edit.php    |   8 +
 usr/local/www/firewall_virtual_ip.php              |   8 +
 usr/local/www/firewall_virtual_ip_edit.php         |   8 +
 usr/local/www/graph.php                            |   8 +
 usr/local/www/graph_cpu.php                        |   8 +
 usr/local/www/guiconfig.inc                        |   3 +-
 usr/local/www/halt.php                             |   8 +
 usr/local/www/headjs.php                           |  34 +-
 usr/local/www/ifstats.php                          |   8 +
 usr/local/www/index.php                            |   8 +
 usr/local/www/interfaces.php                       |   8 +
 usr/local/www/interfaces_assign.php                |   8 +
 usr/local/www/interfaces_gif.php                   |   8 +
 usr/local/www/interfaces_gif_edit.php              |   8 +
 usr/local/www/interfaces_gre.php                   |   8 +
 usr/local/www/interfaces_gre_edit.php              |   8 +
 usr/local/www/interfaces_lan.php                   |   8 +
 usr/local/www/interfaces_ppp.php                   |   8 +
 usr/local/www/interfaces_ppp_edit.php              |   8 +
 usr/local/www/interfaces_vlan.php                  |   8 +
 usr/local/www/interfaces_vlan_edit.php             |   8 +
 usr/local/www/interfaces_wan.php                   |   8 +
 usr/local/www/interfaces_wlan_scan.php             |   8 +
 usr/local/www/license.php                          |  35 +-
 usr/local/www/load_balancer_pool.php               |   8 +
 usr/local/www/load_balancer_pool_edit.php          |   8 +
 usr/local/www/load_balancer_virtual_server.php     |   8 +
 .../www/load_balancer_virtual_server_edit.php      |   8 +
 usr/local/www/pkg.php                              |   8 +
 usr/local/www/pkg_edit.php                         |   8 +
 usr/local/www/pkg_mgr.php                          |   8 +
 usr/local/www/pkg_mgr_install.php                  |   8 +
 usr/local/www/pkg_mgr_installed.php                |   8 +
 usr/local/www/reboot.php                           |   8 +
 usr/local/www/services_captiveportal.php           |   8 +
 .../www/services_captiveportal_filemanager.php     |   8 +
 usr/local/www/services_captiveportal_ip.php        |   8 +
 usr/local/www/services_captiveportal_ip_edit.php   |   8 +
 usr/local/www/services_captiveportal_mac.php       |   8 +
 usr/local/www/services_captiveportal_mac_edit.php  |   8 +
 usr/local/www/services_captiveportal_users.php     |   8 +
 .../www/services_captiveportal_users_edit.php      |   8 +
 usr/local/www/services_dhcp.php                    |   8 +
 usr/local/www/services_dhcp_edit.php               |   8 +
 usr/local/www/services_dhcp_relay.php              |   8 +
 usr/local/www/services_dnsmasq.php                 |   8 +
 .../www/services_dnsmasq_domainoverride_edit.php   |   8 +
 usr/local/www/services_dnsmasq_edit.php            |   8 +
 usr/local/www/services_dyndns.php                  |   8 +
 usr/local/www/services_dyndns_edit.php             |   8 +
 usr/local/www/services_proxyarp.php                |   8 +
 usr/local/www/services_proxyarp_edit.php           |   8 +
 usr/local/www/services_rfc2136.php                 |   8 +
 usr/local/www/services_snmp.php                    |   8 +
 usr/local/www/services_usermanager.php             |   8 +
 usr/local/www/services_wol.php                     |   8 +
 usr/local/www/services_wol_edit.php                |   8 +
 usr/local/www/status.php                           |  29 ++
 usr/local/www/status_captiveportal.php             |   8 +
 usr/local/www/status_filter_reload.php             |   8 +
 usr/local/www/status_gateway_groups.php            |   8 +
 usr/local/www/status_gateways.php                  |   8 +
 usr/local/www/status_graph.php                     |   8 +
 usr/local/www/status_graph_cpu.php                 |   8 +
 usr/local/www/status_interfaces.php                |   8 +
 usr/local/www/status_ovpn.php                      |   8 +
 usr/local/www/status_queues.php                    |   8 +
 usr/local/www/status_rrd_graph.php                 |   8 +
 usr/local/www/status_rrd_graph_settings.php        |   8 +
 usr/local/www/status_services.php                  |   8 +
 usr/local/www/status_slbd_pool.php                 |   8 +
 usr/local/www/status_slbd_vs.php                   |   8 +
 usr/local/www/status_upnp.php                      |   8 +
 usr/local/www/status_wireless.php                  |   8 +
 usr/local/www/system.php                           |   8 +
 usr/local/www/system_advanced.php                  |   8 +
 usr/local/www/system_advanced_create_certs.php     |   8 +
 usr/local/www/system_firmware.php                  |   8 +
 usr/local/www/system_firmware_auto.php             |   8 +
 usr/local/www/system_firmware_check.php            |   8 +
 usr/local/www/system_firmware_settings.php         |   8 +
 usr/local/www/system_gateway_groups.php            |   8 +
 usr/local/www/system_gateway_groups_edit.php       |   8 +
 usr/local/www/system_gateways.php                  |   8 +
 usr/local/www/system_gateways_edit.php             |   8 +
 usr/local/www/system_groupmanager.php              | 472 ++++++++++-----------
 usr/local/www/system_groupmanager_addprivs.php     | 182 ++++++++
 usr/local/www/system_routes.php                    |   8 +
 usr/local/www/system_routes_edit.php               |   8 +
 usr/local/www/system_usermanager.php               | 337 +++++++++------
 usr/local/www/system_usermanager_addprivs.php      | 181 ++++++++
 usr/local/www/system_usermanager_edit.php          | 281 ------------
 usr/local/www/system_usermanager_settings.php      |  10 +-
 usr/local/www/system_usermanager_settings_test.php |   8 +
 usr/local/www/uploadconfig.php                     |   8 +
 usr/local/www/vpn_ipsec.php                        |   8 +
 usr/local/www/vpn_ipsec_ca.php                     |   8 +
 usr/local/www/vpn_ipsec_ca_edit.php                |   8 +
 usr/local/www/vpn_ipsec_mobile.php                 |   8 +
 usr/local/www/vpn_ipsec_phase1.php                 |   8 +
 usr/local/www/vpn_ipsec_phase2.php                 |   8 +
 usr/local/www/vpn_openvpn_certs_create.php         |   8 +
 usr/local/www/vpn_openvpn_certs_existing.php       |   8 +
 usr/local/www/vpn_openvpn_cli_edit.php             |   8 +
 usr/local/www/vpn_openvpn_create_certs.php         |   8 +
 usr/local/www/vpn_openvpn_crl_edit.php             |   8 +
 usr/local/www/vpn_openvpn_srv_edit.php             |   8 +
 usr/local/www/vpn_pppoe.php                        |   8 +
 usr/local/www/vpn_pppoe_users.php                  |   8 +
 usr/local/www/vpn_pppoe_users_edit.php             |   8 +
 usr/local/www/vpn_pptp.php                         |   8 +
 usr/local/www/vpn_pptp_users.php                   |   8 +
 usr/local/www/vpn_pptp_users_edit.php              |   8 +
 usr/local/www/wizard.php                           |   8 +
 usr/local/www/xmlrpc.php                           |   8 +
 166 files changed, 2173 insertions(+), 660 deletions(-)
 create mode 100644 usr/local/www/system_groupmanager_addprivs.php
 create mode 100644 usr/local/www/system_usermanager_addprivs.php
 delete mode 100644 usr/local/www/system_usermanager_edit.php

(limited to 'usr/local/www')

diff --git a/usr/local/www/carp_status.php b/usr/local/www/carp_status.php
index 93c5b39..f9bd9ad 100755
--- a/usr/local/www/carp_status.php
+++ b/usr/local/www/carp_status.php
@@ -26,6 +26,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-carp
+##|*NAME=Status: CARP page
+##|*DESCR=Allow access to the 'Status: CARP' page.
+##|*MATCH=carp_status.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 require_once("xmlparse.inc");
 
diff --git a/usr/local/www/diag_arp.php b/usr/local/www/diag_arp.php
index 5d699dd..00f9b60 100755
--- a/usr/local/www/diag_arp.php
+++ b/usr/local/www/diag_arp.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-arptable
+##|*NAME=Diagnostics: ARP Table page
+##|*DESCR=Allow access to the 'Diagnostics: ARP Table' page.
+##|*MATCH=diag_arp.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 function leasecmp($a, $b) {
diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php
index cf89350..2ddf48f 100755
--- a/usr/local/www/diag_backup.php
+++ b/usr/local/www/diag_backup.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-backup/restore
+##|*NAME=Diagnostics: Backup/restore page
+##|*DESCR=Allow access to the 'Diagnostics: Backup/restore' page.
+##|*MATCH=diag_backup.php*
+##|-PRIV
+
+
 /* Allow additional execution time 0 = no limit. */
 ini_set('max_execution_time', '3600');
 ini_set('max_input_time', '3600');
diff --git a/usr/local/www/diag_confbak.php b/usr/local/www/diag_confbak.php
index f2cfc9b..8990008 100755
--- a/usr/local/www/diag_confbak.php
+++ b/usr/local/www/diag_confbak.php
@@ -27,6 +27,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-configurationhistory
+##|*NAME=Diagnostics: Configuration History page
+##|*DESCR=Allow access to the 'Diagnostics: Configuration History' page.
+##|*MATCH=diag_confbak.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if($_GET['newver'] != "") {
diff --git a/usr/local/www/diag_defaults.php b/usr/local/www/diag_defaults.php
index ee0244e..988cca3 100755
--- a/usr/local/www/diag_defaults.php
+++ b/usr/local/www/diag_defaults.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-factorydefaults
+##|*NAME=Diagnostics: Factory defaults page
+##|*DESCR=Allow access to the 'Diagnostics: Factory defaults' page.
+##|*MATCH=diag_defaults.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if ($_POST) {
diff --git a/usr/local/www/diag_dhcp_leases.php b/usr/local/www/diag_dhcp_leases.php
index 54a2170..a6bbd45 100755
--- a/usr/local/www/diag_dhcp_leases.php
+++ b/usr/local/www/diag_dhcp_leases.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-dhcpleases
+##|*NAME=Status: DHCP leases page
+##|*DESCR=Allow access to the 'Status: DHCP leases' page.
+##|*MATCH=diag_dhcp_leases.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pgtitle = array("Status","DHCP leases");
diff --git a/usr/local/www/diag_dump_states.php b/usr/local/www/diag_dump_states.php
index 5202e05..8a66467 100755
--- a/usr/local/www/diag_dump_states.php
+++ b/usr/local/www/diag_dump_states.php
@@ -26,6 +26,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-showstates
+##|*NAME=Diagnostics: Show States page
+##|*DESCR=Allow access to the 'Diagnostics: Show States' page.
+##|*MATCH=diag_dump_states.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 
 
diff --git a/usr/local/www/diag_ipsec.php b/usr/local/www/diag_ipsec.php
index a61a5a1..6fc2fee 100644
--- a/usr/local/www/diag_ipsec.php
+++ b/usr/local/www/diag_ipsec.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-ipsec
+##|*NAME=Status: IPsec page
+##|*DESCR=Allow access to the 'Status: IPsec' page.
+##|*MATCH=diag_ipsec.php*
+##|-PRIV
+
+
 global $g;
 
 $pgtitle = array("Status","IPsec");
diff --git a/usr/local/www/diag_ipsec_sad.php b/usr/local/www/diag_ipsec_sad.php
index f2a08af..1162289 100755
--- a/usr/local/www/diag_ipsec_sad.php
+++ b/usr/local/www/diag_ipsec_sad.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-ipsec-sad
+##|*NAME=Status: IPsec: SAD page
+##|*DESCR=Allow access to the 'Status: IPsec: SAD' page.
+##|*MATCH=diag_ipsec_sad.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pgtitle = array("Status","IPsec","SAD");
diff --git a/usr/local/www/diag_ipsec_spd.php b/usr/local/www/diag_ipsec_spd.php
index d9dfe54..cb4008f 100755
--- a/usr/local/www/diag_ipsec_spd.php
+++ b/usr/local/www/diag_ipsec_spd.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-ipsec-spd
+##|*NAME=Status: IPsec: SPD page
+##|*DESCR=Allow access to the 'Status: IPsec: SPD' page.
+##|*MATCH=diag_ipsec_spd.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pgtitle = array("Status","IPsec","SPD");
diff --git a/usr/local/www/diag_logs.php b/usr/local/www/diag_logs.php
index 8cf5b08..42f4956 100755
--- a/usr/local/www/diag_logs.php
+++ b/usr/local/www/diag_logs.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-logs-system
+##|*NAME=Diagnostics: Logs: System page
+##|*DESCR=Allow access to the 'Diagnostics: Logs: System' page.
+##|*MATCH=diag_logs.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $system_logfile = "{$g['varlog_path']}/system.log";
diff --git a/usr/local/www/diag_logs_auth.php b/usr/local/www/diag_logs_auth.php
index b6450d6..4ac9f8f 100755
--- a/usr/local/www/diag_logs_auth.php
+++ b/usr/local/www/diag_logs_auth.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-systemlogs-portalauth
+##|*NAME=Status: System logs: Portal Auth page
+##|*DESCR=Allow access to the 'Status: System logs: Portal Auth' page.
+##|*MATCH=diag_logs_auth.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $portal_logfile = "{$g['varlog_path']}/portalauth.log";
diff --git a/usr/local/www/diag_logs_dhcp.php b/usr/local/www/diag_logs_dhcp.php
index 0b42e5f..e537857 100755
--- a/usr/local/www/diag_logs_dhcp.php
+++ b/usr/local/www/diag_logs_dhcp.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-logs-dhcp
+##|*NAME=Diagnostics: Logs: DHCP page
+##|*DESCR=Allow access to the 'Diagnostics: Logs: DHCP' page.
+##|*MATCH=diag_logs_dhcp.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $dhcpd_logfile = "{$g['varlog_path']}/dhcpd.log";
diff --git a/usr/local/www/diag_logs_filter.php b/usr/local/www/diag_logs_filter.php
index 46bda83..cd74e2d 100755
--- a/usr/local/www/diag_logs_filter.php
+++ b/usr/local/www/diag_logs_filter.php
@@ -30,6 +30,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-logs-firewall
+##|*NAME=Diagnostics: Logs: Firewall page
+##|*DESCR=Allow access to the 'Diagnostics: Logs: Firewall' page.
+##|*MATCH=diag_logs_filter.php*
+##|-PRIV
+
+
 if($_GET['getrulenum'] or $_POST['getrulenum']) {
 	if($_GET['getrulenum'])
 		$rulenum = $_GET['getrulenum'];
diff --git a/usr/local/www/diag_logs_filter_dynamic.php b/usr/local/www/diag_logs_filter_dynamic.php
index 8ea82d8..62de8fa 100755
--- a/usr/local/www/diag_logs_filter_dynamic.php
+++ b/usr/local/www/diag_logs_filter_dynamic.php
@@ -30,6 +30,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-hidden-nolongerincluded
+##|*NAME=Hidden: No longer included page
+##|*DESCR=Allow access to the 'Hidden: No longer included' page.
+##|*MATCH=diag_logs_filter_dynamic.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $filter_logfile = "{$g['varlog_path']}/filter.log";
diff --git a/usr/local/www/diag_logs_ipsec.php b/usr/local/www/diag_logs_ipsec.php
index 74cf757..2ef5474 100755
--- a/usr/local/www/diag_logs_ipsec.php
+++ b/usr/local/www/diag_logs_ipsec.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-systemlogs-ipsecvpn
+##|*NAME=Status: System logs: IPsec VPN page
+##|*DESCR=Allow access to the 'Status: System logs: IPsec VPN' page.
+##|*MATCH=diag_logs_ipsec.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $ipsec_logfile = "{$g['varlog_path']}/ipsec.log";
diff --git a/usr/local/www/diag_logs_ntpd.php b/usr/local/www/diag_logs_ntpd.php
index 8217e4f..0e8251c 100644
--- a/usr/local/www/diag_logs_ntpd.php
+++ b/usr/local/www/diag_logs_ntpd.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-systemlogs-openntpd
+##|*NAME=Status: System logs: OpenNTPD page
+##|*DESCR=Allow access to the 'Status: System logs: OpenNTPD' page.
+##|*MATCH=diag_logs_ntpd.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $ntpd_logfile = "{$g['varlog_path']}/ntpd.log";
diff --git a/usr/local/www/diag_logs_openvpn.php b/usr/local/www/diag_logs_openvpn.php
index 24cb6d5..73b1dd9 100644
--- a/usr/local/www/diag_logs_openvpn.php
+++ b/usr/local/www/diag_logs_openvpn.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-systemlogs-openvpn
+##|*NAME=Status: System logs: OpenVPN page
+##|*DESCR=Allow access to the 'Status: System logs: OpenVPN' page.
+##|*MATCH=diag_logs_openvpn.php*
+##|-PRIV
+
+
 $pgtitle = array("Status","System logs","OpenVPN");
 
 require("guiconfig.inc");
diff --git a/usr/local/www/diag_logs_relayd.php b/usr/local/www/diag_logs_relayd.php
index 05d0301..4f5be4b 100755
--- a/usr/local/www/diag_logs_relayd.php
+++ b/usr/local/www/diag_logs_relayd.php
@@ -30,6 +30,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-systemlogs-loadbalancer
+##|*NAME=Status: System logs: Load Balancer page
+##|*DESCR=Allow access to the 'Status: System logs: Load Balancer' page.
+##|*MATCH=diag_logs_relayd.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $relayd_logfile = "{$g['varlog_path']}/relayd.log";
diff --git a/usr/local/www/diag_logs_settings.php b/usr/local/www/diag_logs_settings.php
index e1993af..5ee44d3 100755
--- a/usr/local/www/diag_logs_settings.php
+++ b/usr/local/www/diag_logs_settings.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-logs-settings
+##|*NAME=Diagnostics: Logs: Settings page
+##|*DESCR=Allow access to the 'Diagnostics: Logs: Settings' page.
+##|*MATCH=diag_logs_settings.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pconfig['reverse'] = isset($config['syslog']['reverse']);
diff --git a/usr/local/www/diag_logs_slbd.php b/usr/local/www/diag_logs_slbd.php
index 62765d3..066c6f8 100755
--- a/usr/local/www/diag_logs_slbd.php
+++ b/usr/local/www/diag_logs_slbd.php
@@ -30,6 +30,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-systemlogs-loadbalancer
+##|*NAME=Status: System logs: Load Balancer page
+##|*DESCR=Allow access to the 'Status: System logs: Load Balancer' page.
+##|*MATCH=diag_logs_slbd.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $slbd_logfile = "{$g['varlog_path']}/slbd.log";
diff --git a/usr/local/www/diag_logs_vpn.php b/usr/local/www/diag_logs_vpn.php
index 8eefbbe..14c9c12 100755
--- a/usr/local/www/diag_logs_vpn.php
+++ b/usr/local/www/diag_logs_vpn.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-logs-pptpvpn
+##|*NAME=Diagnostics: Logs: PPTP VPN page
+##|*DESCR=Allow access to the 'Diagnostics: Logs: PPTP VPN' page.
+##|*MATCH=diag_logs_vpn.php*
+##|-PRIV
+
+
 $pgtitle = array("Status","System logs","PPTP VPN");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/diag_packet_capture.php b/usr/local/www/diag_packet_capture.php
index d07d3e2..853fe93 100644
--- a/usr/local/www/diag_packet_capture.php
+++ b/usr/local/www/diag_packet_capture.php
@@ -23,6 +23,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-packetcapture
+##|*NAME=Diagnostics: Packet Capture page
+##|*DESCR=Allow access to the 'Diagnostics: Packet Capture' page.
+##|*MATCH=diag_packet_capture.php*
+##|-PRIV
+
+
 $pgtitle = array("Diagnostics", "Packet Capture");
 require_once("guiconfig.inc");
 require_once("pfsense-utils.inc");
diff --git a/usr/local/www/diag_ping.php b/usr/local/www/diag_ping.php
index 3741eca..ff9e5c7 100755
--- a/usr/local/www/diag_ping.php
+++ b/usr/local/www/diag_ping.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-ping
+##|*NAME=Diagnostics: Ping page
+##|*DESCR=Allow access to the 'Diagnostics: Ping' page.
+##|*MATCH=diag_ping.php*
+##|-PRIV
+
+
 $pgtitle = array("Diagnostics", "Ping");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/diag_pkglogs.php b/usr/local/www/diag_pkglogs.php
index 585f969..5720a75 100755
--- a/usr/local/www/diag_pkglogs.php
+++ b/usr/local/www/diag_pkglogs.php
@@ -37,6 +37,14 @@
 
 */
 
+##|+PRIV
+##|*IDENT=page-status-packagelogs
+##|*NAME=Status: Package logs page
+##|*DESCR=Allow access to the 'Status: Package logs' page.
+##|*MATCH=diag_pkglogs.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 //require_once("pkg-utils.inc");
 
diff --git a/usr/local/www/diag_resetstate.php b/usr/local/www/diag_resetstate.php
index 49c5524..4e203d5 100755
--- a/usr/local/www/diag_resetstate.php
+++ b/usr/local/www/diag_resetstate.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-resetstate
+##|*NAME=Diagnostics: Reset state page
+##|*DESCR=Allow access to the 'Diagnostics: Reset state' page.
+##|*MATCH=diag_resetstate.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if ($_POST) {
diff --git a/usr/local/www/diag_routes.php b/usr/local/www/diag_routes.php
index 22fbb0e..3c35328 100644
--- a/usr/local/www/diag_routes.php
+++ b/usr/local/www/diag_routes.php
@@ -29,6 +29,14 @@
 
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-routingtables
+##|*NAME=Diagnostics: Routing tables page
+##|*DESCR=Allow access to the 'Diagnostics: Routing tables' page.
+##|*MATCH=diag_routes.php*
+##|-PRIV
+
+
 include('guiconfig.inc');
 
 $pgtitle = array("Diagnostics","Routing tables");
diff --git a/usr/local/www/diag_traceroute.php b/usr/local/www/diag_traceroute.php
index 6daedc7..fe5bde9 100755
--- a/usr/local/www/diag_traceroute.php
+++ b/usr/local/www/diag_traceroute.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-traceroute
+##|*NAME=Diagnostics: Traceroute page
+##|*DESCR=Allow access to the 'Diagnostics: Traceroute' page.
+##|*MATCH=diag_traceroute.php*
+##|-PRIV
+
+
 
 require("guiconfig.inc");
 $pgtitle = array("Diagnostics","Traceroute");
diff --git a/usr/local/www/edit.php b/usr/local/www/edit.php
index 9aa913b..78ddb96 100755
--- a/usr/local/www/edit.php
+++ b/usr/local/www/edit.php
@@ -27,6 +27,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-editfile
+##|*NAME=Diagnostics: Edit File page
+##|*DESCR=Allow access to the 'Diagnostics: Edit File' page.
+##|*MATCH=edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (($_GET['submit'] == "Load") && file_exists($_GET['savetopath'])) {
diff --git a/usr/local/www/exec.php b/usr/local/www/exec.php
index 7294894..9ddc84f 100755
--- a/usr/local/www/exec.php
+++ b/usr/local/www/exec.php
@@ -5,8 +5,37 @@
 	Created by technologEase (http://www.technologEase.com).
 
 	(modified for m0n0wall by Manuel Kasper <mk@neon1.net>)
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-command
+##|*NAME=Diagnostics: Command page
+##|*DESCR=Allow access to the 'Diagnostics: Command' page.
+##|*MATCH=exec.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (($_POST['submit'] == "Download") && file_exists($_POST['dlPath'])) {
diff --git a/usr/local/www/exec_raw.php b/usr/local/www/exec_raw.php
index c513d27..93213be 100755
--- a/usr/local/www/exec_raw.php
+++ b/usr/local/www/exec_raw.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-hidden-execraw
+##|*NAME=Hidden: Exec Raw page
+##|*DESCR=Allow access to the 'Hidden: Exec Raw' page.
+##|*MATCH=exec_raw.php*
+##|-PRIV
+
+
 
 header("Content-Type: text/plain");
 include("guiconfig.inc");
diff --git a/usr/local/www/firewall_aliases.php b/usr/local/www/firewall_aliases.php
index 0a08d3f..328a2b8 100755
--- a/usr/local/www/firewall_aliases.php
+++ b/usr/local/www/firewall_aliases.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-aliases
+##|*NAME=Firewall: Aliases page
+##|*DESCR=Allow access to the 'Firewall: Aliases' page.
+##|*MATCH=firewall_aliases.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['aliases']['alias']))
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php
index a6f5d2e..ec0dafb 100755
--- a/usr/local/www/firewall_aliases_edit.php
+++ b/usr/local/www/firewall_aliases_edit.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-alias-edit
+##|*NAME=Firewall: Alias: Edit page
+##|*DESCR=Allow access to the 'Firewall: Alias: Edit' page.
+##|*MATCH=firewall_aliases_edit.php*
+##|-PRIV
+
+
 $pgtitle = array("Firewall","Aliases","Edit");
 
 require("guiconfig.inc");
diff --git a/usr/local/www/firewall_aliases_import.php b/usr/local/www/firewall_aliases_import.php
index 9479b7c..705e267 100755
--- a/usr/local/www/firewall_aliases_import.php
+++ b/usr/local/www/firewall_aliases_import.php
@@ -27,6 +27,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-alias-import
+##|*NAME=Firewall: Alias: Import page
+##|*DESCR=Allow access to the 'Firewall: Alias: Import' page.
+##|*MATCH=firewall_aliases_import.php*
+##|-PRIV
+
+
 $pgtitle = array("Firewall","Aliases","Import");
 
 require("guiconfig.inc");
diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php
index 6f5f671..67da1ed 100755
--- a/usr/local/www/firewall_nat.php
+++ b/usr/local/www/firewall_nat.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-nat-portforward
+##|*NAME=Firewall: NAT: Port Forward page
+##|*DESCR=Allow access to the 'Firewall: NAT: Port Forward' page.
+##|*MATCH=firewall_nat.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['nat']['rule']))
diff --git a/usr/local/www/firewall_nat_1to1.php b/usr/local/www/firewall_nat_1to1.php
index 936918f..80ba9f1 100755
--- a/usr/local/www/firewall_nat_1to1.php
+++ b/usr/local/www/firewall_nat_1to1.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-nat-1-1
+##|*NAME=Firewall: NAT: 1:1 page
+##|*DESCR=Allow access to the 'Firewall: NAT: 1:1' page.
+##|*MATCH=firewall_nat_1to1.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['nat']['onetoone'])) {
diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php
index 66f140b..dad3f9e 100755
--- a/usr/local/www/firewall_nat_1to1_edit.php
+++ b/usr/local/www/firewall_nat_1to1_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-nat-1-1-edit
+##|*NAME=Firewall: NAT: 1:1: Edit page
+##|*DESCR=Allow access to the 'Firewall: NAT: 1:1: Edit' page.
+##|*MATCH=firewall_nat_1to1_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['nat']['onetoone'])) {
diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php
index e5be4d9..84b928c 100755
--- a/usr/local/www/firewall_nat_edit.php
+++ b/usr/local/www/firewall_nat_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-nat-portforward-edit
+##|*NAME=Firewall: NAT: Port Forward: Edit page
+##|*DESCR=Allow access to the 'Firewall: NAT: Port Forward: Edit' page.
+##|*MATCH=firewall_nat_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['nat']['rule'])) {
diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php
index 2ff9f6e..6e4a908 100755
--- a/usr/local/www/firewall_nat_out.php
+++ b/usr/local/www/firewall_nat_out.php
@@ -31,6 +31,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-nat-outbound
+##|*NAME=Firewall: NAT: Outbound page
+##|*DESCR=Allow access to the 'Firewall: NAT: Outbound' page.
+##|*MATCH=firewall_nat_out.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['nat']['advancedoutbound']['rule']))
diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php
index f032cfc..611f76b 100755
--- a/usr/local/www/firewall_nat_out_edit.php
+++ b/usr/local/www/firewall_nat_out_edit.php
@@ -31,6 +31,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-nat-outbound-edit
+##|*NAME=Firewall: NAT: Outbound: Edit page
+##|*DESCR=Allow access to the 'Firewall: NAT: Outbound: Edit' page.
+##|*MATCH=firewall_nat_out_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['nat']['advancedoutbound']['rule']))
diff --git a/usr/local/www/firewall_nat_server.php b/usr/local/www/firewall_nat_server.php
index 986ec55..118a937 100755
--- a/usr/local/www/firewall_nat_server.php
+++ b/usr/local/www/firewall_nat_server.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-nat-nataddresses
+##|*NAME=Firewall: NAT: NAT Addresses page
+##|*DESCR=Allow access to the 'Firewall: NAT: NAT Addresses' page.
+##|*MATCH=firewall_nat_server.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['nat']['servernat'])) {
diff --git a/usr/local/www/firewall_nat_server_edit.php b/usr/local/www/firewall_nat_server_edit.php
index 11634b2..4558526 100755
--- a/usr/local/www/firewall_nat_server_edit.php
+++ b/usr/local/www/firewall_nat_server_edit.php
@@ -31,6 +31,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-nat-nataddresses-edit
+##|*NAME=Firewall: NAT: NAT Addresses: Edit page
+##|*DESCR=Allow access to the 'Firewall: NAT: NAT Addresses: Edit' page.
+##|*MATCH=firewall_nat_server_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['nat']['servernat'])) {
diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php
index 77b8273..b1d0fad 100755
--- a/usr/local/www/firewall_rules.php
+++ b/usr/local/www/firewall_rules.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-rules
+##|*NAME=Firewall: Rules page
+##|*DESCR=Allow access to the 'Firewall: Rules' page.
+##|*MATCH=firewall_rules.php*
+##|-PRIV
+
+
 $pgtitle = array("Firewall", "Rules");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 351455e..b65537b 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-rules-edit
+##|*NAME=Firewall: Rules: Edit page
+##|*DESCR=Allow access to the 'Firewall: Rules: Edit' page.
+##|*MATCH=firewall_rules_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $specialsrcdst = explode(" ", "any wanip lanip lan pptp pppoe");
diff --git a/usr/local/www/firewall_schedule.php b/usr/local/www/firewall_schedule.php
index aa87672..784e6fc 100644
--- a/usr/local/www/firewall_schedule.php
+++ b/usr/local/www/firewall_schedule.php
@@ -30,6 +30,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-schedules
+##|*NAME=Firewall: Schedules page
+##|*DESCR=Allow access to the 'Firewall: Schedules' page.
+##|*MATCH=firewall_schedule.php*
+##|-PRIV
+
+
 
 $pgtitle = array("Firewall","Schedules");
 
diff --git a/usr/local/www/firewall_schedule_edit.php b/usr/local/www/firewall_schedule_edit.php
index ee21f51..30bf518 100644
--- a/usr/local/www/firewall_schedule_edit.php
+++ b/usr/local/www/firewall_schedule_edit.php
@@ -30,6 +30,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-schedules-edit
+##|*NAME=Firewall: Schedules: Edit page
+##|*DESCR=Allow access to the 'Firewall: Schedules: Edit' page.
+##|*MATCH=firewall_schedule_edit.php*
+##|-PRIV
+
+
 $pgtitle = array("Firewall","Schedules","Edit");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/firewall_shaper.php b/usr/local/www/firewall_shaper.php
index 10b9bf0..6d068ae 100755
--- a/usr/local/www/firewall_shaper.php
+++ b/usr/local/www/firewall_shaper.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-trafficshaper
+##|*NAME=Firewall: Traffic Shaper page
+##|*DESCR=Allow access to the 'Firewall: Traffic Shaper' page.
+##|*MATCH=firewall_shaper.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if($_GET['reset'] <> "") {
diff --git a/usr/local/www/firewall_shaper_queues.php b/usr/local/www/firewall_shaper_queues.php
index b5e064d..3a6de5b 100755
--- a/usr/local/www/firewall_shaper_queues.php
+++ b/usr/local/www/firewall_shaper_queues.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-trafficshaper-queues
+##|*NAME=Firewall: Traffic Shaper: Queues page
+##|*DESCR=Allow access to the 'Firewall: Traffic Shaper: Queues' page.
+##|*MATCH=firewall_shaper_queues.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if($_GET['reset'] <> "") {
diff --git a/usr/local/www/firewall_shaper_vinterface.php b/usr/local/www/firewall_shaper_vinterface.php
index 73eab72..b1bf9a5 100644
--- a/usr/local/www/firewall_shaper_vinterface.php
+++ b/usr/local/www/firewall_shaper_vinterface.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-trafficshaper-limiter
+##|*NAME=Firewall: Traffic Shaper: Limiter page
+##|*DESCR=Allow access to the 'Firewall: Traffic Shaper: Limiter' page.
+##|*MATCH=firewall_shaper_vinterface.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if($_GET['reset'] <> "") {
diff --git a/usr/local/www/firewall_shaper_wizards.php b/usr/local/www/firewall_shaper_wizards.php
index fc42cfa..a086cc1 100755
--- a/usr/local/www/firewall_shaper_wizards.php
+++ b/usr/local/www/firewall_shaper_wizards.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-trafficshaper-wizard
+##|*NAME=Firewall: Traffic Shaper: Wizard page
+##|*DESCR=Allow access to the 'Firewall: Traffic Shaper: Wizard' page.
+##|*MATCH=firewall_shaper_wizards.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if($_GET['reset'] <> "") {
diff --git a/usr/local/www/firewall_system_tunables.php b/usr/local/www/firewall_system_tunables.php
index fd62c8e..7e3c522 100644
--- a/usr/local/www/firewall_system_tunables.php
+++ b/usr/local/www/firewall_system_tunables.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-system-tunables
+##|*NAME=Firewall: System: Tunables page
+##|*DESCR=Allow access to the 'Firewall: System: Tunables' page.
+##|*MATCH=firewall_system_tunables.php*
+##|-PRIV
+
+
 $pgtitle = array("Firewall","System","Tunables");
 
 require("guiconfig.inc");
diff --git a/usr/local/www/firewall_system_tunables_edit.php b/usr/local/www/firewall_system_tunables_edit.php
index 82b1480..07b3610 100644
--- a/usr/local/www/firewall_system_tunables_edit.php
+++ b/usr/local/www/firewall_system_tunables_edit.php
@@ -28,6 +28,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-system-tunables-edit
+##|*NAME=Firewall: System: Tunables: Edit page
+##|*DESCR=Allow access to the 'Firewall: System: Tunables: Edit' page.
+##|*MATCH=firewall_system_tunables_edit.php*
+##|-PRIV
+
+
 $pgtitle = array("Firewall","System Tunables","Edit");
 
 require("guiconfig.inc");
diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php
index d600e6a..a9ed3bf 100755
--- a/usr/local/www/firewall_virtual_ip.php
+++ b/usr/local/www/firewall_virtual_ip.php
@@ -37,6 +37,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-virtualipaddresses
+##|*NAME=Firewall: Virtual IP Addresses page
+##|*DESCR=Allow access to the 'Firewall: Virtual IP Addresses' page.
+##|*MATCH=firewall_virtual_ip.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['virtualip']['vip'])) {
diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php
index a48afc2..eb7451f 100755
--- a/usr/local/www/firewall_virtual_ip_edit.php
+++ b/usr/local/www/firewall_virtual_ip_edit.php
@@ -38,6 +38,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-virtualipaddress-edit
+##|*NAME=Firewall: Virtual IP Address: Edit page
+##|*DESCR=Allow access to the 'Firewall: Virtual IP Address: Edit' page.
+##|*MATCH=firewall_virtual_ip_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 if (!is_array($config['virtualip']['vip'])) {
         $config['virtualip']['vip'] = array();
diff --git a/usr/local/www/graph.php b/usr/local/www/graph.php
index f0230e6..1202100 100755
--- a/usr/local/www/graph.php
+++ b/usr/local/www/graph.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-interfacetraffic
+##|*NAME=Diagnostics: Interface Traffic page
+##|*DESCR=Allow access to the 'Diagnostics: Interface Traffic' page.
+##|*MATCH=graph.php*
+##|-PRIV
+
+
 header("Content-type: image/svg+xml");
 
 /********** HTTP GET Based Conf ***********/
diff --git a/usr/local/www/graph_cpu.php b/usr/local/www/graph_cpu.php
index 3f37355..0e45a1a 100644
--- a/usr/local/www/graph_cpu.php
+++ b/usr/local/www/graph_cpu.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-cpuutilization
+##|*NAME=Diagnostics: CPU Utilization page
+##|*DESCR=Allow access to the 'Diagnostics: CPU Utilization' page.
+##|*MATCH=graph_cpu.php*
+##|-PRIV
+
+
 header("Content-type: image/svg+xml");
 
 /********* Other conf *******/
diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc
index cda5e0e..bba46ce 100755
--- a/usr/local/www/guiconfig.inc
+++ b/usr/local/www/guiconfig.inc
@@ -839,4 +839,5 @@ function outputCSSFileInline($css) {
 	}
 }
 
-?>
\ No newline at end of file
+?>
+
diff --git a/usr/local/www/halt.php b/usr/local/www/halt.php
index 0de7b66..2c0a99a 100755
--- a/usr/local/www/halt.php
+++ b/usr/local/www/halt.php
@@ -32,6 +32,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-haltsystem
+##|*NAME=Diagnostics: Halt system page
+##|*DESCR=Allow access to the 'Diagnostics: Halt system' page.
+##|*MATCH=halt.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if ($_POST) {
diff --git a/usr/local/www/headjs.php b/usr/local/www/headjs.php
index 7cfef42..59af195 100644
--- a/usr/local/www/headjs.php
+++ b/usr/local/www/headjs.php
@@ -1,4 +1,36 @@
 <?php
+/*
+    headjs.php
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
+
+##|+PRIV
+##|*IDENT=page-requiredforjavascript
+##|*NAME=Required for javascript page
+##|*DESCR=Allow access to the 'Required for javascript' page.
+##|*MATCH=headjs.php*
+##|-PRIV
+
 
 function getHeadJS() {
   global $_SERVER, $HTTP_SERVER_VARS, $g, $use_loader_tab_gif;
@@ -157,4 +189,4 @@ function getHeadJS() {
   return $headjs;
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/usr/local/www/ifstats.php b/usr/local/www/ifstats.php
index ce03832..c8457d1 100644
--- a/usr/local/www/ifstats.php
+++ b/usr/local/www/ifstats.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-xmlrpcinterfacestats
+##|*NAME=XMLRPC Interface Stats page
+##|*DESCR=Allow access to the 'XMLRPC Interface Stats' page.
+##|*MATCH=ifstats.php*
+##|-PRIV
+
+
 	require("functions.inc");
 	require("config.inc");
 
diff --git a/usr/local/www/index.php b/usr/local/www/index.php
index a84b4c5..9049913 100755
--- a/usr/local/www/index.php
+++ b/usr/local/www/index.php
@@ -31,6 +31,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-login/logout
+##|*NAME=System: Login / Logout page
+##|*DESCR=Allow access to the 'System: Login / Logout' page.
+##|*MATCH=index.php*
+##|-PRIV
+
+
 	## Load Essential Includes
 	require_once('guiconfig.inc');
 	require_once('notices.inc');
diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php
index 409014a..78dc9d2 100755
--- a/usr/local/www/interfaces.php
+++ b/usr/local/www/interfaces.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-wan
+##|*NAME=Interfaces: WAN page
+##|*DESCR=Allow access to the 'Interfaces: WAN' page.
+##|*MATCH=interfaces_wan.php*
+##|-PRIV
+
+
 define("CRON_MONTHLY_PATTERN", "0 0 1 * *");
 define("CRON_WEEKLY_PATTERN", "0 0 * * 0");
 define("CRON_DAILY_PATTERN", "0 0 * * *");
diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php
index 474de20..68229af 100755
--- a/usr/local/www/interfaces_assign.php
+++ b/usr/local/www/interfaces_assign.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-assignnetworkports
+##|*NAME=Interfaces: Assign network ports page
+##|*DESCR=Allow access to the 'Interfaces: Assign network ports' page.
+##|*MATCH=interfaces_assign.php*
+##|-PRIV
+
+
 $pgtitle = array("Interfaces", "Assign network ports");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/interfaces_gif.php b/usr/local/www/interfaces_gif.php
index a107234..2258152 100644
--- a/usr/local/www/interfaces_gif.php
+++ b/usr/local/www/interfaces_gif.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-gif
+##|*NAME=Interfaces: GIF page
+##|*DESCR=Allow access to the 'Interfaces: GIF' page.
+##|*MATCH=interfaces_gif.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gifs']['gif']))
diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php
index c154e89..8cd16ce 100644
--- a/usr/local/www/interfaces_gif_edit.php
+++ b/usr/local/www/interfaces_gif_edit.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-gif-edit
+##|*NAME=Interfaces: GIF: Edit page
+##|*DESCR=Allow access to the 'Interfaces: GIF: Edit' page.
+##|*MATCH=interfaces_gif_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gifs']['gif']))
diff --git a/usr/local/www/interfaces_gre.php b/usr/local/www/interfaces_gre.php
index c01f81f..494e95e 100644
--- a/usr/local/www/interfaces_gre.php
+++ b/usr/local/www/interfaces_gre.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-gre
+##|*NAME=Interfaces: GRE page
+##|*DESCR=Allow access to the 'Interfaces: GRE' page.
+##|*MATCH=interfaces_gre.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gres']['gre']))
diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php
index 69a71f4..6bee140 100644
--- a/usr/local/www/interfaces_gre_edit.php
+++ b/usr/local/www/interfaces_gre_edit.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-gre-edit
+##|*NAME=Interfaces: GRE: Edit page
+##|*DESCR=Allow access to the 'Interfaces: GRE: Edit' page.
+##|*MATCH=interfaces_gre_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gres']['gre']))
diff --git a/usr/local/www/interfaces_lan.php b/usr/local/www/interfaces_lan.php
index 9cbb04e..45919ee 100755
--- a/usr/local/www/interfaces_lan.php
+++ b/usr/local/www/interfaces_lan.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-lan
+##|*NAME=Interfaces: LAN page
+##|*DESCR=Allow access to the 'Interfaces: LAN' page.
+##|*MATCH=interfaces_lan.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $lancfg = &$config['interfaces']['lan'];
diff --git a/usr/local/www/interfaces_ppp.php b/usr/local/www/interfaces_ppp.php
index 4153601..cb4df01 100644
--- a/usr/local/www/interfaces_ppp.php
+++ b/usr/local/www/interfaces_ppp.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-ppp
+##|*NAME=Interfaces: PPP page
+##|*DESCR=Allow access to the 'Interfaces: PPP' page.
+##|*MATCH=interfaces_ppp.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['ppps']['ppp']))
diff --git a/usr/local/www/interfaces_ppp_edit.php b/usr/local/www/interfaces_ppp_edit.php
index f32205a..b4d2239 100644
--- a/usr/local/www/interfaces_ppp_edit.php
+++ b/usr/local/www/interfaces_ppp_edit.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-ppp-edit
+##|*NAME=Interfaces: PPP: Edit page
+##|*DESCR=Allow access to the 'Interfaces: PPP: Edit' page.
+##|*MATCH=interfaces_ppp_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['ppps']['ppp']))
diff --git a/usr/local/www/interfaces_vlan.php b/usr/local/www/interfaces_vlan.php
index adcb48d..84b4a70 100755
--- a/usr/local/www/interfaces_vlan.php
+++ b/usr/local/www/interfaces_vlan.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-vlan
+##|*NAME=Interfaces: VLAN page
+##|*DESCR=Allow access to the 'Interfaces: VLAN' page.
+##|*MATCH=interfaces_vlan.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['vlans']['vlan']))
diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php
index cc764d3..aaff8a3 100755
--- a/usr/local/www/interfaces_vlan_edit.php
+++ b/usr/local/www/interfaces_vlan_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-vlan-edit
+##|*NAME=Interfaces: VLAN: Edit page
+##|*DESCR=Allow access to the 'Interfaces: VLAN: Edit' page.
+##|*MATCH=interfaces_vlan_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['vlans']['vlan']))
diff --git a/usr/local/www/interfaces_wan.php b/usr/local/www/interfaces_wan.php
index 409014a..78dc9d2 100755
--- a/usr/local/www/interfaces_wan.php
+++ b/usr/local/www/interfaces_wan.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-wan
+##|*NAME=Interfaces: WAN page
+##|*DESCR=Allow access to the 'Interfaces: WAN' page.
+##|*MATCH=interfaces_wan.php*
+##|-PRIV
+
+
 define("CRON_MONTHLY_PATTERN", "0 0 1 * *");
 define("CRON_WEEKLY_PATTERN", "0 0 * * 0");
 define("CRON_DAILY_PATTERN", "0 0 * * *");
diff --git a/usr/local/www/interfaces_wlan_scan.php b/usr/local/www/interfaces_wlan_scan.php
index 7f7b56c..80af052 100755
--- a/usr/local/www/interfaces_wlan_scan.php
+++ b/usr/local/www/interfaces_wlan_scan.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-scanwireless
+##|*NAME=Interfaces: Scan Wireless page
+##|*DESCR=Allow access to the 'Interfaces: Scan Wireless' page.
+##|*MATCH=interfaces_wlan_scan.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 
diff --git a/usr/local/www/license.php b/usr/local/www/license.php
index 76f24d0..b98921f 100755
--- a/usr/local/www/license.php
+++ b/usr/local/www/license.php
@@ -1,10 +1,41 @@
 <?php
 /* $Id$ */
-require("guiconfig.inc");
+/*
+    license.php
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
 
+##|+PRIV
+##|*IDENT=page-system-license
+##|*NAME=System: License page
+##|*DESCR=Allow access to the 'System: License' page.
+##|*MATCH=license.php*
+##|-PRIV
+
+require("guiconfig.inc");
 include("head.inc");
-?>
 
+?>
 
 <body link="#0000CC" vlink="#0000CC" alink="#0000CC">
 <?php include("fbegin.inc"); ?>
diff --git a/usr/local/www/load_balancer_pool.php b/usr/local/www/load_balancer_pool.php
index b44fa2a..5b73862 100755
--- a/usr/local/www/load_balancer_pool.php
+++ b/usr/local/www/load_balancer_pool.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-loadbalancer-pool
+##|*NAME=Load Balancer: Pool page
+##|*DESCR=Allow access to the 'Load Balancer: Pool' page.
+##|*MATCH=load_balancer_pool.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['load_balancer']['lbpool'])) {
diff --git a/usr/local/www/load_balancer_pool_edit.php b/usr/local/www/load_balancer_pool_edit.php
index c412295..a6f5a82 100755
--- a/usr/local/www/load_balancer_pool_edit.php
+++ b/usr/local/www/load_balancer_pool_edit.php
@@ -29,6 +29,14 @@
         POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-loadbalancer-pool-edit
+##|*NAME=Load Balancer: Pool: Edit page
+##|*DESCR=Allow access to the 'Load Balancer: Pool: Edit' page.
+##|*MATCH=load_balancer_pool_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 if (!is_array($config['load_balancer']['lbpool'])) {
 	$config['load_balancer']['lbpool'] = array();
diff --git a/usr/local/www/load_balancer_virtual_server.php b/usr/local/www/load_balancer_virtual_server.php
index 77b8884..45ca5e9 100755
--- a/usr/local/www/load_balancer_virtual_server.php
+++ b/usr/local/www/load_balancer_virtual_server.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-loadbalancer-virtualservers
+##|*NAME=Services: Load Balancer: Virtual Servers page
+##|*DESCR=Allow access to the 'Services: Load Balancer: Virtual Servers' page.
+##|*MATCH=load_balancer_virtual_server.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 require_once("vslb.inc");
 
diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php
index 16737a9..e24cb63 100755
--- a/usr/local/www/load_balancer_virtual_server_edit.php
+++ b/usr/local/www/load_balancer_virtual_server_edit.php
@@ -29,6 +29,14 @@
         POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-loadbalancer-virtualserver-edit
+##|*NAME=Load Balancer: Virtual Server: Edit page
+##|*DESCR=Allow access to the 'Load Balancer: Virtual Server: Edit' page.
+##|*MATCH=load_balancer_virtual_server_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 if (!is_array($config['load_balancer']['virtual_server'])) {
         $config['load_balancer']['virtual_server'] = array();
diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php
index 1329e5b..b8a2df0 100755
--- a/usr/local/www/pkg.php
+++ b/usr/local/www/pkg.php
@@ -27,6 +27,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-package-settings
+##|*NAME=Package: Settings page
+##|*DESCR=Allow access to the 'Package: Settings' page.
+##|*MATCH=pkg.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 require_once("pkg-utils.inc");
 
diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php
index 64826d0..3d565a3 100755
--- a/usr/local/www/pkg_edit.php
+++ b/usr/local/www/pkg_edit.php
@@ -27,6 +27,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-package-edit
+##|*NAME=Package: Edit page
+##|*DESCR=Allow access to the 'Package: Edit' page.
+##|*MATCH=pkg_edit.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 require_once("pkg-utils.inc");
 
diff --git a/usr/local/www/pkg_mgr.php b/usr/local/www/pkg_mgr.php
index e59d73c..7ad1d85 100755
--- a/usr/local/www/pkg_mgr.php
+++ b/usr/local/www/pkg_mgr.php
@@ -27,6 +27,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-packagemanager
+##|*NAME=System: Package Manager page
+##|*DESCR=Allow access to the 'System: Package Manager' page.
+##|*MATCH=pkg_mgr.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 require_once("pkg-utils.inc");
 
diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php
index ec5e8bc..359d575 100755
--- a/usr/local/www/pkg_mgr_install.php
+++ b/usr/local/www/pkg_mgr_install.php
@@ -28,6 +28,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-packagemanager-installpackage
+##|*NAME=System: Package Manager: Install Package page
+##|*DESCR=Allow access to the 'System: Package Manager: Install Package' page.
+##|*MATCH=pkg_mgr_install.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 require_once("pkg-utils.inc");
 
diff --git a/usr/local/www/pkg_mgr_installed.php b/usr/local/www/pkg_mgr_installed.php
index 20e3215..9459653 100755
--- a/usr/local/www/pkg_mgr_installed.php
+++ b/usr/local/www/pkg_mgr_installed.php
@@ -27,6 +27,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-packagemanager-installed
+##|*NAME=System: Package Manager: Installed page
+##|*DESCR=Allow access to the 'System: Package Manager: Installed' page.
+##|*MATCH=pkg_mgr_installed.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 require_once("pkg-utils.inc");
 
diff --git a/usr/local/www/reboot.php b/usr/local/www/reboot.php
index 1034d2f..68e37b9 100755
--- a/usr/local/www/reboot.php
+++ b/usr/local/www/reboot.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-rebootsystem
+##|*NAME=Diagnostics: Reboot System page
+##|*DESCR=Allow access to the 'Diagnostics: Reboot System' page.
+##|*MATCH=reboot.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if ($_POST) {
diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php
index 3e941bd..c9167ec 100755
--- a/usr/local/www/services_captiveportal.php
+++ b/usr/local/www/services_captiveportal.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-captiveportal
+##|*NAME=Services: Captive portal page
+##|*DESCR=Allow access to the 'Services: Captive portal' page.
+##|*MATCH=services_captiveportal.php*
+##|-PRIV
+
+
 $pgtitle = array("Services","Captive portal");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/services_captiveportal_filemanager.php b/usr/local/www/services_captiveportal_filemanager.php
index 536a4dd..e833685 100755
--- a/usr/local/www/services_captiveportal_filemanager.php
+++ b/usr/local/www/services_captiveportal_filemanager.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-captiveportal-filemanager
+##|*NAME=Services: Captive portal: File Manager page
+##|*DESCR=Allow access to the 'Services: Captive portal: File Manager' page.
+##|*MATCH=services_captiveportal_filemanager.php*
+##|-PRIV
+
+
 $pgtitle = array("Services","Captive portal");
 
 require_once("guiconfig.inc");
diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php
index ac1f2d7..2a91321 100755
--- a/usr/local/www/services_captiveportal_ip.php
+++ b/usr/local/www/services_captiveportal_ip.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-captiveportal-allowedips
+##|*NAME=Services: Captive portal: Allowed IPs page
+##|*DESCR=Allow access to the 'Services: Captive portal: Allowed IPs' page.
+##|*MATCH=services_captiveportal_ip.php*
+##|-PRIV
+
+
 $pgtitle = array("Services","Captive portal");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php
index cf2900a..bc0f29e 100755
--- a/usr/local/www/services_captiveportal_ip_edit.php
+++ b/usr/local/www/services_captiveportal_ip_edit.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-captiveportal-editallowedips
+##|*NAME=Services: Captive portal: Edit Allowed IPs page
+##|*DESCR=Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.
+##|*MATCH=services_captiveportal_ip_edit.php*
+##|-PRIV
+
+
 $pgtitle = array("Services","Captive portal","Edit allowed IP address");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php
index 3d57926..a28ee94 100755
--- a/usr/local/www/services_captiveportal_mac.php
+++ b/usr/local/www/services_captiveportal_mac.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-captiveportal-macaddresses
+##|*NAME=Services: Captive portal: Mac Addresses page
+##|*DESCR=Allow access to the 'Services: Captive portal: Mac Addresses' page.
+##|*MATCH=services_captiveportal_mac.php*
+##|-PRIV
+
+
 $pgtitle = array("Services","Captive portal");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php
index 737e9d5..7161a20 100755
--- a/usr/local/www/services_captiveportal_mac_edit.php
+++ b/usr/local/www/services_captiveportal_mac_edit.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-captiveportal-editmacaddresses
+##|*NAME=Services: Captive portal: Edit MAC Addresses page
+##|*DESCR=Allow access to the 'Services: Captive portal: Edit MAC Addresses' page.
+##|*MATCH=services_captiveportal_mac_edit.php*
+##|-PRIV
+
+
 $pgtitle = array("Services","Captive portal","Edit pass-through MAC address");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/services_captiveportal_users.php b/usr/local/www/services_captiveportal_users.php
index 5e501a3..41ffb24 100755
--- a/usr/local/www/services_captiveportal_users.php
+++ b/usr/local/www/services_captiveportal_users.php
@@ -30,6 +30,14 @@
 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 	POSSIBILITY OF SUCH DAMAGE.
 */
+
+##|+PRIV
+##|*IDENT=page-services-captiveportal-users
+##|*NAME=Services: Captive portal: Users page
+##|*DESCR=Allow access to the 'Services: Captive portal: Users' page.
+##|*MATCH=services_captiveportal_users.php*
+##|-PRIV
+
 $pgtitle = array("Services","Captive portal");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/services_captiveportal_users_edit.php b/usr/local/www/services_captiveportal_users_edit.php
index f60e1ed..efafb6f 100755
--- a/usr/local/www/services_captiveportal_users_edit.php
+++ b/usr/local/www/services_captiveportal_users_edit.php
@@ -30,6 +30,14 @@
 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 	POSSIBILITY OF SUCH DAMAGE.
 */
+
+##|+PRIV
+##|*IDENT=page-services-captiveportal-edituser
+##|*NAME=Services: Captive portal: Edit User page
+##|*DESCR=Allow access to the 'Services: Captive portal: Edit User' page.
+##|*MATCH=services_captiveportal_users_edit.php*
+##|-PRIV
+
 $pgtitle = array("Services","Captive portal","Edit user");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php
index 89c0a84..9bc3758 100755
--- a/usr/local/www/services_dhcp.php
+++ b/usr/local/www/services_dhcp.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-dhcpserver
+##|*NAME=Services: DHCP server page
+##|*DESCR=Allow access to the 'Services: DHCP server' page.
+##|*MATCH=services_dhcp.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $if = $_GET['if'];
diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php
index 44f7a62..224c84f 100755
--- a/usr/local/www/services_dhcp_edit.php
+++ b/usr/local/www/services_dhcp_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-dhcpserver-editstaticmapping
+##|*NAME=Services: DHCP Server : Edit static mapping page
+##|*DESCR=Allow access to the 'Services: DHCP Server : Edit static mapping' page.
+##|*MATCH=services_dhcp_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $if = $_GET['if'];
diff --git a/usr/local/www/services_dhcp_relay.php b/usr/local/www/services_dhcp_relay.php
index e9bcff2..e4126c7 100755
--- a/usr/local/www/services_dhcp_relay.php
+++ b/usr/local/www/services_dhcp_relay.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-dhcprelay
+##|*NAME=Services: DHCP Relay page
+##|*DESCR=Allow access to the 'Services: DHCP Relay' page.
+##|*MATCH=services_dhcp_relay.php*
+##|-PRIV
+
+
 function get_wan_dhcp_server() {
 	global $config, $g;
 	$dhclientfn = $g['vardb_path'] . "/dhclient.leases." . $config['interfaces']['wan']['if'];
diff --git a/usr/local/www/services_dnsmasq.php b/usr/local/www/services_dnsmasq.php
index 44b1feb..34bfafa 100755
--- a/usr/local/www/services_dnsmasq.php
+++ b/usr/local/www/services_dnsmasq.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-dnsforwarder
+##|*NAME=Services: DNS Forwarder page
+##|*DESCR=Allow access to the 'Services: DNS Forwarder' page.
+##|*MATCH=services_dnsmasq.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pconfig['enable']  = isset($config['dnsmasq']['enable']);
diff --git a/usr/local/www/services_dnsmasq_domainoverride_edit.php b/usr/local/www/services_dnsmasq_domainoverride_edit.php
index e3cd325..c5e7c09 100755
--- a/usr/local/www/services_dnsmasq_domainoverride_edit.php
+++ b/usr/local/www/services_dnsmasq_domainoverride_edit.php
@@ -28,6 +28,14 @@
        POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-dnsforwarder-editdomainoverride
+##|*NAME=Services: DNS Forwarder: Edit Domain Override page
+##|*DESCR=Allow access to the 'Services: DNS Forwarder: Edit Domain Override' page.
+##|*MATCH=services_dnsmasq_domainoverride_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['dnsmasq']['domainoverrides'])) {
diff --git a/usr/local/www/services_dnsmasq_edit.php b/usr/local/www/services_dnsmasq_edit.php
index ec3195d..4c07845 100755
--- a/usr/local/www/services_dnsmasq_edit.php
+++ b/usr/local/www/services_dnsmasq_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-dnsforwarder-edithost
+##|*NAME=Services: DNS Forwarder: Edit host page
+##|*DESCR=Allow access to the 'Services: DNS Forwarder: Edit host' page.
+##|*MATCH=services_dnsmasq_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['dnsmasq']['hosts'])) 
diff --git a/usr/local/www/services_dyndns.php b/usr/local/www/services_dyndns.php
index 9dccc31..b2c5641 100755
--- a/usr/local/www/services_dyndns.php
+++ b/usr/local/www/services_dyndns.php
@@ -26,6 +26,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-dynamicdnsclients
+##|*NAME=Services: Dynamic DNS clients page
+##|*DESCR=Allow access to the 'Services: Dynamic DNS clients' page.
+##|*MATCH=services_dyndns.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['dyndnses']['dyndns']))
diff --git a/usr/local/www/services_dyndns_edit.php b/usr/local/www/services_dyndns_edit.php
index 53cc0dd..cae02d8 100644
--- a/usr/local/www/services_dyndns_edit.php
+++ b/usr/local/www/services_dyndns_edit.php
@@ -26,6 +26,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-dynamicdnsclient
+##|*NAME=Services: Dynamic DNS client page
+##|*DESCR=Allow access to the 'Services: Dynamic DNS client' page.
+##|*MATCH=services_dyndns_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['dyndnses']['dyndns'])) {
diff --git a/usr/local/www/services_proxyarp.php b/usr/local/www/services_proxyarp.php
index 601f086..11b02bc 100755
--- a/usr/local/www/services_proxyarp.php
+++ b/usr/local/www/services_proxyarp.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-proxyarp
+##|*NAME=Services: Proxy ARP page
+##|*DESCR=Allow access to the 'Services: Proxy ARP' page.
+##|*MATCH=services_proxyarp.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['proxyarp']['proxyarpnet'])) {
diff --git a/usr/local/www/services_proxyarp_edit.php b/usr/local/www/services_proxyarp_edit.php
index 5a6e7f3..896424a 100755
--- a/usr/local/www/services_proxyarp_edit.php
+++ b/usr/local/www/services_proxyarp_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-proxyarp-edit
+##|*NAME=Services: Proxy ARP: Edit page
+##|*DESCR=Allow access to the 'Services: Proxy ARP: Edit' page.
+##|*MATCH=services_proxyarp_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['proxyarp']['proxyarpnet'])) {
diff --git a/usr/local/www/services_rfc2136.php b/usr/local/www/services_rfc2136.php
index d5d37a7..124bcef 100644
--- a/usr/local/www/services_rfc2136.php
+++ b/usr/local/www/services_rfc2136.php
@@ -26,6 +26,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-rfc2136clients
+##|*NAME=Services: RFC 2136 clients page
+##|*DESCR=Allow access to the 'Services: RFC 2136 clients' page.
+##|*MATCH=services_rfc2136.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['dnsupdates']['dnsupdate']))
diff --git a/usr/local/www/services_snmp.php b/usr/local/www/services_snmp.php
index 91a63cf..fc948e4 100755
--- a/usr/local/www/services_snmp.php
+++ b/usr/local/www/services_snmp.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-snmp
+##|*NAME=Services: SNMP page
+##|*DESCR=Allow access to the 'Services: SNMP' page.
+##|*MATCH=services_snmp.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['snmpd'])) {
diff --git a/usr/local/www/services_usermanager.php b/usr/local/www/services_usermanager.php
index c0ec5ac..33a1538 100755
--- a/usr/local/www/services_usermanager.php
+++ b/usr/local/www/services_usermanager.php
@@ -31,6 +31,14 @@
 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 	POSSIBILITY OF SUCH DAMAGE.
 */
+
+##|+PRIV
+##|*IDENT=page-services-usermanager
+##|*NAME=Services: User Manager page
+##|*DESCR=Allow access to the 'Services: User Manager' page.
+##|*MATCH=services_usermanager.php*
+##|-PRIV
+
 require("guiconfig.inc");
 if(isset($_POST['save'])){
 	$_POST['username']=trim($_POST['username']);
diff --git a/usr/local/www/services_wol.php b/usr/local/www/services_wol.php
index 21b5d20..0cc6dc1 100755
--- a/usr/local/www/services_wol.php
+++ b/usr/local/www/services_wol.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-wakeonlan
+##|*NAME=Services: Wake on LAN page
+##|*DESCR=Allow access to the 'Services: Wake on LAN' page.
+##|*MATCH=services_wol.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['wol']['wolentry'])) {
diff --git a/usr/local/www/services_wol_edit.php b/usr/local/www/services_wol_edit.php
index 459845a..1d8e2af 100755
--- a/usr/local/www/services_wol_edit.php
+++ b/usr/local/www/services_wol_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-wakeonlan-edit
+##|*NAME=Services: Wake on LAN: Edit page
+##|*DESCR=Allow access to the 'Services: Wake on LAN: Edit' page.
+##|*MATCH=services_wol_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['wol']['wolentry'])) {
diff --git a/usr/local/www/status.php b/usr/local/www/status.php
index 7b2a3bb..db82dad 100755
--- a/usr/local/www/status.php
+++ b/usr/local/www/status.php
@@ -6,6 +6,35 @@
  * (modified for m0n0wall by Manuel Kasper <mk@neon1.net>)
  * (modified for pfSense by Scott Ullrich geekgod@pfsense.com)
  */
+/*
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
+
+##|+PRIV
+##|*IDENT=page-hidden-detailedstatus
+##|*NAME=Hidden: Detailed Status page
+##|*DESCR=Allow access to the 'Hidden: Detailed Status' page.
+##|*MATCH=status.php*
+##|-PRIV
 
 /* Execute a command, with a title, and generate an HTML table
  * showing the results.
diff --git a/usr/local/www/status_captiveportal.php b/usr/local/www/status_captiveportal.php
index 1ee4265..adfcc0f 100755
--- a/usr/local/www/status_captiveportal.php
+++ b/usr/local/www/status_captiveportal.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-captiveportal
+##|*NAME=Status: Captive portal page
+##|*DESCR=Allow access to the 'Status: Captive portal' page.
+##|*MATCH=status_captiveportal.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $concurrent = `cat /var/db/captiveportal.db | wc -l`;
diff --git a/usr/local/www/status_filter_reload.php b/usr/local/www/status_filter_reload.php
index 4b21811..d4c7345 100644
--- a/usr/local/www/status_filter_reload.php
+++ b/usr/local/www/status_filter_reload.php
@@ -27,6 +27,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-filterreloadstatus
+##|*NAME=Status: Filter Reload Status page
+##|*DESCR=Allow access to the 'Status: Filter Reload Status' page.
+##|*MATCH=status_filter_reload.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 require_once("functions.inc");
 
diff --git a/usr/local/www/status_gateway_groups.php b/usr/local/www/status_gateway_groups.php
index b3b0a77..76a426a 100755
--- a/usr/local/www/status_gateway_groups.php
+++ b/usr/local/www/status_gateway_groups.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-gatewaygroups
+##|*NAME=Status: Gateway Groups page
+##|*DESCR=Allow access to the 'Status: Gateway Groups' page.
+##|*MATCH=status_gateway_groups.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gateways']['gateway_group']))
diff --git a/usr/local/www/status_gateways.php b/usr/local/www/status_gateways.php
index a84afcf..441dff6 100755
--- a/usr/local/www/status_gateways.php
+++ b/usr/local/www/status_gateways.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-gateways
+##|*NAME=Status: Gateways page
+##|*DESCR=Allow access to the 'Status: Gateways' page.
+##|*MATCH=status_gateways.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gateways']['gateway_item'])) {
diff --git a/usr/local/www/status_graph.php b/usr/local/www/status_graph.php
index 9d3cf32..df1a83f 100755
--- a/usr/local/www/status_graph.php
+++ b/usr/local/www/status_graph.php
@@ -32,6 +32,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-trafficgraph
+##|*NAME=Status: Traffic Graph page
+##|*DESCR=Allow access to the 'Status: Traffic Graph' page.
+##|*MATCH=status_graph.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if ($_POST['width'])
diff --git a/usr/local/www/status_graph_cpu.php b/usr/local/www/status_graph_cpu.php
index 08fd85a..cc18aed 100644
--- a/usr/local/www/status_graph_cpu.php
+++ b/usr/local/www/status_graph_cpu.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-cpuload
+##|*NAME=Status: CPU load page
+##|*DESCR=Allow access to the 'Status: CPU load' page.
+##|*MATCH=status_graph_cpu.php*
+##|-PRIV
+
+
 $pgtitle = array("Status", "CPU load");
 require("guiconfig.inc");
 include("head.inc");
diff --git a/usr/local/www/status_interfaces.php b/usr/local/www/status_interfaces.php
index fde298e..d62d696 100755
--- a/usr/local/www/status_interfaces.php
+++ b/usr/local/www/status_interfaces.php
@@ -32,6 +32,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-interfaces
+##|*NAME=Status: Interfaces page
+##|*DESCR=Allow access to the 'Status: Interfaces' page.
+##|*MATCH=status_interfaces.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 
 $wancfg = &$config['interfaces']['wan'];
diff --git a/usr/local/www/status_ovpn.php b/usr/local/www/status_ovpn.php
index f7935a9..fed06ed 100644
--- a/usr/local/www/status_ovpn.php
+++ b/usr/local/www/status_ovpn.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-openvpn
+##|*NAME=Status: OpenVPN page
+##|*DESCR=Allow access to the 'Status: OpenVPN' page.
+##|*MATCH=status_ovpn.php*
+##|-PRIV
+
+
 $pgtitle = array("Status", "OpenVPN");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/status_queues.php b/usr/local/www/status_queues.php
index 6d11d01..276e1f6 100755
--- a/usr/local/www/status_queues.php
+++ b/usr/local/www/status_queues.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-trafficshaper-queues
+##|*NAME=Status: Traffic shaper: Queues page
+##|*DESCR=Allow access to the 'Status: Traffic shaper: Queues' page.
+##|*MATCH=status_queues.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if($_GET['reset'] <> "") {
diff --git a/usr/local/www/status_rrd_graph.php b/usr/local/www/status_rrd_graph.php
index af6cc42..b5e740d 100755
--- a/usr/local/www/status_rrd_graph.php
+++ b/usr/local/www/status_rrd_graph.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-rrdgraphs
+##|*NAME=Status: RRD Graphs page
+##|*DESCR=Allow access to the 'Status: RRD Graphs' page.
+##|*MATCH=status_rrd_graph.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if ($_GET['cat']) {
diff --git a/usr/local/www/status_rrd_graph_settings.php b/usr/local/www/status_rrd_graph_settings.php
index 4eaeb20..5163d7d 100755
--- a/usr/local/www/status_rrd_graph_settings.php
+++ b/usr/local/www/status_rrd_graph_settings.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-rrdgraphs
+##|*NAME=Status: RRD Graphs page
+##|*DESCR=Allow access to the 'Status: RRD Graphs' page.
+##|*MATCH=status_rrd_graph_settings.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pconfig['enable'] = isset($config['rrd']['enable']);
diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php
index 8a184f3..471e9cd 100755
--- a/usr/local/www/status_services.php
+++ b/usr/local/www/status_services.php
@@ -26,6 +26,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-services
+##|*NAME=Status: Services page
+##|*DESCR=Allow access to the 'Status: Services' page.
+##|*MATCH=status_services.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 function gentitle_pkg($pgname) {
diff --git a/usr/local/www/status_slbd_pool.php b/usr/local/www/status_slbd_pool.php
index ca8ebe8..19fa5ec 100755
--- a/usr/local/www/status_slbd_pool.php
+++ b/usr/local/www/status_slbd_pool.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-loadbalancer-pool
+##|*NAME=Status: Load Balancer: Pool page
+##|*DESCR=Allow access to the 'Status: Load Balancer: Pool' page.
+##|*MATCH=status_slbd_pool.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['load_balancer']['lbpool'])) {
diff --git a/usr/local/www/status_slbd_vs.php b/usr/local/www/status_slbd_vs.php
index d722fe0..3cee12a 100755
--- a/usr/local/www/status_slbd_vs.php
+++ b/usr/local/www/status_slbd_vs.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-loadbalancer-virtualserver
+##|*NAME=Status: Load Balancer: Virtual Server page
+##|*DESCR=Allow access to the 'Status: Load Balancer: Virtual Server' page.
+##|*MATCH=status_slbd_vs.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['load_balancer']['lbpool'])) {
diff --git a/usr/local/www/status_upnp.php b/usr/local/www/status_upnp.php
index ca0c38d..cbf848f 100644
--- a/usr/local/www/status_upnp.php
+++ b/usr/local/www/status_upnp.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-upnpstatus
+##|*NAME=Status: UPnP Status page
+##|*DESCR=Allow access to the 'Status: UPnP Status' page.
+##|*MATCH=status_upnp.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if ($_POST) {
diff --git a/usr/local/www/status_wireless.php b/usr/local/www/status_wireless.php
index ae8faf7..8dd6b83 100755
--- a/usr/local/www/status_wireless.php
+++ b/usr/local/www/status_wireless.php
@@ -26,6 +26,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-wirelessstatus
+##|*NAME=Diagnostics: Wireless Status page
+##|*DESCR=Allow access to the 'Diagnostics: Wireless Status' page.
+##|*MATCH=status_wireless.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 
 function gentitle_pkg($pgname) {
diff --git a/usr/local/www/system.php b/usr/local/www/system.php
index 4011e57..b04e9ce 100755
--- a/usr/local/www/system.php
+++ b/usr/local/www/system.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-generalsetup
+##|*NAME=System: General Setup page
+##|*DESCR=Allow access to the 'System: General Setup' page.
+##|*MATCH=system.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pconfig['hostname'] = $config['system']['hostname'];
diff --git a/usr/local/www/system_advanced.php b/usr/local/www/system_advanced.php
index 871eedb..90e9b0b 100755
--- a/usr/local/www/system_advanced.php
+++ b/usr/local/www/system_advanced.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-advancedfunctions
+##|*NAME=System: Advanced functions page
+##|*DESCR=Allow access to the 'System: Advanced functions' page.
+##|*MATCH=system_advanced.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pconfig['disablefilter'] = $config['system']['disablefilter'];
diff --git a/usr/local/www/system_advanced_create_certs.php b/usr/local/www/system_advanced_create_certs.php
index 1727fc3..2f633b4 100755
--- a/usr/local/www/system_advanced_create_certs.php
+++ b/usr/local/www/system_advanced_create_certs.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-advancedfunctions-createcertificates
+##|*NAME=System: Advanced functions: Create Certificates page
+##|*DESCR=Allow access to the 'System: Advanced functions: Create Certificates' page.
+##|*MATCH=system_advanced_create_certs.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if(file_exists("/var/etc/ssl/openssl.cnf")) {
diff --git a/usr/local/www/system_firmware.php b/usr/local/www/system_firmware.php
index 2a42ef3..c55c860 100755
--- a/usr/local/www/system_firmware.php
+++ b/usr/local/www/system_firmware.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-firmware-manualupdate
+##|*NAME=System: Firmware: Manual Update page
+##|*DESCR=Allow access to the 'System: Firmware: Manual Update' page.
+##|*MATCH=system_firmware.php*
+##|-PRIV
+
+
 $d_isfwfile = 1;
 require_once("guiconfig.inc");
 
diff --git a/usr/local/www/system_firmware_auto.php b/usr/local/www/system_firmware_auto.php
index 426232f..c6ef8aa 100755
--- a/usr/local/www/system_firmware_auto.php
+++ b/usr/local/www/system_firmware_auto.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-firmware-checkforupdate
+##|*NAME=System: Firmware: Check For Update page
+##|*DESCR=Allow access to the 'System: Firmware: Check For Update' page.
+##|*MATCH=system_firmware_auto.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $curcfg = $config['system']['firmware'];
diff --git a/usr/local/www/system_firmware_check.php b/usr/local/www/system_firmware_check.php
index 69e1b09..54c72fb 100755
--- a/usr/local/www/system_firmware_check.php
+++ b/usr/local/www/system_firmware_check.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-firmware-autoupdate
+##|*NAME=System: Firmware: Auto Update page
+##|*DESCR=Allow access to the 'System: Firmware: Auto Update' page.
+##|*MATCH=system_firmware_check.php*
+##|-PRIV
+
+
 $d_isfwfile = 1;
 require("guiconfig.inc");
 
diff --git a/usr/local/www/system_firmware_settings.php b/usr/local/www/system_firmware_settings.php
index 3940ed8..a60919b 100755
--- a/usr/local/www/system_firmware_settings.php
+++ b/usr/local/www/system_firmware_settings.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-firmware-settings
+##|*NAME=System: Firmware: Settings page
+##|*DESCR=Allow access to the 'System: Firmware: Settings' page.
+##|*MATCH=system_firmware_settings.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if ($_POST) {
diff --git a/usr/local/www/system_gateway_groups.php b/usr/local/www/system_gateway_groups.php
index 647bb42..d142730 100755
--- a/usr/local/www/system_gateway_groups.php
+++ b/usr/local/www/system_gateway_groups.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-gatewaygroups
+##|*NAME=System: Gateway Groups page
+##|*DESCR=Allow access to the 'System: Gateway Groups' page.
+##|*MATCH=system_gateway_groups.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gateways']['gateway_group']))
diff --git a/usr/local/www/system_gateway_groups_edit.php b/usr/local/www/system_gateway_groups_edit.php
index 3ec8643..683db2a 100755
--- a/usr/local/www/system_gateway_groups_edit.php
+++ b/usr/local/www/system_gateway_groups_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-gateways-editgatewaygroups
+##|*NAME=System: Gateways: Edit Gateway Groups page
+##|*DESCR=Allow access to the 'System: Gateways: Edit Gateway Groups' page.
+##|*MATCH=system_gateway_groups_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gateways']['gateway_item']))
diff --git a/usr/local/www/system_gateways.php b/usr/local/www/system_gateways.php
index 7bc9142..9a678c3 100755
--- a/usr/local/www/system_gateways.php
+++ b/usr/local/www/system_gateways.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-gateways
+##|*NAME=System: Gateways page
+##|*DESCR=Allow access to the 'System: Gateways' page.
+##|*MATCH=system_gateways.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gateways']['gateway_item']))
diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php
index 4156066..76c0b9e 100755
--- a/usr/local/www/system_gateways_edit.php
+++ b/usr/local/www/system_gateways_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-gateways-editgateway
+##|*NAME=System: Gateways: Edit Gateway page
+##|*DESCR=Allow access to the 'System: Gateways: Edit Gateway' page.
+##|*MATCH=system_gateways_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gateways']['gateway_item']))
diff --git a/usr/local/www/system_groupmanager.php b/usr/local/www/system_groupmanager.php
index 48f3a7b..e79a77f 100644
--- a/usr/local/www/system_groupmanager.php
+++ b/usr/local/www/system_groupmanager.php
@@ -3,6 +3,9 @@
 	$Id: system_groupmanager.php 
 	part of m0n0wall (http://m0n0.ch/wall)
 
+	Copyright (C) 2008 Shrew Soft Inc.
+	All rights reserved. 
+
 	Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
 	All rights reserved. 
 
@@ -31,202 +34,76 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
-require("guiconfig.inc");
+##|+PRIV
+##|*IDENT=page-system-groupmanager
+##|*NAME=System: Group manager page
+##|*DESCR=Allow access to the 'System: Group manager' page.
+##|*MATCH=system_groupmanager.php*
+##|-PRIV
 
-$pgtitle = array("System", "Group manager");
 
-// Returns an array of pages with their descriptions
-function getAdminPageList() {
-	global $g;
-	global $config;
-	
-    $tmp = Array();
-
-    if ($dir = opendir($g['www_path'])) {
-		while($file = readdir($dir)) {
-	    	// Make sure the file exists
-	    	if($file != "." && $file != ".." && $file[0] != '.') {
-	    		// Is this a .php file?
-	    		if (fnmatch('*.php',$file)) {
-	    			// Read the description out of the file
-		    		$contents = file_get_contents($file);
-		    		// Looking for a line like:
-		    		// $pgtitle = array("System", "Group manager");
-		    		$offset = strpos($contents,'$pgtitle');
-		    		$titlepos = strpos($contents,'(',$offset);
-		    		$titleendpos = strpos($contents,')',$titlepos);
-		    		if (($offset > 0) && ($titlepos > 0) && ($titleendpos > 0)) {
-		    			// Title found, extract it
-		    			$title = str_replace(',',': ',str_replace(array('"'),'',substr($contents,++$titlepos,($titleendpos - $titlepos))));
-		    			$tmp[$file] = trim($title);
-		    		}
-		    		else {
-		    			$tmp[$file] = '';
-		    		}
-	    		
-	    		}
-	        }
-		}
+require("guiconfig.inc");
 
-        closedir($dir);
-        
-        // Sets Interfaces:Optional page that didn't read in properly with the above method,
-        // and pages that don't have descriptions.
-        $tmp['interfaces_opt.php'] = "Interfaces: Optional";
-        $tmp['graph.php'] = "Diagnostics: Interface Traffic";
-        $tmp['graph_cpu.php'] = "Diagnostics: CPU Utilization";
-        $tmp['exec.php'] = "Command";
-        $tmp['exec_raw.php'] = "Hidden: Exec Raw";
-        $tmp['status.php'] = "Hidden: Detailed Status";
-        $tmp['uploadconfig.php'] = "Hidden: Upload Configuration";
-        $tmp['index.php'] = "*After Login/Dashboard";
-        $tmp['system_usermanager.php'] = "*User Password change portal";
-        $tmp['diag_logs_settings.php'] = "Diagnostics: Logs: Settings";
-        $tmp['diag_logs_vpn.php'] = "Diagnostics: Logs: PPTP VPN";
-        $tmp['diag_logs_filter.php'] = "Diagnostics: Logs: Firewall";
-        $tmp['diag_logs_portal.php'] = "Diagnostics: Logs: Captive Portal";
-        $tmp['diag_logs_dhcp.php'] = "Diagnostics: Logs: DHCP";
-        $tmp['diag_logs.php'] = "Diagnostics: Logs: System";
-
-		$tmp['cg2.php'] = "CoreGUI GUI Manager";
-        
-        unset($tmp['system_groupmanager_edit.php']);
-        unset($tmp['firewall_rules_schedule_logic.php']);
-        unset($tmp['status_rrd_graph_img.php']);
-        unset($tmp['diag_new_states.php']);
-        unset($tmp['system_usermanager_edit.php']);
-        
-        $tmp['pkg.php'] = "{$g['product_name']} Package manager";
-        $tmp['pkg_edit.php'] = "{$g['product_name']} Package manager edit";
-        $tmp['wizard.php'] = "{$g['product_name']} wizard subsystem";
-        $tmp['graphs.php'] = "Graphing subsystem";
-        $tmp['headjs.php'] = "*Required for javascript";
-
-		$tmp['ifstats.php'] = ("*Hidden: XMLRPC Interface Stats");
-		$tmp['license.php'] = ("*System: License");
-		$tmp['progress.php'] = ("*Hidden: No longer included");
-		$tmp['diag_logs_filter_dynamic.php'] = ("*Hidden: No longer included"); 
-		$tmp['preload.php'] = ("*Hidden: XMLRPC Preloader");
-		$tmp['xmlrpc.php'] = ("*Hidden: XMLRPC Library");        
-		
-		$tmp['functions.inc.php'] = ("Hidden: Ajax Helper 1");
-		$tmp['javascript.inc.php'] = ("Hidden: Ajax Helper 2 ");
-		$tmp['sajax.class.php'] = ("Hidden: Ajax Helper 3");
-
-		/* custom pkg.php items */
-		$tmp['pkg.php?xml=openvpn.xml'] = ("VPN: OpenVPN");
-		$tmp['pkg_edit.php?xml=carp_settings.xml&id=0'] = ("Services: CARP Settings: Edit");
-		$tmp['pkg_edit.php?xml=olsrd.xml&id=0'] = ("Services: OLSR");
-		$tmp['pkg_edit.php?xml=openntpd.xml&id=0'] = ("Services: NTP Server");
-		
-		$tmp['system_usermanager_settings_test.php'] = ("System: User Manager: Settings: Test LDAP");
-		
-		/*  unset older openvpn scripts, we have a custom version
-		 *  included in CoreGUI */
-	 	unset($tmp['vpn_openvpn.php']);
-		unset($tmp['vpn_openvpn_crl.php']);
-		unset($tmp['vpn_openvpn_ccd.php']);
-		unset($tmp['vpn_openvpn_srv.php']);
-		unset($tmp['vpn_openvpn_cli.php']);
-		unset($tmp['vpn_openvpn_ccd_edit.php']);
-		unset($tmp['phpconfig.php']);
-		unset($tmp['system_usermanager_settings_ldapacpicker.php']);
-		
-        unset($tmp['progress.php']);
-        unset($tmp['stats.php']);
-        unset($tmp['phpinfo.php']);
-        unset($tmp['preload.php']);
-        
-        // Add appropriate descriptions for extensions, if they exist
-        if(file_exists("extensions.inc")){
-	   	   include("extensions.inc");
-		}
-		
-		/* firewall rule view and edit entries for lan, wan, optX */
-		$iflist = get_configured_interface_list(false, true);
-
-		// Firewall Rules
-		foreach ($iflist as $ifent => $ifname) {
-			$entryname = "firewall_rules.php?if={$ifname}";
-	        $tmp[$entryname] = ("Firewall: Rules: " . strtoupper($ifname));
-			$entryname = "firewall_rules_edit.php?if={$ifname}";
-	        $tmp[$entryname] = ("Firewall: Rules: Edit: " . strtoupper($ifname));
-		}
+$pgtitle = array("System", "Group manager");
 
-		/* additional firewal rules tab entries */
-		$entryname = "firewall_rules_edit.php?if=enc0";
-        $tmp[$entryname] = "Firewall: Rules: Edit: IPsec";
+if (!is_array($config['system']['group']))
+	$config['system']['group'] = array();
 
-		$entryname = "firewall_rules_edit.php?if=pptp";
-        $tmp[$entryname] = "Firewall: Rules: Edit: PPTP";
+admin_groups_sort();
+$a_group = &$config['system']['group'];
 
-		$entryname = "firewall_rules_edit.php?if=pppoe";
-        $tmp[$entryname] = "Firewall: Rules: Edit: PPPoE";
+$id = $_GET['id'];
+if (isset($_POST['id']))
+	$id = $_POST['id'];
 
-		// User manager
-		$entryname = "system_usermanager.php";
-		$tmp[$entryname] = "System: Change Password";
+if ($_GET['act'] == "delgroup") {
 
-		// User manager
-		$entryname = "system_usermanager";
-		$tmp[$entryname] = "System: User Manager";
+	if (!$a_group[$_GET['id']]) {
+		pfSenseHeader("system_groupmanager.php");
+		exit;
+	}
 
-		// NAT Items
-		foreach ($iflist as $ifent => $ifname) {
-			$entryname = "firewall_nat.php?if={$ifname}";
-	        $tmp[$entryname] = ("Firewall: NAT: Port Forward " . strtoupper($ifname));
-			$entryname = "firewall_nat_edit.php?if={$ifname}";
-	        $tmp[$entryname] = ("Firewall: NAT: Port Forward: Edit: " . strtoupper($ifname));
-		}
-		/* additional nat tab entries */
-		$entryname = "firewall_nat_edit.php?if=enc0";
-        $tmp[$entryname] = "Firewall: NAT: Port Forward: Edit: IPsec";
-        
-		$entryname = "firewall_nat_edit.php?if=pptp";
-        $tmp[$entryname] = "Firewall: NAT: Port Forward: Edit: PPTP";
-
-		$entryname = "firewall_nat_edit.php?if=pppoe";
-        $tmp[$entryname] = "Firewall: NAT: Port Forward: Edit: PPPoE";
-
-        asort($tmp);
-        return $tmp;
-    }
+	del_local_group($a_group[$_GET['id']]);
+	$groupdeleted = $a_group[$_GET['id']]['name'];
+	unset($a_group[$_GET['id']]);
+	write_config();
+	$savemsg = gettext("Group")." {$groupdeleted} ".
+				gettext("successfully deleted")."<br/>";
 }
 
-// Get a list of all admin pages & Descriptions
-$pages = getAdminPageList();
+if ($_GET['act'] == "delpriv") {
 
-if (!is_array($config['system']['group'])) {
-	$config['system']['group'] = array();
-}
-admin_groups_sort();
-$a_group = &$config['system']['group'];
+	if (!$a_group[$_GET['id']]) {
+		pfSenseHeader("system_groupmanager.php");
+		exit;
+	}
 
-$id = $_GET['id'];
-if (isset($_POST['id']))
-	$id = $_POST['id'];
-	
-if ($_GET['act'] == "del") {
-	if ($a_group[$_GET['id']]) {
-		del_local_group($a_group[$_GET['id']]);
-   		unset($a_group[$_GET['id']]);
-       	write_config();
-	    header("Location: system_groupmanager.php");
-	    exit;
+	$privdeleted = $priv_list[$a_group[$id]['priv'][$_GET['privid']]]['name'];
+	unset($a_group[$id]['priv'][$_GET['privid']]);
+
+	foreach ($a_group[$id]['member'] as $uid) {
+		$user = getUserEntryByUID($uid);
+		if ($user)
+			set_local_user($user);
 	}
-}	
+
+	write_config();
+	$_GET['act'] = "edit";
+	$savemsg = gettext("Privilege")." {$privdeleted} ".
+				gettext("successfully deleted")."<br/>";
+}
 
 if($_GET['act']=="edit"){
 	if (isset($id) && $a_group[$id]) {
 		$pconfig['name'] = $a_group[$id]['name'];
+		$pconfig['gid'] = $a_group[$id]['gid'];
+		$pconfig['gtype'] = $a_group[$id]['scope'];
 		$pconfig['description'] = $a_group[$id]['description'];
-		if (is_array($a_group[$id]['pages']))
-			$pconfig['pages'] = $a_group[$id]['pages'];
-		else
-			$pconfig['pages'] = array();
+		$pconfig['members'] = $a_group[$id]['member'];
+		$pconfig['priv'] = $a_group[$id]['priv'];
 	}
 }
-	
+
 if ($_POST) {
 
 	unset($input_errors);
@@ -259,14 +136,8 @@ if ($_POST) {
 		$group['name'] = $_POST['groupname'];
 		$group['description'] = $_POST['description'];
 
-		unset($group['pages']);
-		foreach ($pages as $fname => $title) {
-			$identifier = str_replace('.php','XXXUMXXX',$fname);
-			$identifier = str_replace('.','XXXDOTXXX',$identifier);
-			if ($_POST[$identifier] == 'yes') {
-				$group['pages'][] = $fname;
-			}
-		}
+		if ($group['gid'] != 1998) // all group
+			$group['member'] = $_POST['members'];
 
 		if (isset($id) && $a_group[$id])
 			$a_group[$id] = $group;
@@ -288,8 +159,59 @@ include("head.inc");
 ?>
 
 <body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
+<?php include("fbegin.inc"); ?>
+<script language="JavaScript">
+<!--
+
+function setall_selected(id) {
+	selbox = document.getElementById(id);
+	count = selbox.options.length;
+	for (index = 0; index<count; index++)
+		selbox.options[index].selected = true;
+}
+
+function clear_selected(id) {
+	selbox = document.getElementById(id);
+	count = selbox.options.length;
+	for (index = 0; index<count; index++)
+		selbox.options[index].selected = false;
+}
+
+function remove_selected(id) {
+	selbox = document.getElementById(id);
+	index = selbox.options.length - 1;
+	for (; index >= 0; index--)
+		if (selbox.options[index].selected)
+			selbox.remove(index);
+}
+
+function copy_selected(srcid, dstid) {
+	src_selbox = document.getElementById(srcid);
+	dst_selbox = document.getElementById(dstid);
+	count = src_selbox.options.length;
+	for (index = 0; index < count; index++) {
+		if (src_selbox.options[index].selected) {
+			option = document.createElement('option');
+			option.text = src_selbox.options[index].text;
+			option.value = src_selbox.options[index].value;
+			dst_selbox.add(option, null);
+		}
+	}
+}
+
+function move_selected(srcid, dstid) {
+	copy_selected(srcid, dstid);
+	remove_selected(srcid);
+}
+
+function presubmit() {
+	clear_selected('notmembers');
+	setall_selected('members');
+}
+
+//-->
+</script>
 <?php
-	include("fbegin.inc");
 	if ($input_errors)
 		print_input_errors($input_errors);
 	if ($savemsg)
@@ -302,7 +224,7 @@ include("head.inc");
 			<?php 
 				$tab_array = array();
 				$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
-				$tab_array[] = array(gettext("Group"), true, "system_groupmanager.php");
+				$tab_array[] = array(gettext("Groups"), true, "system_groupmanager.php");
 				$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
 				display_top_tabs($tab_array);
 			?>
@@ -327,70 +249,134 @@ include("head.inc");
 						el.elements[i].checked = false;
 				}
 			</script>
-			<form action="system_groupmanager.php" method="post" name="iform" id="iform">
+			<form action="system_groupmanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
 				<table width="100%" border="0" cellpadding="6" cellspacing="0">
+                    <?php
+                        $ro = "";
+                        if ($pconfig['gtype'] == "system")
+                            $ro = "readonly = \"readonly\"";
+                    ?>
+					<tr>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Defined by");?></td>
+						<td width="78%" class="vtable">
+							<strong><?=strtoupper($pconfig['gtype']);?></strong>
+							<input name="gtype" type="hidden" value="<?=$pconfig['gtype']?>"/>
+						</td>
+					</tr>
 					<tr> 
 						<td width="22%" valign="top" class="vncellreq">Group name</td>
 						<td width="78%" class="vtable"> 
-							<input name="groupname" type="text" class="formfld" id="groupname" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"> 
+							<input name="groupname" type="text" class="formfld group" id="groupname" size="20" value="<?=htmlspecialchars($pconfig['name']);?>" <?=$ro;?>> 
 						</td>
 					</tr>
 					<tr> 
 						<td width="22%" valign="top" class="vncell">Description</td>
 						<td width="78%" class="vtable"> 
-							<input name="description" type="text" class="formfld" id="description" size="20" value="<?=htmlspecialchars($pconfig['description']);?>">
+							<input name="description" type="text" class="formfld unknown" id="description" size="20" value="<?=htmlspecialchars($pconfig['description']);?>">
 							<br>
 							Group description, for your own information only
 						</td>
 					</tr>
+
+					<?php if ($pconfig['gid'] != 1998): // all users group ?>
+
 					<tr>
-						<td colspan="4">
-							<br>
-							Select that pages that this group may access.
-							Members of this group will be able to perform
-							all actions that are possible from each
-							individual web page. Ensure you set access
-							levels appropriately.<br>
-							<br>
-							<span class="vexpl">
-								<span class="red">
-									<strong>&nbsp;Note:</strong>
-								</span>
-								Pages marked with an * are strongly recommended
-								for every group.
-							</span>
-						</td>
-					</tr>
-					<tr>
-						<td colspan="4">
-							<input type="button" name="types[]" value="Check All" onClick="checkall(); return false;"> 
-							<input type="button" name="types[]" value="Check None" onClick="checknone(); return false;">
+						<td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td>
+						<td width="78%" class="vtable" align="center">
+							<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+								<tr>
+									<td align="center" width="50%">
+										<strong>Not Members</strong><br/>
+										<br/>
+											<select size="10" style="width: 75%" name="notmembers[]" class="formselect" id="notmembers" onChange="clear_selected('members')" multiple>
+											<?php
+												foreach ($config['system']['user'] as $user):
+													if (in_array($user['uid'],$pconfig['members']))
+														continue;
+											?>
+											<option value="<?=$user['uid'];?>" <?=$selected;?>>
+												<?=htmlspecialchars($user['name']);?>
+											</option>
+											<?php endforeach; ?>
+										</select>
+										<br/>
+									</td>
+									<td>
+										<br/>
+										<a href="javascript:move_selected('notmembers','members')">
+											<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="Add Members" alt="Add Members" width="17" height="17" border="0" />
+										</a>
+										<br/><br/>
+										<a href="javascript:move_selected('members','notmembers')">
+											<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="Remove Members" alt="Remove Members" width="17" height="17" border="0" />
+										</a>
+									</td>
+									<td align="center" width="50%">
+										<strong>Members</strong><br/>
+										<br/>
+										<select size="10" style="width: 75%" name="members[]" class="formselect" id="members" onChange="clear_selected('notmembers')" multiple>
+											<?php
+												foreach ($config['system']['user'] as $user):
+													if (!in_array($user['uid'],$pconfig['members']))
+														continue;
+											?>
+											<option value="<?=$user['uid'];?>">
+												<?=htmlspecialchars($user['name']);?>
+											</option>
+											<?php endforeach; ?>
+										</select>
+										<br/>
+									</td>
+								</tr>
+							</table>
+							<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
 						</td>
 					</tr>
+
+					<?php endif; ?>
+
 					<tr>
-						<td colspan="2">
-							<table width="100%" border="0" cellpadding="0" cellspacing="0">
+						<td width="22%" valign="top" class="vncell"><?=gettext("Effective Privileges");?></td>
+						<td width="78%" class="vtable">
+							<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
 								<tr>
-									<td class="listhdrr">&nbsp;</td>
-									<td class="listhdrr">Page Description</td>
-									<td class="listhdr">Filename</td>
+									<td width="40%" class="listhdrr"><?=gettext("Name");?></td>
+									<td width="60%" class="listhdrr"><?=gettext("Description");?></td>
+									<td class="list"></td>
+								</tr>
+								<?php
+									if(is_array($pconfig['priv'])):
+										$i = 0;
+										foreach ($pconfig['priv'] as $priv):
+								?>
+								<tr>
+									<td class="listr">
+										<?=htmlspecialchars($priv_list[$priv]['name']);?>
+									</td>
+									<td class="listbg">
+										<font color="#FFFFFF">
+											<?=htmlspecialchars($priv_list[$priv]['descr']);?>
+										</font>
+									</td>
+									<td valign="middle" nowrap class="list">
+										<a href="system_groupmanager.php?act=delpriv&id=<?=$id?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')">
+											<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" />
+										</a>
+									</td>
 								</tr>
-								<?php 
-									foreach ($pages as $fname => $title):
-										$identifier = str_replace('.php','XXXUMXXX',$fname);
-										$identifier = str_replace('.','XXXDOTXXX',$identifier);
-										$checked = "";
-										if (in_array($fname,$pconfig['pages']))
-											$checked = "checked";
+								<?php
+										$i++;
+                      					endforeach;
+									endif;
 								?>
 								<tr>
-									<td class="listlr">
-										<input class="check" name="<?=$identifier?>" type="checkbox" id="<?=$identifier?>" value="yes" <?=$checked;?>>
+									<td class="list" colspan="2"></td>
+									<td class="list">
+										<a href="system_groupmanager_addprivs.php?groupid=<?=$id?>">
+											<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" />
+										</a>
 									</td>
-									<td class="listr"><?=$title?></td>
-									<td class="listr"><?=$fname?></td>
 								</tr>
-								<?php endforeach; ?>
 							</table>
 						</td>
 					</tr>
@@ -400,7 +386,8 @@ include("head.inc");
 							<input name="save" type="submit" class="formbtn" value="Save"> 
 							<?php if (isset($id) && $a_group[$id]): ?>
 							<input name="id" type="hidden" value="<?=$id;?>">
-							<?php endif; ?>                
+							<input name="gid" type="hidden" value="<?=$pconfig['gid'];?>">
+							<?php endif; ?>
 						</td>
 					</tr>
 				</table>
@@ -412,27 +399,38 @@ include("head.inc");
 				<tr>
 					<td width="25%" class="listhdrr">Group name</td>
 					<td width="25%" class="listhdrr">Description</td>
-					<td width="15%" class="listhdrr">Member Count</td>
-					<td width="15%" class="listhdrr">Pages Accessible</td>
+					<td width="30%" class="listhdrr">Member Count</td>
 					<td width="10%" class="list"></td>
 				</tr>
 				<?php
 					$i = 0;
 					foreach($a_group as $group):
+
+						if($group['scope'] == "system")
+							$grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group-grey.png";
+						else
+							$grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group.png";
 				?>
 				<tr>
 					<td class="listlr">
-						<?=htmlspecialchars($group['name']); ?>&nbsp;
+						<table border="0" cellpadding="0" cellspacing="0">
+							<tr>
+								<td align="left" valign="center">
+									<img src="<?=$grpimg;?>" alt="User" title="User" border="0" height="16" width="16" />
+								</td>
+								</td>
+								<td align="left" valign="middle">
+									<?=htmlspecialchars($group['name']); ?>&nbsp;
+								</td>
+							</tr>
+						</table>
 					</td>
 					<td class="listr">
 						<?=htmlspecialchars($group['description']);?>&nbsp;
 					</td>
-					<td class="listr">
-						<?=count($group['member'])?>
-					</td>
 					<td class="listbg">
 						<font color="white">
-							<?=count($group['pages']);?>
+							<?=count($group['member'])?>
 						</font>
 					</td>
 					<td valign="middle" nowrap class="list">
@@ -440,9 +438,11 @@ include("head.inc");
 							<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="edit group" width="17" height="17" border="0">
 						</a>
 						&nbsp;
-						<a href="system_groupmanager.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this group?')">
+						<?php if($group['scope'] != "system"): ?>
+						<a href="system_groupmanager.php?act=delgroup&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this group?')">
 							<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="delete group" width="17" height="17" border="0">
 						</a>
+						<?php endif; ?>
 					</td>
 				</tr>
 				<?php
@@ -450,7 +450,7 @@ include("head.inc");
 					endforeach;
 				?>
 				<tr> 
-					<td class="list" colspan="4"></td>
+					<td class="list" colspan="3"></td>
 					<td class="list">
 						<a href="system_groupmanager.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="add group" width="17" height="17" border="0">
 						</a>
diff --git a/usr/local/www/system_groupmanager_addprivs.php b/usr/local/www/system_groupmanager_addprivs.php
new file mode 100644
index 0000000..6c808be
--- /dev/null
+++ b/usr/local/www/system_groupmanager_addprivs.php
@@ -0,0 +1,182 @@
+<?php
+/* $Id$ */
+/*
+	system_groupmanager_addprivs.php
+
+	Copyright (C) 2006 Daniel S. Haischt.
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+##|+PRIV
+##|*IDENT=page-system-groupmanager-addprivs
+##|*NAME=System: Group Manager: Add Privileges page
+##|*DESCR=Allow access to the 'System: Group Manager: Add Privileges' page.
+##|*MATCH=system_groupmanager_addprivs.php*
+##|-PRIV
+
+
+require("guiconfig.inc");
+
+$pgtitle = array("System","Group manager","Add privileges");
+
+$groupid = $_GET['groupid'];
+if (isset($_POST['groupid']))
+	$groupid = $_POST['groupid'];
+
+admin_groups_sort();
+$a_group = & $config['system']['group'][$groupid];
+
+if (!is_array($a_group)) {
+	pfSenseHeader("system_groupmanager.php?id={$groupid}");
+	exit;
+}
+
+if (!is_array($a_group['priv']))
+	$a_group['priv'] = array();
+
+if ($_POST) {
+
+	unset($input_errors);
+	$pconfig = $_POST;
+
+	/* input validation */
+	$reqdfields = explode(" ", "sysprivs");
+	$reqdfieldsn = explode(",", "Selected priveleges");
+
+	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+	/* if this is an AJAX caller then handle via JSON */
+	if(isAjax() && is_array($input_errors)) {
+		input_errors2Ajax($input_errors);
+		exit;
+	}
+
+	if (!$input_errors) {
+
+		if (!is_array($pconfig['sysprivs']))
+			$pconfig['sysprivs'] = array();
+
+		if (!count($a_group['priv']))
+			$a_group['priv'] = $pconfig['sysprivs'];
+		else
+			$a_group['priv'] = array_merge($a_group['priv'], $pconfig['sysprivs']);
+
+		foreach ($a_group['member'] as $uid) {
+			$user = getUserEntryByUID($uid);
+			if ($user)
+				set_local_user($user);
+		}
+
+		$retval = write_config();
+		$savemsg = get_std_save_message($retval);
+
+		pfSenseHeader("system_groupmanager.php?act=edit&id={$groupid}");
+		exit;
+	}
+}
+
+/* if ajax is calling, give them an update message */
+if(isAjax())
+	print_info_box_np($savemsg);
+
+include("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>">
+<?php include("fbegin.inc"); ?>
+<script type="text/javascript">
+<!--
+
+<?php
+
+if (is_array($priv_list)) {
+	$id = 0;
+
+	$jdescs = "var descs = new Array();\n";
+	foreach($priv_list as $pname => $pdata) {
+		if (in_array($pname, $a_group['priv']))
+			continue;
+		$desc = addslashes($pdata['descr']);
+		$jdescs .= "descs[{$id}] = '{$desc}';\n";
+		$id++;
+	}
+
+	echo $jdescs;
+}
+
+?>
+
+function update_description() {
+	var index = document.iform.sysprivs.selectedIndex;
+	document.getElementById("pdesc").innerHTML = descs[index];
+}
+
+//-->
+</script>
+<?php
+	if ($input_errors)
+		print_input_errors($input_errors);
+	if ($savemsg)
+		print_info_box($savemsg);
+?>
+	<form action="system_groupmanager_addprivs.php" method="post" name="iform" id="iform">
+		<div id="inputerrors"></div>
+		<table width="100%" border="0" cellpadding="6" cellspacing="0">
+			<tr>
+				<td width="22%" valign="top" class="vncellreq"><?=gettext("System Privileges");?></td>
+				<td width="78%" class="vtable">
+					<select name="sysprivs[]" id="sysprivs" class="formselect" onchange="update_description();" multiple>
+						<?php
+							foreach($priv_list as $pname => $pdata):
+								if (in_array($pname, $a_group['priv']))
+									continue;
+						?>
+						<option value="<?=$pname;?>"><?=$pdata['name'];?></option>
+						<?php endforeach; ?>
+					</select>
+					<br/>
+					<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
+				</td>
+			</tr>
+			<tr height="60">
+				<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
+				<td width="78%" valign="top" class="vtable" id="pdesc">
+					<em>Select a privilege from the list above for a description</em>
+				</td>
+			</tr>
+			<tr>
+				<td width="22%" valign="top">&nbsp;</td>
+				<td width="78%">
+					<input id="submitt"  name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
+					<input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" />
+					<?php if (isset($groupid)): ?>
+					<input name="groupid" type="hidden" value="<?=$groupid;?>" />
+					<?php endif; ?>
+				</td>
+			</tr>
+		</table>
+	</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/usr/local/www/system_routes.php b/usr/local/www/system_routes.php
index a51e416..0c2175a 100755
--- a/usr/local/www/system_routes.php
+++ b/usr/local/www/system_routes.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-staticroutes
+##|*NAME=System: Static Routes page
+##|*DESCR=Allow access to the 'System: Static Routes' page.
+##|*MATCH=system_routes.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['staticroutes']['route']))
diff --git a/usr/local/www/system_routes_edit.php b/usr/local/www/system_routes_edit.php
index 16ef541..d0cd5ef 100755
--- a/usr/local/www/system_routes_edit.php
+++ b/usr/local/www/system_routes_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-staticroutes-editroute
+##|*NAME=System: Static Routes: Edit route page
+##|*DESCR=Allow access to the 'System: Static Routes: Edit route' page.
+##|*MATCH=system_routes_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['staticroutes']['route']))
diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php
index 0c440b0..791fae6 100644
--- a/usr/local/www/system_usermanager.php
+++ b/usr/local/www/system_usermanager.php
@@ -4,6 +4,9 @@
     system_usermanager.php
     part of m0n0wall (http://m0n0.ch/wall)
 
+    Copyright (C) 2008 Shrew Soft Inc.
+    All rights reserved.
+
     Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
     All rights reserved.
 
@@ -32,6 +35,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-usermanager
+##|*NAME=System: User Manager page
+##|*DESCR=Allow access to the 'System: User Manager' page.
+##|*MATCH=system_usermanager.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (isAllowedPage("system_usermanager")) {
@@ -47,32 +58,38 @@ if (isAllowedPage("system_usermanager")) {
 		$config['system']['user'] = array();
 
 	admin_users_sort();
-	if (is_array($config['system']['user'])) 
-		$a_user = &$config['system']['user'];
-	$t_privs = $a_user[$id]['priv'];
+	$a_user = &$config['system']['user'];
 
-	if ($_GET['act'] == "del") {
+	if ($_GET['act'] == "deluser") {
 
-		if (($_GET['what'] == "user") && $a_user[$_GET['id']]) {
-			del_local_user($a_user[$_GET['id']]);
-			$userdeleted = $a_user[$_GET['id']]['name'];
-			unset($a_user[$_GET['id']]);
-			write_config();
-			$retval = system_password_configure();
-			$savemsg = gettext("User")." {$userdeleted} ".
-						gettext("successfully deleted")."<br/>";
+		if (!$a_user[$_GET['id']]) {
+			pfSenseHeader("system_usermanager.php");
+			exit;
 		}
 
-		if (($_GET['what'] == "priv") && $t_privs[$_GET['privid']]) {
- 			$privdeleted = $t_privs[$_GET['privid']]['id'];
- 			unset($a_user[$id]['priv'][$_GET['privid']]);
-			write_config();
-			unset($t_privs[$_GET['privid']]);
-			$_GET['act'] = "edit";
-			$savemsg = gettext("Privilege")." {$privdeleted} ".
-						gettext("of user")." {$a_user[$_GET['id']]['name']} ".
-						gettext("successfully deleted")."<br/>";
+		del_local_user($a_user[$_GET['id']]);
+		$userdeleted = $a_user[$_GET['id']]['name'];
+		unset($a_user[$_GET['id']]);
+		write_config();
+		$retval = system_password_configure();
+		$savemsg = gettext("User")." {$userdeleted} ".
+					gettext("successfully deleted")."<br/>";
+	}
+
+	if ($_GET['act'] == "delpriv") {
+
+		if (!$a_user[$_GET['id']]) {
+			pfSenseHeader("system_usermanager.php");
+			exit;
 		}
+
+		$privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name'];
+		unset($a_user[$id]['priv'][$_GET['privid']]);
+		write_config();
+		unset($t_privs[$_GET['privid']]);
+		$_GET['act'] = "edit";
+		$savemsg = gettext("Privilege")." {$privdeleted} ".
+					gettext("successfully deleted")."<br/>";
 	}
 
 	if ($_GET['act'] == "edit") {
@@ -83,6 +100,7 @@ if (isAllowedPage("system_usermanager")) {
 			$pconfig['utype'] = $a_user[$id]['scope'];
 			$pconfig['uid'] = $a_user[$id]['uid'];
 			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
+			$pconfig['priv'] = $a_user[$id]['priv'];
 		}
 	}
 
@@ -154,9 +172,6 @@ if (isAllowedPage("system_usermanager")) {
 
 			isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
 
-			if ($_POST['passwordfld1'])
-				 set_local_user_password($userent, $_POST['passwordfld1']);
-
 			if(isset($config['system']['ssh']['sshdkeyonly']))
 				$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
 
@@ -167,7 +182,7 @@ if (isAllowedPage("system_usermanager")) {
 				$a_user[] = $userent;
 			}
 
-			set_local_user($userent);
+			set_local_user($userent, $_POST['passwordfld1']);
 			set_local_user_groups($userent,$_POST['groups']);
 			write_config();
 			$retval = system_password_configure();
@@ -180,8 +195,59 @@ if (isAllowedPage("system_usermanager")) {
 ?>
 
 <body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
+<?php include("fbegin.inc"); ?>
+<script language="JavaScript">
+<!--
+
+function setall_selected(id) {
+	selbox = document.getElementById(id);
+	count = selbox.options.length;
+	for (index = 0; index<count; index++)
+		selbox.options[index].selected = true;
+}
+
+function clear_selected(id) {
+	selbox = document.getElementById(id);
+	count = selbox.options.length;
+	for (index = 0; index<count; index++)
+		selbox.options[index].selected = false;
+}
+
+function remove_selected(id) {
+	selbox = document.getElementById(id);
+	index = selbox.options.length - 1;
+	for (; index >= 0; index--)
+		if (selbox.options[index].selected)
+			selbox.remove(index);
+}
+
+function copy_selected(srcid, dstid) {
+	src_selbox = document.getElementById(srcid);
+	dst_selbox = document.getElementById(dstid);
+	count = src_selbox.options.length;
+	for (index = 0; index < count; index++) {
+		if (src_selbox.options[index].selected) {
+			option = document.createElement('option');
+			option.text = src_selbox.options[index].text;
+			option.value = src_selbox.options[index].value;
+			dst_selbox.add(option, null);
+		}
+	}
+}
+
+function move_selected(srcid, dstid) {
+	copy_selected(srcid, dstid);
+	remove_selected(srcid);
+}
+
+function presubmit() {
+	clear_selected('notgroups');
+	setall_selected('groups');
+}
+
+//-->
+</script>
 <?php
-	include("fbegin.inc");
 	if ($input_errors)
 		print_input_errors($input_errors);
 	if ($savemsg)
@@ -193,7 +259,7 @@ if (isAllowedPage("system_usermanager")) {
 		<?php
 			$tab_array = array();
 			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
-			$tab_array[] = array(gettext("Group"), false, "system_groupmanager.php");
+			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
 			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
 			display_top_tabs($tab_array);
 		?>
@@ -204,13 +270,20 @@ if (isAllowedPage("system_usermanager")) {
 
 			<?php if ($_GET['act'] == "new" || $_GET['act'] == "edit" || $input_errors): ?>
 
-			<form action="system_usermanager.php" method="post" name="iform" id="iform">
+			<form action="system_usermanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
 				<table width="100%" border="0" cellpadding="6" cellspacing="0">
 					<?php
 						$ro = "";
 						if ($pconfig['utype'] == "system")
 							$ro = "readonly = \"readonly\"";
 					?>
+                    <tr>
+                        <td width="22%" valign="top" class="vncell"><?=gettext("Defined by");?></td>
+                        <td width="78%" class="vtable">
+                            <strong><?=strtoupper($pconfig['utype']);?></strong>
+							<input name="utype" type="hidden" value="<?=$pconfig['utype']?>"/>
+                        </td>
+                    </tr>
 					<tr>
 						<td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td>
 						<td width="78%" class="vtable">
@@ -237,128 +310,139 @@ if (isAllowedPage("system_usermanager")) {
 							<?=gettext("User's full name, for your own information only");?>
 						</td>
 					</tr>
+
+					<?php if (isset($config['system']['ssh']['sshdkeyonly'])): ?>
+
 					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("User type");?></td>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
 						<td width="78%" class="vtable">
-							<input name="utype" type="text" class="formfld unknown" id="utype" size="20" value="<?=htmlspecialchars($pconfig['utype']);?>" readonly="readonly" />
+							<textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert" wrap="off"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea>
 							<br/>
-							<?=gettext("Indicates whether this is a system (aka non-deletable) user or a user created by a particular user.");?>
+							<?=gettext("Paste an authorized keys file here.");?>
+						</td>
+					</tr>
+
+					<?php endif; ?>
+
+					<tr>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td>
+						<td width="78%" class="vtable" align="center">
+							<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+								<tr>
+									<td align="center" width="50%">
+										<strong>Not Member Of</strong><br/>
+										<br/>
+										<select size="10" style="width: 75%" name="notgroups[]" class="formselect" id="notgroups" onChange="clear_selected('groups')" multiple>
+											<?php
+												foreach ($config['system']['group'] as $group):
+													if ($group['gid'] == 1998) /* all users group */
+														continue;
+													if (in_array($group['name'],$pconfig['groups']))
+														continue;
+											?>
+											<option value="<?=$group['name'];?>" <?=$selected;?>>
+												<?=htmlspecialchars($group['name']);?>
+											</option>
+											<?php endforeach; ?>
+										</select>
+										<br/>
+									</td>
+									<td>
+										<br/>
+										<a href="javascript:move_selected('notgroups','groups')">
+											<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="Add Groups" alt="Add Groups" width="17" height="17" border="0" />
+										</a>
+										<br/><br/>
+										<a href="javascript:move_selected('groups','notgroups')">
+											<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="Remove Groups" alt="Remove Groups" width="17" height="17" border="0" />
+										</a>
+									</td>
+									<td align="center" width="50%">
+										<strong>Member Of</strong><br/>
+										<br/>
+										<select size="10" style="width: 75%" name="groups[]" class="formselect" id="groups" onChange="clear_selected('nogroups')" multiple>
+											<?php
+												foreach ($config['system']['group'] as $group):
+													if ($group['gid'] == 1998) /* all users group */
+														continue;
+													if (!in_array($group['name'],$pconfig['groups']))
+														continue;
+											?>
+											<option value="<?=$group['name'];?>">
+												<?=htmlspecialchars($group['name']);?>
+											</option>
+											<?php endforeach; ?>
+										</select>
+										<br/>
+									</td>
+								</tr>
+							</table>
+							<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
 						</td>
 					</tr>
 
 					<?php if ($pconfig['uid']): ?>
 
 					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("User Privileges");?></td>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Effective Privileges");?></td>
 						<td width="78%" class="vtable">
 							<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
 								<tr>
-									<td width="5%" class="listhdrr"><?=gettext("ID");?></td>
+									<td width="20%" class="listhdrr"><?=gettext("Inherited From");?></td>
 									<td width="30%" class="listhdrr"><?=gettext("Name");?></td>
 									<td width="40%" class="listhdrr"><?=gettext("Description");?></td>
-									<td width="5%" class="list"></td>
+									<td class="list"></td>
 								</tr>
 								<?php
-									if(is_array($t_privs)):
+										
+									$privdesc = get_user_privdesc($a_user[$_GET['id']]);
+									if(is_array($privdesc)):
 										$i = 0;
-										foreach ($t_privs as $priv):
-											if($priv['id'] <> ""):
+										foreach ($privdesc as $priv):
+										$group = false;
+										if ($priv['group'])
+											$group = $priv['group'];
 								?>
 								<tr>
-									<td class="listlr" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit.php?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>>
-										<?=htmlspecialchars($priv['id']);?>
-									</td>
-									<td class="listr" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit.php?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>>
+									<td class="listlr"><?=$group;?></td>
+									<td class="listr">
 										<?=htmlspecialchars($priv['name']);?>
 									</td>
-									<td class="listbg" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>>
-										<font color="#FFFFFF"><?=htmlspecialchars($priv['descr']);?>&nbsp;</font>
+									<td class="listbg">
+										<font color="#FFFFFF">
+											<?=htmlspecialchars($priv['descr']);?>
+										</font>
 									</td>
 									<td valign="middle" nowrap class="list">
-										<?php if($a_user[$id]['scope'] == "user"): ?>
-										<table border="0" cellspacing="0" cellpadding="1">
-											<tr>
-												<td valign="middle">
-													<a href="system_usermanager_edit.php?id=<?=$i;?>&userid=<?= $id ?>&useract=<?= $_GET['act'] ?>">
-														<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="" />
-													</a>
-												</td>
-												<td valign="middle">
-													<a href="system_usermanager.php?act=del&privid=<?=$i;?>&what=priv&id=<?= $id ?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')">
-														<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" />
-													</a>
-												</td>
-											</tr>
-										</table>
+										<?php if (!$group): ?>
+										<a href="system_usermanager.php?act=delpriv&id=<?=$id?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')">
+											<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" />
+										</a>
 										<?php endif; ?>
 									</td>
 								</tr>
 								<?php
-											endif;
-										$i++;
+										/* can only delete user priv indexes */
+										if (!$group)
+											$i++;
 										endforeach;
 									endif;
-										if ($a_user[$id]['scope'] == "user"):
 								?>
 								<tr>
 									<td class="list" colspan="3"></td>
 									<td class="list">
-										<table border="0" cellspacing="0" cellpadding="1">
-											<tr>
-												<td valign="middle">
-													<a href="system_usermanager_edit.php?userid=<?= $id ?>&useract=<?= $_GET['act'] ?>">
-														<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" />
-													</a>
-												</td>
-											</tr>
-										</table>
+										<a href="system_usermanager_addprivs.php?userid=<?=$id?>">
+											<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" />
+										</a>
 									</td>
 								</tr>
-								<?php
-									endif;
-								?>
 							</table>
 						</td>
 					</tr>
 
 					<?php endif; ?>
-					<?php if (isset($config['system']['ssh']['sshdkeyonly'])): ?>
 
 					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
-						<td width="78%" class="vtable">
-							<textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert" wrap="off"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea>
-							<br/>
-							<?=gettext("Paste an authorized keys file here.");?>
-						</td>
-					</tr>
-
-					<?php endif; ?>
-
-					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td>
-						<td width="78%" class="vtable">
-							<select size="10" name="groups[]" class="formselect" id="groups" multiple>
-								<?php
-									foreach ($config['system']['group'] as $group):
-										if ($group['gid'] != 1998): /* all users group */
-											$selected = "";
-											if (in_array($group['name'],$pconfig['groups']))
-												$selected = "selected";
-								?>
-								<option value="<?=$group['name'];?>" <?=$selected;?>>
-									<?=htmlspecialchars($group['name']);?>
-								</option>
-								<?php
-										endif;
-									endforeach;
-								?>
-							</select>
-							<br/>
-							<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
-						</td>
-					</tr>
-					<tr>
 						<td width="22%" valign="top">&nbsp;</td>
 						<td width="78%">
 							<input id="submit" name="save" type="submit" class="formbtn" value="Save" />
@@ -371,7 +455,6 @@ if (isAllowedPage("system_usermanager")) {
 			</form>
 
 			<?php else: ?>
-
 			<table width="100%" border="0" cellpadding="0" cellspacing="0">
 				<tr>
 					<td width="25%" class="listhdrr">Username</td>
@@ -389,10 +472,10 @@ if (isAllowedPage("system_usermanager")) {
 							<tr>
 								<td align="left" valign="center">
 									<?php
-										if($userent['scope'] == "user")
-											$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png";
-										else
+										if($userent['scope'] != "user")
 											$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user-grey.png";
+										else
+											$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png";
 									?>
 									<img src="<?=$usrimg;?>" alt="User" title="User" border="0" height="16" width="16" />
 								</td>
@@ -413,9 +496,9 @@ if (isAllowedPage("system_usermanager")) {
 						<a href="system_usermanager.php?act=edit&id=<?=$i;?>">
 							<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="edit user" alt="edit user" width="17" height="17" border="0" />
 						</a>
-						<?php if($userent['scope'] == "user"): ?>
+						<?php if($userent['scope'] != "system"): ?>
 						&nbsp;
-						<a href="system_usermanager.php?act=del&what=user&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')">
+						<a href="system_usermanager.php?act=deluser&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')">
 							<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="delete user" alt="delete user" width="17" height="17" border="0" />
 						</a>
 						<?php endif; ?>
@@ -460,6 +543,7 @@ if (isAllowedPage("system_usermanager")) {
 } else {
 
 	// start normal user code
+
 	$pgtitle = array("System","User Password");
 
 	if (isset($_POST['save'])) {
@@ -542,30 +626,7 @@ if (isAllowedPage("system_usermanager")) {
 </body>
 
 <?php
-} // end of normal user code
 
-/*
- * NOTE : sections of the code below are based on the BSD
- *		  licensed CHAP.php courtesy of Michael Retterklieber.
- */
-function set_password_hashes(& $userent, $password) {
-
-	$userent['password'] = crypt($password);
-	$userent['md5-hash'] = md5($password);
-/*
- *	Waiting for mhash
- *
- *	// Converts ascii to unicode.
- *	$astr = (string) $password;
- *	$ustr = '';
- *	for ($i = 0; $i < strlen($astr); $i++) {
- *		$a = ord($astr{$i}) << 8;
- *		$ustr.= sprintf("%X", $a);
- *	}
- *
- *	// Generate the NT-HASH from the unicode string
- *	$userent['nt-hash'] = bin2hex(mhash(MHASH_MD4, $ustr));
- */
-}
+} // end of normal user code
 
 ?>
diff --git a/usr/local/www/system_usermanager_addprivs.php b/usr/local/www/system_usermanager_addprivs.php
new file mode 100644
index 0000000..61758b7
--- /dev/null
+++ b/usr/local/www/system_usermanager_addprivs.php
@@ -0,0 +1,181 @@
+<?php
+/* $Id$ */
+/*
+	system_usermanager_addprivs.php
+
+	Copyright (C) 2006 Daniel S. Haischt.
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+##|+PRIV
+##|*IDENT=page-system-usermanager-addprivs
+##|*NAME=System: User Manager: Add Privileges page
+##|*DESCR=Allow access to the 'System: User Manager: Add Privileges' page.
+##|*MATCH=system_usermanager_addprivs.php*
+##|-PRIV
+
+
+require("guiconfig.inc");
+
+$pgtitle = array("System","User manager","Add privileges");
+
+$userid = $_GET['userid'];
+if (isset($_POST['userid']))
+	$userid = $_POST['userid'];
+
+admin_users_sort();
+$a_user = & $config['system']['user'][$userid];
+if (!is_array($a_user)) {
+	pfSenseHeader("system_usermanager.php?id={$userid}");
+	exit;
+}
+
+if (!is_array($a_user)) {
+	pfSenseHeader("system_usermanager.php");
+	exit;
+}
+
+if (!is_array($a_user['priv']))
+	$a_user['priv'] = array();
+
+if ($_POST) {
+
+	unset($input_errors);
+	$pconfig = $_POST;
+
+	/* input validation */
+	$reqdfields = explode(" ", "sysprivs");
+	$reqdfieldsn = explode(",", "Selected priveleges");
+
+	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+	/* if this is an AJAX caller then handle via JSON */
+	if(isAjax() && is_array($input_errors)) {
+		input_errors2Ajax($input_errors);
+		exit;
+	}
+
+	if (!$input_errors) {
+
+		if (!is_array($pconfig['sysprivs']))
+			$pconfig['sysprivs'] = array();
+
+		if (!count($a_user['priv']))
+			$a_user['priv'] = $pconfig['sysprivs'];
+		else
+			$a_user['priv'] = array_merge($a_user['priv'], $pconfig['sysprivs']);
+
+		set_local_user($a_user);
+		$retval = write_config();
+		$savemsg = get_std_save_message($retval);
+
+		pfSenseHeader("system_usermanager.php?act=edit&id={$userid}");
+		exit;
+	}
+}
+
+/* if ajax is calling, give them an update message */
+if(isAjax())
+	print_info_box_np($savemsg);
+
+include("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>">
+<?php include("fbegin.inc"); ?>
+<script type="text/javascript">
+<!--
+
+<?php
+
+if (is_array($priv_list)) {
+	$id = 0;
+
+	$jdescs = "var descs = new Array();\n";
+	foreach($priv_list as $pname => $pdata) {
+		if (in_array($pname, $a_user['priv']))
+			continue;
+		$desc = addslashes($pdata['descr']);
+		$jdescs .= "descs[{$id}] = '{$desc}';\n";
+		$id++;
+	}
+
+	echo $jdescs;
+}
+
+?>
+
+function update_description() {
+	var index = document.iform.sysprivs.selectedIndex;
+	document.getElementById("pdesc").innerHTML = descs[index];
+}
+
+//-->
+</script>
+<?php
+	if ($input_errors)
+		print_input_errors($input_errors);
+	if ($savemsg)
+		print_info_box($savemsg);
+?>
+	<form action="system_usermanager_addprivs.php" method="post" name="iform" id="iform">
+		<div id="inputerrors"></div>
+		<table width="100%" border="0" cellpadding="6" cellspacing="0">
+			<tr>
+				<td width="22%" valign="top" class="vncellreq"><?=gettext("System Privileges");?></td>
+				<td width="78%" class="vtable">
+					<select name="sysprivs[]" id="sysprivs" class="formselect" onchange="update_description();" multiple>
+						<?php
+							foreach($priv_list as $pname => $pdata):
+								if (in_array($pname, $a_user['priv']))
+									continue;
+						?>
+						<option value="<?=$pname;?>"><?=$pdata['name'];?></option>
+						<?php endforeach; ?>
+					</select>
+					<br/>
+					<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
+				</td>
+			</tr>
+			<tr height="60">
+				<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
+				<td width="78%" valign="top" class="vtable" id="pdesc">
+					<em>Select a privilege from the list above for a description</em>
+				</td>
+			</tr>
+			<tr>
+				<td width="22%" valign="top">&nbsp;</td>
+				<td width="78%">
+					<input id="submitt"  name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
+					<input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" />
+					<?php if (isset($userid)): ?>
+					<input name="userid" type="hidden" value="<?=$userid;?>" />
+					<?php endif; ?>
+				</td>
+			</tr>
+		</table>
+	</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/usr/local/www/system_usermanager_edit.php b/usr/local/www/system_usermanager_edit.php
deleted file mode 100644
index af4a9b3..0000000
--- a/usr/local/www/system_usermanager_edit.php
+++ /dev/null
@@ -1,281 +0,0 @@
-<?php
-/* $Id$ */
-/*
-	system_usermanager_edit.php
-
-	Copyright (C) 2006 Daniel S. Haischt.
-	All rights reserved.
-
-	Redistribution and use in source and binary forms, with or without
-	modification, are permitted provided that the following conditions are met:
-
-	1. Redistributions of source code must retain the above copyright notice,
-	   this list of conditions and the following disclaimer.
-
-	2. Redistributions in binary form must reproduce the above copyright
-	   notice, this list of conditions and the following disclaimer in the
-	   documentation and/or other materials provided with the distribution.
-
-	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-	POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require("guiconfig.inc");
-
-$pgtitle = array("System","User manager","Edit privilege");
-
-/*
-	NOTE: The following code presumes, that the following XML structure
-	exists or if it does not exist, it will be created.
-
-	<priv>
-		<id>fooid</id>
-		<name>foo</name>
-		<descr>foo desc</descr>
-	</priv>
-	<priv>
-		<id>barid</id>
-		<name>bar</name>
-		<descr>bar desc</descr>
-	</priv>
-*/
-
-$useract = $_GET['useract'];
-if (isset($_POST['useract']))
-	$useract = $_POST['useract'];
-
-/* USERID must be set no matter whether this is a new entry or an existing entry */
-$userid = $_GET['userid'];
-if (isset($_POST['userid']))
-	$userid = $_POST['userid'];
-
-/* ID is only set if the user wants to edit an existing entry */
-$id = $_GET['id'];
-if (isset($_POST['id']))
-	$id = $_POST['id'];
-
-if (empty($config['system']['user'][$userid])) {
-	pfSenseHeader("system_usermanager.php?id={$userid}&act={$_GET['useract']}");
-	exit;
-}
-
-if (!is_array($config['system']['user'][$userid]['priv']))
-	$config['system']['user'][$userid]['priv'] = array();
-
-$t_privs = &$config['system']['user'][$userid]['priv'];
-
-if (isset($id) && $t_privs[$id]) {
-	$pconfig['pid'] = $t_privs[$id]['id'];
-	$pconfig['pname'] = $t_privs[$id]['name'];
-	$pconfig['descr'] = $t_privs[$id]['descr'];
-} else {
-	$pconfig['pid'] = $_GET['pid'];
-	$pconfig['pname'] = $_GET['pname'];
-	$pconfig['descr'] = $_GET['descr'];
-}
-
-if ($_POST) {
-
-	unset($input_errors);
-	$pconfig = $_POST;
-
-	/* input validation */
-	$reqdfields = explode(" ", "pid pname");
-	$reqdfieldsn = explode(",", "ID, Privilege Name");
-
-	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
-	/* check for overlaps */
-	foreach ($t_privs as $priv) {
-		if (isset($id) && ($t_privs[$id]) && ($t_privs[$id] === $priv))
-			continue;
-		if ($priv['id'] == $pconfig['pid']) {
-			$input_errors[] = gettext("This privilege ID already exists.");
-			break;
-		}
-	}
-
-	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $userindex[$userid]['name']))
-		$input_errors[] = gettext("The username contains invalid characters " .
-								"((this means this user can't be used to create" .
-								" a shell account).");
-
-	/* if this is an AJAX caller then handle via JSON */
-	if(isAjax() && is_array($input_errors)) {
-		input_errors2Ajax($input_errors);
-		exit;
-	}
-
-	if (!$input_errors) {
-		$priv = array();
-		$priv['id'] = $pconfig['pid'];
-		$priv['name'] = $pconfig['pname'];
-		$priv['descr'] = $pconfig['descr'];
-
-		if (isset($id) && $t_privs[$id])
-			$t_privs[$id] = $priv;
-		else
-			$t_privs[] = $priv;
-	
-		set_local_user($config['system']['user'][$userid]);
-		write_config();
-
-		$retval = 0;
-		config_lock();
-		config_unlock();
-
-		$savemsg = get_std_save_message($retval);
-
-		pfSenseHeader("system_usermanager.php?id={$userid}&act={$useract}");
-		exit;
-	}
-}
-
-/* if ajax is calling, give them an update message */
-if(isAjax())
-	print_info_box_np($savemsg);
-
-include("head.inc");
-
-$jscriptstr = <<<EOD
-<script type="text/javascript">
-<!--
-
-  var privs = new Array();
-
-
-EOD;
-
-$privs =& getSystemPrivs();
-
-if (is_array($privs)) {
-  $id = 0;
-
-  $jscriptstr .= "privs[{$id}] = new Object();\n";
-  $jscriptstr .= "privs[{$id}]['id'] = 'custom';\n";
-  $jscriptstr .= "privs[{$id}]['name'] = '*** Custom privilege ***';\n";
-  $jscriptstr .= "privs[{$id}]['desc'] = 'This is your own, user defined privilege that you may change according to your requirements.';\n";
-  $id++;
-
-  foreach($privs as $priv){
-    $jscriptstr .= "privs[{$id}] = new Object();\n";
-    $jscriptstr .= "privs[{$id}]['id'] = '{$priv['id']}';\n";
-    $jscriptstr .= "privs[{$id}]['name'] = '{$priv['name']}';\n";
-    $jscriptstr .= "privs[{$id}]['desc'] = '{$priv['desc']}';\n";
-    $id++;
-  }
-}
-
-$jscriptstr .= <<<EOD
-  function setTextFields() {
-    var idx = document.iform.sysprivs.selectedIndex;
-    var value = document.iform.sysprivs.options[idx].value;
-
-    for (var i = 0; i < privs.length; i++) {
-      if (privs[i]['id'] == value && privs[i]['id'] != 'custom') {
-        document.iform.pid.value = privs[i]['id'];
-        document.iform.pid.readOnly = true;
-        document.iform.pname.value = privs[i]['name'];
-        document.iform.pname.readOnly = true;
-        document.iform.descr.value = privs[i]['desc'];
-        document.iform.descr.readOnly = true;
-        break;
-      } else if (privs[i]['id'] == value) {
-        document.iform.pid.value = privs[i]['id'];
-        document.iform.pid.readOnly = false;
-        document.iform.pname.value = privs[i]['name'];
-        document.iform.pname.readOnly = false;
-        document.iform.descr.value = privs[i]['desc'];
-        document.iform.descr.readOnly = false;
-        break;
-      }
-    }
-  }
-
-//-->
-</script>
-
-EOD;
-
-include("head.inc");
-
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>">
-<?php include("fbegin.inc"); ?>
-<?php echo $jscriptstr; ?>
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) print_info_box($savemsg); ?>
-            <form action="system_usermanager_edit.php" method="post" name="iform" id="iform">
-            <div id="inputerrors"></div>
-              <table width="100%" border="0" cellpadding="6" cellspacing="0">
-                <tr>
-                  <td width="22%" valign="top" class="vncellreq"><?=gettext("System Privileges");?></td>
-                  <td width="78%" class="vtable">
-                    <select name="sysprivs" id="sysprivs" class="formselect" onchange="setTextFields();">
-                      <option value="custom">*** Custom privilege ***</option>
-                    <?php
-                      $privs =& getSystemPrivs();
-
-                      if (is_array($privs)) {
-                        foreach($privs as $priv){
-                          if (isset($config['system']['ssh']['sshdkeyonly']) &&  $priv['name'] <> "copyfiles")
-                              echo "<option value=\"{$priv['id']}\">${priv['name']}</option>";
-                          else if (empty($config['system']['ssh']['sshdkeyonly']))
-                              echo "<option value=\"{$priv['id']}\">${priv['name']}</option>";
-                        }
-                      }
-                    ?>
-                    </select><br />
-                    (If you do not want to define your own privilege, you may
-                    select one from this list)
-                  </td>
-                </tr>
-                <tr>
-                  <td width="22%" valign="top" class="vncellreq"><?=gettext("Privilege Identifier");?></td>
-                  <td width="78%" class="vtable">
-                    <input name="pid" type="text" class="formfld unknown" id="pid" size="30" value="<?=htmlspecialchars($pconfig['pid']);?>" />
-                  </td>
-                </tr>
-                <tr>
-                  <td width="22%" valign="top" class="vncellreq"><?=gettext("Privilege Name");?></td>
-                  <td width="78%" class="vtable">
-                    <input name="pname" type="text" class="formfld unknown" id="pname" size="30" value="<?=htmlspecialchars($pconfig['pname']);?>" />
-                  </td>
-                </tr>
-                <tr>
-                  <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
-                  <td width="78%" class="vtable">
-                    <input name="descr" type="text" class="formfld unknown" id="descr" size="60" value="<?=htmlspecialchars($pconfig['descr']);?>" />
-                    <br /> <span class="vexpl"><?=gettext("You may enter a description here
-                    for your reference (not parsed).");?></span></td>
-                </tr>
-                <tr>
-                  <td width="22%" valign="top">&nbsp;</td>
-                  <td width="78%">
-                    <input id="submitt"  name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
-                    <input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" />
-                    <?php if (isset($id) && $t_privs[$id]): ?>
-                    <input name="id" type="hidden" value="<?=$id;?>" />
-                    <?php endif; ?>
-                    <?php if (isset($userid)): ?>
-                    <input name="userid" type="hidden" value="<?=$userid;?>" />
-                    <?php endif; ?>
-                    <?php if (isset($useract)): ?>
-                    <input name="useract" type="hidden" value="<?=$useract;?>" />
-                    <?php endif; ?>
-                  </td>
-                </tr>
-              </table>
-            </form>
-<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php
index c283bad..c1d3a71 100755
--- a/usr/local/www/system_usermanager_settings.php
+++ b/usr/local/www/system_usermanager_settings.php
@@ -30,6 +30,14 @@
     ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
     POSSIBILITY OF SUCH DAMAGE.
 */
+##|+PRIV
+##|*IDENT=page-system-usermanager-settings
+##|*NAME=System: User manager: settings page
+##|*DESCR=Allow access to the 'System: User manager: settings' page.
+##|*MATCH=system_usermanager_settings.php*
+##|-PRIV
+
+
 
 if($_POST['savetest'])
 	$save_and_test = true;
@@ -215,7 +223,7 @@ include("head.inc");
 <?php
     $tab_array = array();
     $tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
-    $tab_array[] = array(gettext("Group"), false, "system_groupmanager.php");
+    $tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
     $tab_array[] = array(gettext("Settings"), true, "system_usermanager_settings.php");
     display_top_tabs($tab_array);
 
diff --git a/usr/local/www/system_usermanager_settings_test.php b/usr/local/www/system_usermanager_settings_test.php
index 796f642..d613a4d 100755
--- a/usr/local/www/system_usermanager_settings_test.php
+++ b/usr/local/www/system_usermanager_settings_test.php
@@ -28,6 +28,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-usermanager-settings-testldap
+##|*NAME=System: User Manager: Settings: Test LDAP page
+##|*DESCR=Allow access to the 'System: User Manager: Settings: Test LDAP' page.
+##|*MATCH=system_usermanager_settings_test.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $ldapserver = $config['system']['webgui']['ldapserver'];
diff --git a/usr/local/www/uploadconfig.php b/usr/local/www/uploadconfig.php
index 364cbfe..af58111 100644
--- a/usr/local/www/uploadconfig.php
+++ b/usr/local/www/uploadconfig.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-hidden-uploadconfiguration
+##|*NAME=Hidden: Upload Configuration page
+##|*DESCR=Allow access to the 'Hidden: Upload Configuration' page.
+##|*MATCH=uploadconfig.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 header("Content-Type: text/plain");
diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php
index d6761be..049415f 100755
--- a/usr/local/www/vpn_ipsec.php
+++ b/usr/local/www/vpn_ipsec.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-ipsec
+##|*NAME=VPN: IPsec page
+##|*DESCR=Allow access to the 'VPN: IPsec' page.
+##|*MATCH=vpn_ipsec.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['ipsec']['phase1']))
diff --git a/usr/local/www/vpn_ipsec_ca.php b/usr/local/www/vpn_ipsec_ca.php
index 25d0f4e..76f5399 100755
--- a/usr/local/www/vpn_ipsec_ca.php
+++ b/usr/local/www/vpn_ipsec_ca.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-ipsec-certificateauthority
+##|*NAME=VPN: IPsec: Certificate Authority page
+##|*DESCR=Allow access to the 'VPN: IPsec: Certificate Authority' page.
+##|*MATCH=vpn_ipsec_ca.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['ipsec']['cacert'])) {
diff --git a/usr/local/www/vpn_ipsec_ca_edit.php b/usr/local/www/vpn_ipsec_ca_edit.php
index 73b55a6..814e153 100755
--- a/usr/local/www/vpn_ipsec_ca_edit.php
+++ b/usr/local/www/vpn_ipsec_ca_edit.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-ipsec-certificateauthority-edit
+##|*NAME=VPN: IPsec: Certificate Authority: Edit page
+##|*DESCR=Allow access to the 'VPN: IPsec: Certificate Authority: Edit' page.
+##|*MATCH=vpn_ipsec_ca_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['ipsec']['cacert'])) {
diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php
index 7158610..56ce76f 100755
--- a/usr/local/www/vpn_ipsec_mobile.php
+++ b/usr/local/www/vpn_ipsec_mobile.php
@@ -27,6 +27,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-ipsec-mobile
+##|*NAME=VPN: IPsec: Mobile page
+##|*DESCR=Allow access to the 'VPN: IPsec: Mobile' page.
+##|*MATCH=vpn_ipsec_mobile.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['ipsec']['phase1']))
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php
index 0378105..a085494 100644
--- a/usr/local/www/vpn_ipsec_phase1.php
+++ b/usr/local/www/vpn_ipsec_phase1.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-ipsec-editphase1
+##|*NAME=VPN: IPsec: Edit Phase 1 page
+##|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 1' page.
+##|*MATCH=vpn_ipsec_phase1.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['ipsec']['phase1']))
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php
index 00c89f5..4108595 100644
--- a/usr/local/www/vpn_ipsec_phase2.php
+++ b/usr/local/www/vpn_ipsec_phase2.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-ipsec-editphase2
+##|*NAME=VPN: IPsec: Edit Phase 2 page
+##|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 2' page.
+##|*MATCH=vpn_ipsec_phase2.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['ipsec']['client']))
diff --git a/usr/local/www/vpn_openvpn_certs_create.php b/usr/local/www/vpn_openvpn_certs_create.php
index 57dbc05..294e441 100644
--- a/usr/local/www/vpn_openvpn_certs_create.php
+++ b/usr/local/www/vpn_openvpn_certs_create.php
@@ -30,6 +30,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-openvpn-createcerts
+##|*NAME=VPN: OpenVPN: Create Certs page
+##|*DESCR=Allow access to the 'VPN: OpenVPN: Create Certs' page.
+##|*MATCH=vpn_openvpn_certs_create.php*
+##|-PRIV
+
+
 require("globals.inc");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/vpn_openvpn_certs_existing.php b/usr/local/www/vpn_openvpn_certs_existing.php
index 8654a08..90534de 100644
--- a/usr/local/www/vpn_openvpn_certs_existing.php
+++ b/usr/local/www/vpn_openvpn_certs_existing.php
@@ -30,6 +30,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-openvpn-createexistingcerts
+##|*NAME=VPN: OpenVPN: Create Existing Certs page
+##|*DESCR=Allow access to the 'VPN: OpenVPN: Create Existing Certs' page.
+##|*MATCH=vpn_openvpn_certs_existing.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pgtitle = array("VPN", "OpenVPN", "Create Existing Certs");
diff --git a/usr/local/www/vpn_openvpn_cli_edit.php b/usr/local/www/vpn_openvpn_cli_edit.php
index f1d3dc0..6fdbb75 100755
--- a/usr/local/www/vpn_openvpn_cli_edit.php
+++ b/usr/local/www/vpn_openvpn_cli_edit.php
@@ -27,6 +27,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-openvpn-editclient
+##|*NAME=VPN: OpenVPN: Edit client page
+##|*DESCR=Allow access to the 'VPN: OpenVPN: Edit client' page.
+##|*MATCH=vpn_openvpn_cli_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 require_once("openvpn.inc");
 
diff --git a/usr/local/www/vpn_openvpn_create_certs.php b/usr/local/www/vpn_openvpn_create_certs.php
index 5a7992a..3cd847f 100755
--- a/usr/local/www/vpn_openvpn_create_certs.php
+++ b/usr/local/www/vpn_openvpn_create_certs.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-openvpn-createcerts
+##|*NAME=VPN: OpenVPN: Create Certs page
+##|*DESCR=Allow access to the 'VPN: OpenVPN: Create Certs' page.
+##|*MATCH=vpn_openvpn_create_certs.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 function get_file_contents($filename) {
diff --git a/usr/local/www/vpn_openvpn_crl_edit.php b/usr/local/www/vpn_openvpn_crl_edit.php
index e982e11..bfd0b79 100755
--- a/usr/local/www/vpn_openvpn_crl_edit.php
+++ b/usr/local/www/vpn_openvpn_crl_edit.php
@@ -27,6 +27,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-openvpn-editcrl
+##|*NAME=VPN: OpenVPN: Edit CRL page
+##|*DESCR=Allow access to the 'VPN: OpenVPN: Edit CRL' page.
+##|*MATCH=vpn_openvpn_crl_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 require_once("openvpn.inc");
 
diff --git a/usr/local/www/vpn_openvpn_srv_edit.php b/usr/local/www/vpn_openvpn_srv_edit.php
index 1b1f249..35d4249 100755
--- a/usr/local/www/vpn_openvpn_srv_edit.php
+++ b/usr/local/www/vpn_openvpn_srv_edit.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-openvpn-editserver
+##|*NAME=VPN: OpenVPN: Edit server page
+##|*DESCR=Allow access to the 'VPN: OpenVPN: Edit server' page.
+##|*MATCH=vpn_openvpn_srv_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 require_once("openvpn.inc");
 
diff --git a/usr/local/www/vpn_pppoe.php b/usr/local/www/vpn_pppoe.php
index 7855ac1..2faa4f1 100755
--- a/usr/local/www/vpn_pppoe.php
+++ b/usr/local/www/vpn_pppoe.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-pppoeserver
+##|*NAME=Services: PPPoE Server page
+##|*DESCR=Allow access to the 'Services: PPPoE Server' page.
+##|*MATCH=vpn_pppoe.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['pppoe']['radius'])) {
diff --git a/usr/local/www/vpn_pppoe_users.php b/usr/local/www/vpn_pppoe_users.php
index 64dfaad..7cbf0f2 100755
--- a/usr/local/www/vpn_pppoe_users.php
+++ b/usr/local/www/vpn_pppoe_users.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-pppoeserver-users
+##|*NAME=Services: PPPoE Server: Users page
+##|*DESCR=Allow access to the 'Services: PPPoE Server: Users' page.
+##|*MATCH=vpn_pppoe_users.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['pppoe']['user'])) {
diff --git a/usr/local/www/vpn_pppoe_users_edit.php b/usr/local/www/vpn_pppoe_users_edit.php
index 8481aab..b5f6108 100755
--- a/usr/local/www/vpn_pppoe_users_edit.php
+++ b/usr/local/www/vpn_pppoe_users_edit.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-pppoeserver-user-edit
+##|*NAME=Services: PPPoE Server: User: Edit page
+##|*DESCR=Allow access to the 'Services: PPPoE Server: User: Edit' page.
+##|*MATCH=vpn_pppoe_users_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['pppoe']['user'])) {
diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php
index 41c5a87..0bd1070 100755
--- a/usr/local/www/vpn_pptp.php
+++ b/usr/local/www/vpn_pptp.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-vpnpptp
+##|*NAME=VPN: VPN PPTP page
+##|*DESCR=Allow access to the 'VPN: VPN PPTP' page.
+##|*MATCH=vpn_pptp.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['pptpd']['radius'])) {
diff --git a/usr/local/www/vpn_pptp_users.php b/usr/local/www/vpn_pptp_users.php
index d6127ca..62533dc 100755
--- a/usr/local/www/vpn_pptp_users.php
+++ b/usr/local/www/vpn_pptp_users.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-vpnpptp-users
+##|*NAME=VPN: VPN PPTP: Users page
+##|*DESCR=Allow access to the 'VPN: VPN PPTP: Users' page.
+##|*MATCH=vpn_pptp_users.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['pptpd']['user'])) {
diff --git a/usr/local/www/vpn_pptp_users_edit.php b/usr/local/www/vpn_pptp_users_edit.php
index bafb704..dfad162 100755
--- a/usr/local/www/vpn_pptp_users_edit.php
+++ b/usr/local/www/vpn_pptp_users_edit.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-vpnpptp-user-edit
+##|*NAME=VPN: VPN PPTP: User: Edit page
+##|*DESCR=Allow access to the 'VPN: VPN PPTP: User: Edit' page.
+##|*MATCH=vpn_pptp_users_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['pptpd']['user'])) {
diff --git a/usr/local/www/wizard.php b/usr/local/www/wizard.php
index 5253caa..c9dae67 100755
--- a/usr/local/www/wizard.php
+++ b/usr/local/www/wizard.php
@@ -27,6 +27,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-pfsensewizardsubsystem
+##|*NAME=pfSense wizard subsystem page
+##|*DESCR=Allow access to the 'pfSense wizard subsystem' page.
+##|*MATCH=wizard.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 function gentitle_pkg($pgname) {
diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php
index f42e61a..85d8aa0 100755
--- a/usr/local/www/xmlrpc.php
+++ b/usr/local/www/xmlrpc.php
@@ -31,6 +31,14 @@
 		* Expose more functions.
 */
 
+##|+PRIV
+##|*IDENT=page-xmlrpclibrary
+##|*NAME=XMLRPC Library page
+##|*DESCR=Allow access to the 'XMLRPC Library' page.
+##|*MATCH=xmlrpc.php*
+##|-PRIV
+
+
 require_once("xmlrpc_server.inc");
 require_once("xmlrpc.inc");
 require_once("config.inc");
-- 
cgit v1.1