From 5028007b7aa5b6b0b771c9ea86452b7a573745fd Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 10:14:12 +0100
Subject: [PATCH 001/300] Add wireguard install option

---
 installers/common.sh | 44 ++++++++++++++++++++++++++++++++++++++------
 1 file changed, 38 insertions(+), 6 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index a64e8d1c..e52d62d7 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -235,17 +235,35 @@ function _install_adblock() {
     _install_status 0
 }
 
-# Prompt to install openvpn
-function _prompt_install_openvpn() {
-    _install_log "Configure OpenVPN support"
-    echo -n "Install OpenVPN and enable client configuration? [Y/n]: "
+# Prompt to install VPN
+function _prompt_install_vpn() {
+    _install_log "Configure VPN support"
+    echo -n "Install VPN and enable client configuration? [Y/n]: "
     if [ "$assume_yes" == 0 ]; then
         read answer < /dev/tty
         if [ "$answer" != "${answer#[Nn]}" ]; then
             echo -e
         else
-            _install_openvpn
+            _install_vpn
         fi
+    elif [ "$ovpn_option" == 1 ]; then
+        _install_vpn
+    else
+        echo "(Skipped)"
+    fi
+}
+
+function _install_vpn() {
+    echo -n "Install [O]penVPN or [W]ireguard? [O/W]: "
+    if [ "$assume_yes" == 0 ]; then
+        read answer < /dev/tty
+        case $answer in
+            [oO]* )
+                _install_openvpn;
+                break;;
+            [wW]* )
+                _install_wireguard;
+        esac
     elif [ "$ovpn_option" == 1 ]; then
         _install_openvpn
     else
@@ -253,6 +271,20 @@ function _prompt_install_openvpn() {
     fi
 }
 
+# Install Wireguard from the Debian unstable distro
+function _install_wireguard() {
+    _install_log "Configure Wireguard support"
+    echo "Installing Wireguard from Debian unstable distro"
+    echo "Adding Debian distro"
+    echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"
+    sudo apt-get install dirmngr || _install_status 1 "Unable to install dirmngr"
+    echo "Adding Debian distro keys"
+    sudo wget -q -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add - || _install_status 1 "Unable to add keys"
+    printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
+    sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
+    _install_status 0
+}
+
 # Install openvpn and enable client configuration option
 function _install_openvpn() {
     _install_log "Installing OpenVPN and enabling client configuration"
@@ -537,7 +569,7 @@ function _install_raspap() {
     _default_configuration
     _configure_networking
     _prompt_install_adblock
-    _prompt_install_openvpn
+    _prompt_install_vpn
     _patch_system_files
     _install_complete
 }

From 7e58feeec0eae36cef5f56798d1695fe357db22c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 11:04:36 +0100
Subject: [PATCH 002/300] Enable wg management UI

---
 installers/common.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index e52d62d7..a58e4ba7 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -254,7 +254,7 @@ function _prompt_install_vpn() {
 }
 
 function _install_vpn() {
-    echo -n "Install [O]penVPN or [W]ireguard? [O/W]: "
+    echo -n "Install [O]penVPN or [W]ireGuard? [O/W]: "
     if [ "$assume_yes" == 0 ]; then
         read answer < /dev/tty
         case $answer in
@@ -273,15 +273,18 @@ function _install_vpn() {
 
 # Install Wireguard from the Debian unstable distro
 function _install_wireguard() {
-    _install_log "Configure Wireguard support"
-    echo "Installing Wireguard from Debian unstable distro"
+    _install_log "Configure WireGuard support"
+    echo "Installing WireGuard from Debian unstable distro"
     echo "Adding Debian distro"
     echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"
     sudo apt-get install dirmngr || _install_status 1 "Unable to install dirmngr"
     echo "Adding Debian distro keys"
     sudo wget -q -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add - || _install_status 1 "Unable to add keys"
     printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
+    echo "Installing WireGuard"
     sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
+    echo "Enabling WireGuard management option"
+    sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php"
     _install_status 0
 }
 

From 2bedbad71a89be18656f0ff89ed3e70f72715775 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 11:05:15 +0100
Subject: [PATCH 003/300] Add wireguard constants

---
 config/config.php     | 3 +++
 includes/defaults.php | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/config/config.php b/config/config.php
index f638b2a7..50e6442a 100755
--- a/config/config.php
+++ b/config/config.php
@@ -21,6 +21,8 @@ define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant');
 define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
 define('RASPI_OPENVPN_SERVER_CONFIG', '/etc/openvpn/server/server.conf');
+define('RASPI_WIREGUARD_SERVER_CONFIG', '/etc/wireguard/wg0.conf');
+define('RASPI_WIREGUARD_CLIENT_CONFIG', '/etc/wireguard/wg0-client.conf');
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
 define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 
@@ -34,6 +36,7 @@ define('RASPI_NETWORK_ENABLED', true);
 define('RASPI_DHCP_ENABLED', true);
 define('RASPI_ADBLOCK_ENABLED', false);
 define('RASPI_OPENVPN_ENABLED', false);
+define('RASPI_WIREGUARD_ENABLED', false);
 define('RASPI_TORPROXY_ENABLED', false);
 define('RASPI_CONFAUTH_ENABLED', true);
 define('RASPI_CHANGETHEME_ENABLED', true);
diff --git a/includes/defaults.php b/includes/defaults.php
index 9598ce9b..ddf9ea92 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -25,6 +25,8 @@ $defaults = [
   'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf',
   'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf',
   'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf',
+  'RASPI_WIREGUARD_SERVER_CONFIG' => '/etc/wireguard/wg0.conf',
+  'RASPI_WIREGUARD_CLIENT_CONFIG' => '/etc/wireguard/wg0-client.conf',
   'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc',
   'RASPI_LIGHTTPD_CONFIG' => '/etc/lighttpd/lighttpd.conf',
 
@@ -35,6 +37,7 @@ $defaults = [
   'RASPI_DHCP_ENABLED' => true,
   'RASPI_ADBLOCK_ENABLED' => false,
   'RASPI_OPENVPN_ENABLED' => false,
+  'RASPI_WIREGUARD_ENABLED' => false,
   'RASPI_TORPROXY_ENABLED' => false,
   'RASPI_CONFAUTH_ENABLED' => true,
   'RASPI_CHANGETHEME_ENABLED' => true,

From 4c0de339560f65bed3d9e9e613a5e0e1252567d7 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 12:52:03 +0100
Subject: [PATCH 004/300] Update w/ wg_conf

---
 index.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/index.php b/index.php
index c2fe13ee..837ebef3 100755
--- a/index.php
+++ b/index.php
@@ -40,6 +40,7 @@ require_once 'includes/themes.php';
 require_once 'includes/data_usage.php';
 require_once 'includes/about.php';
 require_once 'includes/openvpn.php';
+require_once 'includes/wireguard.php';
 require_once 'includes/torproxy.php';
 
 $output = $return = 0;
@@ -164,6 +165,11 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
           <?php if (RASPI_OPENVPN_ENABLED) : ?>
         <li class="nav-item">
           <a class="nav-link" href="index.php?page=openvpn_conf"><i class="fas fa-key fa-fw mr-2"></i><span class="nav-label"><?php echo _("OpenVPN"); ?></a>
+        </li>
+          <?php endif; ?>
+          <?php if (RASPI_WIREGUARD_ENABLED) : ?>
+        <li class="nav-item">
+          <a class="nav-link" href="index.php?page=wg_conf"><i class="fas fa-key fa-fw mr-2"></i><span class="nav-label"><?php echo _("WireGuard"); ?></a>
         </li>
           <?php endif; ?>
           <?php if (RASPI_TORPROXY_ENABLED) : ?>
@@ -257,6 +263,9 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
         case "openvpn_conf":
             DisplayOpenVPNConfig();
             break;
+        case "wg_conf":
+            DisplayWireGuardConfig();
+            break;
         case "torproxy_conf":
             DisplayTorProxyConfig();
             break;

From db497de7d0965cbd11ea3f02031e74e8a4b5af79 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 12:53:46 +0100
Subject: [PATCH 005/300] Initial commit: wg templates

---
 includes/wireguard.php   | 48 +++++++++++++++++++++++++++++++++++++
 templates/wg/general.php |  0
 templates/wg/logging.php |  0
 templates/wireguard.php  | 51 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 99 insertions(+)
 create mode 100644 includes/wireguard.php
 create mode 100644 templates/wg/general.php
 create mode 100644 templates/wg/logging.php
 create mode 100644 templates/wireguard.php

diff --git a/includes/wireguard.php b/includes/wireguard.php
new file mode 100644
index 00000000..a0c2ed94
--- /dev/null
+++ b/includes/wireguard.php
@@ -0,0 +1,48 @@
+<?php
+
+require_once 'includes/status_messages.php';
+require_once 'config.php';
+
+/**
+ * Manage WireGuard configuration
+ */
+function DisplayWireGuardConfig()
+{
+    $status = new StatusMessages();
+    if (!RASPI_MONITOR_ENABLED) {
+        if (isset($_POST['savewgettings'])) {
+            if (isset($_POST['authUser'])) {
+                $authUser = strip_tags(trim($_POST['authUser']));
+            }
+            if (isset($_POST['authPassword'])) {
+                $authPassword = strip_tags(trim($_POST['authPassword']));
+            }
+        } elseif (isset($_POST['startwg'])) {
+            $status->addMessage('Attempting to start WireGuard', 'info');
+            exec('sudo /bin/systemctl start wg-quick@wg0', $return);
+            exec('sudo /bin/systemctl enable wg-quick@wg0', $return);
+            foreach ($return as $line) {
+                $status->addMessage($line, 'info');
+            }
+        } elseif (isset($_POST['stopwg'])) {
+            $status->addMessage('Attempting to stop WireGuard', 'info');
+            exec('sudo /bin/systemctl stop wg-quick@wg0', $return);
+            exec('sudo /bin/systemctl disable wg-quick@wg0', $return);
+            foreach ($return as $line) {
+                $status->addMessage($line, 'info');
+            }
+        }
+    }
+
+    exec('pidof wg | wc -l', $wgstatus);
+
+    $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
+
+    echo renderTemplate(
+        "wireguard", compact(
+            "status",
+            "serviceStatus"
+        )
+    );
+}
+
diff --git a/templates/wg/general.php b/templates/wg/general.php
new file mode 100644
index 00000000..e69de29b
diff --git a/templates/wg/logging.php b/templates/wg/logging.php
new file mode 100644
index 00000000..e69de29b
diff --git a/templates/wireguard.php b/templates/wireguard.php
new file mode 100644
index 00000000..b3f33796
--- /dev/null
+++ b/templates/wireguard.php
@@ -0,0 +1,51 @@
+  <?php ob_start() ?>
+    <?php if (!RASPI_MONITOR_ENABLED) : ?>
+      <input type="submit" class="btn btn-outline btn-primary" name="savewgsettings" value="<?php echo _("Save settings"); ?>">
+      <?php if ($dnsmasq_state) : ?>
+        <input type="submit" class="btn btn-warning" name="restartwg" value="<?php echo _("Restart WireGuard"); ?>">
+      <?php else : ?>
+        <input type="submit" class="btn btn-success" name="startwg" value="<?php echo _("Start WireGuard"); ?>">
+      <?php endif ?>
+    <?php endif ?>
+  <?php $buttons = ob_get_clean(); ob_end_clean() ?>
+
+  <div class="row">
+    <div class="col-lg-12">
+      <div class="card">
+        <div class="card-header">
+          <div class="row">
+            <div class="col">
+              <i class="fas fa-key fa-fw mr-2"></i><?php echo _("WireGuard"); ?>
+            </div>
+            <div class="col">
+              <button class="btn btn-light btn-icon-split btn-sm service-status float-right">
+                <span class="icon text-gray-600"><i class="fas fa-circle service-status-<?php echo $serviceStatus ?>"></i></span>
+                <span class="text service-status">wg <?php echo _($serviceStatus) ?></span>
+              </button>
+            </div>
+          </div><!-- /.row -->
+        </div><!-- /.card-header -->
+        <div class="card-body">
+        <?php $status->showMessages(); ?>
+          <form role="form" action="?page=wg_conf" enctype="multipart/form-data" method="POST">
+            <?php echo CSRFTokenFieldTag() ?>
+            <!-- Nav tabs -->
+            <ul class="nav nav-tabs">
+                <li class="nav-item"><a class="nav-link active" id="clienttab" href="#wgsettings" data-toggle="tab"><?php echo _("WireGuard settings"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="logoutputtab" href="#wglogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
+            </ul>
+
+            <!-- Tab panes -->
+            <div class="tab-content">
+              <?php echo renderTemplate("wg/general", $__template_data) ?>
+              <?php echo renderTemplate("wg/logging", $__template_data) ?>
+            </div><!-- /.tab-content -->
+
+          <?php echo $buttons ?>
+          </form>
+        </div><!-- /.card-body -->
+        <div class="card-footer"><?php echo _("Information provided by wireguard"); ?></div>
+      </div><!-- /.card -->
+    </div><!-- /.col-lg-12 -->
+  </div><!-- /.row -->
+

From 070b1db4257785c6052f23d9a9a3d61ac63ba966 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 22:35:16 +0100
Subject: [PATCH 006/300] Create RaspAP webfont

---
 dist/raspap/css/fonts/RaspAP.eot  | Bin 0 -> 2392 bytes
 dist/raspap/css/fonts/RaspAP.svg  |  12 +++++++
 dist/raspap/css/fonts/RaspAP.ttf  | Bin 0 -> 2232 bytes
 dist/raspap/css/fonts/RaspAP.woff | Bin 0 -> 2308 bytes
 dist/raspap/css/style.css         |  54 ++++++++++++++++++++++++++++++
 5 files changed, 66 insertions(+)
 create mode 100755 dist/raspap/css/fonts/RaspAP.eot
 create mode 100755 dist/raspap/css/fonts/RaspAP.svg
 create mode 100755 dist/raspap/css/fonts/RaspAP.ttf
 create mode 100755 dist/raspap/css/fonts/RaspAP.woff
 create mode 100644 dist/raspap/css/style.css

diff --git a/dist/raspap/css/fonts/RaspAP.eot b/dist/raspap/css/fonts/RaspAP.eot
new file mode 100755
index 0000000000000000000000000000000000000000..d77690f6fda5ba960971730d722cece920d258ab
GIT binary patch
literal 2392
zcmaJ@O>7&-6@G7LcXqiXml92KNsAIGG9e?`q_m_+N^U|YaI9ESL>qD}2dx~Nkr~;R
zL<+Ku+CdQn=q0x#w-hN5pg_@{f&gg&15FDTMGgh>gA^@L<l0lvTyu-VezT+y%P~5b
zpYMJ1=DoK+^JZQO5Z$$im^3<EnBHc^ym0O?uXG0`v*5n>@ElQyR;f)lX_uZMwbX&!
zp-s9)+u--WBxnuH9(1l#kGhm4kIFQQnTOYcQqF?(1__!ydw!-8i5kBI^D)|$jh*(c
zyY`Pap_GRF;%58iF2)haYP2@D@4Wii-#>l}@@*o6u65d1lfV7LzlbDcs$T<P{#ASq
z`9sK$UEA5e?U?XJ@}H2C+r5pp_Iv&YG8#EM?c2K);swaxLC$vDJDub6BflXs;h$gI
z?cLl*oG8}2YMz96iQk4}(tf3V3g)fB$p57(<Gmj$jIa-vr-{C1aj$=mo)&1BJb3X+
zFRMD=oAQ{(++Y;GR+@C02XB*w537O8e$D;+{k~cROg`rRe_S2w9<<BE(26|3;m2q!
z_$oi>{eRAYjeDYxsMGlPS9pT!2!6I$=3*hAGaWXiH*3m-o2XVAO>We^$LozcM0bMK
zEU3A9ZLUy^mpPx4X4PTLxR^oBJFo&%je0})x{CME_yoI^gsUK0v5?D8Gn5Zj!+>9v
zjf1L~1Y8$pScTE3SA0gAvY0EtOTmv$b$+eQ^8zC*ugo(H`#D(zU&yH*&xUB#BR09}
zo!}}$$;0-5gV~c@#3LR=0Z^??a2z4x0U;C}j>ix^V5MI51{Mp_6n(?Ew6*=|A3ImC
z*tVvvZr%9m%NsW?YJC4vVS2ii%|=a4k1TplLg#=LF1Xf+#hHu{vn4ZV#Pea+Ewk(<
zIhpi+8c9dY%bqi$jbt4DwKMMMme5Vz2$`BGB5B7-g*DA!VH&ZiSS%NGgtTkNMyHNM
z^U+M!Fe;P9McY1B4u%qe+@vA(%;VB}@~N3h<zhAy4A^!#H(8kci5rOs9kW*1yrP-X
zny}2Y<yKSj_y`M)O<_fCD;8wIfl-U2X(t#DhGMohRv+WF;+b3^7C=<O(8Cjvk#wq(
z6o$|Yag0@g0gZ(&G+h%?@E5I>KdrQ$U;gO%<qK<{U07Q^|H=8)4_s-)QpvpYnB&cd
z!s9VLU_{139E}MPoXcgWOkHZBOw?pOT`FyqXC}U%*KNaFHln2z{A#bmkrB`h!-O}D
zgF-rbWFivDyW`Ew+*&3)8n7HI(#&T)DNDuDnUIi{jK+mXpPD*-E1Tl!VzG97dg_$x
zTIP6aWK0HA;ZWR;mgO=`8etjHgDK5EVrdA)2q;fLAw8hWAijX38;Erjaf^U1)aNmc
z@vvY`_we|rhzhSlL)EYwk!9@uC)jg$k-wgxXX$4u)pAVcbA{Sm9e-nSu<_zC{}&%_
zyxQDgQ;z2Ru{P)b@YTUKh{x1MkzycaSnWD&;AuA9dZk)>h|bBpqP2AQY^&RCo$da)
z;dy5g@p$5l=QZYm<B3EZcz&_jyflV#so7k7PT`|R6&^i(vf0i~2F}@q!p~P$)~r!W
zO2^!~eEFSH$!f`J^>;hnUj!3D!#-m3(N?e5Li<ZRz6AU5wG>DB0pEXrY;3*Rd~We%
zb6t5`Z=O`%fVFRv$qOe=oHAZqTH4BFxWyk9i*K&4UpHRc+IqiK1~JIB7~XRiGM6Jy
zeoH~!Pn}==?e1{}2IDZxA>kv(4hq)zIh%A-5u*P<CLL(Vfu(_<mO*A{+dgAcj3)Ts
z+8dBmzLnfiCkV=c2VWR=4t+4R&m_UA6-v{ji$g5HSBF>!-X3BD|4DR+CHT`rY|~MC
zU7ZPf089uo1FYd7e|d-n_=O?Xf%k^kz|lTF#1j1S5Zg3I@2=u>e&*bRmxHy=-p%X1
zZq_T$KKe%R<0X$^I-9q)+k1yE89!EA>~;6Eo1JcFuf5;7ntkO?c4?!x((850wCG<#
r_9=@?N(a{wbv0?zKE|uyUZFeamuLf8D`@J%QpP*>&w2lCKeGED{AoBn

literal 0
HcmV?d00001

diff --git a/dist/raspap/css/fonts/RaspAP.svg b/dist/raspap/css/fonts/RaspAP.svg
new file mode 100755
index 00000000..27920e40
--- /dev/null
+++ b/dist/raspap/css/fonts/RaspAP.svg
@@ -0,0 +1,12 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" >
+<svg xmlns="http://www.w3.org/2000/svg">
+<metadata>Generated by IcoMoon</metadata>
+<defs>
+<font id="RaspAP" horiz-adv-x="1024">
+<font-face units-per-em="1024" ascent="960" descent="-64" />
+<missing-glyph horiz-adv-x="1024" />
+<glyph unicode="&#x20;" horiz-adv-x="512" d="" />
+<glyph unicode="&#xe900;" glyph-name="wireguard" d="M1023.147 463.147c0 0 23.595 496.853-522.453 496.853-482.859 0-497.963-476.587-497.963-476.587s-70.997-547.413 509.141-547.413c556.501 0 511.275 527.147 511.275 527.147zM347.947 636.757c102.4 62.72 233.344 24.363 282.368-69.888 9.301-17.877 10.496-45.355 4.608-64.128-20.352-64.683-68.309-100.949-134.187-116.395 19.413 16.64 34.859 35.499 39.808 61.525 1.195 5.504 1.88 11.827 1.88 18.31 0 20.027-6.533 38.528-17.584 53.488l0.174-0.246c-16.797 22.874-43.588 37.556-73.809 37.556-11.257 0-22.038-2.037-31.995-5.763l0.63 0.207c-40.533-15.36-62.72-52.395-58.752-97.877 3.712-42.24 35.797-69.632 95.787-80.043-8.96-4.736-15.872-8.235-22.613-11.989-27.988-15.524-51.374-35.995-69.74-60.451l-0.404-0.562c-6.101-8.192-10.24-8.875-19.541-3.2-120.619 73.771-128.384 258.859 3.371 339.456zM257.707 180.992c-19.413-4.949-38.187-12.203-57.984-18.688 9.685 65.365 86.229 125.568 150.997 118.699-18.043-24.598-29.583-54.982-31.551-87.945l-0.022-0.46c-21.504-3.968-41.813-6.613-61.44-11.605zM669.995 819.2c19.115-0.725 38.315-0.427 57.472-0.853 5.287-0.363 10.162-1.075 14.91-2.128l-0.659 0.123c-4.574-6.938-9.348-12.986-14.582-18.599l0.076 0.082c-6.827-6.4-14.549-12.629-24.448-2.944-2.347 2.347-7.979 1.792-12.075 1.877-19.072 0.213-38.144 0.853-57.173 0.128-17.856-0.589-34.82-2.396-51.386-5.353l2.149 0.318c-3.072-0.555-7.595-10.667-6.229-14.421 3.328-8.832 8.149-18.56 15.317-24.192 26.411-20.907 54.485-39.595 81.067-60.288 25.771-20.139 49.792-42.24 64.427-72.533 19.029-39.595 19.627-81.067 11.392-122.752-13.739-69.547-48.939-127.147-105.941-169.045-22.955-16.853-51.413-26.453-77.696-38.528-23.168-10.667-46.933-19.84-70.144-30.379-41.813-19.029-65.28-64.427-58.411-111.573 6.357-43.307 44.373-79.445 87.851-86.912 52.181-8.96 106.069 25.003 118.827 78.080 14.336 59.605-18.048 112.896-78.72 129.024l-10.923 2.816c16.213 7.253 30.208 12.416 43.179 19.541q33.835 18.645 66.475 39.467c6.4 4.096 9.856 4.096 15.36-0.597 41.685-36.096 66.56-80.981 73.557-135.979 11.52-91.093-31.573-174.763-112.896-217.643-125.781-66.347-279.765 9.173-307.541 148.651-23.808 119.467 60.501 227.84 162.005 248.747 43.648 9.003 83.541 27.179 114.56 60.8 20.053 21.675 29.739 40.277 33.067 48.683 5.86 14.568 9.259 31.458 9.259 49.142 0 0.094 0 0.187 0 0.281v-0.014c-0.72 15.473-4.371 29.921-10.408 43.044l0.296-0.719c-10.581 24.149-51.2 62.549-61.227 70.656l-95.573 74.837c-3.371 2.773-7.168 2.56-15.36 2.005-9.813-0.683-34.773-2.048-45.525 0.768 8.704 6.613 32.427 16.213 42.667 23.893-30.976 20.907-66.304 13.397-98.773 19.627 7.509 13.995 44.629 35.456 65.749 37.888-1.455 13.545-3.483 25.484-6.166 37.173l0.406-2.101c-1.28 4.736-6.571 9.387-11.221 12.075-11.179 6.571-23.083 11.989-35.968 18.517 10.935 7.156 24.244 11.558 38.555 11.945l0.101 0.002c1.66 0.068 3.608 0.107 5.566 0.107 11.77 0 23.21-1.408 34.163-4.064l-0.987 0.202c23.040-5.248 41.387-1.792 59.691 13.824-14.421 5.803-28.843 11.093-42.795 17.365-16.163 7.396-29.343 14.415-42.082 22.091l1.89-1.056c36.267-5.035 71.296-18.645 108.373-13.653l0.939 5.035-86.101 20.053c51.328 4.693 99.115 5.461 144.384-16.555 12.757-6.229 26.027-11.349 38.272-18.432 5.973-3.413 9.941-10.24 14.848-15.573 3.84-4.181 6.997-9.813 11.776-12.373 18.091-9.6 37.973-9.984 58.283-9.515l0.427 6.827c20.437-6.4 43.392-29.952 43.392-47.147-33.109 0-66.133 0.128-99.2-0.171-3.541 0-7.040-2.603-10.539-4.011 3.328-1.963 6.613-5.461 10.027-5.589zM627.328 868.139c-1.461-0.899-2.42-2.488-2.42-4.302 0-1.516 0.67-2.876 1.731-3.799l0.006-0.005c1.344-2.305 3.804-3.83 6.62-3.83 1.429 0 2.767 0.393 3.91 1.076l-0.035-0.019c3.2 1.621 6.315 3.328 10.155 5.333-3.072 2.645-5.547 4.864-8.107 6.955-4.523 3.712-8.235 1.365-11.861-1.408z" />
+<glyph unicode="&#xe901;" glyph-name="raspap" horiz-adv-x="1031" d="M540.058 281.983c0-104.182-84.446-188.637-188.625-188.637-104.176 0-188.62 84.455-188.62 188.637 0 104.171 84.444 188.625 188.62 188.625 104.179 0 188.625-84.455 188.625-188.625zM351.437 550.062c-147.818 0-268.074-120.259-268.074-268.080 0-147.826 120.257-268.091 268.074-268.091s268.077 120.265 268.077 268.091c0 147.821-120.259 268.080-268.077 268.080zM351.437-58.985c-188 0-340.95 152.958-340.95 340.967 0 188.003 152.95 340.956 340.95 340.956 188.003 0 340.953-152.953 340.953-340.956 0-188.009-152.95-340.967-340.953-340.967zM404.82 698.222c185.52 0 339.484-137.497 365.479-315.929l79.208-5.253c-24.125 224.046-214.339 399.077-444.686 399.077-10.909 0-21.723-0.412-32.433-1.186l5.16-77.823c9.017 0.661 18.093 1.113 27.272 1.113zM404.989 874.303c285.73 0 520.41-222.659 539.731-503.584l78.375-5.205c-16.843 326.355-287.644 586.685-618.106 586.685-14.884 0-29.644-0.561-44.264-1.6l5.157-77.719c12.919 0.928 25.958 1.424 39.106 1.424z" />
+</font></defs></svg>
\ No newline at end of file
diff --git a/dist/raspap/css/fonts/RaspAP.ttf b/dist/raspap/css/fonts/RaspAP.ttf
new file mode 100755
index 0000000000000000000000000000000000000000..112214426e9ea9bad281acc07f2eb7fbaf327207
GIT binary patch
literal 2232
zcmaJ?QEU@O5S_Wb+dH4_b7E|tojCEu2D=Hdle1$xNvQ*(goG#t1qf9enwZ25ki?FX
zpaQB8Qh)fP{iA9nq)Ju$g^=1xNTn53#YZJ*)vA>$e*1;mU;awn*|Q_kg1X+lee-s9
zX7+qD3kU#ixC#sgj~*Y$`uxhf#N4H^u((!PH)nso27pnLPb^n9*J*AeS<Kq<>ZP|H
zet-8m$rk|>I9shOg+KY?R{%~j6wVT%e#?F!`8LVB&#rA<G*t2i{1=kLtM$c-^cnt1
zG7T`+Di_zmgCivWMY2_^tX2Dm+dc+R$v<9RuWxQqoYb@%VjUQJ4c{ZjAblV`Am(~=
z#y=p3E}^%hA%*?#wjbazvU`ntu%FSOMe#1So8<uEO^hh5HD~5%ML~vP;&sqKq920w
z7#mL;4QH427#xg^-%XkJ?X-)4q~+VeNdUzWN9CE`|8ol2xW^h4brfb`0lTq4!4IY~
zm`Wz%s(~uE2UQ+2L%D3RgvElrr%)`AXm+DmC2FXUA4;Zz8BD~vnlq4AOj@CyFvtp-
zDi(^&(G|Q+14q%!hD-rzq>}MOACmI+ZZhC>VPm@sCPc2211Q2M7P1b*Ri26`$xG6S
zPCT5RAI1@+u<Q&DAlZ-e6!FQpc+%M@T5-e@=Il|-Q78$r-Q>vZ7^dim+ffk6<-0LR
zA<_X!NEsLmQ1k?|g`C~AnB*#JD9Y)T)dyczmlkwgl4e%UKl<tX`BM@;J)P|9D_fRd
zm1N(zZG>cWY2Ku%wP_fOF*cZ1-AXXwMOjlbW*Ea^`*mN`r_S3(o75IF@FSzkkToW&
zvf@!CmHDEE5%Efrf=pEcy@5d7Z7{Cq_qO-$@+bT;OHr~tsc~K3n{j(Wu6U2a<=7ss
z?R#Y)n>}U4+%8?u#CwuGFPlCelWA4Us0)(HwQfy~YGy9N``eI7s4~s3YXLVhbhT^f
zj~ecv+Y`{G&O#^7rY7R9fQzDHitO$7wM8S@FjJVMu)Qc68IX|4Op+zW8U9$F{%X2>
zWa{%HQzvI1o}8UIe*gH)Et4yONH}5aHtb=Kw<{pK6kn$Y{Q<_@LvgEDmAT}J`Bjvo
z>GWb|p!@G(Sy${S#h;FlU+D@tQe3j4sN_vTH{*uv>-PB)W>+aTG#m4_yEH@dl@gZC
zc{-Jz@G!1%e~_{0!QMj`tO)j{Qu+SA-h-y8sa=t_PVSC)Jwe@{;ZtN%@p7N+j!610
zO`=c~m+(Z$BfDhorhmYY6^gZ;;$|+HiN8lxy1Wb}*{0)Dr>N*vNYo|DMyfJ;<38ow
z9jae1!K?5FY*5Yxcp{$64;AQZOf?fP7;rxER^sJ{nn~Fncjo+%^TFquX%GyEMB%I{
z#ZY7&C2$|AW+9u)|A&tAgrKEp?P$4HD<7?WU9|0qP%s#pu<hb7;b15fBs@G`DxL16
zcDhs=KP+%ZhrsQJ#!3~d$8}6kCf}Z(p4Hkl&JA^Ce*XP*S}XHh?$fo}JMNHM(Rb<C
zQLfj^G`<N2C&@nfnha8VhM(T-?3^o=4v&wO=7hJo(wOi@Sb7o;pBx=MsGOLbT#3c7
zjJH#%Yjbnwl*=nCH`5s+nzfdu56zL-yl>wVaLZ2VeDvL&egT?utIAQqryARAw8yF0
zAgh94jUAP=sll6;nu6FyGLp9LFggUF8-J6ok|gRa$D+7FsBL?2gx14=TP^ztoH(&V
zXsU3kg&Fa=7M2OGwy;9qiNA$8@rPPihYq+R?gZIIjE7d5SONpyY+*+HNDIq^H(FSM
z5OlRLCw{7hbr^yhGjuy2I7atD1vX(F4#2V5>c-}|dd;#kgD?wKGP4Qipbj;#z=jMA
zKELG!Om+FfYGs4$R$&<~(D^E`@x0o2y|!g7S8LUc%2svBI&;aIT&z#m>$MDwJ1)1#
n=`z`<Ie}DQi{>Tb&cG#lPQoH-P16wJW#}C{_q_AAU-<Y3z1J!4

literal 0
HcmV?d00001

diff --git a/dist/raspap/css/fonts/RaspAP.woff b/dist/raspap/css/fonts/RaspAP.woff
new file mode 100755
index 0000000000000000000000000000000000000000..875f025380b31061cacc16d0f24d63185ec7c079
GIT binary patch
literal 2308
zcmaJ?Uu+vi8lP`xcXqvNuN~L++Km%$Y_LfhJ6SunlODK5y_$q5Zk5s$aVe=uP1+{0
zt0Wa|g%A=iym7qU38YF$=<W$2aY&W;qaxq|3GM{aNhe<KUMhIyjh^o}Yxn3Kh}rpO
ze&27t`Mz&<cV=EV)oe0iC;^pOvNvuIbcz4BoH{d8W{eE57o>!v+AEv8?W^D}L4Qh$
zv-ZuaTkU<xeF$CJN{MXk+;|?`XN+l3HTKmPAHH^})4s@<0LN-ll5hXz@0UP=`w{v>
zQuI&wUoY(*TxU#op(mx-I<t0qo3PX8q1#fFKhyWS?dyoEFG6>H3DQEhz1snY{OG2X
z>G{Z8S9|*hNb6t!wc|jXKTW@v$tizSzJ&hTpr`Lxg#yqYEEIWAllVAecZuKW-(kl&
z1dRVq(aYlctsey_jWLPSXr)z}sZ6fJ#G6v^5OeQR|6acj4s-7^A5;IIjyjy-51=7N
zunPNL2AslJeZdd?Q~Y1&H2Ao~`^Y-YR@ns_CwvQ<EtIH`&t-L+bm7hFBH<(|<$8na
zHSghCy$018Cpijgu2!AP7vd$#Wrbd`2_p_hP;)lCz*W6g=f17vJqR5or<`ykgcS1G
z+!Vq1{%kn#tMqZdN+yBO`5BUF)N5s*5xOX3^N5o7vy+WqtMjx#NXskH48ea^6u{@R
zvc=kvtz2S*D&A45Ae9_^4>-6zMg=VKeii_g>Nv%bA{GdxU{gGX>;cQQiZ}3>7dr22
z+WGCBFW>K6ykMG&vbufc+pn)&Ij7LQ^ZBW%mg`1!MGZGSJE2m*2<06kVo)Z-`D{_Q
zw0JH=s-c&hBqfvHGvRbt-|*~+63N)~rafk>23K`e3+jr_!)e=2g%m|2u4}Q$SS)MV
zT$t4(Ba?@sxoF1KwDLruX_`k$RxlCBPG~~SJS>byADbzc&$$^ZV49`uM1JBoPB_d}
zj2b2Vf}#s!+|bj8Q%Q;G2yumUZbVHZW)Y{rh(Xb`ZN;r%%v45eqqJ67%m!isWW_Z#
zG#-wmQ{^PrxT5hRBnuoU#8s}S3KyLI)>`>srS;_UdrvN(UHj_n+Ul9l&#b=V2rZUM
z=In=TZ$20ri>U!EJQ}2EjB{%)>rU#bP=cALPHMVX+$_zE|9f6FHE&sq7E_3;yo5kn
zK-DxI(G;?{u+{K*IGl6F8kxDZOlTxv*haXKb3Gx7h2mn63qwTXoTpDrp1kI!XsS@C
zPESpqa2!J)OGQS7l?nypX0#-h;Zh5Uuxh0g^N^t+6)hkm0R`27DlB{fTh);32=e9u
zmCMhgYhxi!it1tcsK^ShLP1rq8*$2*{m-%IZsWv#g#DKNj_qO3#Y8Tfug=x*Hx>pP
zFCO!M@!`g+&J8x@NY?MGbN&xs8Ek`iOl}mx2U>>YuEPeNBHgK#E7kv_vmz&HCEY#M
z>ULYFx*yd&Z!r;%Cl)=gJ`WsEB;vsH%|_$=D9ZUpqxpoyhYw3Ua`ITC?M?(voB8|;
zD=TZph#`cnZ*Oe8UMw0dQK|fCxBH@%ur%|KNrzj#UJLSZJiY|~h_w_)`3c{<H9ET9
zXgtw8)>xO()*HuUG+^b2Wb*9MqbIbdmX@|N8EVnHg~F@r>zB2g+uOH_B@lzN7Tp`p
zLS`fU=nu?N{nPN<Pj634FzAP;oV<_ZH;@H${4<-Wx>R}pfs<4cxQGUx28x^ponUSH
zjLBkboc^J_3{9T5g6i@HLAf8nSB8zv-WmEQCcw!V(o$#VhM0q|46zElGsGJHljsl&
z@F$1ZWQW;H@=j0#V1gJKU<G&LvqQ|mFAT8?yf?%eOR%va7T}kM*kp6;539JrA3u%z
zpw0H#RrWYLz1G>=zufD(UTK!Cu@2nqv&*c<y3A!BE3w(1Px%F=vvqB!y$8P?w#BYt
zeQmb)bF*fzd*E($x}ClDLFc0T+zoeWv$xXgbxW-2hde;gE%@mAiL}`P`itP6V>i$)
Tu}xU5KxBF)ykmLW{z~}|xDhO%

literal 0
HcmV?d00001

diff --git a/dist/raspap/css/style.css b/dist/raspap/css/style.css
new file mode 100644
index 00000000..93eb072e
--- /dev/null
+++ b/dist/raspap/css/style.css
@@ -0,0 +1,54 @@
+ /*!
+ * RaspAP-Brands Brand Icons - https://raspap.com
+ * License - https://github.com/billz/RaspAP-Brands-webgui/blob/master/LICENSE
+ */
+@font-face {
+  font-family: 'RaspAP';
+  src:  url('fonts/RaspAP.eot?e76qs3');
+  src:  url('fonts/RaspAP.eot?e76qs3#iefix') format('embedded-opentype'),
+    url('fonts/RaspAP.ttf?e76qs3') format('truetype'),
+    url('fonts/RaspAP.woff?e76qs3') format('woff'),
+    url('fonts/RaspAP.svg?e76qs3#RaspAP') format('svg');
+  font-weight: normal;
+  font-style: normal;
+  font-display: block;
+}
+
+[class^="ra-"], [class*=" ra-"] {
+  /* use !important to prevent issues with browser extensions that change ..webfonts */
+  font-family: 'RaspAP' !important;
+  speak: none;
+  font-style: normal;
+  font-weight: normal;
+  font-variant: normal;
+  text-transform: none;
+  line-height: 1;
+
+  /* Better Font Rendering =========== */
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+}
+
+.ra-wireguard:before {
+  font-size: 1.3rem;
+  content: "\e900";
+  color: #d1d3e2;
+  vertical-align: middle;
+}
+
+.card-header .ra-wireguard:before {
+  color: #fff;
+}
+
+.sidebar .nav-item.active .nav-link
+span.ra-wireguard:before {
+  color: #6e707e;
+}
+
+.ra-raspap:before {
+  font-size: 4.35rem;
+  content: "\e901";
+  color: #d8224c;
+  margin-left: 0.1em;
+}
+

From 5179847c5c208939ae4f0f8568e43889e0dd18a3 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 22:36:03 +0100
Subject: [PATCH 007/300] Update w/ project webfont

---
 index.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/index.php b/index.php
index 837ebef3..688c04c5 100755
--- a/index.php
+++ b/index.php
@@ -83,9 +83,12 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
     <!-- DataTables CSS -->
     <link href="dist/datatables/dataTables.bootstrap4.min.css" rel="stylesheet">
 
-    <!-- Custom Fonts -->
+    <!-- Font Awesome -->
     <link href="dist/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css">
 
+    <!-- RaspAP Fonts -->
+    <link href="dist/raspap/css/style.css" rel="stylesheet" type="text/css">
+
     <!-- Custom CSS -->
     <link href="<?php echo $theme_url; ?>" title="main" rel="stylesheet">
 
@@ -119,7 +122,7 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
         <hr class="sidebar-divider my-0">
         <div class="row">
           <div class="col-xs ml-3 sidebar-brand-icon">
-            <img src="app/img/raspAP-logo.svg" class="navbar-logo" width="64" height="64">
+            <span class="ra-raspap"></span>
           </div>
           <div class="col-xs ml-2">
             <div class="ml-1">Status</div>
@@ -169,7 +172,7 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
           <?php endif; ?>
           <?php if (RASPI_WIREGUARD_ENABLED) : ?>
         <li class="nav-item">
-          <a class="nav-link" href="index.php?page=wg_conf"><i class="fas fa-key fa-fw mr-2"></i><span class="nav-label"><?php echo _("WireGuard"); ?></a>
+          <a class="nav-link" href="index.php?page=wg_conf"><span class="ra-wireguard mr-2"></span><span class="nav-label"><?php echo _("WireGuard"); ?></a>
         </li>
           <?php endif; ?>
           <?php if (RASPI_TORPROXY_ENABLED) : ?>

From 5c4814585a79ce64acc36019e0381729df31a175 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 22:36:34 +0100
Subject: [PATCH 008/300] Style tweaks

---
 app/css/custom.css     | 4 ++++
 app/css/hackernews.css | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/app/css/custom.css b/app/css/custom.css
index 75cff67a..e5effc31 100644
--- a/app/css/custom.css
+++ b/app/css/custom.css
@@ -46,6 +46,10 @@ body {
   font-weight: 500;
 }
 
+.sidebar-light hr.sidebar-divider {
+  padding-top: 0.5rem;
+}
+
 .card .card-header {
   border-color: #d8224c;
   background-color: #d8224c;
diff --git a/app/css/hackernews.css b/app/css/hackernews.css
index 7af897a2..b2c36496 100644
--- a/app/css/hackernews.css
+++ b/app/css/hackernews.css
@@ -66,6 +66,9 @@ h5.card-title {
   font-family: Verdana, Geneva, sans-serif;
 }
 
+.sidebar-light hr.sidebar-divider {
+  padding-top: 0.5rem;
+}
 
 ul.nav-tabs, .nav-tabs .nav-link {
   background-color: #f6f6ef;
@@ -145,6 +148,7 @@ ul.nav-tabs, .nav-tabs .nav-link {
 .info-item-xs {
   font-size: 0.7rem;
   margin-left: 0.3rem;
+  line-height: 1.5em;
 }
 
 .info-item-wifi {
@@ -181,6 +185,10 @@ ul.nav-tabs, .nav-tabs .nav-link {
   }
 }
 
+.fas.fa-circle {
+    font-size: 0.5rem;
+}
+
 .logoutput {
   width:100%;
   height:300px;

From 8d73fb774f46ff3d85253cc7c789638236dabf5a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Apr 2020 10:00:34 +0100
Subject: [PATCH 009/300] Update installer + sudoers for wg

---
 installers/common.sh      | 39 +++++++++++++++++++++------------------
 installers/raspap.sudoers |  4 ++++
 installers/raspbian.sh    |  8 ++++++++
 3 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index a58e4ba7..a06dedda 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -235,37 +235,37 @@ function _install_adblock() {
     _install_status 0
 }
 
-# Prompt to install VPN
-function _prompt_install_vpn() {
-    _install_log "Configure VPN support"
-    echo -n "Install VPN and enable client configuration? [Y/n]: "
+# Prompt to install openvpn
+function _prompt_install_openvpn() {
+    _install_log "Configure OpenVPN support"
+    echo -n "Install OpenVPN and enable client configuration? [Y/n]: "
     if [ "$assume_yes" == 0 ]; then
         read answer < /dev/tty
         if [ "$answer" != "${answer#[Nn]}" ]; then
             echo -e
         else
-            _install_vpn
+            _install_openvpn
         fi
     elif [ "$ovpn_option" == 1 ]; then
-        _install_vpn
+        _install_openvpn
     else
         echo "(Skipped)"
     fi
 }
 
-function _install_vpn() {
-    echo -n "Install [O]penVPN or [W]ireGuard? [O/W]: "
+# Prompt to install WireGuard
+function _prompt_install_wireguard() {
+    _install_log "Configure WireGuard support"
+    echo -n "Install WireGuard and enable VPN tunnel configuration? [Y/n]: "
     if [ "$assume_yes" == 0 ]; then
         read answer < /dev/tty
-        case $answer in
-            [oO]* )
-                _install_openvpn;
-                break;;
-            [wW]* )
-                _install_wireguard;
-        esac
-    elif [ "$ovpn_option" == 1 ]; then
-        _install_openvpn
+        if [ "$answer" != "${answer#[Nn]}" ]; then
+            echo -e
+        else
+            _install_wireguard
+        fi
+    elif [ "$wg_option" == 1 ]; then
+        _install_wireguard
     else
         echo "(Skipped)"
     fi
@@ -283,6 +283,8 @@ function _install_wireguard() {
     printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
     echo "Installing WireGuard"
     sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
+    echo "Enabling wg-quick@wg0"
+    sudo systemctl enable wg-quick@wg0 || _install_status 1 "Failed to enable wg-quick service"
     echo "Enabling WireGuard management option"
     sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php"
     _install_status 0
@@ -572,7 +574,8 @@ function _install_raspap() {
     _default_configuration
     _configure_networking
     _prompt_install_adblock
-    _prompt_install_vpn
+    _prompt_install_openvpn
+    _prompt_install_wireguard
     _patch_system_files
     _install_complete
 }
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 517fbdef..ef21ec14 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -37,4 +37,8 @@ www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
+www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
+www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
+www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
+
 
diff --git a/installers/raspbian.sh b/installers/raspbian.sh
index d0e72769..da8ca5d0 100755
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@@ -14,6 +14,8 @@
 #    Used with -y, --yes, sets OpenVPN install option (0=no install)
 # -a, --adblock <flag>
 #    Used with -y, --yes, sets Adblock install option (0=no install)
+# -w, --wireguard <flag>
+#    Used with -y, --yes, sets WireGuard install option (0=no install)
 # -r, --repo, --repository <name>
 #    Overrides the default GitHub repo (billz/raspap-webgui)
 # -b, --branch <name>
@@ -39,6 +41,7 @@ branch="master"
 assume_yes=0
 ovpn_option=1
 adblock_option=1
+wg_option=1
 
 # Define colors
 readonly ANSI_RED="\033[0;31m"
@@ -58,6 +61,7 @@ Usage: raspbian.sh [OPTION]\n
 -c, --cert, --certificate\n\tInstalls an SSL certificate for lighttpd
 -o, --openvpn <flag>\n\tUsed with -y, --yes, sets OpenVPN install option (0=no install)
 -a, --adblock <flag>\n\tUsed with -y, --yes, sets Adblock install option (0=no install)
+-w, --wireguard <flag>\n\tUsed with -y, --yes, sets WireGuard install option (0=no install)
 -r, --repo, --repository <name>\n\tOverrides the default GitHub repo (billz/raspap-webgui)
 -b, --branch <name>\n\tOverrides the default git branch (master)
 -h, --help\n\tOutputs usage notes and exits
@@ -80,6 +84,10 @@ while :; do
         adblock_option="$2"
         shift
         ;;
+        -w|--wireguard)
+        wg_option="$2"
+        shift
+        ;;
         -c|--cert|--certificate)
         install_cert=1
         ;;

From 7c7b8941cbabc64ee688a643a3cd34c4fb3af745 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Apr 2020 10:01:31 +0100
Subject: [PATCH 010/300] Update stop/start, status

---
 includes/wireguard.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index a0c2ed94..ed94ee34 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -19,28 +19,28 @@ function DisplayWireGuardConfig()
             }
         } elseif (isset($_POST['startwg'])) {
             $status->addMessage('Attempting to start WireGuard', 'info');
-            exec('sudo /bin/systemctl start wg-quick@wg0', $return);
-            exec('sudo /bin/systemctl enable wg-quick@wg0', $return);
+            exec('sudo /usr/bin/wg-quick up wg0', $return);
             foreach ($return as $line) {
                 $status->addMessage($line, 'info');
             }
         } elseif (isset($_POST['stopwg'])) {
             $status->addMessage('Attempting to stop WireGuard', 'info');
-            exec('sudo /bin/systemctl stop wg-quick@wg0', $return);
-            exec('sudo /bin/systemctl disable wg-quick@wg0', $return);
+            exec('sudo /usr/bin/wg-quick down wg0', $return);
             foreach ($return as $line) {
                 $status->addMessage($line, 'info');
             }
         }
     }
 
-    exec('pidof wg | wc -l', $wgstatus);
+    exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
 
     $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
+    $wg_state = ($wgstatus[0] > 0);
 
     echo renderTemplate(
         "wireguard", compact(
             "status",
+            "wg_state",
             "serviceStatus"
         )
     );

From 292a4ed1beb109286c81b989bbb7bdfc8ab3775d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Apr 2020 10:02:07 +0100
Subject: [PATCH 011/300] Initial template setup

---
 templates/wg/general.php | 46 ++++++++++++++++++++++++++++++++++++++++
 templates/wg/logging.php | 11 ++++++++++
 templates/wg/peers.php   | 11 ++++++++++
 templates/wireguard.php  | 12 ++++++-----
 4 files changed, 75 insertions(+), 5 deletions(-)
 create mode 100644 templates/wg/peers.php

diff --git a/templates/wg/general.php b/templates/wg/general.php
index e69de29b..ec44562a 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -0,0 +1,46 @@
+<!-- wireguard settings tab -->
+<div class="tab-pane active" id="wgsettings">
+  <div class="row">
+    <div class="col-md-6">
+      <h4 class="mt-3"><?php echo _("Tunnel settings"); ?></h4>
+        <div class="input-group">
+          <input type="hidden" name="tunnel-enable" value="0">
+          <div class="custom-control custom-switch">
+            <input class="custom-control-input" id="tunnel-enable" type="checkbox" name="tunnel-enable" value="1" <?php echo $enabled ? ' checked="checked"' : "" ?> aria-describedby="tunnel-description">
+          <label class="custom-control-label" for="tunnel-enable"><?php echo _("Enable tunnel") ?></label>
+        </div>
+        <p id="wg-description">
+          <small><?php echo _("Enable this option to encrypt traffic on your local network by creating a tunnel between RaspAP and connected clients.") ?></small>
+        </p>
+        </div>
+        <div class="row">
+          <div class="form-group col-xs-3 col-sm-3">
+            <label for="code"><?php echo _("Local Port"); ?></label>
+            <input type="text" class="form-control" name="wgport" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
+          </div>
+        </div>
+
+        <div class="row">
+          <div class="col-xs-3 col-sm-6">
+            <label for="code"><?php echo _("Local public key"); ?></label>
+          </div>
+          <div class="input-group col-md-12 mb-3">
+            <input type="text" class="form-control" name="wgpubkey" value="<?php echo htmlspecialchars($wg_pubkey, ENT_QUOTES); ?>" />
+            <div class="input-group-append">
+              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateBlocklist()"><?php echo _("Generate key"); ?></button>
+              <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+            </div>
+          </div>
+        </div>
+
+        <div class="row">
+          <div class="form-group col-md-6">
+            <label for="code"><?php echo _("IP Address"); ?></label>
+            <input type="text" class="form-control" name="RangeEnd" value="<?php echo htmlspecialchars($RangeEnd, ENT_QUOTES); ?>" />
+          </div>
+        </div>
+
+    </div>
+  </div><!-- /.row -->
+</div><!-- /.tab-pane | settings tab -->
+
diff --git a/templates/wg/logging.php b/templates/wg/logging.php
index e69de29b..eb31dd10 100644
--- a/templates/wg/logging.php
+++ b/templates/wg/logging.php
@@ -0,0 +1,11 @@
+<!-- wireguard logging tab -->
+<div class="tab-pane fade" id="wglogging">
+  <div class="row">
+    <div class="col-md-6">
+      <h4 class="mt-3"><?php echo _("Logging"); ?></h4>
+
+
+    </div>
+  </div><!-- /.row -->
+</div><!-- /.tab-pane | logging tab -->
+
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
new file mode 100644
index 00000000..2edc4d2d
--- /dev/null
+++ b/templates/wg/peers.php
@@ -0,0 +1,11 @@
+<!-- wireguard peers tab -->
+<div class="tab-pane fade" id="wgpeers">
+  <div class="row">
+    <div class="col-md-6">
+      <h4 class="mt-3"><?php echo _("Peers"); ?></h4>
+
+
+    </div>
+  </div><!-- /.row -->
+</div><!-- /.tab-pane | peers tab -->
+
diff --git a/templates/wireguard.php b/templates/wireguard.php
index b3f33796..0c0c0a81 100644
--- a/templates/wireguard.php
+++ b/templates/wireguard.php
@@ -1,8 +1,8 @@
   <?php ob_start() ?>
     <?php if (!RASPI_MONITOR_ENABLED) : ?>
       <input type="submit" class="btn btn-outline btn-primary" name="savewgsettings" value="<?php echo _("Save settings"); ?>">
-      <?php if ($dnsmasq_state) : ?>
-        <input type="submit" class="btn btn-warning" name="restartwg" value="<?php echo _("Restart WireGuard"); ?>">
+      <?php if ($wg_state) : ?>
+        <input type="submit" class="btn btn-warning" name="stopwg" value="<?php echo _("Stop WireGuard"); ?>">
       <?php else : ?>
         <input type="submit" class="btn btn-success" name="startwg" value="<?php echo _("Start WireGuard"); ?>">
       <?php endif ?>
@@ -15,7 +15,7 @@
         <div class="card-header">
           <div class="row">
             <div class="col">
-              <i class="fas fa-key fa-fw mr-2"></i><?php echo _("WireGuard"); ?>
+              <span class="ra-wireguard mr-2"></span><?php echo _("WireGuard"); ?>
             </div>
             <div class="col">
               <button class="btn btn-light btn-icon-split btn-sm service-status float-right">
@@ -31,13 +31,15 @@
             <?php echo CSRFTokenFieldTag() ?>
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">
-                <li class="nav-item"><a class="nav-link active" id="clienttab" href="#wgsettings" data-toggle="tab"><?php echo _("WireGuard settings"); ?></a></li>
-                <li class="nav-item"><a class="nav-link" id="logoutputtab" href="#wglogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
+                <li class="nav-item"><a class="nav-link active" id="settingstab" href="#wgsettings" data-toggle="tab"><?php echo _("Settings"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="peertab" href="#wgpeers" data-toggle="tab"><?php echo _("Peers"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="loggingtab" href="#wglogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
             </ul>
 
             <!-- Tab panes -->
             <div class="tab-content">
               <?php echo renderTemplate("wg/general", $__template_data) ?>
+              <?php echo renderTemplate("wg/peers", $__template_data) ?>
               <?php echo renderTemplate("wg/logging", $__template_data) ?>
             </div><!-- /.tab-content -->
 

From 0fa59b3272b2abff274311c532300cea0f11a5f9 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Apr 2020 10:02:37 +0100
Subject: [PATCH 012/300] Adjust wg font-size

---
 dist/raspap/css/style.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dist/raspap/css/style.css b/dist/raspap/css/style.css
index 93eb072e..45305ca1 100644
--- a/dist/raspap/css/style.css
+++ b/dist/raspap/css/style.css
@@ -30,7 +30,7 @@
 }
 
 .ra-wireguard:before {
-  font-size: 1.3rem;
+  font-size: 1.2rem;
   content: "\e900";
   color: #d1d3e2;
   vertical-align: middle;

From 0a21695ff2a5911ed1b774fc56f569ac5fb0e348 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 25 Aug 2020 22:08:47 +0100
Subject: [PATCH 013/300] Add cp /tmp/wgdata to sudoers

---
 installers/raspap.sudoers | 1 +
 1 file changed, 1 insertion(+)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 0ceafd9b..2d6ed495 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -36,6 +36,7 @@ www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/wg0.conf
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0

From dccfb991b140bd2fe6e8b0c4672b2cfb800ee1d0 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 25 Aug 2020 22:10:50 +0100
Subject: [PATCH 014/300] Build out peer template

---
 templates/wg/general.php |  4 ++--
 templates/wg/peers.php   | 45 +++++++++++++++++++++++++++++++++++++++-
 templates/wireguard.php  |  2 +-
 3 files changed, 47 insertions(+), 4 deletions(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index ec44562a..686949bb 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -10,13 +10,13 @@
           <label class="custom-control-label" for="tunnel-enable"><?php echo _("Enable tunnel") ?></label>
         </div>
         <p id="wg-description">
-          <small><?php echo _("Enable this option to encrypt traffic on your local network by creating a tunnel between RaspAP and connected clients.") ?></small>
+          <small><?php echo _("Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers.") ?></small>
         </p>
         </div>
         <div class="row">
           <div class="form-group col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wgport" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wgport" placeholder="51820" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
           </div>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 2edc4d2d..16337a08 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -1,8 +1,51 @@
 <!-- wireguard peers tab -->
 <div class="tab-pane fade" id="wgpeers">
+
   <div class="row">
     <div class="col-md-6">
-      <h4 class="mt-3"><?php echo _("Peers"); ?></h4>
+      <h4 class="mt-3"><?php echo _("Peer"); ?></h4>
+        <div class="input-group">
+          <input type="hidden" name="endpoint-enable" value="0">
+          <input type="hidden" name="peer_id" value="1">
+          <div class="custom-control custom-switch">
+            <input class="custom-control-input" id="endpoint_enable" type="checkbox" name="endpoint-enable" value="1" <?php echo $enabled ? ' checked="checked"' : "" ?> aria-describedby="endpoint-description">
+          <label class="custom-control-label" for="endpoint_enable"><?php echo _("Enable endpoint") ?></label>
+        </div>
+     </div>
+
+    <div class="row">
+      <div class="form-group col-xs-3 col-sm-6 mt-3">
+        <label for="code"><?php echo _("Endpoint address"); ?></label>
+        <input type="text" class="form-control" name="wg_endpoint" value="<?php echo htmlspecialchars($wg_endpoint, ENT_QUOTES); ?>" />
+      </div>
+    </div>
+
+    <div class="row">
+      <div class="col-xs-3 col-sm-6">
+        <label for="code"><?php echo _("Allowed IPs"); ?></label>
+        <input type="text" class="form-control mb-3" name="wg_allowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_allowedips, ENT_QUOTES); ?>" />
+      </div>
+    </div>
+
+    <div class="row">
+      <div class="col-xs-3 col-sm-6">
+        <label for="code"><?php echo _("Persistent keepalive"); ?></label>
+        <input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" placeholder="25" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
+      </div>
+    </div>
+
+    <div class="row">
+      <div class="col-xs-3 col-sm-6">
+          <label for="code"><?php echo _("Peer public key"); ?></label>
+      </div>
+      <div class="input-group col-md-12 mb-3">
+        <input type="text" class="form-control" name="wg_peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
+        <div class="input-group-append">
+          <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateBlocklist()"><?php echo _("Generate key"); ?></button>
+          <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+        </div>
+      </div>
+    </div>
 
 
     </div>
diff --git a/templates/wireguard.php b/templates/wireguard.php
index 0c0c0a81..3ead09c7 100644
--- a/templates/wireguard.php
+++ b/templates/wireguard.php
@@ -32,7 +32,7 @@
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">
                 <li class="nav-item"><a class="nav-link active" id="settingstab" href="#wgsettings" data-toggle="tab"><?php echo _("Settings"); ?></a></li>
-                <li class="nav-item"><a class="nav-link" id="peertab" href="#wgpeers" data-toggle="tab"><?php echo _("Peers"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="peertab" href="#wgpeers" data-toggle="tab"><?php echo _("Peer"); ?></a></li>
                 <li class="nav-item"><a class="nav-link" id="loggingtab" href="#wglogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
             </ul>
 

From 543791f7238cb40ec05ff5a4c4e6b0aad494cdb6 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 25 Aug 2020 22:11:27 +0100
Subject: [PATCH 015/300] WIP: handle input

---
 includes/wireguard.php | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index ed94ee34..34d56ce2 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -11,12 +11,31 @@ function DisplayWireGuardConfig()
     $status = new StatusMessages();
     if (!RASPI_MONITOR_ENABLED) {
         if (isset($_POST['savewgettings'])) {
+            # Todo: validate input
             if (isset($_POST['authUser'])) {
-                $authUser = strip_tags(trim($_POST['authUser']));
+                $peer_id = strip_tags(trim($_POST'peer_id']));
             }
-            if (isset($_POST['authPassword'])) {
-                $authPassword = strip_tags(trim($_POST['authPassword']));
+            if (isset($_POST['wg_endpoint'])) {
+                $wg_endpoint = strip_tags(trim($_POST['wg_endpoint']));
             }
+            if (isset($_POST['wg_allowedips'])) {
+                $wg_allowedips = strip_tags(trim($_POST['wg_allowedips']));
+            }
+            if (isset($_POST['wg_pkeepalive'])) {
+                $wg_pkeepalive = strip_tags(trim($_POST['wg_pkeepalive']));
+            }
+            if (isset($_POST['wg_peerpubkey'])) {
+                $wg_endpoint = strip_tags(trim($_POST['wg_peerpubkey']));
+            }
+            file_put_contents("/tmp/wgdata", $config);
+            system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
+
+            if ($return == 0) {
+                $status->addMessage('Wireguard configuration updated successfully', 'success');
+            } else {
+                $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
+            }
+
         } elseif (isset($_POST['startwg'])) {
             $status->addMessage('Attempting to start WireGuard', 'info');
             exec('sudo /usr/bin/wg-quick up wg0', $return);
@@ -41,7 +60,13 @@ function DisplayWireGuardConfig()
         "wireguard", compact(
             "status",
             "wg_state",
-            "serviceStatus"
+            "serviceStatus",
+            "endpoint_enable",
+            "peer_id",
+            "wg_endpoint",
+            "wg_allowedips",
+            "wg_pkeepalive",
+            "wg_peerpubkey"
         )
     );
 }

From 22651a86b7d3b5b327f9ecd5398076a4cbee2976 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 25 Aug 2020 22:11:57 +0100
Subject: [PATCH 016/300] Simplify wg config handling

---
 config/config.php     | 3 +--
 includes/defaults.php | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/config/config.php b/config/config.php
index 6de2822f..122b1f94 100755
--- a/config/config.php
+++ b/config/config.php
@@ -21,8 +21,7 @@ define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant');
 define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
 define('RASPI_OPENVPN_SERVER_CONFIG', '/etc/openvpn/server/server.conf');
-define('RASPI_WIREGUARD_SERVER_CONFIG', '/etc/wireguard/wg0.conf');
-define('RASPI_WIREGUARD_CLIENT_CONFIG', '/etc/wireguard/wg0-client.conf');
+define('RASPI_WIREGUARD_CONFIG', '/etc/wireguard/wg0.conf');
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
 define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
diff --git a/includes/defaults.php b/includes/defaults.php
index 6f6251e9..253c5619 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -26,8 +26,7 @@ $defaults = [
   'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf',
   'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf',
   'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf',
-  'RASPI_WIREGUARD_SERVER_CONFIG' => '/etc/wireguard/wg0.conf',
-  'RASPI_WIREGUARD_CLIENT_CONFIG' => '/etc/wireguard/wg0-client.conf',
+  'RASPI_WIREGUARD_CONFIG' => '/etc/wireguard/wg0.conf',
   'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc',
   'RASPI_LIGHTTPD_CONFIG' => '/etc/lighttpd/lighttpd.conf',
   'RASPI_ACCESS_CHECK_IP' => '1.1.1.1',

From aff035122b78220ef226e2b2320cc66bdb05798c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 26 Aug 2020 23:54:49 +0100
Subject: [PATCH 017/300] Validate, save & display wg config

---
 includes/wireguard.php    | 58 +++++++++++++++++++++++++++++++--------
 installers/raspap.sudoers |  2 ++
 templates/wg/general.php  |  2 +-
 3 files changed, 49 insertions(+), 13 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 34d56ce2..d2ec1088 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -11,25 +11,47 @@ function DisplayWireGuardConfig()
     $status = new StatusMessages();
     if (!RASPI_MONITOR_ENABLED) {
         if (isset($_POST['savewgettings'])) {
-            # Todo: validate input
-            if (isset($_POST['authUser'])) {
-                $peer_id = strip_tags(trim($_POST'peer_id']));
+            // Validate input
+            $good_input = true;
+            $peer_id = 1;
+            if (isset($_POST['peer_id'])) {
+                $peer_id = escapeshellarg($_POST['peer_id']);
             }
             if (isset($_POST['wg_endpoint'])) {
-                $wg_endpoint = strip_tags(trim($_POST['wg_endpoint']));
+                if (!filter_var($_POST['wg_endpoint'], FILTER_VALIDATE_IP)) {
+                    $status->addMessage('Invalid value for endpoint address', 'danger');
+                    $good_input = false;
+                } else {
+                    $wg_endpoint = escapeshellarg($_POST['wg_endpoint']);
+                }
             }
             if (isset($_POST['wg_allowedips'])) {
-                $wg_allowedips = strip_tags(trim($_POST['wg_allowedips']));
+                if (!filter_var($_POST['wg_allowedips'], FILTER_VALIDATE_IP)) {
+                    $status->addMessage('Invalid value for allowed IPs', 'danger');
+                    $good_input = false;
+                } else {
+                    $wg_allowedips = escapeshellarg($_POST['wg_allowedips']);
+                }
             }
             if (isset($_POST['wg_pkeepalive'])) {
-                $wg_pkeepalive = strip_tags(trim($_POST['wg_pkeepalive']));
+                if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
+                    $status->addMessage('Invalid value for persistent keepalive', 'danger');
+                    $good_input = false;
+                } else {
+                    $wg_pkeepalive = escapeshellarg($_POST['wg_pkeepalive']);
+                }
             }
             if (isset($_POST['wg_peerpubkey'])) {
                 $wg_endpoint = strip_tags(trim($_POST['wg_peerpubkey']));
             }
-            file_put_contents("/tmp/wgdata", $config);
-            system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
-
+            // Save settings
+            if ($good_input) {
+                file_put_contents("/tmp/wgdata", $config);
+                system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
+                foreach ($return as $line) {
+                    $status->addMessage($line, 'info');
+                }
+            }
             if ($return == 0) {
                 $status->addMessage('Wireguard configuration updated successfully', 'success');
             } else {
@@ -51,8 +73,18 @@ function DisplayWireGuardConfig()
         }
     }
 
-    exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
+    // fetch wg config
+    exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
+    $conf = ParseConfig($return);
+    $wg_port = $conf['ListenPort'];
+    $wg_ipaddress = $conf['Address'];
+    $wg_pubkey = $conf['PublicKey'];
+    $wg_endpoint = $conf['Endpoint'];
+    $wg_allowedips = $conf['AllowedIPs'];
+    $wg_pkeepalive = $conf['PersistentKeepalive'];
 
+    // fetch service status
+    exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
     $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
     $wg_state = ($wgstatus[0] > 0);
 
@@ -63,10 +95,12 @@ function DisplayWireGuardConfig()
             "serviceStatus",
             "endpoint_enable",
             "peer_id",
+            "wg_port",
+            "wg_ipaddress",
+            "wg_pubkey",
             "wg_endpoint",
             "wg_allowedips",
-            "wg_pkeepalive",
-            "wg_peerpubkey"
+            "wg_pkeepalive"
         )
     );
 }
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 2d6ed495..517b6233 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -41,5 +41,7 @@ www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg0.conf
+
 
 
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 686949bb..b9763555 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -36,7 +36,7 @@
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("IP Address"); ?></label>
-            <input type="text" class="form-control" name="RangeEnd" value="<?php echo htmlspecialchars($RangeEnd, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_ipaddress" value="<?php echo htmlspecialchars($wg_ipaddress, ENT_QUOTES); ?>" />
           </div>
         </div>
 

From 34b5b4c1b2ea52562e87bc8217cbac641994f8a4 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 28 Aug 2020 23:40:46 +0100
Subject: [PATCH 018/300] Add validateCidr()

---
 includes/functions.php | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/includes/functions.php b/includes/functions.php
index 4d299314..c58b2b13 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -452,3 +452,30 @@ function getBridgedState()
     return  $arrHostapdConf['BridgedEnable'];
 }
 
+/**
+ * Validates the format of a CIDR notation string
+ *
+ * @param string $cidr
+ * @return bool
+ */
+function validateCidr($cidr)
+{
+    $parts = explode('/', $cidr);
+    if(count($parts) != 2) {
+        return false;
+    }
+    $ip = $parts[0];
+    $netmask = intval($parts[1]);
+
+    if($netmask < 0) {
+        return false;
+    }
+    if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+        return $netmask <= 32;
+    }
+    if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+        return $netmask <= 128;
+    }
+    return false;
+}
+

From af0721e0214361979d63938ac1eecde5c50603ba Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 28 Aug 2020 23:42:55 +0100
Subject: [PATCH 019/300] Save wg config, template fixes

---
 includes/wireguard.php   | 67 +++++++++++++++++++++++++++-------------
 templates/wg/general.php |  7 +++--
 2 files changed, 49 insertions(+), 25 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index d2ec1088..26badcd0 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -10,52 +10,73 @@ function DisplayWireGuardConfig()
 {
     $status = new StatusMessages();
     if (!RASPI_MONITOR_ENABLED) {
-        if (isset($_POST['savewgettings'])) {
-            // Validate input
+        if (isset($_POST['savewgsettings'])) {
+            // Set defaults
             $good_input = true;
             $peer_id = 1;
-            if (isset($_POST['peer_id'])) {
-                $peer_id = escapeshellarg($_POST['peer_id']);
+            // Validate input
+            if (isset($_POST['wg_port'])) {
+                if (strlen($_POST['wg_port']) > 5 || !is_numeric($_POST['wg_port'])) {
+                    $status->addMessage('Invalid value for port number', 'danger');
+                    $good_input = false;
+                }
             }
-            if (isset($_POST['wg_endpoint'])) {
-                if (!filter_var($_POST['wg_endpoint'], FILTER_VALIDATE_IP)) {
+            if (isset($_POST['wg_ipaddress'])) {
+                if (!validateCidr($_POST['wg_ipaddress'])) {
+                    $status->addMessage('Invalid value for IP address', 'danger');
+                    $good_input = false;
+                }
+            }
+            if (isset($_POST['wg_endpoint']) && strlen(trim($_POST['wg_endpoint']) >0 )) {
+                if (!validateCidr($_POST['wg_endpoint'])) {
                     $status->addMessage('Invalid value for endpoint address', 'danger');
                     $good_input = false;
-                } else {
-                    $wg_endpoint = escapeshellarg($_POST['wg_endpoint']);
                 }
             }
             if (isset($_POST['wg_allowedips'])) {
-                if (!filter_var($_POST['wg_allowedips'], FILTER_VALIDATE_IP)) {
+                if (!validateCidr($_POST['wg_allowedips'])) {
                     $status->addMessage('Invalid value for allowed IPs', 'danger');
                     $good_input = false;
-                } else {
-                    $wg_allowedips = escapeshellarg($_POST['wg_allowedips']);
                 }
             }
-            if (isset($_POST['wg_pkeepalive'])) {
+            if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
                 if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
                     $status->addMessage('Invalid value for persistent keepalive', 'danger');
                     $good_input = false;
-                } else {
-                    $wg_pkeepalive = escapeshellarg($_POST['wg_pkeepalive']);
                 }
             }
-            if (isset($_POST['wg_peerpubkey'])) {
-                $wg_endpoint = strip_tags(trim($_POST['wg_peerpubkey']));
-            }
             // Save settings
             if ($good_input) {
+                $config[] = '[Interface]';
+                $config[] = 'Address = '.$_POST['wg_ipaddress'];
+                $config[] = 'ListenPort = '.$_POST['wg_port'];
+                $config[] = '';
+                $config[] = 'PrivateKey = '.$_POST['wg_privkey'];
+                $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE';
+                $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE';
+                $config[] = '';
+                $config[] = '[Peer]';
+                $config[] = 'PublicKey = '.$_POST['wg_pubkey'];
+                if ($_POST['wg_endpoint'] !== '') {
+                    $config[] = 'Endpoint = '.trim($_POST['wg_endpoint']);
+                }
+                $config[] = 'AllowedIPs = '.$_POST['wg_allowedips'];
+                if ($_POST['wg_pkeepalive'] !== '') {
+                    $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+                }
+                $config[] = '';
+                $config = join(PHP_EOL, $config);
+
                 file_put_contents("/tmp/wgdata", $config);
                 system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
                 foreach ($return as $line) {
                     $status->addMessage($line, 'info');
                 }
-            }
-            if ($return == 0) {
-                $status->addMessage('Wireguard configuration updated successfully', 'success');
-            } else {
-                $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
+                if ($return == 0) {
+                    $status->addMessage('Wireguard configuration updated successfully', 'success');
+                } else {
+                    $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
+                }
             }
 
         } elseif (isset($_POST['startwg'])) {
@@ -79,6 +100,7 @@ function DisplayWireGuardConfig()
     $wg_port = $conf['ListenPort'];
     $wg_ipaddress = $conf['Address'];
     $wg_pubkey = $conf['PublicKey'];
+    $wg_privkey = $conf['PrivateKey'];
     $wg_endpoint = $conf['Endpoint'];
     $wg_allowedips = $conf['AllowedIPs'];
     $wg_pkeepalive = $conf['PersistentKeepalive'];
@@ -98,6 +120,7 @@ function DisplayWireGuardConfig()
             "wg_port",
             "wg_ipaddress",
             "wg_pubkey",
+            "wg_privkey",
             "wg_endpoint",
             "wg_allowedips",
             "wg_pkeepalive"
diff --git a/templates/wg/general.php b/templates/wg/general.php
index b9763555..aa1de796 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -16,7 +16,7 @@
         <div class="row">
           <div class="form-group col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wgport" placeholder="51820" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_port" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
           </div>
         </div>
 
@@ -25,13 +25,14 @@
             <label for="code"><?php echo _("Local public key"); ?></label>
           </div>
           <div class="input-group col-md-12 mb-3">
-            <input type="text" class="form-control" name="wgpubkey" value="<?php echo htmlspecialchars($wg_pubkey, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_pubkey" value="<?php echo htmlspecialchars($wg_pubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
-              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateBlocklist()"><?php echo _("Generate key"); ?></button>
+              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateWgKey()"><?php echo _("Generate key"); ?></button>
               <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
           </div>
         </div>
+        <input type="hidden" name="wg_privkey" value="<?php echo htmlspecialchars($wg_privkey, ENT_QUOTES); ?>" />
 
         <div class="row">
           <div class="form-group col-md-6">

From 7286173438e2bfc736cf359008964eeb66a4981a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 5 Sep 2020 19:27:38 +0100
Subject: [PATCH 020/300] Add rudimentary logging

---
 includes/wireguard.php    |  6 ++++++
 installers/raspap.sudoers |  3 +++
 templates/wg/logging.php  | 14 +++++++++++---
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 26badcd0..84956b89 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -69,6 +69,11 @@ function DisplayWireGuardConfig()
 
                 file_put_contents("/tmp/wgdata", $config);
                 system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
+                
+                // handle log option
+                if ($_POST['wg_log'] == "1") {
+                    exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
+                }
                 foreach ($return as $line) {
                     $status->addMessage($line, 'info');
                 }
@@ -115,6 +120,7 @@ function DisplayWireGuardConfig()
             "status",
             "wg_state",
             "serviceStatus",
+            "wg_log",
             "endpoint_enable",
             "peer_id",
             "wg_port",
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 517b6233..4c813d0e 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -35,9 +35,12 @@ www-data ALL=(ALL) NOPASSWD:/etc/raspap/lighttpd/configport.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
+www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/wireguard.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/wg0.conf
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
+www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl status wg-quick@wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
diff --git a/templates/wg/logging.php b/templates/wg/logging.php
index eb31dd10..c9cb4185 100644
--- a/templates/wg/logging.php
+++ b/templates/wg/logging.php
@@ -1,10 +1,18 @@
 <!-- wireguard logging tab -->
 <div class="tab-pane fade" id="wglogging">
   <div class="row">
-    <div class="col-md-6">
+    <div class="col-md-12">
       <h4 class="mt-3"><?php echo _("Logging"); ?></h4>
-
-
+          <div class="custom-control custom-switch">
+            <input class="custom-control-input" id="wg_log" type="checkbox" name="wg_log" value="1" <?php echo $wg_log ? ' checked="checked"' : "" ?> aria-describedby="wg_log">
+            <label class="custom-control-label" for="wg_log"><?php echo _("Display WireGuard status") ?></label>
+          </div>
+          <p><small><?php echo _("Enable this option to display an updated WireGuard status.") ?></small></p>
+          <?php
+              exec('sudo chmod o+r /tmp/wireguard.log');
+              $log = file_get_contents('/tmp/wireguard.log');
+              echo '<textarea class="logoutput my-3">'.htmlspecialchars($log, ENT_QUOTES).'</textarea>';
+          ?>
     </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | logging tab -->

From 31edb21a764bfdc185469afb07dd295cb529d2f5 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 23 Sep 2020 09:10:44 +0100
Subject: [PATCH 021/300] Fix merge error

---
 includes/functions.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/includes/functions.php b/includes/functions.php
index 85c69ca6..4a9e77bb 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -477,8 +477,9 @@ function validateCidr($cidr)
         return $netmask <= 128;
     }
     return false;
-    
-    // Validates a host or FQDN
+}    
+
+// Validates a host or FQDN
 function validate_host($host) {
   return preg_match('/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i', $host);
 }

From 06c8a2edcdc99194d18d470218a8740407b19567 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 15 Oct 2020 16:08:23 +0100
Subject: [PATCH 022/300] Install raspberrypi-kernel-headers (raspbian only)

---
 installers/common.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/installers/common.sh b/installers/common.sh
index 9c55a9f0..2eb36e89 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -283,6 +283,10 @@ function _prompt_install_wireguard() {
 # Install Wireguard from the Debian unstable distro
 function _install_wireguard() {
     _install_log "Configure WireGuard support"
+    if [ "$OS" == "Raspbian" ]; then
+        echo "Installing raspberrypi-kernel-headers"
+        sudo apt-get install $apt_option raspberrypi-kernel-headers || _install_status 1 "Unable to install raspberrypi-kernel-headers"
+    fi
     echo "Installing WireGuard from Debian unstable distro"
     echo "Adding Debian distro"
     echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"

From 0ca49ad6452661e7ac08f943e691df240aa81adc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Feb 2021 10:12:17 +0000
Subject: [PATCH 023/300] Bump minimist from 1.2.0 to 1.2.5

Bumps [minimist](https://github.com/substack/minimist) from 1.2.0 to 1.2.5.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.0...1.2.5)

Signed-off-by: dependabot[bot] <support@github.com>
---
 yarn.lock | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index 2b445d7f..b225fa08 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2744,16 +2744,11 @@ minimatch@^3.0.2, minimatch@^3.0.4, minimatch@~3.0.2:
   dependencies:
     brace-expansion "^1.1.7"
 
-minimist@^1.1.3, minimist@^1.2.5:
+minimist@^1.1.3, minimist@^1.2.0, minimist@^1.2.5:
   version "1.2.5"
   resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
   integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==
 
-minimist@^1.2.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.0.tgz#a35008b20f41383eec1fb914f4cd5df79a264284"
-  integrity sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=
-
 minipass@^2.6.0, minipass@^2.8.6, minipass@^2.9.0:
   version "2.9.0"
   resolved "https://registry.yarnpkg.com/minipass/-/minipass-2.9.0.tgz#e713762e7d3e32fed803115cf93e04bca9fcc9a6"

From fb6fdafc9ebc0b5ed7ce952cce10c9ce0f8405f1 Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Thu, 4 Feb 2021 18:22:15 +0100
Subject: [PATCH 024/300] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index cf7a707b..85135021 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-![](https://i.imgur.com/xeKD93p.png)
+![](https://i.imgur.com/DpgvLIO.png)
 [![Release 2.6](https://img.shields.io/badge/release-v2.6-green)](https://github.com/raspap/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 RaspAP lets you quickly get a wireless access point up and running to share the connectivity of many popular [Debian-based devices](#supported-operating-systems), including the Raspberry Pi. Our popular [Quick installer](#quick-installer) creates a known-good default configuration that "just works" on all current Raspberry Pis with onboard wireless. A responsive interface gives you control over the relevant services and networking options. Advanced DHCP settings, OpenVPN client support, SSL, security audits, themes and multilingual options are included.

From e2be5dc17dcfc11513c9d738e155e499cd1d0b1a Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Fri, 5 Feb 2021 11:17:30 +0100
Subject: [PATCH 025/300] Update README.md

---
 README.md | 206 +++++++++---------------------------------------------
 1 file changed, 33 insertions(+), 173 deletions(-)

diff --git a/README.md b/README.md
index 85135021..5c6282cd 100644
--- a/README.md
+++ b/README.md
@@ -1,199 +1,59 @@
 ![](https://i.imgur.com/DpgvLIO.png)
 [![Release 2.6](https://img.shields.io/badge/release-v2.6-green)](https://github.com/raspap/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
-RaspAP lets you quickly get a wireless access point up and running to share the connectivity of many popular [Debian-based devices](#supported-operating-systems), including the Raspberry Pi. Our popular [Quick installer](#quick-installer) creates a known-good default configuration that "just works" on all current Raspberry Pis with onboard wireless. A responsive interface gives you control over the relevant services and networking options. Advanced DHCP settings, OpenVPN client support, SSL, security audits, themes and multilingual options are included.
-
-RaspAP has been featured on sites such as [Instructables](http://www.instructables.com/id/Raspberry-Pi-As-Completely-Wireless-Router/), [Adafruit](https://blog.adafruit.com/2016/06/24/raspap-wifi-configuration-portal-piday-raspberrypi-raspberry_pi/), [Raspberry Pi Weekly](https://www.raspberrypi.org/weekly/commander/) and [Awesome Raspberry Pi](https://project-awesome.org/thibmaek/awesome-raspberry-pi) and implemented in countless projects.
-
-We hope you enjoy using RaspAP as much as we do creating it. Tell us how you use this with [your own projects](https://github.com/raspap/raspap-awesome).
+Welcome to RaspAP Insiders. You, the members of the Insiders community, support the sponsorware release strategy, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you for joining us on this journey*.
 
 ![](https://i.imgur.com/ikWvsMG.gif)
-![](https://i.imgur.com/EiIpdOS.gif)
-![](https://i.imgur.com/eCjUS1H.gif)
-![](https://i.imgur.com/5FT2BcS.gif)
-![](https://i.imgur.com/RKaBFrZ.gif)
+
 ## Contents
 
- - [Prerequisites](#prerequisites)
- - [Quick installer](#quick-installer)
- - [Ad Blocking](#ad-blocking)
- - [Bridged AP](#bridged-ap)
- - [Simultaneous AP and Wifi client](#simultaneous-ap-and-wifi-client)
- - [Support us](#support-us)
- - [Manual installation](#manual-installation)
- - [802.11ac 5GHz support](#80211ac-5ghz-support)
- - [Supported operating systems](#supported-operating-systems)
- - [Multilingual support](#multilingual-support)
- - [HTTPS support](#https-support)
- - [OpenVPN support](#openvpn-support)
- - [How to contribute](#how-to-contribute)
- - [Reporting issues](#reporting-issues)
- - [License](#license)
+ - [How sponsorship works](#how-sponsorship-works)
+ - [About your sponsorship](#about-your-sponsorhip)
+ - [Exclusive features](#exclusive-features)
+ - [Funding targets](#funding-targets)
+ - [Frequently asked questions](#frequently-asked-questions)
 
-## Prerequisites
-Start with a clean install of the [latest release of Raspberry Pi OS (32-bit) Lite](https://www.raspberrypi.org/software/operating-systems/#raspberry-pi-os-32-bit). The Raspberry Pi OS desktop and 64-bit beta distros are unsupported.
+## How sponsorship works
+New features first land in Insiders, which means that *sponsors will have access to them immediately*. Every feature is tied to a funding goal in monthly subscriptions. When a funding goal is hit, the features that are tied to it are merged back into the [public RaspAP repository](https://github.com/RaspAP/raspap-webgui) and released for general availability. Bugfixes and minor enhancements are always released simultaneously in both editions.
 
-1. Update Raspbian, including the kernel and firmware, followed by a reboot:
-```
-sudo apt-get update
-sudo apt-get full-upgrade
-sudo reboot
-```
-2. Set the "WLAN country" option in `raspi-config`'s **Localisation Options**: `sudo raspi-config`
+Don't want to sponsor? No problem, RaspAP already has tons of features available, so chances are that most of your requirements are already satisfied. See the list of [exclusive features](#exclusive-features) to learn which features are currently only available to sponsors.
 
-3. If you have a device without an onboard wireless chipset, the [**Edimax Wireless 802.11b/g/n nano USB adapter**](https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wireless_adapters_n150/ew-7811un) is an excellent option – it's small, cheap and has good driver support.
+## About your sponsorship
+Your sponsorship is through your individual or organization's GitHub account. By visiting [**RaspAP's sponsor profile**](), you may change your sponsorship tier or cancel your sponsorship anytime. <sup>[1](#footnote-1)</sup>
 
-With the prerequisites done, you can proceed with either the Quick installer or Manual installation steps below.
+As part of the initial rollout of Insiders, all previous one-time backers of RaspAP on GitHub, PayPal or [Open Collective](https://opencollective.com/raspap) will receive unlimited access to Insiders. This is a small gesture for those early financial supporters who recognized the potential of this project.
 
-## Quick installer
-Install RaspAP from your device's shell prompt:
-```sh
-curl -sL https://install.raspap.com | bash
-```
-The [installer](https://docs.raspap.com/quick/) will complete the steps in the manual installation (below) for you.
 
-After the reboot at the end of the installation the wireless network will be
-configured as an access point as follows:
-* IP address: 10.3.141.1
-  * Username: admin
-  * Password: secret
-* DHCP range: 10.3.141.50 to 10.3.141.255
-* SSID: `raspi-webgui`
-* Password: ChangeMe
+**Important**: If you're sponsoring [RaspAP](https://github.com/RaspAP/sponsors) through a GitHub organization, please send a short email to [sponsors@raspap.com](mailto:sponsors@raspap.com) with the name of your organization and the account that should be added as a collaborator. <sup>[2](#footnote-2)</sup>
 
-**Note:** As the name suggests, the Quick Installer is a great way to quickly setup a new AP. However, it does not automagically detect the unique configuration of your system. Best results are obtained by connecting to ethernet (`eth0`) or as a WiFi client, also known as managed mode, with `wlan0`. For the latter, refer to [this FAQ](https://docs.raspap.com/faq/#headless). Special instructions for the Pi Zero W are [available here](https://docs.raspap.com/ap-sta/).
+## Exclusive features
+When backers were asked which feature they'd most like to see added to RaspAP, the ability to manage multiple OpenVPN client configurations topped the list of requests. Therefore, we're adding this as the first feature exclusive to insiders. 
 
-Please [read this](https://docs.raspap.com/issues/) before reporting an issue.
+ ✅ Manage OpenVPN client configs
 
-## Ad Blocking
-This feature uses DNS blacklisting to block requests for ads, trackers and other undesirable hosts. To enable ad blocking, simply respond to the prompt during the installation. As a beta release, we encourage testing and feedback from users of RaspAP.
+We feel that using input from our Insiders to drive the development of this project is a great approach. Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](/discussions) and let us know!
 
-Details are [provided here](https://docs.raspap.com/adblock/).
+## Funding targets
+Following is a list of funding targets. When a funding target is reached, the features that are tied to it are merged back into RaspAP and released to the public for general availability.
 
-## Bridged AP
-By default RaspAP configures a routed AP for your clients to connect to. A bridged AP configuration is also possible. Slide the **Bridged AP mode** toggle under the **Advanced** tab of **Configure hotspot**, then save and restart the hotspot.
+### $500 
+✅ Manage OpenVPN client configs 
 
-![](https://i.imgur.com/J5VKSay.png)
+## Frequently asked questions
 
-**Note:** In bridged mode, all routing capabilities are handled by your upstream router. Because your router assigns IP addresses to your device's hotspot and its clients, you might not be able to reach the RaspAP web interface from the default `10.3.141.1` address. Instead use your RPi's hostname followed by `.local` to access the RaspAP web interface. With Raspbian default settings, this should look like `raspberrypi.local`. Alternate methods are [discussed here](https://www.raspberrypi.org/documentation/remote-access/ip-address.md).
+### Terms
+*We're using RaspAP to for a commercial project. Can we use Insiders under the same terms and conditions?*
 
-More information on Bridged AP mode is provided [in our documentation](https://docs.raspap.com/bridged/).
+Yes. Whether you're an individual or a company, you may use RaspAP Insiders precisely under the same terms as RaspAP, which are defined by the GNU GPL 3.0 license. However, we kindly ask you to respect the following guidelines:
 
-## Simultaneous AP and Wifi client
-RaspAP lets you create an AP with a Wifi client configuration, often called [AP-STA mode](https://docs.raspap.com/ap-sta/). With your system configured in managed mode, enable the AP from the **Advanced** tab of **Configure hotspot** by sliding the **Wifi client AP mode** toggle. Save settings and start the hotspot. The managed mode AP is functional without restart.
-
-**Note:** This option is disabled until you configure your system as a wireless client. For a device operating in [managed mode](https://docs.raspap.com/faq/#headless) without an `eth0` connection, this configuration must be enabled [_before_ a reboot](https://docs.raspap.com/ap-sta/). 
-
-## Support us
-RaspAP is free software, but powered by your support. If you find RaspAP useful for your personal or commercial projects, [become a GitHub sponsor](https://github.com/sponsors/RaspAP/) or join the project on [Open Collective](https://opencollective.com/RaspAP). Either of these options makes a big difference!
-
-## Manual installation
-Detailed manual setup instructions are provided [on our documentation site](https://docs.raspap.com/manual/).
-
-## 802.11ac 5GHz support
-RaspAP provides an 802.11ac wireless mode option for supported hardware (currently the RPi 3B+/4 and compatible Orange Pi models) and wireless regulatory domains. See [this FAQ](https://docs.raspap.com/faq/#80211ac) for more information. 
-
-## Supported operating systems
-RaspAP was originally made for Raspbian, but now also installs on the following Debian-based distros.
-
-| Distribution | Release  | Architecture | Support |
-|---|:---:|:---:|:---:|
-| Raspberry Pi OS | (32-bit) Lite Buster | ARM | Official |
-| Armbian | Buster | [ARM](https://docs.armbian.com/#supported-chips) | Official |
-| Debian  |  Buster | ARM / x86_64  | Beta |
-| Ubuntu  |  18.04 LTS / 19.10 | ARM / x86_64  | Beta |
-
-![](https://i.imgur.com/luiyYNw.png)
-
-We find Armbian particularly well-suited for this project. Please note that "supported" is not a guarantee. If you are able to improve support for your preferred distro, we encourage you to [actively contribute](#how-to-contribute) to the project.
-
-## Multilingual support
-RaspAP uses [GNU Gettext](https://www.gnu.org/software/gettext/) to manage multilingual messages. In order to use RaspAP with one of our supported translations, you must configure a corresponding language package on your RPi. To list languages currently installed on your system, use `locale -a` at the shell prompt. To generate new locales, run `sudo dpkg-reconfigure locales` and select any other desired locales. Details are provided on our [documentation site](https://docs.raspap.com/translations/) 
-
-The following translations are currently maintained by the project:
-
-- Čeština
-- 正體中文 (Chinese traditional)
-- 简体中文 (Chinese Simplified)
-- Dansk
-- Deutsch
-- Español
-- Finnish
-- Français
-- Ελληνικά (Greek)
-- Indonesian
-- Italiano
-- 日本語 (Japanese)
-- 한국어 (Korean)
-- Nederlands
-- Polskie
-- Português
-- Русский
-- Svenska
-- Türkçe
-- Tiếng Việt (Vietnamese)
-
-If your language is not in the list above, why not [contribute a translation](https://docs.raspap.com/translations/#contributing-to-a-translation)? Contributors will receive credit as the original translators.
-
-## HTTPS support
-The Quick Installer may be used to [generate SSL certificates](https://docs.raspap.com/ssl-quick/) with `mkcert`. The installer automates the manual steps [described here](https://docs.raspap.com/ssl-manual/), including configuring lighttpd with SSL support. 
-
-Simply append the `-c` or `--cert` option to the Quick Installer, like so:
-
-```sh
-curl -sL https://install.raspap.com | bash -s -- --cert
-```
-
-**Note**: this only installs mkcert and generates an SSL certificate with the input you provide. It does *not* (re)install RaspAP.
-
-More information on SSL certificates and HTTPS support is available [in our documentation](https://docs.raspap.com/ssl-quick/). 
-
-## OpenVPN support
-OpenVPN may be optionally installed by the Quick Installer. Once this is done, you can manage client configuration and the `openvpn-client` service with RaspAP.
-
-To configure an OpenVPN client, upload a valid .ovpn file and, optionally, specify your login credentials. RaspAP will store your client configuration and add firewall rules to forward traffic from OpenVPN's `tun0` interface to your configured wireless interface. 
-
-**Note**: this feature is currently in beta. Please [read this](https://docs.raspap.com/faq/#openvpn-fails) before reporting an issue.
-
-## How to contribute
-1. Fork the project in your account and create a new branch: `your-great-feature`.
-2. Open an issue in the repository describing the feature contribution you'd like to make.
-3. Commit changes in your feature branch.
-4. Open a pull request and reference the initial issue in the pull request message.
-
-Find out more about our [coding style guidelines and recommended tools](CONTRIBUTING.md). 
-
-## Reporting issues
-Please [read this](https://docs.raspap.com/issues/) before reporting a bug.
-
-## Contributors
-
-### Code Contributors
-This project exists thanks to all the awesome people who [contribute](CONTRIBUTING.md) their time and expertise.
-
-<a href="https://github.com/raspap/raspap-webgui/graphs/contributors"><img src="https://opencollective.com/raspap/contributors.svg?width=890&button=false" /></a>
-
-### Financial Contributors
-Become a [financial contributor](https://opencollective.com/raspap/contribute) and help us sustain our community. 
-
-#### Individuals
-<a href="https://opencollective.com/raspap"><img src="https://opencollective.com/raspap/individuals.svg?width=890"></a>
-
-#### Organizations
-
-[Support this project](https://opencollective.com/raspap/contribute) with your organization. Your logo will show up here with a link to your website. 
-
-<a href="https://opencollective.com/raspap/organization/0/website"><img src="https://opencollective.com/raspap/organization/0/avatar.svg"></a>
-<a href="https://opencollective.com/raspap/organization/1/website"><img src="https://opencollective.com/raspap/organization/1/avatar.svg"></a>
-<a href="https://opencollective.com/raspap/organization/2/website"><img src="https://opencollective.com/raspap/organization/2/avatar.svg"></a>
-<a href="https://opencollective.com/raspap/organization/3/website"><img src="https://opencollective.com/raspap/organization/3/avatar.svg"></a>
-<a href="https://opencollective.com/raspap/organization/4/website"><img src="https://opencollective.com/raspap/organization/4/avatar.svg"></a>
-<a href="https://opencollective.com/raspap/organization/5/website"><img src="https://opencollective.com/raspap/organization/5/avatar.svg"></a>
-<a href="https://opencollective.com/raspap/organization/6/website"><img src="https://opencollective.com/raspap/organization/6/avatar.svg"></a>
-<a href="https://opencollective.com/raspap/organization/7/website"><img src="https://opencollective.com/raspap/organization/7/avatar.svg"></a>
-<a href="https://opencollective.com/raspap/organization/8/website"><img src="https://opencollective.com/raspap/organization/8/avatar.svg"></a>
-<a href="https://opencollective.com/raspap/organization/9/website"><img src="https://opencollective.com/raspap/organization/9/avatar.svg"></a>
+* Please **don't distribute the source code** of Insiders. You may freely use it for public, private or commercial projects, fork it, mirror it, do whatever you want with it, but please don't release the source code, as it would counteract the sponsorware strategy.
+* If you cancel your subscription, you're removed as a collaborator and will miss out on future updates of Insiders. However, you may *use the latest version* that's available to you as long as you like. Just remember that [GitHub deletes private forks](https://docs.github.com/en/github/setting-up-and-managing-your-github-user-account/removing-a-collaborator-from-a-personal-repository).
 
 ## License
 See the [LICENSE](./LICENSE) file.
 
+### Footnotes
+
+<sub><a name="#footnote-1"></a>1. If you cancel your sponsorship, GitHub schedules a cancellation request which will become effective at the end of the billing cycle, which ends at the 22nd of a month for monthly sponsorships. This means that even though you cancel your sponsorship, you will keep your access to Insiders as long as your cancellation isn't effective. All charges are processed by GitHub through Stripe. As we don't receive any information regarding your payment, and GitHub doesn't offer refunds, sponsorships are non-refundable.</sub>
+
+<sub><a name="#footnote-2"></a>2. It's currently not possible to grant access to each member of an organization, as GitHub only allows for adding users. Thus, after sponsoring, please send an email to sponsors@raspap.com, stating which account should become a collaborator of the Insiders repository. We're working on a solution which will make access to organizations much simpler.</sub>

From c53dede0db0f624ee312e32e9dd0e4174bc9e47b Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Fri, 5 Feb 2021 11:34:04 +0100
Subject: [PATCH 026/300] Update README.md

---
 README.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/README.md b/README.md
index 5c6282cd..87fa9396 100644
--- a/README.md
+++ b/README.md
@@ -3,8 +3,6 @@
 
 Welcome to RaspAP Insiders. You, the members of the Insiders community, support the sponsorware release strategy, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you for joining us on this journey*.
 
-![](https://i.imgur.com/ikWvsMG.gif)
-
 ## Contents
 
  - [How sponsorship works](#how-sponsorship-works)

From 8ed6561c416859eb0090dcdd159f864f818f345e Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Fri, 5 Feb 2021 11:43:00 +0100
Subject: [PATCH 027/300] Update README.md

---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 87fa9396..ea78e8b8 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@ Your sponsorship is through your individual or organization's GitHub account. By
 As part of the initial rollout of Insiders, all previous one-time backers of RaspAP on GitHub, PayPal or [Open Collective](https://opencollective.com/raspap) will receive unlimited access to Insiders. This is a small gesture for those early financial supporters who recognized the potential of this project.
 
 
-**Important**: If you're sponsoring [RaspAP](https://github.com/RaspAP/sponsors) through a GitHub organization, please send a short email to [sponsors@raspap.com](mailto:sponsors@raspap.com) with the name of your organization and the account that should be added as a collaborator. <sup>[2](#footnote-2)</sup>
+> ℹ️ **Important**: If you're sponsoring [RaspAP](https://github.com/RaspAP/sponsors) through a GitHub organization, please send a short email to [sponsors@raspap.com](mailto:sponsors@raspap.com) with the name of your organization and the account that should be added as a collaborator. <sup>[2](#footnote-2)</sup>
 
 ## Exclusive features
 When backers were asked which feature they'd most like to see added to RaspAP, the ability to manage multiple OpenVPN client configurations topped the list of requests. Therefore, we're adding this as the first feature exclusive to insiders. 
@@ -40,7 +40,7 @@ Following is a list of funding targets. When a funding target is reached, the fe
 ## Frequently asked questions
 
 ### Terms
-*We're using RaspAP to for a commercial project. Can we use Insiders under the same terms and conditions?*
+*We're using RaspAP for a commercial project. Can we use Insiders under the same terms and conditions?*
 
 Yes. Whether you're an individual or a company, you may use RaspAP Insiders precisely under the same terms as RaspAP, which are defined by the GNU GPL 3.0 license. However, we kindly ask you to respect the following guidelines:
 
@@ -52,6 +52,6 @@ See the [LICENSE](./LICENSE) file.
 
 ### Footnotes
 
-<sub><a name="#footnote-1"></a>1. If you cancel your sponsorship, GitHub schedules a cancellation request which will become effective at the end of the billing cycle, which ends at the 22nd of a month for monthly sponsorships. This means that even though you cancel your sponsorship, you will keep your access to Insiders as long as your cancellation isn't effective. All charges are processed by GitHub through Stripe. As we don't receive any information regarding your payment, and GitHub doesn't offer refunds, sponsorships are non-refundable.</sub>
+<sub><a name="footnote-1"></a>1. If you cancel your sponsorship, GitHub schedules a cancellation request which will become effective at the end of the billing cycle, which ends at the 22nd of a month for monthly sponsorships. This means that even though you cancel your sponsorship, you will keep your access to Insiders as long as your cancellation isn't effective. All charges are processed by GitHub through Stripe. As we don't receive any information regarding your payment, and GitHub doesn't offer refunds, sponsorships are non-refundable.</sub>
 
-<sub><a name="#footnote-2"></a>2. It's currently not possible to grant access to each member of an organization, as GitHub only allows for adding users. Thus, after sponsoring, please send an email to sponsors@raspap.com, stating which account should become a collaborator of the Insiders repository. We're working on a solution which will make access to organizations much simpler.</sub>
+<sub><a name="footnote-2"></a>2. It's currently not possible to grant access to each member of an organization, as GitHub only allows for adding users. Thus, after sponsoring, please send an email to sponsors@raspap.com, stating which account should become a collaborator of the Insiders repository. We're working on a solution which will make access to organizations much simpler.</sub>

From 6e5d69affb8852f0fd32681bb648bd2722181f10 Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Fri, 5 Feb 2021 15:27:31 +0100
Subject: [PATCH 028/300] Update README.md

---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index ea78e8b8..085eb90d 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,12 @@
 ![](https://i.imgur.com/DpgvLIO.png)
 [![Release 2.6](https://img.shields.io/badge/release-v2.6-green)](https://github.com/raspap/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
-Welcome to RaspAP Insiders. You, the members of the Insiders community, support the sponsorware release strategy, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you for joining us on this journey*.
+Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.
 
 ## Contents
 
  - [How sponsorship works](#how-sponsorship-works)
- - [About your sponsorship](#about-your-sponsorhip)
+ - [About your sponsorship](#about-your-sponsorship)
  - [Exclusive features](#exclusive-features)
  - [Funding targets](#funding-targets)
  - [Frequently asked questions](#frequently-asked-questions)
@@ -42,7 +42,7 @@ Following is a list of funding targets. When a funding target is reached, the fe
 ### Terms
 *We're using RaspAP for a commercial project. Can we use Insiders under the same terms and conditions?*
 
-Yes. Whether you're an individual or a company, you may use RaspAP Insiders precisely under the same terms as RaspAP, which are defined by the GNU GPL 3.0 license. However, we kindly ask you to respect the following guidelines:
+Yes. Whether you're an individual or a company, you may use RaspAP Insiders precisely under the same terms as RaspAP, which are defined by the [GNU GPL-3.0 license](https://github.com/RaspAP/raspap-insiders/blob/master/LICENSE). However, we kindly ask you to respect the following guidelines:
 
 * Please **don't distribute the source code** of Insiders. You may freely use it for public, private or commercial projects, fork it, mirror it, do whatever you want with it, but please don't release the source code, as it would counteract the sponsorware strategy.
 * If you cancel your subscription, you're removed as a collaborator and will miss out on future updates of Insiders. However, you may *use the latest version* that's available to you as long as you like. Just remember that [GitHub deletes private forks](https://docs.github.com/en/github/setting-up-and-managing-your-github-user-account/removing-a-collaborator-from-a-personal-repository).

From 932166b3da8f079fc000ee8f8d8d3bc63679dd4a Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Fri, 5 Feb 2021 20:09:34 +0100
Subject: [PATCH 029/300] Update README.md

---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 085eb90d..0eded8f9 100644
--- a/README.md
+++ b/README.md
@@ -17,19 +17,19 @@ New features first land in Insiders, which means that *sponsors will have access
 Don't want to sponsor? No problem, RaspAP already has tons of features available, so chances are that most of your requirements are already satisfied. See the list of [exclusive features](#exclusive-features) to learn which features are currently only available to sponsors.
 
 ## About your sponsorship
-Your sponsorship is through your individual or organization's GitHub account. By visiting [**RaspAP's sponsor profile**](), you may change your sponsorship tier or cancel your sponsorship anytime. <sup>[1](#footnote-1)</sup>
+Your sponsorship is through your individual or organization's GitHub account. By visiting [**RaspAP's sponsor profile**](https://github.com/sponsors/RaspAP), you may change your sponsorship tier or cancel your sponsorship anytime. <sup>[1](#footnote-1)</sup>
 
 As part of the initial rollout of Insiders, all previous one-time backers of RaspAP on GitHub, PayPal or [Open Collective](https://opencollective.com/raspap) will receive unlimited access to Insiders. This is a small gesture for those early financial supporters who recognized the potential of this project.
 
 
-> ℹ️ **Important**: If you're sponsoring [RaspAP](https://github.com/RaspAP/sponsors) through a GitHub organization, please send a short email to [sponsors@raspap.com](mailto:sponsors@raspap.com) with the name of your organization and the account that should be added as a collaborator. <sup>[2](#footnote-2)</sup>
+> ℹ️ **Important**: If you're [sponsoring](https://github.com/sponsors/RaspAP) RaspAP through a GitHub organization, please send a short email to [sponsors@raspap.com](mailto:sponsors@raspap.com) with the name of your organization and the account that should be added as a collaborator. <sup>[2](#footnote-2)</sup>
 
 ## Exclusive features
 When backers were asked which feature they'd most like to see added to RaspAP, the ability to manage multiple OpenVPN client configurations topped the list of requests. Therefore, we're adding this as the first feature exclusive to insiders. 
 
  ✅ Manage OpenVPN client configs
 
-We feel that using input from our Insiders to drive the development of this project is a great approach. Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](/discussions) and let us know!
+Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/orgs/RaspAP/teams/insiders/discussions) and let us know!
 
 ## Funding targets
 Following is a list of funding targets. When a funding target is reached, the features that are tied to it are merged back into RaspAP and released to the public for general availability.

From fd625203555147b7a50e5abb3b73e096f8a6b74e Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 6 Feb 2021 08:18:27 +0000
Subject: [PATCH 030/300] Create openvpn subtemplates

---
 templates/openvpn.php         | 87 +++++++++++------------------------
 templates/openvpn/configs.php |  9 ++++
 templates/openvpn/general.php | 37 +++++++++++++++
 templates/openvpn/logging.php | 11 +++++
 4 files changed, 83 insertions(+), 61 deletions(-)
 create mode 100644 templates/openvpn/configs.php
 create mode 100644 templates/openvpn/general.php
 create mode 100644 templates/openvpn/logging.php

diff --git a/templates/openvpn.php b/templates/openvpn.php
index 65976dee..02cf6b18 100755
--- a/templates/openvpn.php
+++ b/templates/openvpn.php
@@ -1,3 +1,15 @@
+  <?php ob_start() ?>
+    <?php if (!RASPI_MONITOR_ENABLED) : ?>
+        <input type="submit" class="btn btn-outline btn-primary" name="SaveOpenVPNSettings" value="Save settings" />
+        <?php if ($openvpnstatus[0] == 0) {
+            echo '<input type="submit" class="btn btn-success" name="StartOpenVPN" value="Start OpenVPN" />' , PHP_EOL;
+          } else {
+            echo '<input type="submit" class="btn btn-warning" name="StopOpenVPN" value="Stop OpenVPN" />' , PHP_EOL;
+          }
+        ?>
+    <?php endif ?>
+  <?php $buttons = ob_get_clean(); ob_end_clean() ?>
+ 
   <div class="row">
     <div class="col-lg-12">
       <div class="card">
@@ -21,70 +33,23 @@
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">
                 <li class="nav-item"><a class="nav-link active" id="clienttab" href="#openvpnclient" data-toggle="tab"><?php echo _("Client settings"); ?></a></li>
-                <li class="nav-item"><a class="nav-link" id="logoutputtab" href="#openvpnlogoutput" data-toggle="tab"><?php echo _("Logfile output"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="configstab" href="#openvpnconfigs" data-toggle="tab"><?php echo _("Manage configs"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="loggingtab" href="#openvpnlogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
             </ul>
+
             <!-- Tab panes -->
             <div class="tab-content">
-              <div class="tab-pane active" id="openvpnclient">
-                <h4 class="mt-3"><?php echo _("Client settings"); ?></h4>
-                <div class="row">
-                  <div class="col">
-                    <div class="row">
-                      <div class="col-lg-12 mt-2 mb-2">
-                        <div class="info-item"><?php echo _("IPv4 Address"); ?></div>
-                        <div class="info-item"><?php echo htmlspecialchars($public_ip, ENT_QUOTES); ?><a class="text-gray-500" href="https://ipapi.co/<?php echo($public_ip); ?>" target="_blank" rel="noopener noreferrer"><i class="fas fa-external-link-alt ml-2"></i></a></div>
-                      </div>
-                    </div>
-                    <div class="row">
-                     <div class="form-group col-lg-12">
-                      <label for="code"><?php echo _("Username"); ?></label>
-                        <input type="text" class="form-control" name="authUser" value="<?php echo htmlspecialchars($authUser, ENT_QUOTES); ?>" />
-                      </div>
-                    </div>
-                    <div class="row">
-                      <div class="form-group col-lg-12">
-                        <label for="code"><?php echo _("Password"); ?></label>
-                        <input type="password" class="form-control" name="authPassword" value="<?php echo htmlspecialchars($authPassword, ENT_QUOTES); ?>" />
-                      </div>
-                    </div>
-                    <div class="row">
-                      <div class="form-group col-lg-12">
-                        <div class="custom-file">
-                          <input type="file" class="custom-file-input" name="customFile" id="customFile">
-                          <label class="custom-file-label" for="customFile"><?php echo _("Select OpenVPN configuration file (.ovpn)"); ?></label>
-                        </div>
-                      </div>
-                    </div>
-                  </div><!-- col-->
-                  <div class="col-sm">
-                      <a href="https://go.nordvpn.net/aff_c?offer_id=15&aff_id=36402&url_id=902"><img src="app/img/180x150.png" class="rounded float-left mb-3 mt-3"></a>
-                  </div>
-                </div><!-- main row -->
-              </div>
-              <div class="tab-pane fade" id="openvpnlogoutput">
-                <h4 class="mt-3"><?php echo _("Client log"); ?></h4>
-                <div class="row">
-                  <div class="form-group col-md-8">
-                    <?php
-                        echo '<textarea class="logoutput"></textarea>';
-                    ?>
-                  </div>
-                </div>
-              </div>
-              <?php if (!RASPI_MONITOR_ENABLED) : ?>
-                  <input type="submit" class="btn btn-outline btn-primary" name="SaveOpenVPNSettings" value="Save settings" />
-                  <?php if ($openvpnstatus[0] == 0) {
-                      echo '<input type="submit" class="btn btn-success" name="StartOpenVPN" value="Start OpenVPN" />' , PHP_EOL;
-                    } else {
-                      echo '<input type="submit" class="btn btn-warning" name="StopOpenVPN" value="Stop OpenVPN" />' , PHP_EOL;
-                    }
-                  ?>
-              <?php endif ?>
-              </form>
-            </div>
+              <?php echo renderTemplate("openvpn/general", $__template_data) ?>
+              <?php echo renderTemplate("openvpn/configs", $__template_data) ?>
+              <?php echo renderTemplate("openvpn/logging", $__template_data) ?>
+            </div><!-- /.tab-content -->
+
+            <?php echo $buttons ?>
+            </form>
+          </div>
         </div><!-- /.card-body -->
-    <div class="card-footer"> Information provided by openvpn</div>
-  </div><!-- /.card -->
-</div><!-- /.col-lg-12 -->
+      <div class="card-footer"><?php echo _("Information provided by openvpn"); ?></div>
+    </div><!-- /.card -->
+  </div><!-- /.col-lg-12 -->
 </div><!-- /.row -->
 
diff --git a/templates/openvpn/configs.php b/templates/openvpn/configs.php
new file mode 100644
index 00000000..fd9fd3ef
--- /dev/null
+++ b/templates/openvpn/configs.php
@@ -0,0 +1,9 @@
+<div class="tab-pane fade" id="openvpnconfigs">
+  <h4 class="mt-3"><?php echo _("Manage configs"); ?></h4>
+  <div class="row">
+    <div class="form-group col-md-8">
+    </div>
+  </div><!-- /.row -->
+</div><!-- /.tab-pane | manage configs tab -->
+
+
diff --git a/templates/openvpn/general.php b/templates/openvpn/general.php
new file mode 100644
index 00000000..ddc751e7
--- /dev/null
+++ b/templates/openvpn/general.php
@@ -0,0 +1,37 @@
+<div class="tab-pane active" id="openvpnclient">
+  <h4 class="mt-3"><?php echo _("Client settings"); ?></h4>
+  <div class="row">
+    <div class="col">
+      <div class="row">
+        <div class="col-lg-12 mt-2 mb-2">
+          <div class="info-item"><?php echo _("IPv4 Address"); ?></div>
+          <div class="info-item"><?php echo htmlspecialchars($public_ip, ENT_QUOTES); ?><a class="text-gray-500" href="https://ipapi.co/<?php echo($public_ip); ?>" target="_blank" rel="noopener noreferrer"><i class="fas fa-external-link-alt ml-2"></i></a></div>
+        </div>
+      </div>
+      <div class="row">
+       <div class="form-group col-lg-12">
+        <label for="code"><?php echo _("Username"); ?></label>
+          <input type="text" class="form-control" name="authUser" value="<?php echo htmlspecialchars($authUser, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+      <div class="row">
+        <div class="form-group col-lg-12">
+          <label for="code"><?php echo _("Password"); ?></label>
+          <input type="password" class="form-control" name="authPassword" value="<?php echo htmlspecialchars($authPassword, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+      <div class="row">
+        <div class="form-group col-lg-12">
+          <div class="custom-file">
+            <input type="file" class="custom-file-input" name="customFile" id="customFile">
+            <label class="custom-file-label" for="customFile"><?php echo _("Select OpenVPN configuration file (.ovpn)"); ?></label>
+          </div>
+        </div>
+      </div>
+    </div><!-- col-->
+    <div class="col-sm">
+        <a href="https://go.nordvpn.net/aff_c?offer_id=15&aff_id=36402&url_id=902"><img src="app/img/180x150.png" class="rounded float-left mb-3 mt-3"></a>
+    </div>
+  </div><!-- /.row -->
+</div><!-- /.tab-pane | general tab -->
+
diff --git a/templates/openvpn/logging.php b/templates/openvpn/logging.php
new file mode 100644
index 00000000..caba8862
--- /dev/null
+++ b/templates/openvpn/logging.php
@@ -0,0 +1,11 @@
+<div class="tab-pane fade" id="openvpnlogging">
+  <h4 class="mt-3"><?php echo _("Client log"); ?></h4>
+  <div class="row">
+    <div class="form-group col-md-8">
+      <?php
+          echo '<textarea class="logoutput"></textarea>';
+      ?>
+    </div>
+  </div><!-- /.row -->
+</div><!-- /.tab-pane | logging tab -->
+

From dc03d9ea002557f1c28a20b6849bb52437e25f6f Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 6 Feb 2021 11:03:30 +0000
Subject: [PATCH 031/300] Prepend .ovpn filename to client + login

---
 includes/functions.php | 37 +++++++++++++++++++++++++++++++++++++
 includes/openvpn.php   | 14 +++++++++++---
 2 files changed, 48 insertions(+), 3 deletions(-)

diff --git a/includes/functions.php b/includes/functions.php
index f1dec2c0..923ff007 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -224,6 +224,43 @@ function safefilerewrite($fileName, $dataToSave)
     }
 }
 
+/**
+ * Prepends data to a file if not exists
+ *
+ * @param string $filename
+ * @param string $dataToSave
+ * @return boolean
+ */
+function file_prepend_data($filename, $dataToSave)
+{
+    $context = stream_context_create();
+    $file = fopen($filename, 'r', 1, $context);
+    $file_data = readfile($file);
+
+    if (!preg_match('/^'.$dataToSave.'/', $file_data)) {
+        $tmp_file = tempnam(sys_get_temp_dir(), 'php_prepend_');
+        file_put_contents($tmp_file, $dataToSave);
+        file_put_contents($tmp_file, $file, FILE_APPEND);
+        fclose($file);
+        unlink($filename);
+        rename($tmp_file, $filename);
+        return true;
+    } else {
+        return false;
+    }
+}
+
+/**
+ * Callback function for array_filter
+ *
+ * @param string $var
+ * @return filtered value
+ */
+function filter_comments($var)
+{
+    return $var[0] != '#';
+}
+
 /**
  * Saves a CSRF token in the session
  */
diff --git a/includes/openvpn.php b/includes/openvpn.php
index 6f9e40b5..d337f04d 100755
--- a/includes/openvpn.php
+++ b/includes/openvpn.php
@@ -47,8 +47,9 @@ function DisplayOpenVPNConfig()
 
     // parse client auth credentials
     if (!empty($auth)) {
-        $authUser = $auth[0];
-        $authPassword = $auth[1];
+        $auth = array_filter($auth, 'filter_comments');
+        $authUser = current($auth);
+        $authPassword = next($auth);
     }
 
     echo renderTemplate(
@@ -136,18 +137,25 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
         ) {
             throw new RuntimeException('Unable to move uploaded file');
         }
+
+
         // Good file upload, update auth credentials if present
+        $prepend = '# filename '.pathinfo($file['name'], PATHINFO_FILENAME) .PHP_EOL;
         if (!empty($authUser) && !empty($authPassword)) {
             $auth_flag = 1;
             // Move tmp authdata to /etc/openvpn/login.conf
-            $auth = $authUser .PHP_EOL . $authPassword .PHP_EOL;
+            $auth.= $authUser .PHP_EOL . $authPassword .PHP_EOL;
             file_put_contents($tmp_authdata, $auth);
+            file_prepend_data($tmp_authdata, $prepend);
             system("sudo cp $tmp_authdata " . RASPI_OPENVPN_CLIENT_LOGIN, $return);
             if ($return !=0) {
                 $status->addMessage('Unable to save client auth credentials', 'danger');
             }
         }
 
+        // Prepend filname tag to .ovpn client config
+        file_prepend_data($tmp_ovpnclient, $prepend);
+
         // Set iptables rules and, optionally, auth-user-pass
         exec("sudo /etc/raspap/openvpn/configauth.sh $tmp_ovpnclient $auth_flag " .$_SESSION['ap_interface'], $return);
         foreach ($return as $line) {

From 9bc9f2d3d74ffd47720dcfaa3e6dd58f9d547ac1 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Feb 2021 11:50:52 +0000
Subject: [PATCH 032/300] Add ajax delete handler

---
 ajax/openvpn/del_ovpncfg.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 ajax/openvpn/del_ovpncfg.php

diff --git a/ajax/openvpn/del_ovpncfg.php b/ajax/openvpn/del_ovpncfg.php
new file mode 100644
index 00000000..77adacff
--- /dev/null
+++ b/ajax/openvpn/del_ovpncfg.php
@@ -0,0 +1,13 @@
+<?php
+
+require_once '../../includes/config.php';
+require_once '../../includes/functions.php';
+
+if (isset($_POST['cfg_id'])) {
+    $ovpncfg_id = $_POST['cfg_id'];
+    $ovpncfg_files = pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME).'/'.$ovpncfg_id.'_*.conf';
+    exec("sudo rm $ovpncfg_files", $return);
+    $jsonData = ['return'=>$return];
+    echo json_encode($jsonData);
+}
+

From f1b1e96df3959bc2eae1004539ae0b7219c5faf6 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Feb 2021 11:52:58 +0000
Subject: [PATCH 033/300] Progress commit: templates/openvpn

---
 templates/openvpn.php         | 38 ++++++++++++++++++++++++++++++++++-
 templates/openvpn/configs.php | 32 ++++++++++++++++++++++++-----
 2 files changed, 64 insertions(+), 6 deletions(-)

diff --git a/templates/openvpn.php b/templates/openvpn.php
index 02cf6b18..4f76d6ec 100755
--- a/templates/openvpn.php
+++ b/templates/openvpn.php
@@ -33,7 +33,7 @@
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">
                 <li class="nav-item"><a class="nav-link active" id="clienttab" href="#openvpnclient" data-toggle="tab"><?php echo _("Client settings"); ?></a></li>
-                <li class="nav-item"><a class="nav-link" id="configstab" href="#openvpnconfigs" data-toggle="tab"><?php echo _("Manage configs"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="configstab" href="#openvpnconfigs" data-toggle="tab"><?php echo _("Configurations"); ?></a></li>
                 <li class="nav-item"><a class="nav-link" id="loggingtab" href="#openvpnlogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
             </ul>
 
@@ -53,3 +53,39 @@
   </div><!-- /.col-lg-12 -->
 </div><!-- /.row -->
 
+<!-- modal confirm-delete-->
+<div class="modal fade" id="ovpn-confirm-delete" tabindex="-1" role="dialog" aria-labelledby="ModalLabel" aria-hidden="true">
+  <div class="modal-dialog" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+      <div class="modal-title" id="ModalLabel"><i class="far fa-trash-alt mr-2"></i><?php echo _("Delete OpenVPN client"); ?></div>
+      </div>
+      <div class="modal-body">
+        <div class="col-md-12 mb-3 mt-1"><?php echo _("Delete client configuration? This cannot be undone."); ?></div>
+      </div>
+      <div class="modal-footer">
+      <button type="button" class="btn btn-outline-secondary" data-dismiss="modal"><?php echo _("Cancel"); ?></button>
+      <button type="button" class="btn btn-outline-danger btn-delete"><?php echo _("Delete"); ?></button>
+      </div>
+    </div>
+  </div>
+</div>
+
+<!-- modal confirm-enable -->
+<div class="modal fade" id="ovpn-confirm-activate" tabindex="-1" role="dialog" aria-labelledby="ModalLabel" aria-hidden="true">
+  <div class="modal-dialog" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+      <div class="modal-title" id="ModalLabel"><i class="far fa-check-circle mr-2"></i><?php echo _("Activate OpenVPN client"); ?></div>
+      </div>
+      <div class="modal-body">
+        <div class="col-md-12 mb-3 mt-1"><?php echo _("Activate client configuration? This will restart the openvpn-client service."); ?></div>
+      </div>
+      <div class="modal-footer">
+      <button type="button" class="btn btn-outline-secondary" data-dismiss="modal"><?php echo _("Cancel"); ?></button>
+      <button type="button" class="btn btn-outline-success btn-activate"><?php echo _("Activate"); ?></button>
+      </div>
+    </div>
+  </div>
+</div>
+
diff --git a/templates/openvpn/configs.php b/templates/openvpn/configs.php
index fd9fd3ef..84d701d3 100644
--- a/templates/openvpn/configs.php
+++ b/templates/openvpn/configs.php
@@ -1,9 +1,31 @@
 <div class="tab-pane fade" id="openvpnconfigs">
-  <h4 class="mt-3"><?php echo _("Manage configs"); ?></h4>
-  <div class="row">
-    <div class="form-group col-md-8">
-    </div>
-  </div><!-- /.row -->
+  <h4 class="mt-3 mb-3"><?php echo _("Configurations"); ?></h4>
+    <div class="openvpn-configs js-openvpn-configs-container">
+          <?php foreach ($clients as $client) :
+              if ($client == "login.conf") {
+                  $label = file_get_meta(RASPI_OPENVPN_CLIENT_LOGIN,'#\sfilename\s(.*)');
+                  $btn_class = "active";
+              } else {
+                  $label = trim(pathinfo($client, PATHINFO_FILENAME), "_login");
+                  $client = $label;
+                  $btn_class = "disabled";
+              }
+          ?>
+          <div class="row openvpn-client-row js-openvpn-client-row mt-2">
+          <div class="col-md-5 col-xs-5">
+            <label><?php echo htmlspecialchars($label, ENT_QUOTES); ?></label>
+          </div>
+          <div class="col-md-2 col-xs-2">
+            <button type="button" class="btn btn-outline-success <?php echo $btn_class; ?> js-activate-openvpn-client" data-record-id="<?php echo htmlspecialchars($client, ENT_QUOTES); ?>" data-toggle="modal" data-target="#ovpn-confirm-activate" /><i class="far fa-check-circle"></i></button>
+          </div>
+          <div class="col-md-2 col-xs-3">
+            <button type="button" class="btn btn-outline-danger js-remove-openvpn-client" data-record-id="<?php echo htmlspecialchars($client, ENT_QUOTES); ?>" data-toggle="modal" data-target="#ovpn-confirm-delete" /><i class="far fa-trash-alt"></i></button>
+          </div>
+        </div><!-- ./row openvpn -->
+      <?php endforeach ?>
+   </div><!-- /.openvpn-configs -->
+  <div class="mb-3">
+  </div>
 </div><!-- /.tab-pane | manage configs tab -->
 
 

From ef09dd0f6060dc426aefdb4d6c86f5701181c2b7 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Feb 2021 11:53:57 +0000
Subject: [PATCH 034/300] Add file utility functions

---
 includes/functions.php | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/includes/functions.php b/includes/functions.php
index 923ff007..7593df18 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -250,6 +250,47 @@ function file_prepend_data($filename, $dataToSave)
     }
 }
 
+/**
+ * Fetches a meta value from a file
+ *
+ * @param string $filename
+ * @param string $pattern
+ * @return string
+ */
+function file_get_meta($filename, $pattern)
+{
+    if(file_exists($filename)) {
+        $context = stream_context_create();
+        $file_data = file_get_contents($filename, false, $context);
+        preg_match('/^'.$pattern.'/', $file_data, $matched);
+        return $matched[1];
+    } else {
+        return false;
+    }
+}
+
+/**
+ * Renames an openvpn client config with the 'filename' header comment
+ *
+ * @param string file
+ * @return boolean
+ */
+function file_move_config($file)
+{
+    if(file_exists($file)) {
+        $file_data = file_get_contents($file);
+        preg_match('/^#\sfilename\s(.*)/i', $file_data, $matched);
+        $renamed = pathinfo($file, PATHINFO_DIRNAME).'/'.
+            $matched[1] .'_'.pathinfo($file, PATHINFO_FILENAME).'.'.
+            pathinfo($file, PATHINFO_EXTENSION);
+        if (!file_exists($renamed)) {
+            $return = system("sudo mv $file $renamed", $return);
+        } else {
+            return false;
+        }
+    }
+}
+
 /**
  * Callback function for array_filter
  *

From f48e77da6c3dac71bbc8ef8cdb2b6278ffc8569a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Feb 2021 11:54:57 +0000
Subject: [PATCH 035/300] Update w/ file_move_config + permissions

---
 includes/openvpn.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/includes/openvpn.php b/includes/openvpn.php
index d337f04d..7b54d4de 100755
--- a/includes/openvpn.php
+++ b/includes/openvpn.php
@@ -51,6 +51,7 @@ function DisplayOpenVPNConfig()
         $authUser = current($auth);
         $authPassword = next($auth);
     }
+    $clients = preg_grep('~\login.(conf)$~', scandir(pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME)));
 
     echo renderTemplate(
         "openvpn", compact(
@@ -59,7 +60,8 @@ function DisplayOpenVPNConfig()
             "openvpnstatus",
             "public_ip",
             "authUser",
-            "authPassword"
+            "authPassword",
+            "clients"
         )
     );
 }
@@ -147,6 +149,8 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
             $auth.= $authUser .PHP_EOL . $authPassword .PHP_EOL;
             file_put_contents($tmp_authdata, $auth);
             file_prepend_data($tmp_authdata, $prepend);
+            file_move_config(RASPI_OPENVPN_CLIENT_LOGIN);
+            chmod($tmp_authdata, 0644);
             system("sudo cp $tmp_authdata " . RASPI_OPENVPN_CLIENT_LOGIN, $return);
             if ($return !=0) {
                 $status->addMessage('Unable to save client auth credentials', 'danger');
@@ -163,6 +167,8 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
         }
 
         // Copy tmp client config to /etc/openvpn/client
+        file_move_config(RASPI_OPENVPN_CLIENT_CONFIG);
+        chmod($tmp_ovpnclient, 0644);
         system("sudo cp $tmp_ovpnclient " . RASPI_OPENVPN_CLIENT_CONFIG, $return);
         if ($return ==0) {
             $status->addMessage('OpenVPN client.conf uploaded successfully', 'info');

From 56ca7ab281a35ab8ddec3c31e54099f94e648c6a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Feb 2021 11:56:18 +0000
Subject: [PATCH 036/300] Update w/ openvpn client cfg actions

---
 installers/raspap.sudoers | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 00e1d1c7..d141653e 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -20,6 +20,8 @@ www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl disable openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/authdata /etc/openvpn/client/login.conf
+www-data ALL=(ALL) NOPASSWD:/bin/mv /etc/openvpn/client/*.conf /etc/openvpn/client/*.conf
+www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/openvpn/client/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/dnsmasq.d/090_*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf

From 12dd5d824bded89c8187e693a610f64cb73269ab Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Feb 2021 11:59:02 +0000
Subject: [PATCH 037/300] Progress commit: bootstrap modal event handlers

---
 ajax/openvpn/activate_ovpncfg.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 ajax/openvpn/activate_ovpncfg.php

diff --git a/ajax/openvpn/activate_ovpncfg.php b/ajax/openvpn/activate_ovpncfg.php
new file mode 100644
index 00000000..d2a21897
--- /dev/null
+++ b/ajax/openvpn/activate_ovpncfg.php
@@ -0,0 +1,14 @@
+<?php
+
+require_once '../../includes/config.php';
+require_once '../../includes/functions.php';
+
+if (isset($_POST['cfg_id'])) {
+    $ovpncfg_id = $_POST['cfg_id'];
+    $ovpncfg_files = pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME).'/'.$ovpncfg_id.'_*.conf';
+    $return = $ovpncfg_files;
+    //exec("sudo rm $ovpncfg_files", $return);
+    $jsonData = ['return'=>$return];
+    echo json_encode($jsonData);
+}
+

From 6432efcf34b88faa7094c612ba7a0603d939ab81 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Feb 2021 11:59:16 +0000
Subject: [PATCH 038/300] Progress commit: bootstrap modal event handlers

---
 app/js/custom.js | 50 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/app/js/custom.js b/app/js/custom.js
index 7a885472..92c73eba 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -248,6 +248,56 @@ $('#hostapdModal').on('shown.bs.modal', function (e) {
 $('#configureClientModal').on('shown.bs.modal', function (e) {
 });
 
+$('#ovpn-confirm-delete').on('click', '.btn-delete', function (e) {
+    var modalDiv = $(e.delegateTarget);
+    var cfg_id = $(this).data('recordId');
+    console.log(cfg_id);
+    //console.log(modalDiv.parent().find('.js-remove-openvpn-client').attr('data-record-id'));
+    //console.log(modalDiv.parent().find(
+
+    $.post('ajax/openvpn/del_ovpncfg.php',{'cfg_id':cfg_id},function(data){
+        jsonData = JSON.parse(data);
+        console.log(jsonData);
+        //$(this).closest('js-openvpn-client-row').fadeOut(300);
+        $("#ovpn-confirm-delete").modal('hide');
+        if(jsonData['return'] == 0) {
+            // do something
+        } else if(jsonData['return'] == 2) {
+            // something else
+        }
+    });
+});
+
+$('#ovpn-confirm-delete').on('show.bs.modal', function (e) {
+    var data = $(e.relatedTarget).data();
+    $('.btn-delete', this).data('recordId', data.recordId);
+});
+
+$('#ovpn-confirm-activate').on('click', '.btn-activate', function (e) {
+    //var modalDiv = $(e.delegateTarget);
+    var cfg_id = $(this).data('recordId');
+    console.log(cfg_id);
+
+    $.post('ajax/openvpn/activate_ovpncfg.php',{'cfg_id':cfg_id},function(data){
+        jsonData = JSON.parse(data);
+        console.log(jsonData);
+        //$(this).closest('js-openvpn-client-row').fadeOut(300);
+        $("#ovpn-confirm-activate").modal('hide');
+        if(jsonData['return'] == 0) {
+            // do something
+        } else if(jsonData['return'] == 2) {
+            // something else
+        }
+    });
+});
+
+$('#ovpn-confirm-activate').on('shown.bs.modal', function (e) {
+    var data = $(e.relatedTarget).data();
+    console.log(data.recordId);
+    $('.btn-activate', this).data('recordId', data.recordId);
+});
+
+
 /*
 Sets the wirelss channel select options based on hw_mode and country_code.
 

From dc1e4b4bc7bd51eb46b34d7c14365a8a7b7213c6 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Feb 2021 13:04:04 +0000
Subject: [PATCH 039/300] Swap profiles + restart openvpn-client

---
 ajax/openvpn/activate_ovpncfg.php | 32 ++++++++++++++++++++++++++++---
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/ajax/openvpn/activate_ovpncfg.php b/ajax/openvpn/activate_ovpncfg.php
index d2a21897..2f1e808d 100644
--- a/ajax/openvpn/activate_ovpncfg.php
+++ b/ajax/openvpn/activate_ovpncfg.php
@@ -1,13 +1,39 @@
 <?php
 
+require_once '../../includes/status_messages.php';
 require_once '../../includes/config.php';
 require_once '../../includes/functions.php';
 
 if (isset($_POST['cfg_id'])) {
+    $status = new StatusMessages();
+
     $ovpncfg_id = $_POST['cfg_id'];
-    $ovpncfg_files = pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME).'/'.$ovpncfg_id.'_*.conf';
-    $return = $ovpncfg_files;
-    //exec("sudo rm $ovpncfg_files", $return);
+    $ovpncfg_path = pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME).'/';
+    $ovpncfg_files = $ovpncfg_path .$ovpncfg_id.'_*.conf';
+
+    // move currently active profile
+    $meta = file_get_meta(RASPI_OPENVPN_CLIENT_LOGIN,'#\sfilename\s(.*)');
+    $ovpncfg_client = $ovpncfg_path .$meta.'_client.conf';
+    $ovpncfg_login = $ovpncfg_path .$meta.'_login.conf';
+    exec("sudo mv ".RASPI_OPENVPN_CLIENT_CONFIG." $ovpncfg_client", $return);
+    exec("sudo mv ".RASPI_OPENVPN_CLIENT_LOGIN." $ovpncfg_login", $return);
+
+    // replace with selected profile
+    $ovpncfg_client = $ovpncfg_path .$ovpncfg_id.'_client.conf';
+    $ovpncfg_login = $ovpncfg_path .$ovpncfg_id.'_login.conf';
+    exec("sudo mv $ovpncfg_client ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
+    exec("sudo mv $ovpncfg_login ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
+
+    // restart service
+    $status->addMessage('Attempting to restart OpenVPN', 'info');
+    exec('sudo /bin/systemctl stop openvpn-client@client', $return);
+    exec('sudo /bin/systemctl enable openvpn-client@client', $return);
+    exec('sudo /bin/systemctl start openvpn-client@client', $return);
+
+    foreach ($return as $line) {
+        $status->addMessage($line, 'info');
+    }
+    $return = $status;
     $jsonData = ['return'=>$return];
     echo json_encode($jsonData);
 }

From ee1da31da0d6ca3826b257b3c00559187ce75ca3 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Feb 2021 13:50:55 +0000
Subject: [PATCH 040/300] Code cleanup

---
 ajax/openvpn/activate_ovpncfg.php | 19 ++++++-------------
 app/js/custom.js                  | 14 +++-----------
 2 files changed, 9 insertions(+), 24 deletions(-)

diff --git a/ajax/openvpn/activate_ovpncfg.php b/ajax/openvpn/activate_ovpncfg.php
index 2f1e808d..b8f822c2 100644
--- a/ajax/openvpn/activate_ovpncfg.php
+++ b/ajax/openvpn/activate_ovpncfg.php
@@ -1,12 +1,9 @@
 <?php
 
-require_once '../../includes/status_messages.php';
 require_once '../../includes/config.php';
 require_once '../../includes/functions.php';
 
 if (isset($_POST['cfg_id'])) {
-    $status = new StatusMessages();
-
     $ovpncfg_id = $_POST['cfg_id'];
     $ovpncfg_path = pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME).'/';
     $ovpncfg_files = $ovpncfg_path .$ovpncfg_id.'_*.conf';
@@ -25,16 +22,12 @@ if (isset($_POST['cfg_id'])) {
     exec("sudo mv $ovpncfg_login ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
 
     // restart service
-    $status->addMessage('Attempting to restart OpenVPN', 'info');
-    exec('sudo /bin/systemctl stop openvpn-client@client', $return);
-    exec('sudo /bin/systemctl enable openvpn-client@client', $return);
-    exec('sudo /bin/systemctl start openvpn-client@client', $return);
+    exec("sudo /bin/systemctl stop openvpn-client@client", $return);
+    sleep(1);
+    exec("sudo /bin/systemctl enable openvpn-client@client", $return);
+    sleep(1);
+    exec("sudo /bin/systemctl start openvpn-client@client", $return);
 
-    foreach ($return as $line) {
-        $status->addMessage($line, 'info');
-    }
-    $return = $status;
-    $jsonData = ['return'=>$return];
-    echo json_encode($jsonData);
+    echo json_encode($return);
 }
 
diff --git a/app/js/custom.js b/app/js/custom.js
index 92c73eba..b1f445ce 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -274,26 +274,18 @@ $('#ovpn-confirm-delete').on('show.bs.modal', function (e) {
 });
 
 $('#ovpn-confirm-activate').on('click', '.btn-activate', function (e) {
-    //var modalDiv = $(e.delegateTarget);
     var cfg_id = $(this).data('recordId');
-    console.log(cfg_id);
-
     $.post('ajax/openvpn/activate_ovpncfg.php',{'cfg_id':cfg_id},function(data){
         jsonData = JSON.parse(data);
-        console.log(jsonData);
-        //$(this).closest('js-openvpn-client-row').fadeOut(300);
         $("#ovpn-confirm-activate").modal('hide');
-        if(jsonData['return'] == 0) {
-            // do something
-        } else if(jsonData['return'] == 2) {
-            // something else
-        }
+        setTimeout(function(){
+            window.location.reload();
+        },300);
     });
 });
 
 $('#ovpn-confirm-activate').on('shown.bs.modal', function (e) {
     var data = $(e.relatedTarget).data();
-    console.log(data.recordId);
     $('.btn-activate', this).data('recordId', data.recordId);
 });
 

From 361a37332a63eca33bd43cc58d9801c5e27bd0ae Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Feb 2021 15:24:45 +0000
Subject: [PATCH 041/300] Update en_US locale + template

---
 locale/en_US/LC_MESSAGES/messages.mo | Bin 17365 -> 18271 bytes
 locale/en_US/LC_MESSAGES/messages.po |  27 ++++++++++++
 templates/openvpn/configs.php        |  63 +++++++++++++++------------
 3 files changed, 61 insertions(+), 29 deletions(-)

diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index 34d53bd3567d76aca246ffff641444300801299f..451dd153e80dabdc3f40fdae6f029c35256d88ea 100644
GIT binary patch
literal 18271
zcmeI2eViRtdB+C`<OKs5A&3DvgqI|c-E3Y65Fli;n~*iTn<cv;LX|Lk@9gf7duJ|p
z=I&;RKtT#9MZt=^R4cxKLTRwPC@mtsP@xg4qO?U6EiDvL3u>#Pg8lx^oVoWVVf(55
zv!9*KbH8)WoH^$?&w0){&&=eRSyOKCIA-kSd56Q&G|wC6{PPDX*Yn;!+w<nbb6^B7
zhX=r)!8btfP|xEQZzklQH=Cbs*a|nm?Qj<S8r&Z~1LwdO;XZJ`H+$Y8a0VpHGjJ+A
z8PbHe3ab9i@Qv_%crdI&>2Vd*eIJ6VcZcInsQaIXZ-K8mzWK21zNJw2t%m!;b6x)V
z@IcZrlpdEt>3@~WzXkS^z7tBXR~+}Ik^M;T4`r8GQ1>4RrPn+teLCQDcrKg)i%@on
zq1xRJrO!2v*F*L5Mp%WnL)qalDpfltKx;3TUIiDD-vc#-7s0jg8mRGo0;;{2pzQct
zC_N71qS~DUm46hJp39-GuYww<^-y~H@CtY#RKI`euD=SGl77<>=m^h*$3h><URS~6
z;dM~<co53IPeAGU9DFNW$d9<59|JFd>i0EJ<Mt6KyW9^K!$+Wp-~JNb!|AV%#Ao20
z248}EAC=kZR4DyBpz7;~x;22Z%N0=dUk9b%ry*5&4?~sv0aSlqgR;-Qb3JbgJP@k<
z!BF`pxb%ro{p*J6{}yQA2-LW}2dcj7q3nAT)VS_&d=MT-`Y|XyUUEF}=q$Yms{b2Y
z`ZCCndLM(*_aP{Kz6VwR^H6sC9n?7Qe@v#gfwIR*Q1<D9Z-VDQ>0O5N;V47}@1s!l
ze%W1r9IF3MLe=vVD8G3Psz1|l0_imy>iQC>b~>T-8Gy2X!7+yNpY2ff+~D$Wg|gRO
zQ1-hQT0ep+_XJdX--k>U??ov6_r-`Re*jd!W<&M=c*irK)dS8XzW`Owg;0850vEzt
zpz3)Ps@-oujqmetANUHC9<M_6XWG2XKMsb{<1lF8T&Vjx;C}FIsQcatrN;=={2hZ+
z;ni?ocpcRB4?*2`8&rSpa_KL+^rKMrecGje45yI(J=8c(;Ya;!fzs<#sB!6Z`Deog
zq>C>9eNgS*3a7%mq4fV8l-@g`+IteJo#!A^#Cs7=gKwZR+4B&ncIHC0zYI=?t6jR=
z@mwhTjX?D;h122HQ1^cT>i$ncwSNy({SQI4x6`G+?f65eazBNt_t%i6%A0b0#-pJ6
zwGzs%YoYqr12u2Xhw{f!mwz3UJw5@a!+Tu%^Ux>#HMj=0oWL3b6DYkOb$kk{Uq6Pb
z=l77Q;vImKsoYX1J=VY(up7!>H@o~2R6i3aKYtfo0&j#`zji{6$Fp#M_;aZCUW4-I
zSuNQ-ZiO32pXJgYgSzh#I1_#c$}Z1Bjq8h0^}pmewKdB>63Pz8K$UNGTn_gpy%L_d
zm*=%ZT*4b$l*JRb!UISj*p`joTcP@O0#rN8U^ncB((`7harqHczkUbRpJ|J;`F9M|
zc+H2pe<hSYXG6``^PuXl!8gK7pzL}blpeQ1-FF{Uy^lM-0CoQqj4XT4aa;~{-&s)i
zoewonx4HaFpzL`qlpY^}v*2wm{{h%b`Y|ZI4qckjK#l(b_y*Vpb^qy5daZ%d$A_}}
zHYh*29Lg@&LbZD{ls<Pj-VLSi{jdrjfp3H-Ez8>Jg4SLxeICSRyshvccoSR;?|_;=
zFGICA^Tf=Khe7Gl3f1l@F8>TDJqO(N^WY(*Lnu8jg;&7$L-qUM<=OQ)5EZ?}Q1dT<
z$HGgY>~$Mts(Cx$Z1@zM1z(2JbDxv4eei9LAvEM)4b|^E;GytAD7$<cGSuF)Q1QgU
z1P}LcddMkRJn<M*JYiO3b~*=2e;=y83!(PicSG6b<52bQfYR@)Q2Y4zp~}4q)!)NU
z&FphD)I4i}D!;_#ce!*wRR1o3>i@;iz$>A~?Nd<o-3?{m&qDdn<Bm_k<48XbrN_+E
zGPXGOK=r@u(jSF$NIwjv@6%A@_#3GDr<|VI?Je+N(hH#UUI}H7O;Gk3hHrvnP<mej
z=fe*|#S;%f)%!zt{Y9vHegRd_jFp*R9S+r>c~E*SgSy@a)y^Q)I98$Tf0^U8Q2ui>
zlz-mq^1lFOuboi#`xaEYPeGM?8LGYC!neR_XJq;x4OM<2RKJ!%^?#k?JE7GB&Lsab
zsCwQHrT2&7LihkwJ<mb4`%|d#ow6!h&klvsV-8e*j)U@#B~W%e2^zQx>OLQ;KPl9G
z+oANh5^Db50M*{@Q1f#K)b;zI?)wT<e|Ea`GcNrclzm@u>FMp69!Efp<6NkIu7}d=
z9H?;_bonV<K>Bi*e-~7{Ux3o*>rnbX38nW7Q0@H!s=xcJ&f<w_Q1u@VWzVHh?W}@o
ze<PG1o$t~YIBtWo-<44P`v6qA+oA6N4AlK!hHC$tQ1w3z)!qv({WHhcpvvvvk<~jJ
z9!`3$;~7x>dIywUi%|XB3N>#of%3->y8Inb_V^N%Uf*=-??RvSkKh`(zB7v_u7}e5
zImcf?^=mqXRL>Fc7`PCs+*we16rl9J0Lou$F8{qy{k$H^&u@WC;QdhR*9%bNp+!}8
zJP4}2!=e1S4bFw#a0858`eCU1o`tgS&!Oz%otcg6G^qM#Iv(rtPlvL@YB&{kI}X6T
zNxuW`1s5SdKy)x9cFZ)d-ifFm%?C@C_XzS+<Xq(E$O_~ikpS5bnW9QL{sQ@!J<EQ6
z4Ze=Zw(W@e@*BiQhLFET#*vN4zaaM`$08p={tMBe`KRN9`q_&y7CD|l?m)hQJdEfV
z%V2-M!fz{b4{{|Ud*#PGPX5v*UWMOv=MOmw|BPIM{0ezD@@?d!h>oR*{3Ab};6&q>
zA1p`SG<5wUT#tMec^~p=<d?`FBbOujv7D0-S%BP&ychW)qGJ<sy*+FE+{x)Gm)wtb
z?&iD)`4gnu<qMxdK7hOxVJg_;Kz=Vpev&1<|Aaq6zJTmYT{~U=2)q!Pi@b!$Z}&$2
z4VjK~A#X$e4mk?3^8%KUvykTFLnQtPITiU=<hRJ9$VJHSkUvBI9GQcxMc#qzgXnlX
zgZCZy_wHQyKC;cFx58_YsmRBXBatb{DDoO|A95VheB4Unh2{*-uS0G?wjetY9lgju
zA*Ucyv5$`DGI$rm1i1_Oyvut(Ji(p63_puJi2T^)3Fjc6Lxz=b$2IUv?tDA^o;z<w
zg~VmZzq`!6(dTH+7b6!Shahi8<|F$fM<7ol`%o^1KST24%kHEPeiGT&rQ6^y-1+hF
zCggVHbVTnvb-ai?g>)jvAO^VwnTA|}oQddIhrA2fjNFFYjOh4%2Jb)MCy*4m8hHSD
zJEG$%WYC_m{=(<o`Fk8&;1c9y<Xgz$$e$u-BRXaw=OcfM=r{~H5qSlffviN<AWtHH
zh3MGJ^-t$tL#oJmN^ty52Kzp@#Q8}`KXRkXUj{$r&L4AZ#y^mljSL{qx(h`(-L?5)
z<()RTva4@&nF+S}<w_}7aoVE6m8PxL{+U6)I1(pmYauRsrzL4Mj)qtE#;HoVl-azd
z&-jHxkR+xOhf$gszfuYOs__#uZ$l-B=CzuQeo|@gGsQSaOcbZ4P^(shC@qbfq*kfK
zRdV7e3JPf$4VyGpogU?T{DNsO7OT|lwGYO%)K%oQQ*zW#gZhb4LudE(nnEe0;zoX!
zR`o;SaINa6VH}-d21dffjD@9=q3+bD{d6QSF?Ebqq84{g5>!XSLeQF5Cf)p|n&N2B
zDo!iJ#bD*G6`i)oW}02=3ry#_jy_Wg{3M`vMYFmT7q-#{=YAy(s-~+i@4V>`Qkh2O
ziV}m;X;^5g!sga03`*daO=oYvZ7!%PKeJ!497d+%C&^e`Et*=Ti2YRAs2>%YPPi{`
ztArL2rEGQmSVPrSDjKzVnKTW`m3-JTQx0s{=(WF2{z#lAm6)-4oomiwdt8ev=Jl#0
zd!pL7RIjYYs7Bbyj=I;rOR~|2)qWBdJp0>}8Tj~&!Jp~3U-DLmDb5pkc9cqCk~S5s
zhQ;BaXmHpvqwlTWHEnRUAo2%GL9x}WjjLuI6Dsn{f$^gvgS?QM0y7@hs-}vI2i1AZ
zAU9aUcwa}~Cet1JMSC)UwY?6FSjp=c@uT4YUk=KFO++>`juWajgK{UUXr&sDhDFA%
zW5iw4lty7Wq_XXlF<qVcS$8~~pQ?iVyguk1C7SR$;!@1b%@ZrBCxgV!sItFpOH?aw
z!7&&W%{>zjF?6IWSOe8fF&Oe|rPLaO;$gW~mc^E|wVl*zx`vG0YusSAwuQFJdU+f%
z3=-^<tsL~HGthjsN@y)1XCT()BrZwaT9j7DO^1dkPiSJAa*fd(46v9VZB<L@SZoR-
ze$}UrD%E9+Rb#+i2J^rl^}~{ecDMDXX_cVQjAxaOhDoL5kE7LKP>RP;oOa`K(?Dru
zq<dk+bhL|un{)O&8?1&Bn&SC&lo<Cq^=t6bp&?cVzpVa}nT!m^ew7M+#-Nt?!$H$2
z4jYAOT-CDE=?3CV+<eTZKC1~!wbfE%#+b&Lp>QqrV;slEM0R0}aAkH8%m<g_!FJg(
zLve}DW`+G|+>DKcX^>R>LSW`wB-Y~oV6wovfYxEPWi&%tQKA$u>oV+S<UIF(SmFzQ
zB%?C8wWt_JsxZVnfms)nN@ZW`VU>35Fn5ND9m#A7XS7%<<H8oS-{Kdxx<#D(Z7J*-
zC1pRkaMzK}msPekyCV+ON*Wng6t|W()mju;gEzA4S+OmVHy&#7wM)I6Xpo(vXqZC5
zHtn|IXrR%il8^-1LpVT<wVqDKWk1v%^);a6W72%hUt?FJZ1WhBziT(NE8P&|;<?Lf
z{ZeU=o@>ziv+ZVsox*v6dhJP`<9wxlA<r+x!^7&atC=xoiOSXk>r-6Mv~f<(#0y8m
zbiB232O7EsBplLWX~z604+o?nQH*WYXkJu<3v2A_3EoE-QcPGmn9SN-t&hbhP&K1r
zHLdw2GwfFfnH36qTFvU*V%eM>_Ei+C4^^3|W!9;X5NRRt4hjZLH`zHwD3Y*(GcL9T
zzsAhg4vh`RbGt7jI0<};F0@@KhZk{|_5ke~+Fb15`le_nGNT<bly#H+FAR_bRHpvZ
z`zmXr?4tRUSv9G<Dh=5sNRCvh$&pIquKVNl_1J}MekqArHmEGbo{a!Qu}fAj+m+qT
zTq}Qo%1p3uSnEc<TF?r9oT*&OR`9x8zHYsAP`;B*S+}j^;nwa>RK%8r>Ug#b4UAXh
z=ta3iBhK>HYzqoC8_l@xt5fVLnuOJq%axFoJPp}!*D^{N5)JG%Q_N=bF8RbFduC^|
zu)f7-@mSMs?)q3b6gF0S;s*T5TWdW#DvW#U*wO8e>F@9AWcHfDDnUYldG4*t*H3%a
z-pA!#R~{8`+4;(&EDfW*MJE%k9_w5fw+?@2am%p#zGL@-JoL01LOl^NDK$43X&0H;
zon%omo-8V`P9=+?AoaQ?DCXAE39tJ_y9`Wt-8spG*TagPlHr(zo%Se3kUQZWd9*o^
z#%!+>-a8s;b>}iWkX?K0XQrvT#&y%HA!-z|>vF<6lQd=eC7uC_%;b11YRbk3_ROhO
zvJ#kF%Y%Ici``ucd%Gfj!(tu<G^Q#`D_g3jYl+p*>|Ri2-o42BAgHvLSZ%y+0@s=%
zk^Cfgbd&g_1V6iHCtkN6lgxl7UUx{8b`~o)8-%C8SaW!L+r{jUQE@CRrXx0ZOS$HD
zm3%wMavJNS(nHK*L)cxZrCv{ahsoWv`O&k-g{4HYgKQi`uvy5Fcs)TmCZ^m(INUfb
za-LRsr09vGbc8A5xceOG4G1)=_K~kQ7^^>;dCdupnGFe;F@+JYH!N(mv$Quh3g|r8
zSiX3=U`&+P)RRVLe{E31+~X%(>zQ`c?UONP@70re9!+~2O2vjw&56cie5TZfh&?Xg
zNy6?s<8}v{Xv^_7WY6h2cVC&@Wo73pQ(ymjua9M+GE&6{yuQ$EB+ggF<Mr|8!0W5V
zX<Ud)o?EgvYvCm7Z#?fCmBX2v3*=eBV9X=w#-I==p6XehpYl9DPN3RI_7Ok?sWOI$
zu|^=leD<4ruP&Bj{Ci`-3lKus=26`kBt)ZJ%C?K<2mU-Sf27@rN~WXT6oP6>XLx)K
zJgxHfr}4Og`vgH`7Tc9->5}G0mVTyDL#uu^wW?-IezNB!lWIfkC)zHgjWBx`BiflV
zzcuC!$%4G3Z+K?Prn0-&*Y?dU?N=;<Is5H1=B{1Ive>xutMw<#{*idh(@#F9*<QCV
zzF1Rk`;v?Gw4u0$61CK>W&OktgmB$>U&&)J<V8-iVY8gv<+7AsCuC>&)|{ns<7cTc
z`qh?|+bu-ky578W_33JMhQYL*p;wk;7b};_7U%wyP@tg)iA;^A0Kpb%D8Ut{Lu1x@
z{Y_65S=d1YQt!sD7h_(+HD4^3{VE=i?PVEE^B&`}HrffHKKI6BN4fGw2Df2RCwoeE
zg%0dKd0kdMag}6;-!|?I$R!$1XWzcLXrAZ9#KmtcJwq+>vU&uE3uU1lrJ@$?DM^0K
zg|@Eq_0ZPF6|FSb2$!2$h~gIJZd@AuKi0wn<3#!t2@LH+K^}BZq#2Jw>^PA>8uD<V
zMQlLNa6<tvMDsPLIVWFsY+gA`S<A+Ps<$b7gj4jXscwTs=R6HNZ;G}?8n1c`?QODe
z{T$d=#yH*Mm0?1r4RP7lc>l*_&QG$n$30Qo7c<`GzIMAyWUKQYi_^(=aaz8#d2!kt
z45Fi6J(<CfA!dLWmBeex*DGOfbGSCl-{&@+*Wa_*g??QYjn+HuA_#jeUsmjsaTcrV
zO@MpzxoZ)ZYX*7A?A{unlwDEgyL4b54gxc8tm1DW0^l)IF00qd!Mp{i+Z3?pt?c?D
zU^7lq(u?x!l^eIXbdO$2<)N!y%zC-|<iT7%sdmrj<%}k}XP3jqK<CBt%fxx?lNaEk
zEnUTyvw5wB>#Z=0TbHyhp22p7y<2*c;jq}Ux;C7&48$wUYP}vmH!PO}!gU;fkn}})
za@8<Tz9oGYSUIC_LrcCRw-A&BD|mUgq^+fGY0HvROk3NEwi8ci<CxLyCuxiI<C0HM
z{0Fp<$Ac{cyxd-4s43fYR<I*%+0;Lyr>kd8bEn#7u>Ys*7A<<tTVc{*Te^ssZ(($*
zbwnKF^i2b6TTX72bCa-zXT(?$<qC81V3^LB{5mrEb!77E$mG|N$*&`mUq|d`s>!b-
zgeoiZ4-}JMM-=Y6$G+?-khjYAGgAE{$mG|N$*&{zZ!oX>731~4Xia_{X}o@Hd~BKg
zIx_ingzs_9Z>}1jLngnDOnx2F`>M&WBa>f8Ccln&lV3-gKY%p;Ll&P-CclpC`Tb?`
U>&WESk^H;G1Ya}$|9&0$ZznK{ng9R*

literal 17365
zcmeI2d7K<&na3+&0ts@89CE$EKoXdlOhN)7gpkQ3Ln4{UkeLuPN~r0snJK5ctLdtq
z$s_{0;0>(CB?i#N4dTIyunMTSTv0%AT~|CHco6YG;sUawh@$NG_tsn8oq>FI-GBC<
zDf0BU-lN|4d7t-r&*7(syyj|;XTk)}I~q>g*Yno#-gJ;+J#XvlJ#PlQ2A1G<cmSMz
znCHC~E{2D|PPiYu5FP~!aBuiN$S2+v@Nl>d?gQ_H{PVW+LzUhRcrbhd9txj_s%J7E
z>ANHNQMs*-D<N6DLHGuEspGX!-`x)R=Y5@@iSWlR{t0*>;pd?Am~cd@|7586qhS|p
zg3@b~<K<B8y%OrXYoYYn2BpW{a5DS>oB|(*vd1o{a{mCO$D|`uz7|#p9|G0xcSDu`
zQK<4i>B66bO@zM!)g`}z>Zcc=%0HCG%U%Ym-g!{<EOzl7P<pL%=>b%Kl%e!`54;?1
zfs^1-G>W3V<KYQ#A(S2Z;7M=@s=ZsF`u%3u0q=#!!hKLqJP{hW461$o5R-cwp!(-S
za5lUididLS;TL#)_!!Sy3*Sv4^WjgR>~Yv}slLZTmDd7Q&tfP$tcNOp2ui=pApg8;
z`BA<*q1v|t${su6Yv3-Z{Li}hNhS>+1l7LjQ0-p;`RBFsBYpBv<rSdp8AJ8o`yIEy
z6A9k{DcXC;ahKziscHL9f=YiY#Dv~Ep!D4erRSHR%D)fFZjV6q_phMz{xg(44mm!x
z&ouZt!gHbYUJhr#b0Pn{jr^$Gk3*$@8mgRIp~`s>%8zzHwdWU5dOhdT_kUwr&v8)t
z%!0E2BF8sD`OkS!<&<6gCMbKo7s`HDLDjnjD&Nge^?e!Qir)QD`t5|u{}fcao`Y)t
z#Azwt0IeQyf8rNGm9r8`?>ECHScNKQ8&thFLG|x_aBuj1C_Ns9YR}K%Yv8j`dOQye
z{0r1~$1*t7p4m{}&4<#X9crAehN>?IC&D49^oyXrdnZ(T-s{5Gx$riqae0ReKLDl2
zV^ID0I8;0L#kr){VNm^c98~;lI1`@b;zOu<H$mz10Vw@9L+O1ZRDHKX)pIYzrM&y0
z%6}5dp1*~v=Pyw895_Aoqhp}L(;eqQ*{>a{eXF4SEeG{|5i0+sQ1xF4RsL3}`fhaL
z&pUn<D&IGt%KaYHl<~OZOK=~;M`D~wa4J;$W<ZUbGobwOTo*qCWsggs^t#f8KMH-q
zpMuNaz8J9wc0uXA&G9y<c0B-9&SMal@Sbw%2b`4ZVW9M$4&|?NT>RN^U&38be!dpY
zffcCv>qe;lxC^Si--fDh2b4cQ4H=5w<dd;2Y=R2E1M0i$q3nALlwIzE>eu_B%74i5
z2^aq-IGOmDq4G~=u!sl4z2K2>-UMt8F^#vnIo$_rf@=RR_*(cPl-(z_q<S9-rSAz)
z<Ess-KbAr1u@0)97-~Fjg0jnID0^QAWw)E*0dPCici)97_bJDTv(oRULfLb^V-M7K
zC8+N%h7;k{F8(@rAmN*!^tcmB|LrdR2e6CqFQN3B+nVxBsP=Y1eb)n}&pN1fj6m7*
zDmVphh5Nx9;DPWKC_V0RydPEwe+#PJi)N?gcSDu`HWv;cUEo#VLGXI0ad0bC`QL`J
z*AA$9pMk39MHl}vlwOD8Y)U^Csy}8z>2(&o9Ik>IN8g7UH$Q?Wz~4jJ;iyy6eZVxR
z_O615z<$^PN1@iQdmSH#hVWnE!SJ}bX@AUy>Yo)5)x7heho5}_eu38y&P(?Ji%w1V
z0b8K#@f|3AAAu_GNvQf>gtEgCr={gjgNG4b2(`ZUK;?^}+P4|X9@jvPj~k%!f5ye%
z<HFyBYTr(%_WuqV_!5*p$FNCJc_%>GvkA&SmN>40ClY=ulpdEk-r)E(sP_Ndg<pSq
z>QD2a^gS0!&oWf`8=>s>A$Taf9!l@qpzQH2DEs^bz79SOrT2sd>G+)jHD8<pRqlCE
z=@&wk6GD~qPAEUw4Aq{GL;3klF8u+hdLD(+=hsm7f5CC@GgALK5UQM+Q0a4_?6nxm
zerH3~y9z2_KU94e!8gE5p!B;2D*ra9cHIQk{<|H&2dy4(f8t+&Dre%tRPRGz6X6!9
za@IlBn}h1#jZpK{l~8(o7)sxdLHWmLp!B#I8h8iPcaK1|XBX6W&q3+&64W@|@65Em
zqoKy*G^q5GpuRgDsy&NcxYvc(LD@HQ;Y*?P_z0W<w?eh^J}AAu1J!Sjy7*miCgDH2
z_~RF)_0ENAe>;@^=RoOw0aSe<R6V0`D!c@${7*pH^RrO(+yPbpH=z9Jhc3L+@fj%l
zy#&?1ea}ks9S!yUiBR9qhpN8=s{C`I>bt;&2OJZqeD8uP_X>D4-0FBcRJ$IAvg>0|
z?fV(jxOpBP38ySh<EKIO!)Z|Zcerpj^a-zr%iw*m2kz6B>b=gf2-U7jq00FPoCdeK
z^ar8z*a4;YPAGr<jf?k|r0v`X%FhpibKuGFaCiY!e+)yl_dQVcZH7m|Pr>8icDM@u
z(uL=>r{A3qW#2(4y9`71>m^X-U*>q7i~k~&9li{ef4k#Da4*6S!wK*nB!}p^7x}SX
zc+`eFkf#y({T0Zy$Sg$q^&xtmM1F+)8Bu@VjQk@a-Snuh-j2M4%s})kM~*`V72x@V
z{Y`%=;6&s?<V#57v(p9s0ObpM-hr$^)+xYqe+utE;ir-JAeXqfW8pUBco!DVN7f^E
zBRh~@M34GjPk_9L=ssltE<r9pevQ0<OhleQ^k^KMjO>ei7t!-J<Tpq&(vL*QUC7wy
zEiU2+_!QDKCd2iFzv$w=Hzw_N!k<Cda#&ygHoOYij_A?2Iv2Sd`3Uk+M34OMpY0p-
zB>bg&|2q7Id(ZGqUiLzM=OW$=yAk<#_MFGdn_S=+cr_y5KGVg01s0LA3s)T{!M`GN
zk%cbq%P>SXA(y(i4e(FyUHBRDugF6R@M!+mGmM;ud;$3hG7mWe(SzH2f3a`eNx;p>
z{>ZzKQRHz%&wS(&<P_xJk&BT#kzL5o5j{5{KSZ`54<dg=&PEm?+4CJ<KJEfj;WFeO
zT=?(dZ;>_^{yywN7P#<#z#EXq5QEG{-is_n^vq1*Jp=Q|TaneshY>x`A#b#A>7MWN
zynhHe2YD3vH{|!ouMj;`kc*IaBH0u3veE^<nnl9>-240B>F)hTN8z84`;b!=a8HNh
zk&gcY{|@Ovo<*i3dWMirWU>N0pG;xr<<IhdEAlY%Ib<J1&oxL1DIi;sjmTo;7UXaw
zK~6$ikVBEZk&hvIK85_izVS1GvkEv1c^Ua2vI6-Aav3s$+=i@04n*{PD~0y~_%-AK
z<ay-%$WM{~LcE22i&k_G&o#jYzgR8=3l`4mTVz^W?0=@u&ksg%(vpjc-oiMkM5Td6
zT~VT3E@aj&>o$Ha7sRnCM`0<6jbAPYe#Q8)nZBwVl%}_s)qY%V>o)l)h)pR<Os-m~
z1f`@fYT|0S994*kN~Iu|grxzKL@LuGf2W@_ZTWnKvc0yxsG7Kfyf$(U2WIK=_HI)M
z{5T*zZ<Z9I+z=)3?w6CGVpeo#pPQZ_QQ^v$mzX&5lQ7p%gpIA1X;$DD&C;$O69<*y
zprZIxgM2Y8nX(_pBT*%9s^z?&1S)LUFXb9u_%5rffEFck+2VR!apkhwUCWasL9v`Q
z9IY@$@2b^a+pEM6MoC<bl2=WOu=H@b^oq2o{Hnzfy{FPhsufmE2I;3Thpi&Y-Yr;f
z!xBFZbDsTehzxu>)!-4d+b?)a!lZ&JJlji!Fisk>R>J&1kT-OBG0Kx=_pk|L6O{bE
zLXdAU9Z|(B$0bXCF))59PbW7~QeZ}-YQ<D=lAtmjA9S5H5VUyh-D}Ls$j{rCUaal4
z5BjBn!1N9V#lQwiK><clOqr%neq=Q)SEAuCj}O$+G#b#<xkh^-#5`ujQqR4uj0Un-
z6_CBxdb_<q6<&K(h$u5E^@jshe9K^EQ}j2iFI9`{aRKZvdz+}AP9j{U-RNraLBC%u
zB(~XP4~x~JY%`~|^|ThVqTk4oMhymPZL&qy^5b%0zzqmhYLwA{rNMB>m~DvZjTDHZ
zg7mAFlFF!QS7&5_9060T(r<kMCh|)|swo+XOm5Jx_>@|qxO8CGySAMVqGE$dHT=;l
zEHPs2_;tg=zNcobf2~oNrTbxF)LW`wgCq6#GkE=?6eThq?2G&g1^O7T8v6r5!z(^j
z3X`a!nPI83;MsWMh);P|6XqkUrHoByL}?3g0u0qRito`j%}jm?Z)2*Y-SAYL%+3s^
zKPnWWku<Yk8Z{$>VG_h;KNpx87O^#z-xtrceW&hLT}Dpaf)a&*fw45CQGr<=6beOZ
zDr3|l@mO_f7|Z+3LiNF-JfS#_a_gycy`LLeILk(7xv)YhF8c9Bnp3TV*}<F5SIoF}
zvhJ@IWKWkBFH*-;s-==OQ$4yC71<nF<)LOZJBQ*kEE6%U$76#HS_m{Z(?=8%5+J&t
zZj+<a)~M)*`l2?*3O<I&Cevkhn5VOHzuapO&FmD?k2O7)+~F4reY9L%)sxQStL%u$
zGSo_svl!RIwS+9b5Dg5d#ja#}hAAK&e%2F6PqlHbiJynVVKUlM{{ju&cn$kC3z-q0
zIl(P?XvhL<t2OfGN^ns%ke8`-em-WPGIq3TS<i@2pkju@N>cR;X27rX;mcZ)Thi4{
zlM0htB_K^%v3h@n@l|A62wA<GSc<hYGDu|S1R+bz)JVVB8vH8bQA-~-9L?<BWO6K{
zWNordDTW*QN|URmW6j#ObA6My!;jt$>B^eP{uc&_0}507X?=yMNIj=fkXkjaxhfU)
z1^BfbsZf<86-Hh2M{CocGp%2UBL+K#h1jINa%)qNmdiR|mkC$P-=H!BEF92i&&D{l
z;K!-Tg>(w7x#g>tO9SOQ>5z4^xErZyA2m2p9$V%rqv@pIJ6e{b=j9Uh4UD&JLy)W5
zZGvmQ8pRZ@L0CyhE{AwU60)Fm&`TH+4Q!gpr=xkdcoz9rMyI2&wsxi)orcd``bgLx
z*5_yzWc<nNu%2DYje5&jG3}4(=~=Oq(QEoDtiCzMxwkx<_3T?)H_5xtJj&prvzbRx
z>PGvCUiLV9EO+~(<@h_3TZ*x(g`L5(J)ND#Yk?AjQe%Ujb}PS~|7XRc@vI#4R6MH`
zB;JZWWOH-r9@G82od))p?wn+g>0#Lp$#BHN4to@1_qfL|vTfX+G-grU<F~^l&F&<#
z0@=B@_GTK2tEZbTbx}Q&otI<gnYba+FR;1JGm@i`QbRO8@XDBKIn9B|Yo`PDptc6>
zCs&mC4fEOBT_37UtyN|lI<dg)XU1lfna5^1CkV=I1!fy>B^$%4_7B-h=IAE&huN}>
zjgGyQI)9j64ZM{ho1$}>xf$D@cAOf+n_4eseJtfi!hAAl_eu$AZdJ*agEXc-KPueM
zC^qb8%hkl|Y-=}}n>L<`I^8aijbk4R2OGwm-IB&$XHbmT!mVMuS%1y*o>bVYcSfaT
zkRjqYc8qid?CUD_EY%f^)XqF!V?cdow*-us+@RML=7#Jj?TU=HVIHhcUu@gy6U8;O
zq#oH*?Nc{*`teXL()N0~LDq*gC!iBn74mhR8UytcW~$Vx5^G$*A<nKlqjm+_(~{%q
zta@H|SH`h3lS@`~HZyhioa1#fEtCf<_<+|Pn$>Kpwd3)+In;XHl_-gFQNeRl_F7Gx
z*|tBOXOs_TZp@HH1$_}`z12Z3(0;0ON%qP?ca-gAJ=o0#B1ja`&mL<K7TDU_-^_cJ
zSd8%R)d6R7HlB^Wx;lt+eu<=XxoA8|XK~qCaWyKL_BN9XDhZ9@To`zo<?T=Xbb$K=
zLCMUvGu0_`8czs445PYMJuGS!jh5`?l}RSig4n|zIhUBM6L#O)+L1D&CF1-$Gt224
zjwtC+cHjD1z8R%G+KXV$9(x|&y(wuF3wM@UJGu1?MkAhnvN6r_x@q>s8giTFT&y#K
z_BG_FCU!3CVgJAuZYADV@R$ra);Ah9jmcat4e8jQzGX{u8p@2HhDK;tYnpG&7J+nK
zX{_j0YWjx3w49+=8e=Cb7fL7Ro`kJHT@M1O8Vwr+o29M<DNcv_sP%dpP8I34gB?h%
z8M`M&+z&M-7K?rb4@lRt6sB>FaZ#)7fKZ#eqLHaCzmdW1wrDA9N}56g#tvQ=l?_}4
zS>ZQ~dcAUqy3_UQyy159obF<`f0Mg4%gbszI9w>*+L5c&tTiRh(%jb8HNLjBwd1{o
z3SYH`Qq;`YjS9p6$5J>j?n$3K8^iRz?0?XVqYx`j$sZ0mTxb&O)fuio;I1y4a~fl^
zX~)JD!^CuR2CjH((j%O9pBn0Rv*?_sZs#?np_2M5tZgsW*y}Ve1?$QPudld^i;1*b
zT$VL1))>s$OFH-H49o3=y$A8ucDLD8BAuOIF*(h*lhdiEG)_)ygFbZBt)J-&>0&yU
zUWvVic->ZdYr~Gvt+b8rwF@je(JxPTqqRo69fVEGrWJcKPWS5Qo$jym6xp!B&SFg;
z_n*wu_MGmf>KQH^*uz0!rjL~U_3QvRW@a;FFn#78%G>QCU@cBk&>e1ik;Nx2+^IXD
zZ0o8UPcL)qY%`Y)s<H80sc4{kb~>zgbe26!W}nA8`F32ic}2eYJnlPiy#;1=%bb?k
zQ&_IBcXMYv5ayegR0rbb-e`eY5*7;PEn%@3uwBRT`v`B$f{O<@`4)6zy=Y4Js^)A(
zZe~*wEa0wePHS`PDa~_EH?6G;TIZeI$}?r9A1BS$j|)DV;=iGWY(LoC%dPPOLrLkP
zvw#(0{hFRBohv$*H8!es3hRHuYSFB7-U5>Z8<JV&f*+R7u#SjhoVljAqj`QkpBseD
zoDn1KC>NOdePJ?X{Nmo-{p*6h;rP!cIvv7_x1+ah{NjH6;$BNM6RmR%cU{lM)xB}v
z%3jAW?)7)F@r!%i-;ZD1k6+vm*=vLBre^%&e*EIT_Sc{Bi~HJL*mBm_@r(Oc{rkcA
z#l0>Q#xL&2FYX)f>UX=vAHTRCzqqem({sT+esMp3ac}=mr16V;{qb-7;$HvHq5G@i
S_{Dw0pVR6W_5U9i_x}x#pMUQF

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index 8c4d5f97..b212270d 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -677,6 +677,33 @@ msgstr "Attempting to start openvpn"
 msgid "Attempting to stop openvpn"
 msgstr "Attempting to stop openvpn"
 
+msgid "Configurations"
+msgstr "Configurations"
+
+msgid "Currently available OpenVPN client configurations are displayed below."
+msgstr "Currently available OpenVPN client configurations are displayed below."
+
+msgid "Activating a configuraton will restart the <code>openvpn-client</code> service."
+msgstr "Activating a configuraton will restart the <code>openvpn-client</code> service."
+
+msgid "Delete OpenVPN client"
+msgstr "Delete OpenVPN client"
+
+msgid "Delete client configuration? This cannot be undone."
+msgstr "Delete client configuration? This cannot be undone."
+
+msgid "Activate OpenVPN client"
+msgstr "Activate OpenVPN client"
+
+msgid "Activate client configuration? This will restart the openvpn-client service."
+msgstr "Activate client configuration? This will restart the openvpn-client service."
+
+msgid "Activate"
+msgstr "Activate"
+
+msgid "Cancel"
+msgstr "Cancel"
+
 #: includes/torproxy.php
 msgid "TOR is not running"
 msgstr "TOR is not running"
diff --git a/templates/openvpn/configs.php b/templates/openvpn/configs.php
index 84d701d3..1839c675 100644
--- a/templates/openvpn/configs.php
+++ b/templates/openvpn/configs.php
@@ -1,31 +1,36 @@
 <div class="tab-pane fade" id="openvpnconfigs">
-  <h4 class="mt-3 mb-3"><?php echo _("Configurations"); ?></h4>
-    <div class="openvpn-configs js-openvpn-configs-container">
-          <?php foreach ($clients as $client) :
-              if ($client == "login.conf") {
-                  $label = file_get_meta(RASPI_OPENVPN_CLIENT_LOGIN,'#\sfilename\s(.*)');
-                  $btn_class = "active";
-              } else {
-                  $label = trim(pathinfo($client, PATHINFO_FILENAME), "_login");
-                  $client = $label;
-                  $btn_class = "disabled";
-              }
-          ?>
-          <div class="row openvpn-client-row js-openvpn-client-row mt-2">
-          <div class="col-md-5 col-xs-5">
-            <label><?php echo htmlspecialchars($label, ENT_QUOTES); ?></label>
-          </div>
-          <div class="col-md-2 col-xs-2">
-            <button type="button" class="btn btn-outline-success <?php echo $btn_class; ?> js-activate-openvpn-client" data-record-id="<?php echo htmlspecialchars($client, ENT_QUOTES); ?>" data-toggle="modal" data-target="#ovpn-confirm-activate" /><i class="far fa-check-circle"></i></button>
-          </div>
-          <div class="col-md-2 col-xs-3">
-            <button type="button" class="btn btn-outline-danger js-remove-openvpn-client" data-record-id="<?php echo htmlspecialchars($client, ENT_QUOTES); ?>" data-toggle="modal" data-target="#ovpn-confirm-delete" /><i class="far fa-trash-alt"></i></button>
-          </div>
-        </div><!-- ./row openvpn -->
-      <?php endforeach ?>
-   </div><!-- /.openvpn-configs -->
-  <div class="mb-3">
+  <div class="row">
+    <div class="col-md-6">
+      <h4 class="mt-3 mb-3"><?php echo _("Configurations"); ?></h4>
+        <p id="openvpnconfigs-description" class="mb-3">
+          <small><?php echo _("Currently available OpenVPN client configurations are displayed below.") ?></small>
+          <br><small class="text-muted"><?php echo _("Activating a configuraton will restart the <code>openvpn-client</code> service.") ?></small>
+        </p>
+        <div class="openvpn-configs js-openvpn-configs-container">
+              <?php foreach ($clients as $client) :
+                  if ($client == "login.conf") {
+                      $label = file_get_meta(RASPI_OPENVPN_CLIENT_LOGIN,'#\sfilename\s(.*)');
+                      $btn_class = "active";
+                  } else {
+                      $label = trim(pathinfo($client, PATHINFO_FILENAME), "_login");
+                      $client = $label;
+                      $btn_class = "disabled";
+                  }
+              ?>
+              <div class="row openvpn-client-row js-openvpn-client-row mt-2">
+              <div class="col-md-6 col-xs-5">
+                <label><?php echo htmlspecialchars($label, ENT_QUOTES); ?></label>
+              </div>
+              <div class="col-md-2 col-xs-2">
+                <button type="button" class="btn btn-outline-success <?php echo $btn_class; ?> js-activate-openvpn-client" data-record-id="<?php echo htmlspecialchars($client, ENT_QUOTES); ?>" data-toggle="modal" data-target="#ovpn-confirm-activate" /><i class="far fa-check-circle"></i></button>
+              </div>
+              <div class="col-md-2 col-xs-2">
+                <button type="button" class="btn btn-outline-danger js-remove-openvpn-client" data-record-id="<?php echo htmlspecialchars($client, ENT_QUOTES); ?>" data-toggle="modal" data-target="#ovpn-confirm-delete" /><i class="far fa-trash-alt"></i></button>
+              </div>
+            </div><!-- ./row openvpn -->
+          <?php endforeach ?>
+       </div><!-- /.openvpn-configs -->
+      <div class="mb-3"></div>
+    </div><!-- /.tab-pane | manage configs tab -->
   </div>
-</div><!-- /.tab-pane | manage configs tab -->
-
-
+</div>

From c073d18133a4b103d1f83129ad1a8877d8433ddd Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Feb 2021 18:51:21 +0000
Subject: [PATCH 042/300] Cleanup + fadeOut deleted cfg

---
 app/js/custom.js              | 16 ++++------------
 templates/openvpn/configs.php | 31 +++++++++++++++----------------
 2 files changed, 19 insertions(+), 28 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index b1f445ce..dcb05797 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -249,22 +249,14 @@ $('#configureClientModal').on('shown.bs.modal', function (e) {
 });
 
 $('#ovpn-confirm-delete').on('click', '.btn-delete', function (e) {
-    var modalDiv = $(e.delegateTarget);
     var cfg_id = $(this).data('recordId');
-    console.log(cfg_id);
-    //console.log(modalDiv.parent().find('.js-remove-openvpn-client').attr('data-record-id'));
-    //console.log(modalDiv.parent().find(
-
     $.post('ajax/openvpn/del_ovpncfg.php',{'cfg_id':cfg_id},function(data){
         jsonData = JSON.parse(data);
-        console.log(jsonData);
-        //$(this).closest('js-openvpn-client-row').fadeOut(300);
         $("#ovpn-confirm-delete").modal('hide');
-        if(jsonData['return'] == 0) {
-            // do something
-        } else if(jsonData['return'] == 2) {
-            // something else
-        }
+        var row = $(document.getElementById("openvpn-client-row-" + cfg_id));
+        row.fadeOut( "slow", function() {
+            row.remove();
+        });
     });
 });
 
diff --git a/templates/openvpn/configs.php b/templates/openvpn/configs.php
index 1839c675..6f8056fd 100644
--- a/templates/openvpn/configs.php
+++ b/templates/openvpn/configs.php
@@ -1,33 +1,32 @@
 <div class="tab-pane fade" id="openvpnconfigs">
   <div class="row">
-    <div class="col-md-6">
+    <div class="col-md">
       <h4 class="mt-3 mb-3"><?php echo _("Configurations"); ?></h4>
         <p id="openvpnconfigs-description" class="mb-3">
           <small><?php echo _("Currently available OpenVPN client configurations are displayed below.") ?></small>
           <br><small class="text-muted"><?php echo _("Activating a configuraton will restart the <code>openvpn-client</code> service.") ?></small>
         </p>
         <div class="openvpn-configs js-openvpn-configs-container">
-              <?php foreach ($clients as $client) :
-                  if ($client == "login.conf") {
-                      $label = file_get_meta(RASPI_OPENVPN_CLIENT_LOGIN,'#\sfilename\s(.*)');
-                      $btn_class = "active";
-                  } else {
-                      $label = trim(pathinfo($client, PATHINFO_FILENAME), "_login");
-                      $client = $label;
-                      $btn_class = "disabled";
-                  }
-              ?>
-              <div class="row openvpn-client-row js-openvpn-client-row mt-2">
-              <div class="col-md-6 col-xs-5">
+          <?php foreach ($clients as $client) :
+                if ($client == "login.conf") {
+                    $label = file_get_meta(RASPI_OPENVPN_CLIENT_LOGIN,'#\sfilename\s(.*)');
+                    $btn_class = "active";
+                } else {
+                    $label = trim(pathinfo($client, PATHINFO_FILENAME), "_login");
+                    $client = $label;
+                    $btn_class = "disabled";
+                }?>
+            <div class="row mt-2" id="openvpn-client-row-<?php echo htmlspecialchars($client, ENT_QUOTES); ?>" >
+              <div class="col-md-6 col-xs-4">
                 <label><?php echo htmlspecialchars($label, ENT_QUOTES); ?></label>
               </div>
-              <div class="col-md-2 col-xs-2">
+              <div class="col-md-auto px-lg-3 col-xs-2">
                 <button type="button" class="btn btn-outline-success <?php echo $btn_class; ?> js-activate-openvpn-client" data-record-id="<?php echo htmlspecialchars($client, ENT_QUOTES); ?>" data-toggle="modal" data-target="#ovpn-confirm-activate" /><i class="far fa-check-circle"></i></button>
               </div>
-              <div class="col-md-2 col-xs-2">
+              <div class="col-md-auto col-xs-2">
                 <button type="button" class="btn btn-outline-danger js-remove-openvpn-client" data-record-id="<?php echo htmlspecialchars($client, ENT_QUOTES); ?>" data-toggle="modal" data-target="#ovpn-confirm-delete" /><i class="far fa-trash-alt"></i></button>
               </div>
-            </div><!-- ./row openvpn -->
+            </div><!-- ./row openvpn-client -->
           <?php endforeach ?>
        </div><!-- /.openvpn-configs -->
       <div class="mb-3"></div>

From 33e5f791c75c778781b184c31ec9605f1b9cd956 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 8 Feb 2021 07:09:50 +0000
Subject: [PATCH 043/300] Update openvpn template

---
 app/img/180x150.png          | Bin 38125 -> 0 bytes
 app/img/no-trace-200x200.png | Bin 0 -> 33043 bytes
 templates/openvpn.php        |   2 +-
 3 files changed, 1 insertion(+), 1 deletion(-)
 delete mode 100644 app/img/180x150.png
 create mode 100644 app/img/no-trace-200x200.png

diff --git a/app/img/180x150.png b/app/img/180x150.png
deleted file mode 100644
index 975230ef0d692b3543085e781b31cb0ec103ba2e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 38125
zcmV(&K;gfMP)<h;3K|Lk000e1NJLTq006WA005Q<1^@s6cd4Qe00009a7bBm000XU
z000XU0RWnu7ytkO0drDELIAGL9O(c600d`2O+f$vv5yP<VFdsHl!8e_K~#7F?Y#%Q
zZdX|+{H(S2TTZ|C+@4-Y=mA4bLO1jxgi(s1*eEK32snZapx?}>fFt5accdsyn)FT(
z2q6hEfk1k{y`TEFz1R2Dwbp*mxe4PaGx}pE=brcMch|N4>skM&F1Pix`v>67HGV;m
z&(3-L9Owi7Z(jm`)<fcNI%fP>{+;cogXMTSKY+*IHU75i0Ds1NI{db-<+C2am&EIY
zAjbv0Sk1@TJ^;_phR1ulj+bZf1$g{%WeKim@n?NOd7-+(>r{B#3h!Hi-h@BbmF%Nu
z#uM>UC7&0n5mdtgemBI!<(*yG;bZtgLd`#NJ^4+yo0*<~9ox6UXxPK^YN+Y}%ga3&
zjw+}|Lp&Dm;jvvp;8v>XHSwPjzGn#Xj`W+}yDVG$o3_H2c&dY`sW}*phWrZkun!Z{
zbFl4%yFh1p9(L}!83wB>FzBuDclDqTGdoU!d!6$n=yWIH(B4~Mao_DQH#-lDy#XBQ
zufo*EQ}N<cFzEOBd7LY_N2vX3en<H&eeSg%ob)obf1qX~9O3t^P6sAuXQ4Ye3GG%3
zyT{3qUa$e)MHp(Y^LL*6O7Z4g6R#oNv80A!&?;C2Rd!K%IA~nJ3oh%>1g&l!JF`|`
zG3Y~xFP0Am84g~Kv%wSO`tlrhjx>_j0VLPePyFlzaIYPo-o@GT@<8%B;8Gjdd-1bS
zqtoExXYdSu+Fw`rCT_?BD=3&9g4vZaASyZ+K^<zkCw8nWpt-p;z_hbEtrE6v-H6v7
zB7lcHq({Rc-m-u;-lD=|hJ#A)j{vU(#4YT6L_UHyXuFEAk!Mse(7WT`OGghu*`9#*
z#1w+O;CAWtS75`|lcB(4>0V{K%LAl_etgaltbYr=oMQ|W<s?66fx>{>+<O%)4vHXs
z2(<_YzD7{+DK6+4f`YSw1(!NR?kz_UwtzwGLH-wEmJ3lHNPN5#$kYO$(q)~H;ZlJe
zBB<<!5HatQG`9z#8|f3ecnu#rS9aB4aJG(#*MX28BuEo@9Te0lB31R6;8cp!GuC=f
zm)gjsd+_+BjtFUB$}HexqkELvHqZ#bz!ImHhNA11a^C{M>{^{Pz*u^dC>+T?Z7-6r
z6@JIhTm^pI5+&$y+ct5FtfFN1zQxj+2Eq{k?)CZ%V0!nW@KI<GAS#sJ0uCSh#oDCA
z=c#aD(F3(7XIRS9JJ3MsOin=yfk@YNc)zXNPl4NRyB5D2FsLh(&;?6M=}!_!^y~%A
zLNz{PYZ4!?EkM?OXPDzN)2q?|t5vXoe$NtFo{|TJ2n(MCNbIfg8Qv~og2wT6lQ5%M
zNu{|7Qx%Mb7rc}ie$pt)?hqpNfH*pJHjV&~K(hV%UEl`yBBgBv>Wk4^hmfBDnKTpW
zsd867yL`5Ykc7GjGKzxH7HPcv5vAj8ZVJsiI_f}_x(E#FM5k0DAV6yZ20g#?(m`~c
zvW)=f$RHpIhoAwJ;v(gxi)e5VmGC|Y?cgc5gpG5P4AlN$z)wFIj&K?uz+f<9x>KrD
zq9<&jBquV)&qJW8U3@2!mJA}2zIb^7vwS=3_n?i`p~R`3-ivmZ-5C}meWVZ5vzuTV
zDM=uDGbAv#l~y`!Bl(f*6R;<nGp!vH|MpDR1c;v7zM>hehHOT3ksg9kP-Q1Uuf@PO
z>941Hr7E@3tk`Q=AJS}Ncp+|9N&`9lH=mQ^W2F6%UQDJLd4O60D<jJ2NTM8R6pEzu
z`a&T<)>!hg%!iHQ@NK=_jXP2XpG-5fn}6{XS<AE^(tzNOsZ%4_t1;*Ffx$x!M&FaP
zDv|$kyC9IMvqwk^NCL-h(ZNXP`)mYrXVmiizVNZ331}?M5P0pDhsntftRR4gI0y*D
zqhZCJZ-dw#yW1(DEIi+jB)BUa(~9A!MmjPQe#|$n7_`>ut|){q(0Mp3wAwA6QQF-p
z9#}^X?t&J6-f{ftu)4A==ZuD|6A06j{s}@<Wrl1`MXJYrfX~D4sKTk>87R$s!EgdH
z)3{JX4(&3zY_oIWRr>OTn<!f0)Ad+bC`LqvhA6>9rc=@1r3h?+vk~hw5%_FWKqiGl
znj#_q$3{=k&uJ_~iq0U@eRZwJ1m)z0R1l69=MAGZAw=FQ=hyKbLaWj>m<l-IfkHX5
z0mY#9e1DRLE#jP=DVeH^0fJeSK~nmx19)JJh_j+HNOwRm)FjO-QIWjPUN)#Zoi;zz
zR2QW`p1QEOf?ymWFioNg<!N_H)rA~O^^yle%@Ys3A93nRpS{w1fwp4^Bc>b#ZsOAf
zHhL!F&!nJE&df8YI}<Z-c+X9+_ttCSjI$mBr=EUy*mc_taCmtUMuUNZg>(eZbRwwm
z5ez60RTtqF#X&%d9kqFZ?a=S_aPU>i#YH^J?<oF~WQIfnLPBYreG8vNDC32%BZdM1
z$OeU8Bf$?jw9*Qr8;R07Fm7xhHnI<y1dI|`wL1fMh(K*J5u+e{RvpsIfLbQ>dAxUN
zcCZ1XN}qFy7A21CvXN{9#yGX|XP2aq4Nj7N)KLUz0tQ<&SkkUCm@A?O#;tAUQl*A1
zAPi2U2Fm}u%qkNd<hKaWL2niMWThBYJYYKAHV>*+tKd!#s*&+*hxcDbYeGR%m#)H!
zn@AxZ{3`uKI;sL55<J*yg3r`jT0lB9LeR}X7s2g`i{e13M`*b?dJs-N<*sntiKjDV
za!65ZBh1tpHSpzR6ds}^I;JUPt!QC;SwD|xV2^;?Bd9QQQ4l1=@wM!4=c2T=zrBMr
z!z$f^Y>rPjN^F8DwPLrl3po>^5eWHEQaTcMnYhgcK{op00LTDu&r|ah?xf}7RH4=m
zVf+GS?dYHc-^F1Tltu`sgPN@JErMC+%Ag#LMP32=o{5){v|*)CIiahip_xNh!#J>N
z=EX%MK%yJeI?k1YDvu-}w_t?4btvXGl4L0TCZ;CA9*m^vsG@hR_?;@Ub~usHqznnT
zkUl`o)PyM%h}n$Z&-PV_BsNLnc}&BcNKks-AzC+zxh+UFrkO_3dzSbeDWDrRq3Lk2
z3P)CZQHicq0k2iSL}5ZW#Cx<5%w#GgMY1gAIjGG@0UqK2Vu1s76k04>gDHoQu4ioz
zF3oB|2CBE&H_q@bwYP#^q@L<{kOWtm-#~7f(Ffg^2$b;{r#DHXBxF3=<^kI$&=Gzs
zQnX6^ng9|6<UvO)P3zv6M|vFvm5fN4%@kU-7z)WGRmVro=#y#1t}({-vj?-a*Tx}9
znhttuKUVNUh#EU@wT>3$ir~`hMjhNLP~juG!UL2n5uO1}yqY9s;f3c`$fN0=MJfAg
zy{9O9NPnsjC1zBP0;t_rDFEvMh1`oM$7sZZtAmnxVsaJ=(hu4lR6tjtJ3WhlZt=jQ
z8DoCi$>0`_Movo4M$CUeil{2%G+@cbO@pLW7??{|qUF)*C}h~|sSO=xYv-b{Fg?Tk
z03nmS%$*A#<*~PSjx;l<aZPnKZ5O&m#Un?p90}p+V4duhb1Ekd8CYC44d{iV@)kQA
z;(1AU*YO(p_uePvP^h`yBh<?8t(}s?AwGu+{L1cY96LUzHmpjDr2H1D$s=c_5yH+D
z0ufpsdP_Kkj^ugm{en{|V(p+DaePLzcL>snt<tGPWsV~}y^?qCbV@$DQk(N=q-_}F
zeCaH0v#f7QCjd5ONGMMwlMqT!mR9XHOiph=N5&RdT|B^T+Mbw(qBF^KYJ@<XoSTE$
zxeYuZs4a*(ka!sc0W`KMf_I7m%mWWWOp=)`LPQ_wo@&W4WnC;Eb!-ndK{5ssT@>A?
z$goHKAQ-ZNYR(!Ll5wITN*%-j!8i@Xp`%j;vMqtYrvIEqIBRj^lC;-&aW*gvykMF$
ze^$9^{jcVo$eV%!MaYzD+zL|A7YOP_is$JaohdQtHB34f72xT*NH%DGPLe_hrYa0s
zvFf8F3&>*=H?5VDrNL+vEGeGC#e+%}{<H9+#fQ|Q%u0yjnDoKFtC2{!sunwIrF4s@
z{<@BBUKV0iU{9q!8k-vtY-J0jFiK8R@Msnw)8dA?%`h{!jm>zA2Uqa>HniKseZ~G9
z5b$KPW{K^5##hq-B!a~h$cuBURF7-Weig+uSBizJ#~I6+qMYp9*8gVKwZ1Y-2!PTJ
zgJqgv8`v?ErdYT{pC}W^1fVXYDF9sV>4T&TB52Ne(9ggxT<`=q_W}2X6HnN|hyUP5
z*TGdkx*p#6mUqEzx9`b-<sxM;%$tDb_lf9M@Th0W#*n?VN#x+vJr0@u(q&v;fno+f
zF~k>gGX=FPRMBCHS+Qk+wEK!UGf8Fz3pq?`orR*M1sdZ!N@tcpYNthcgFqO?DLYqW
zL8%rAZkqN<G86w~b0Bf}Duo5m>;VjBdj67slU1fOF#!`KZ4sO;1ZJx}iTkGc7OTrk
ze9g}ECZ-tm08Ml_Nar?gMKjz4^K?WvT2K0DuSUCiSqa+>9&DZ!4ot#h#1h}DlEzZm
zhPgVR>X2q!)<JYuuX$j)BwPR@{WHszwPR_PjVSm;99mnuh?m4g>yU(r&Fy6Zsmec>
zOeXo1ZJ?Q*orX96$*bV8=RXw2w|m|F4E}k>1&@a}{^h$7*zazd*&-;?G!x$<14V2B
zmBO*3V*}U#Oy`6QSj^MBaAQ%H)bzyDY5`_X_8gNS9K2@buZl`00R>od7e|ZSFAYTd
z+ktO9KWImJSA)wtO+O14uGkh$VCDf^5G^U#D>*_S5{PL?x6zJVS0cGtp`4h6ndxbm
zLhm2NU66a*<4=LMVo#tWhYr5m^xRekQYbo1J5VEljq_Vz5v?2OWkJf&#&L>XN&KmY
z9X^*FExyy@=K$rcbnj60xGjs!f#I@u%^ceC9i4_pI16py!R+D;EX|PUr3eof^{qM=
zstjhePZuUmWX=>FEQ3NYD~HXAL8fhs@8B_-#cZ5#{C4>0``-d5;_o}#Uj943#&>w*
zTmB{~OPR!1+$DZZe90%XTcqbf`D6@0f;b3RYWSiVgrs1O!APnw*?02hUX=@V>yuK6
z1k5Q1CoMi8&txfteA<(vWi--83sD*c3p~=7kxmpxiZ5ztBY4c|B*8>v<`Y|SiD2!b
z>5HV;U@&B*i#cw`u@t6j_xd9~c5-q8f4U500wYld0%1XcP#`pfVob=3$;uYZKzK|*
zS9gJKYlrXB?xG~ecU(quUKpXx7|nOy1cI5;G-idZBzj#Mm_{KW7eo+Zn_3_7V6D?^
z$x>P=Q-)7ak*2_unbhY>wOzNCSwe&px41}r{cK@B2^WrMJunXI^ajp4OUIve;P1Wo
zSAHxoCs6-7EG#U;JKp;t0YbcSKq>wNn4Ou1cfR)@_+F2D%){{5CAjF~%k{xS;`NGr
zZSKh5fBvbDg~gRV+!JSo_k83Fu(Z6&r#$@$4~Jd*4#VBgJQ-%ErWnwdeg9gx<cjOy
zDUW^-pZkwr`VKc7{k?1NVc30O0ru`cLfuGO3@beq@=XFEaZ)njnTxj;t%hy77224s
zt>RRQ;Ao?yqbVIC-vk~guI)8I$ZIsAgGq`2R8h0q8^TJj&->fRd8ZM`olX~}wMbU)
zB-&46a70NHdL?v0T@bwS{fHkkbwTBC`(2>ie>3deeLGBTI)Rm6Ad6Fx976Q2opwjx
z62S~Z)}uIfL>*#gkEcQ4Vr+!~vCd4t4ZSGCw8VcHxRpmo!+`8J-6-0k8hpg%6Qa%y
z+^tYd&7bf(ZSQP84NYX?;pZY}{^LJ<39Pq${>$Hhty?yUXKZXc`@Z*r_kQ5xsAvr!
zXZC;es^5WMde&3ns;jSq>u<UZe*5{q2y?SDaM5=!k2dJYxAW)G(MgT)`agIv4A3g@
z*hiiN8#io#OMh@9Y}~j3KJ?bt!Z$9y3V!RCp9=Rl^Ax5@FM95iU@wC9=N@|=Jojmj
zg3GVE5%wNjfLFZW=T)K>aPPaG0@vTV7pL8}NJ0WpOTmOct&T*n5nrYKQK62uaL;^m
z0!?(?qT=0T9cbgUZ|-9D_SNF?s{*qcwpG($Tw3mPJJGa1HPwZ=nJJdy<iH?jMq$x@
zJo|VKZZfLDz(r|HQkusWM+CMQ_?|;%@jH4KeExd%5cJVpI5oEk->J*C<=ROoC)uql
zoH6Jg^o-<enx2`%YfmU>T#VT;Nh;>Wp;%*-T3TO6N0zn_@%@rr@&&hv&@&gWZOXpQ
z!bv|#bTydu!x`8~S=AXO$4QKN7>}gG&(D1N6X00eYyRt-;m_Xu?sdPLLohx5{D;A~
zS&O#YcJ78Z|Myq%F;2gvuYV8e%A5c651EV8&FMG&{KhZ;0?c41|K5v#6<&v6CJ9f-
z|Kf$;g{MC5A>7I5KjdtbxCi0O-@J^k_}B0KH2m5t{s(;RqATHk_r41sPv5`(cb|hU
z=}vs0uU+(g_{>)?iJCho7xX%vQ^yLBC)le<;HDo>!9Ar&L5|zSXXumxhI9>*^0<E$
zC2k)jZ?89C8bJ!+($WeXJ-i4<k1oOr0-5+T@#IOQ1~ce<nMS3rrJyu@fTglJbF9;%
zIm~F4%=M~7(U-NMft5-(F%KJeoDKst<ME;NUN~qt#1qA6x7~?KIL{(HOnVUG46E06
z=2Hk!Jlg$JoVrjrmfRZa65=y!k1H&^Dx2P!lTRcz(;qKB3WzF_a`YgQo2@^E&}A<|
zUmi3VfQ{p13L+_c;~Pn4;>fq&wg=w%o)5#fFa93>T)yVGb02iSq#R@e<wGC)99u^I
z0zqxe>W^Rb5_rbbo&dM++yj67>X*VVJdMEoMEIjuzl0_DU;fFf;c-9vFm9E5-tBZA
zt?&N(Pr~urH^bTYI29gw&VArJm;HdlBdM`}@u`o55B<;ojQh`mi!S><J8?e#`ESDQ
zyZ6ECU-oR_X-FkT6pS?NGq)U}vP2#<`b|@?*_#bS0x+`!tG!$QlL)aoPImOVEe+2k
z(2W?(s~luR9Zo=Mb;RpNGaPZ{&O}$FG6I@RaU2b3!0|3}c~*_MJu48`JiGIfWg)0p
zQIF;Kz~^plJP{^vF!vV^D;3m)3jB{E0cWNs)%PGaWTGWSSZyfXCJ0Q~_o|yj@v0QW
z!jGdw4N>@lPnVHFkeLm=4NiSklj3#k1`!}Mo0SH9=FrZBwCStr6@$!Ghub~J08K!C
z$KQS!&O<6<8tNO~^1omadGH^-`gfS3*e1N&rH0PX@zOu|@9^bM{tX<(^FH#4FT&%_
zKM&sYSAPp1`uOM29Jn2?b2cCOCcO5$-uDl%^G6rL(|_qD@SRJpkbB_JKXT|WeCN{d
z!&8w?od3}K!LwfY8tAVsaR=VIa~A{r>g#TSi@*0nc<N)$VW+|?|L867kMDT{xBtbL
zUxff(VSswICHpu_rDq-w!Xirnne~$PkCq4uG=d>mRtLo-lSC$uKL;GuVvI7Y4e?j8
zqT#vZ2tl9`MJd!)ZTC%zk&Dt&ICzLQ>w@@jD3lY|40N16#4b$$D})j{q$QK+4nJ`C
zFifi=$P!+?lVs5-(KHwaeNhP66t|4`?}`;Hf;Iuyd=O^KHbv1qeAZ@BIXA?aGHpts
zgXDD-JvHuAs;-h-f|v?(`f0y-lgI$sO?0HW_|Q!t-iFeXlsSqX`_^}_h{qGiZbQjO
zfNa2)JERn@%9^uzh#cI$Yab4dzZKBqZ9a^ke%Wt74_=P6;&Esi{0?59zMy+iAjU<P
zT*>_V^{;v{O6a@D6JtYt;Va*Ur$6bDc)h*w?eAQMJg_Hp1oyxDeIMtUgCsCpG!TTh
z+<H5_`5hl%X+-fQqd}kD-E>UN(z?g752W~!r6X`^){vz++pX&%pC`(qhDws_6`O)3
zElSyrx`;{2w%Y~%&}UIN$(Br<n54@@w~aJo3Z{{2kOEi~1*B{bnNFE+YRtA*4lOoe
zqawA&HdM*X7$fCCBylbFW)duu8_<k*XfF?L4#-j+oIRG5iQ)t-4s7luE6`F@(n9>l
zq5wjQqEsGC@8LCN&7Rjxwq%MkCKN+w6`1B*2+7$P1-}I)d5!sLYFPNp)0<9toq<k7
zy^jFSZO4y)^h06m=6T-#+W+=f@VzU3$on}UMefAMlTx!2K{|`{;C}bH2Ot0WuY40O
z{N|+)={+7hhy3^Yn{S63P$9hh%By+z53jiq-uIzT^ZoB~+KKr2Q}B^behKF0X5hw~
zcfrox`{ANXuVe+38t1}qUj{$C_GY;L#@pb=TX*9Ad88koz`t+jXFK7zt#JAGuVIiI
zmm}VN!_7PKdbh(r|KK{l7fJ6MZrK?ng-mBQRr+ZDlSBY<`H~Z&Ch4pe5IV1epq*$t
z_PmMGlsu`!p#&gNClIK~G}lGoPftzYGtIE_$5xC&O^x~t&H%xRUm=1arh$>N*I{P~
zo9$czI3H7}GRlHUoj&?p9)Z8-#;ag@9zBVZvrsun23TA;%=Cw1NLEof^f+5gqjN^&
z?ugH?LkVVMr!OdMluVCR9byVzCe3uBlNpKPK!i$_?BNuN>y=WN{aOU8ssquK2s#*8
z5EL$BuW69EZD%}OtuSHCxZ&bHYJivh_AjH<d>(xG<6l6U@F!p?P<f~6S^P7Dz`6J<
zf5!m&h3EYqS}(2y3l$8xTNBjgtv+zMo*AEXDyJ7Ml%v_BIi~?G<6F?_&a!1{$YVrQ
zBtVRt)+tnidz>_~E28bytE<^55KQ?Za~@d)`pZY5>aVgleQL4;lW6OuWLLT)dGn~V
ziI?_u;Ilp36Ez_)cUcLe0U**g3%PX48);fC#mXYQQ#^(o;8b=wywj7-oClGH(Go!D
zJ5*l9>*~eQp_UQ0O!N-JKY#f{u<67zVgBU1K~+rg{(U=dLZ!B(_%K+ZFjkx~wjXx_
zPeQf1{?P<jK_}Xod;K0PudK4Os1XnE01~AY(6zBmx)WqAYHLi0XA1=b)y#fQEg9Zo
zIvkk2qEyA(TX=L90|WrZz3uKkjjBlUMf-f$dq0MX+Fqm+@6nD`5a`2t<$0h$SzKC%
zm%aLpEFHgd=?_Hm#7t|i_i{-Z8CZipOQv-AQZg}2v54BV1?^<NgY74mEJ;rxuR;}Q
z8q?1dktUfb1O4f9z&=wCrW^x~bD-Zt1T6jLA2Ltzbw}~OHaNQI=%DM;tVJ|~-fA?g
z*}_3eAg5ZXJ$ec|bgCnkjNl-0aB$|)ES0a8BCS~KZzq$TlVe<=raAm9X1kURYq0Rv
z*k<NHagm775M!QiW1X%&l*p;5Pehri9NyQ9Nd5-GnH$1HuF3Ho3TnGc9R*9!`zOh2
zgE!a-IuO{z8KMk|1Kj(J4(lZa(-dtNMXL&M1)2>rd+~+EW%$+KdJS72j9*9di#Aw3
zQfU7dzx-|F)mLVw95v&FOhE`Kh$&-dV9d>p0oD>IB`C<Nr%t?mBHQIY>G~Rz!0}a8
zY8|_eQw7FJkdo7ZN5Id4;JoAwk_4}u#4Gb4P(_bILEA{6(a*x~XL^MxSZv0t$qrkh
zR4$ocd*#aBzzo7eM;v*lNwH`G^my$R@*0){n3~>z60{?Ek|1{JD1dyad>P{4u(Y)}
z`>9iktT?p0jS`p@K_^_81Dt3ObH+^z22SIySyU!L<HJ#IquNb0%y3{-L}%B!j!`*r
z;0nxqG|}<9sA8ECG?H8020)fO6CrDJuVvP2lB{n45%hs9VN=Xf0i7V%LyAoZjf<Oe
z!DV(C0_wuig`_})G~D8l(O77RV0QL}G)NVq2Z_I7{Yxwb0qWFvz&br7d$)$WW+t}?
z@XVX#^1oGa0#&w{5860);$jaYneI7wopTOH5ToxvoF*JBg!X9)#U!w|xORrbaFETk
zEImtUc^#LT;3R!&X_ZWd5~M}kl=(8*v`I=GIszLvZGp}6TX5=caVr$647%XeVqr?X
zn#P!>ke%5_Uqf$skq2jYavJ)iEY=dxMNXs@bn*}-ptiGoMM=x5G-NdBKwLp!k3eEJ
zG-ikTAv#l1z?kKVx(J03L1`vJQw|NBqzvcu(fd4+*VI856-x&(9vUE*k4{8t3i&k9
z7~Y~APh6PMaMJi*$E9ngMFkxkd}tKtbsVYAB_SI0AQ2FxY}84xLVBh+!fiNfT&~5W
zWQgYLNJHr}MsTa^pCxI{5?Hi<i|8Aw<VM8^ZN!otV)I?if7j|9q3NFzS$hafI)`|p
zQ@+_E^BgHgCRw#Dq%#FD)00!$7LtYTH8Xo@wGT&*9)a6#y#<aOJ_0*VJPkH%khC%H
zwM{t`w9vs{rC>7>2t|r3AFM9G#N;G9R(g2dnHkX+5_qKi0$FLqH65~99O8@|M#~V`
z=06!NB@*L;-}zd>9Fjm$3GSn`b|y=r0m4{k&_QO>na?%oLDRfv?^VWdrN*XbWczJe
z3F(a@7=zx@HT;fA3fpvIpK}SFjt*HSwb(8LWDLQ{TRLm7#$bzQ0flY4vWQBYNeHLB
zEM<VZGzc~8gag>kBNl_Dl-8NlV{3xAlWF5hN3PK94b2!qU{=hR15BdQH-Ug&aYC8U
z5W+DUu`Tu8h+=SjbS)`XG|kh%V-F?%kcV<&whJ5Qx5B<Xw{l+KjVnvA?f6q+$Bq-Y
z3K8%OP|Codcs;bj5Dj7JS&bqMp&4e_TY}m7&8++#J$e{sww=UnL<(N5LP#7x8l&tL
zV3zeAK+T6zzhtz!3+49|HpMi@ltY{iA?ZF~rn*FboW{L_>R?7tT$E~#qwGvVr-5O@
z%EjnB+FNROMSM1dYy`G^W4Uu+qbtZ%OowthyZ1Tz<@}7xTC6N&eA{RDw4na+@uf0M
z$|ht|&FXJB6CM`0Qxt0ZRBxU>x0&L67Sk(@Cp?ong1`u>z*rQwC{{%@p%rCY8>rBj
zV0pLTR6<kD4WtTP<foHUlYEs@3%Rt(WM{Q7tnLQ=#|}Bk^p@*M@Db4(@?N&PGaN2T
z@g+O9ACIo_4lFJ&!O?xULd#XKdGlsyb!V9}`BH+5NJ5YL%V>pJ;X*ZiRCoz%(;GH(
z7E4|CVb`vm(4E;V103IFP|14}_g`FEg6ZxAn1@#cLc&F!EkeIX{Ui8m8BsMy1ydww
zN|jhpyK&JfQ-H84cX3vRGytN=)ql+s7zLQ9Bshs^O%Ra4tmG*)oPzS3I3-B0Cj*F2
zlq0Wj6Jw1{-Wr%8jw17X#dND+N9u#RB)9D<CdN1&Crj-zd$|RCoAh<+z;Oy_3xkyb
zV{y?wPF<2K*NUO51R!?6R6}{b5YqHW?@3^`uv7wMMfTxQoB`S`1yhjnU9EP9lLk7-
ztBD_zv}Nmr6B@+>i9LP-ZUUWn$Gny$Km~F{0Pn&?F##o7MvBfX4vM3!T(UBZ)BdQB
zU~dVvA=*JeUOuuPy{HFa2{lzJ(J(Qy0XA$tfo<TUsm-wK`YVvS9ER=lJ0!uu3ymVB
zR7!|RbJP1*2Cx9p@eu*%EDHq{NOVY1?YyEhhwnbC{o^D$Q3Y06q--I8C>zsk=uBjZ
zDX&n^V6C%;;6VkWou?HC%2+?n2yMu!9T{~fe45goO_d=U>b*vRvFXT!dK^h|qXJxG
zU*Xb}9~6*La=I)FMFCwgz>KrX_4%BlNYsKPfY-PQlG09;q-ZXZw~2}dM`y7!qXd)t
zW?E!lTP-mX;u3dJ8Zq!gr4@oIi6I~tA@bNZIy$JV*M^OAu!vJRNmsHQ^l>WZ#8Rdz
zItYU(exfM0*=9{j<&mR{97am%Qbg6Ox`zNkzzqYM0FS`R;y$$d9_4{Y)`@Os746C^
z;AXs*?rO=i<F)6vZimhIcY9)%a|w&?6wfdR4)2ED=+&j;7LOi<*{vtXnUkb*e<T#8
z%4gUp<aA#q&|>fsABv{S)dNg<CZ@MSj#^7KE2Hk>vdj~m>A)C*2*1K7J;<xz@IjJM
zjM~>xDO3-RRR0N)9t&^EyoQ-2K(x?0lZrm$rz$NCls=N+XmT^Y>Q&0;SuM`{tO3P(
zZZ1{gnF2bIZVcu^09ZInw^FXF14SBGs)^QC8bP0(|E9Di^9CxY>3i}5)>WnbK*w1$
zTLx;1ch=_-Zi&x95|peGElN<G5|=e-Y%=H|%rteG>Eznfap*8aN!v$21z7I&G}9Wb
z9pNDELyzNN1ts7jUV|JvLv~IK2Lpa)3J>)tiF*qNpoh}AMrlczH|5M^43VWb?4dJg
z_s&~U+IJCn%VIr=&xFs=ZgH8iqLj>ZV}Meu2Sm|~872xey7sV=e&IM4<kf=(=r1Al
zn%cp$5~xlBQGrj{NF3&6sdivi6p7bRewo-WK&sZI?r&p4W$ql2nIptTmJ(4a(dZ`Z
zoTwqGp#d`0Hrj;I@~$A%X<7#W6GdwUro<9MU=@b~Wk-NUjX7v!gMdn4i^#HqeR0+Z
zmW)tyoIq`!PaO~p%33q1WB8?Jt8{7(4P`SOA2X69QZ|Kw7M`&Ld7owvmCkg@E}6OT
z{^&=6Hg;%lWtq))WbNpXH6ir%Ia6i^sOK?e-T=jc6tHn_BZ6v)yJ;CEbp_)2TSdzR
zmBB@%vg_BZ57c%gN?+gIz_sm;?7R-S_3aFz$?18RDRE%6XE=KW5f1xzUyam8W`N~G
z`-N_+q$4{yd;G}40?C<0x2me3p{dfQUh^H(1gJubC_<37B*8FP*@K3m4QRgH2xhvA
zehcTA;&jTaXs9xVoL@s`@kjwukj>We9Hj|~j4MD?t}@rK2XTKmv8Sj)2yvPM8@;hg
zUy^oSL12>6wor*ZnWkC;XB~NQeAXyc#pbI!S(4*`V2wKs9MEc^!iFr9Io;o8hd9#7
zmK?f@Z;{jm(gv82LNg|PJV&aTLdz#|Io*I#u%#|sYJjDcBQQTT$Nah0gj<NxN7{tV
zdrmryokoSmG!$ZQZgpl*2}H{X+KStq38oNLkTz+}&vVhm-qInwzSqJuILow&PRu}m
zaX(7mn>dqvqKjZ5@c9n5Q(GJ-Y)c=(GMefrfNMO7m!7Lnw*OKbDw7CsEr=@5uXb9=
z&`$eJSqBd3Y)PL&t?x|*Zw>=_3R<1*c+`aIC)SnfMA2&mvu>0rkJJX0B?}}H2{Arf
z%ITUa=v?H!rr;%|E2A9*NaAOuk3=W(o;dOZjydnNp&YabxV47ZEbAnNft;}+axPOC
z<Oaz}QaO#~s348(?By%t*GipaCh}^pl^73^0OB?_(;g?NBG0U<ws_NA791p+C4-VA
zINPdGinp0Vm+bbY+I7n)C8sA)V&cOMMgz4I7cpF>sjb_LW7JRb0NaxrVP=zKi9Dpp
zze)!F5S6_Gr9IJtP?Hi@aq?`dJIAhX3Rc>7{AsZJcC=NagJcyJz|Sr~YZfJ>Drfzn
z1XG2oZVYak-pQfEnJR7R)4I|=hICvkA{5OPiXm0DDW6gXNEO3yxhiQzvkO{6U`h)H
zIqh*}0CqVOu5qwr1kL%FfDz2T?d5#>t4u@1fNN7?Xo68MCd!7?VDm<};~~bklJ_QA
zF$|AY8fBT1$FUarECJHA6AgRuS`Y!i)jc&IEfFji2U$Hbo?Ys*CY!rufKcoMm$oX}
z3`%|rRrX2-h?wgNp9;IMAfi}}fIl5PhFr(qu~ei+K6K;=Pm$f06YGFVoV-Rz8c^D9
zAw55T<lrN;OrX^5@Ju1`*Hm|-zjOdrmX7dXLX{FGCug`02Q?QxN4ML7<BmH4-Q`0l
zCT3U?AJ}yxTUd@e^{#Bzqb!yF(t=Fo)(vX=Cn;-Hnnp^|MiQMAtwD^G;9`t-5@u>t
zAmO0>WHHiG@rnxI9m1Jn9`{Vg@nCj&r$CQ63Q8qo*SQdtz)BTWr&W^x%nogHhs$Cj
zO!LfW2fu_bz?NqS*+7cY5e(znS&f4%$u$=2ivLDRpq;BFIzWn<r=xAK+32MCFqsk|
zaVpjFgFdqj2$Kj#&SIpW+Mdla!c$z~v#>=Slp#%cG(ERVC*^!=^^Pf}*?Z`)l>5T{
zGaH@qO<lslGNUu))Q1q;pipTpHA)buY`3O?fX<WQ5q9RVy_@(t*>yP$tjj#SK<Y8G
z`9$a}AAt?zHEd5oYjT#O^~ftor3=V@O|*mgzs9FnnX^h2a0X>9wFoIBm}kAZ=`fK%
zCYhDknF2-`j3Q_Vt<vMTkFSpwnu0(%&Gq|uMh}T@Mt_Tp@l*mXN_J={ik3BA3YJ}@
z3T8SBwHf_2@zGmHCn*Y<=_L`G<hKtY<I8$LqZ|Ra$Z10ca2^i9VB^y4qi+~r)GncA
zT%!u0wT(IAj!O}d1gW&HgWe%tD{x3Bgq{EkWF(P2mEQ%#COcC8?er$J7E9?!LLxt`
z`a*GHYL-}4`fMpEHDpr;a_WKrsc4Fir4&S`s5Qn!2DnV$L$s=_K!4>BCmgWr91%_Y
zSt_fRJg|IcnryL9PRxl34#7_QxjY!X2Lg0vcAj15b)6EL>N+bIpk`1|$=U0RLQBq~
zqzef5rN}%2d~NH$Xbln3!{q7|eMoIs#CmpS*`hXFVon`GTd7M@2F)`V>JY6k0yP<Q
zrFW45SbvrVBqQjlrZ1$L9L9O|n+8?LfEFPc48SVMa|lPJFnf^5qU@MtU(9eDm6s%`
z<HQ2aZXRsrP(UbsVDn(D?ra8+kCNUBB+_)q(-}p&g(}{pinEVAC)<8e6tvNyGDN2Z
zdEqE8kQW>Ri-o9pDr{Lz3nzSCf`CMCh=W+oo5oIT{Q+(pj=HNji)PqcKo|3}(iP2e
zF13u8E-ezcDpX5irdcVF%ovkw^lsC08~B}Nwlxm#tnszI9WQ0kqjJI&7*$JkQS0cS
zeOYt)-iil`lvps+T!2^vUR~N2Qf8JZ8ARB2#VUUr!UR*a(maTetS@HONIHn6Wx2>8
z*duGUSHq=6I>jP|RxDAfi9;&f7$W#+t23}fQg29v6nSMkqdQeo&q-sCbV4PeO<neP
zEL;we2}2?}*$4=b-1PErQXPpR!>l?c*MauDXbw3zYAseM&mzDMku%n@Q)n1;+t}HT
z;+$7xta}OIAr1{8My>GiMUfS|q37}yE3%T&B3EQg5pbP^1`y~S*OgOi4|y;9i)h(E
zr^?C-o9rmaNg@JUDOZrE99^-C=id@yK#<o~s(M_JX~TwjIJ{@KNHvZF0gW{-nC7v9
zsP!{QLUW<^!4RxB<8&CbsG`rnOp>}%Zmu3rKFcJuvl&u>OU@HoyeLrV;c1YlK<m94
zaz`74pdfcqkvE|#*0{)%6&}VStT9b&gftC`gn$Sh19nsv(uwkYosN;;>D-i2k|yIk
zDl2G1+X#`7=pYTmBvIlh$|QS~{FO;zTV^dtG@33yQKLnJGEYYRRrc;tt>)U6bPGZQ
z$SS}NK}6&-@=&S?0)>>)DvDMXvyft1yjqKDtGsW6REI~j5P+5_i^8SWVm2eD7(;x%
z1@t@;3F@@kl3h+=sUY4?S#PD%@?}GvVd_SEt}Y#g+i$%Y2V@tvpK!9&#$XR+4KA8i
z0|z>>%{e&ZeFA~3pX_g=8gbgpGK4I_fQPr{6>@(XpD~bXkxCj!?Q$8vTjgh}qF$uX
zHa!m{ZX=i4LFq~vy>y_U&df<XEo8t<($mMPpg|?4jhK8hs6lj*ry`6t6FAK*L8he{
zC!xVJV}0tJeyG&<kaKjC(=OfHxH;Q;#c^TgNRtjBYZ!SS1sESA7Lvw$Q5?i@5gXib
zuuw^JoFnT<TAG9Yt)gkEnY<8dx;ZOQUP}!*maK)C__gh;T9OJVqh`=s=8Tt3b2D5`
zl(S46)vYVCnNI_CG;B1mxlrg8J<IL4-U#~-9D*&|SJ4tO2^+U=gS|H|r*_qWNGW6O
z&SYwToANTcVLfb~U^b-{@{Pr>i^E8>nF^f&eHz3xOWE=hCO3(vm1Uo2hpO(fen%0C
zarG-@w_@dp!(U=OfbHxB<fb`$F>!jN2aoJ0l5@{y9(yUCj4jkKV;u5k>UQ-$$y0qP
zPB4X_N@$(VG14rEg9gd4L6!0F6wqSF>O(lt*p3zl%3EP@bJ<7Q678DCY4w>c;nk=5
zY7Ui{76P3lS>fzi&0Xs>{8Fww7)f$$!6_jX<iS{E+omGq)LUMQhl9)Y3UUgfs~f2X
zEsepnhD>EFMOrMqqX1&*Eakf>W4&;b>Kv0->a8rop1r&Hx)e`+mox9mk$VN(*L}RN
zSUHM_11oDleG_L+MT0k!oC-oNr2uJmmD<~~l7QuCa_IrK9)YG(sRhFuEt0`ddUWS|
z^fHbn*$QHHIT~2asEg4ctv;H$bM=wM4P2?0uZE=9d5!VV6nEvp0LF)WYG4pIwpYhS
zto)gYTypW(L*kEQX;4dmO7C3jjR0*(Yn7xSgS$(Ez^Nj}ZskHtV_B_ZGwG?c=4W<F
zN8(JYM*TtyKL(9s@srR2RF=X}Cm_$uLP*%E=S&rw0R|{ZDT0oYVnyMsHQ+{Q0!dnn
zJ`?&SUQ+^P&4q7PWgQpXsOB71T&fqBxE(ia*aV_iSe;Ly8Kw|BwM<cC-g48moYzQJ
zm!n6Iz@dW&V8h0F*abo3STZSTWds5wON{lozAu$wpp8qKadIr(x0IP!SMZ{PX(cY{
zCiQfdh1Q#P{NA7-jS~ULtpsm1+VV*WCQt4}6dG2KCMDFWxDC$Yp#==`E<ORosU^Tz
zYoUpmIWR4Z)3|t)${K(af#o$zBgG=qKh+?JbmGKJ{Hc9>B*B^5m|f;k$`r-O!yvNd
z2qveLfrEDNhfG+u7KxQ;P;FBMv#fgMbmVjFGnJ$*q;vq==shI?NQ4}%#X@#nt5@y3
z22^EKh%SBb@L@P^>*g%g2-1uYQeYN2N6PjLf|-=fRZYenT4x{)=x}NmC*i7fgAxE-
zIicaXLc%KVqxY8nK6>~7967qcB?Kr=gZg3TZMVQZ&pI0iNjJ8y7_;(aj%C1eDP6UY
z$aAy>sCXI;*xpEmm)g~>{H|l*w@l{n{tlNNlbRp0EJqcEkTZu)uvy+J%=V#$)M?1l
zI&pY;))28vhnC4*oIzWqvH+(7%eW>97qoM8#Vv*s#vDZAg^u}gh|{aov;eh~2*;u!
zi-!+tjwzNUhC`J65czC~qS?y*<_mNhMR6JUK?kJgOy~};F+!1NUSp=60YAPgtvNCP
zb8dJW5NyM3s}?VLfuxd@Xz=91=w1k(gk6?mgUz0mI)J2VZx*HWL>D3t4Wime-DOdl
zT4+1w0mYJAc(dsqBoS*>ju6xAD4E=_9Xd0cp*6Jue0Nr6%4(IJEVQJX6|Y}FkKl%l
zn>aRlG^#YISCR>)P)f7uFKVn12Oe$oe4Q=|gHaWQ7zH&^btlzu(R)c5?S0iHoEDf-
zDO{!iH!hgtU0h>EVmM^xGa({F*Xi1ZGDB9}-xVseNWX?{7*s827z}KMGcZqK<ROWB
z@<nYq1SjBN`cR~NxJUyaMa=PoRc2&2&ywWRF@4QBZxGqf(?2(A5L>VT&Rdz;f+Nf-
zl3bdhV1qETUPp-%=>qpo5oeZT#cP9eQMt(N(#}gKhPsu^Ok5CfB&IPZG1dLyASydX
z-)srvp!F;c9X<-%+u~+d%}-68h0cB@l${yecbEg@ciz5>J8R?I9F$$D7ftn`sp=`O
zJ2<rwfxHocTk=xP9N-S>Pk^AcqRHsdgQ>}BSVEdY(SL2tD5tKW<>t6hj#)2k)>2`>
zfY$1%MNvfsu-)y*O1Ikgw5a`Xppv;1P{-I52aSABp?gZP)Y}`=@>Ei@7z~hvAqc1o
zq*UEjj}_his0%JjFf?ji+D#$yR5McBR9q=g9T;zpZ(;yq>r7JQjE93tWa<c(azzI$
zp}<x_vNWm|KahvqqL3Uo1~;5`mJgtF;V_%B4B0N1<iP;z$GCkFxts_iQ_ccd)-tHs
zDrK;jYALbnqREWv*1=HL<gSLIrN=-hkeYDd+4>=g05w}<h$}BFEW!p}phtv<k046#
z$kMsr;}XCN3oCG7{{k0gq0(aA$-wc?Ep%s>lN-@uIK{Q~oVwke!x@Hxp^$%<Gn?46
zSPfTUa%w6%Qpf>9*BGq!gr;cuUG6UHe?tRNno`1BU8{_PzEH{Q3sD-`kyQHVMRZE}
zq<oogNPWhvmPJVFUC2y*D)jVN!=|p2%7JUGa>(@qd({*`Mv;?*HWKOLtHcX&cWWkb
zLCYV|bf(2ktUMNXjuzGqQ4@AxW;0W~ToR7}nMERlu>NmT4?rVx24AB+wGCR`jnH4(
z3!~m)h^=Id(LweurkrGwN2jR}8?RXs7QjF+*I=%!iWc!W%Ek!#w^M5iPoLZ#>DEO{
z;ycK~F|6dcK1#CXm1UTop4PUNoI9QoXlAJT0!*IPOPJrd0YSZr5^%^>OM5Gnr#M1@
z<IhqBQ(KQ`P7URVdH!g5zew_l8MeC*SJ1spE7Nu-IFHdvbq#t#YigtsJ(SXOT9T_a
z|AO;zrXc}U#H3@VoYzVU_$1JRuH(qUpj7IX@m-aoLDS1(zlH#5xjfT_R3Pd&=fCj-
z`K`EEJas9W2q)2IJ*>LOt=mzcmaWOnYQj=&v}h-b1Z0`hEPP#qJ4b{lsLZhv<$q!%
zYb1O8GOXQaq#=YH{CYRK2M(Uj><Q4B-U@@|eK1@-3~7eZb3z*3G3O1;JSESP3@%<J
zw!M!?Z;4r!B_0Yb6F|#pk|(Qhx*!l)G_+%Bx(zC|=@_mNM_*TI(Dr(giZzKeK%&<Q
zbu85E*x`AhMX?R5?0Vj`sf9}2D&K2@;xq909*30n@je|GP0m7#V!&y}A_{}l%%hUH
za_}aU&`Zp(Ns3cRwmr+stV9w;;Kes_aIK)Sxb2Lt^ficQw2mR|VtR`-p|;O1wj+xT
zZxYq#Vl{ysbOvu^ECGak_H*`k5`gr%QV%rUe`G~#DqY7CC^(E34XvR!Y%#S(rFt8f
zT{J$Sfk+jF<S;M^9^sY#4)#67sVRM}=S3cx_)|W;$l)RtLX^}wpj{jjtQ_Lt>&%|W
z37Lb1-PjR>c&OOd({qIUsY7#)h>fo^ORbcM*Ds`U0stJp5fpe{Gpd~zvlXvB7%a?D
zs166%Bj4?@G*t7Mwn4wwXD;1EWlIy$_+80ENi!d1pNI}p@jBp}wzLt{D{S@HfQsP6
zhAkYvT24%H?K$73852!stEiZDH^BfU^YVe)xH>;qD@A})75=b$uOutr^G(mr!I1+8
zC7O=b`ZnqnAn5~;ghSLds0|<`c&Jlb3ewb~_*omrc$FYa)!A$qyCuZSgK7ZMPC@iH
zZ^;`3<U$4)EviJjT0w;n(HXQ^ciXhk>4XK~8Jcpyy0O0@lgciWp1BOpVFOL<L%M#*
zft@iP0iG&o4wQ?f^OAs<DclA_*_nmOEq8@3N^MTzj}k)YhLDjIOJWX?Xq5p-<p{tm
zH^AT`YjqbjY>zhQf?Ts?w&Oy|11(#t@07I{2m9A#iO{6jkYbKa*`^{iL?djFvunK4
zRk&~;Nm8%NPn4Y&Y(8!qbSAsZiASr85Qcq_+99Bs9iCILc+Ew+9$FlTa*S4wGMDbO
z9H&=#HLJ}az!w)5<k{;?XsI8;*8CQ$kW$8AU2LGuXhMLL%&Nl3sD&l4I%tr~OxXDb
zy6ZZZ;1L=+h$zAjg~F(gvjj)uk<A*dAf<`Mpf8bbB3DTJUB+y4aHpvSvXW5Nfk}Wn
zRXP$QiBeq)Yq<Pn)5YVC5E7V^i3j5BQcj?vgyyT^%0X5hoj#kH0G*D0X*V53S=3vt
z&LERW1lSoW`Z-#XLW?}B)aWJDYM4PBHY7PGx{}7l$pY$CBpWRAYps)<1b~Ftt}HLX
z)XZ#Zms$dps2xe+BfBwo7AGN~VmP-ML{BIg<ONzk3R;OaNG1Q?>Jc_gI<-dCLzHN}
zMU>`8xVX)x`OR?PzyX-pv;|g|mUuvk=_@6#YNN+KkQi?n<Z<a}h~rR9gF(yahS0FU
z^HNGmU!-VF<Q5`eG%}fILFXcnjqU_3LK}4xNSvCwf~0j>c(CF(oQ?+3h}}ez+}GxJ
z`{mM?2}cQ_@tDv!F1rLs^`oW|U=lyk3D=+t%`KlD?3&p#p-g4P5y4H|no4*<gYwul
zQj&oM<+xz$ePcr*XgX-B;$S4Q)*xv6)rfg<TQz<Tn?#F3hm<a~7MN9o93Vw+z|xSi
zN2vO!y_btIzBT7ht{|_Sq$FA=ra5PJe*iY)aYz80>Ly|V9X9cGDe+ZS=^`*4x%~%h
z7VU00j<Z@?-APnJmsrspEg#}RH8XP@(+x^3yA{oXq$pAq-Bwvf4l6cb^9nlUy$MOV
z!zFoH9a#B;<Ylg-V2HR;u!v8?as)wuTe!rbGc1IVU|?7?H+ZGUF3kn+xr_lMN$Q$F
zY3Oh{c8v8Yu&goGfN>0naeA`9$FMJdy8H+TQKY*yPtkaG+pi7m(L~sp+0G!Th6@@J
zstTerei!0gCbnmZaN{K+uz|a+njIXJvll{(0YFQ&QK0*X=|PAKxmQ|hiwf7Y*lsKF
z5M(l2Ug~A<l<cr9#qc_-sGLnqP9;eRk}XYv?<AdFIVlpGvQD_rjW~?xT?ybzd#{5-
zw_Oc0n>I0EiPjHS7DTePr_ri`)S_HK?tLQ88aRXXO4u=vH0`)ecwMA6({m9xwN`kQ
z9bWYY`O?y|2t+iP>%ynfxkkBiz=Kehn&Uw{*PZU5gh2KKrBX^>V_m5MwRu%*T!%BN
zA$`i}RyIJK+4v<mPU5OHILT@;N6DIjEKviwVTv&hIou*4a``!sR73-5BN8s+(nZb%
z&NXKSqazWkHjpxUvIghbz4#njlxGvZJXItjU}+esW`pE*W_H@t65uo0nZ{0#+8m?W
z@yb_yG;vX7d#Zy$&W%>5WV0FNBT_OeFIPs+3qOfce3_j&R7t5jiBg&rHszQGcF-&q
z>KH1R*qtPx>jFWwM&S7_m<yj{i|Z;@jiO^mt4mymgQo2PN_z+U^%?PcQ|NiDdR$<J
zY}1tH<#BeY7SXb?5q$#K7VV9jVd(Jrbe57Om<wpkp6UrDuv3OgSx5;ql9ZfB8EHU(
z6aZ_peo$H<i2&7b#7>!!mhhFpFFC2?87!_4AN$;^8I^;d3R#2PiZp`G_7wfd1#ApJ
z(Ug?|G6LO2LDrDsrj(_v3HA_=O8@4E#yDC?Q(1_kaC~s+cny$QM8-Fpr*Z{S--B}V
zXwe(&;JRKGi46kmxb9t$C6Z@mXJM+_W+1h3YA@Tf*b$4!%a^%POU>~k3j&oH;8kCH
zG_|k7)@@sOdhe3NrDG7#l%ZV@M<7dD2sb3~3zr_ofl7sAXmE&PEYe$iQ<|Ww1#^O0
zaH{??O6TjLJ-r=feH#|{-h|)v7!Wi|bT@28QBASli%7%fh{NE(!@tWJmTKhjqf{+V
z3MO&zA@DL8oDb`)Oqm4KOWo?g(w3b6luKB|TGm1%3KAZL1RoK2xyM;ZNb+v!rGvTT
zuup=_s{|%7+fpgbiln!JQb%DW4jPNfG+F8*+DbSUC?J6%YQZkqp^XEN(~^b+w^6|7
z`bfH?Lg|`k0c1kfBzAC7dWUg(VfS!}-!(i=dYurLe8znRPTRbm$N*J9s=pFi3RaZr
zxX8n};3BK|193DIR7wD?1^pH7Fq-yBa*CU`#ih4s#VuMqld27^uJq6(Hj5Nunv+=_
zXJJpWQb~#smq{punsAy@5QUK?J?&Ektk429f$J|<G5~8a5qe6TLo3VfYcEDSEZVfu
zx-qr+H00IO>>h4YYzNVrQmq<Pf($7OfzYu<q{Rhk3WpSm6{`X!=v~mIzszwu66n<C
zbzH=m!UISXVwo?OvM?u0-H{|gNZsoq#zA*zfuvGaAfSC6UO1^0%S({L%qH|0H7o+O
z-6}FVA+s<mj%snqqXQF^#88lx7)yYOhHYiyQUI{jT)AXnfTj?HJcA%|90;*CgGu}K
z2T{(8LwrHzwxa>0V5vm96Jv1=g;MXH0X`cv{5~i}+Q=JQ(+KKCY_*<xzyPMEr%*ae
zV9kiC=ChhHRM54Q+fv7MB$x;vZ*dW)eO3JWtIK>13LY}r)0vuucCW8NOm!>{$<_#G
zIfx|>5R&MWxy>cK+Fe-`h-kp5$HflW4}+$=fIkD|$sHU#9%mfaAE0|&mZb1(A?Yyq
zomyGA+CH!E;Q6{U6VqaOp?GDANkK4oQ8}F%*8Dz9AAAv&I|j8y)CW<BX{$9_jw5a~
z%8%+!Q}zFDr=|IsBB|RGT^?k#APrk3Z~zn}unN`3*v9QR{VW!__d&})nC=tQq3a@9
z2r1WBVmYGd22li(3)nHAw3U})ect#__8~L9iQN(SLDTV>LB}M2Na^Pd65)&m2e6#J
zdN^zV*1#FEF_Oqm;{oHB76xk%!EXD`Mp?G4e~6?1Hg4F6O3P4^Oc6|?1eI*f;4%T|
z`Y(7T*%=lc{lQ_G#)HH-(C-0C?1`C8yvRJDgl$tMc6pS&h;=1&s)!2_$$L;<A30PC
z^b*>SYe_H?w+Gq0sip<z7ZPvY0~=<@`T<NSpg`(?RDu?&=k-~@#W-{>fi{wNk{BBs
z+)|B-GS-1igSdANO?$H&H?rc}IdT||E-s~64^mK>O}zBGg%Wjs^E?MqxvaRNNNwTG
zg+|}88@=#xIS!{Y0MyChQVWO#Z^6ZTv3s2$Ut47?VPT+Dh90ZT<+hn(qUR7qn)$eH
zUIJV$Ez|L`c}trzE(}fSoV<f+5WqSnLJLl!tO^NoAD<aq1GWYZ2at`L9PF;ay^WR-
zZ!IR#1J|L34gzLhN>1Uhr&NWeQVFnXPtW5ylU$6jx3a?1p;ww<x&p0fShlDFlVfR1
zD`JiMPO`8GJiG+4*7M-X{WKMKHFg`pOyRDymI^)b0B4ZFvH%+IvwCzF4~7;>{-RCZ
z!Wp(^5Ur5nm8$I0@px@=tSlee1LfQal7HyRl-O#z3>8@?sjM{!$&0yt`*E;g<0|ak
zyBDt!qH<>S>trC7u>JTQ98ATDwQT(XT_eV^ot}AhOIHVIP*>BJWROXIBFO+s8_NUa
zL`qleB@Agf<=i3=BucNeKa$inaJozyYHF47)Ci!&w;K{RGvTG*NjfH2HYq_iUXn@~
zO>HjIOkwQ4>80{#h)Qd)4rq+KOiKn)WRTAuM%+wwP-#I6hs5tvA}T3#9hTS>XY74f
z9^1?MfE>ggYL!5xy7e{WQ!`{bNKeRmK{e<c7n1=2F?X~SDd%#x>KGxhBP)0f(FAuC
z`pX9q)T^vS1}y_z<6v@w3JRnN?U|Ab(iE|_h67t0e1J5FD2T6?5cpd(Ptx<Ct2L;{
zs({+xK`Z@G=;=u(b>Oz!Zf8e~)%m7xiJR{@ZU=(D9q}UOvx=ptgbd5F&oUbW+nbZK
z%V#=Io%$||72#P=`_pJ^UPs2V!#RE$)+|Y308SD*h1Fypw_w%=m%%CruZ-S?JdO1-
zAWBd(a>U_af6#HkUMf=}vuDh&n@lqfn#Mt!W#k4HXl`Gdgl6fgrZkdVOFgmgPPM6$
zC`A`dFxZ6qwpbd91z?FAaRMzJL|cd#(n_#w!BD9;fxPzKcij%t(`Uk-eFxyWJtNM7
zsZruqXdkw*%<;>-?x1kr*x4v$`{=%2pemt6|7i8B7IM!KnflNL4vTotWiD{uo!g3v
z;Vj2+h%ziRqdT`v?Aea0qk8pj4mqTi@2fMh(-2slG9_S&;z@9zoOJSuaKrUCan(}B
z91f~&+qWWbpAZ|o_B~;7I1(Fw8#y$kT!9)UEUk+gPisDcIaxw5FQW_?qZIlmd>+xY
zT92V`3dz-q_Hm{hG5f=g^GQNO_HO`)qhfZt3(tD;ec*ogIsuN`I?G4w+P46o{_2n5
zQ(wIrA|tm^72Fsop=p)KBxghM(*yGm(ul@Pf?N8LapYwA21qLuWMJkNk^w5|LQ;fW
zq^<%RTYPbqsx3|N0-0QypOiS_x~&N=xhn%@q>hvc4vs3V4hPbhCqMcD@QkON#|v`W
z_Uu=Fgkw**JP2A@sJs_Xt_<ilSbRx6=<&N%yhQVmfkXp_mRP2E=>E!*tYS4a&F{>#
zjE*HmdgTB<)+#$+%Gqs5a)%o7n=0WGr)H-KSz>gFxlkvL%skhp_;<3xoOIIhaKnwa
zu;pRH{06kHOlVc3B2`WbVrQp5AbYd<Xlkca)M-XM>565Dm1)^(GO8dCgsVm&lV6IV
z81R(hI1Fn%)2^{@fJ;0OA{OG5e>?*C?f>-x*s*n{flvDTe)l>ap8w1T!Sny{W3YRl
z1isi*5ypl{1a(GNY&6;lR@?@lIj|a_=BdU*XnZp^c<f#-DU6mYm$Gks<Lbf{sbdOQ
zTqe(;gXx)R?4)T1O0DT-9kdpZTbwvCB_7!7wx^xE9e(whk6QB>T!W5dhn-T6j=YQK
zC?i?s%}IPY(F@H*5>QasY9ZmDoZiot3Muu=9#M4s^iWBq8Y3;VCllAFWg!BaDdnEL
z7^#<FD5pT6>~ATAlWg*!pyt69B=%xzdImPk&B6*=ROZOK!Xb!S^UkEN0)`}WT*;T&
zi)JSk8j7oN8&-~t^$!k9v6ZuAf2~#xmfG!-#J`vewU!>lfg*jL7T%296XJp9MGPvw
zkJ~o4E|~L;zI)RjJQ1Gt(hoqC)cEu1xBqfH?<p^QFYMmCn0IqLuHmr+2eA-MSSz1}
zPuae7jV9lM$l)3KUaT8FmND@0qKR_{$m>|sH>+sETkRi#so5Gf&Wj`+Ah+#wXHf4N
zun7u=n(Kzr`$;IBZQFln2|n_<e-^hj0*WjqL^s4s)>1%QAy~;-tkuL9G%u2EKI-J4
zSdE&K2P#&B*x7?rWA*4kUfqfo7y@**gy~Hb+#w1VD6Ju-mkYT|^-iksL4%RDN(GFq
zNp8j71z5GlXK#XXX-PbaAtXu|XWO8HBFB?#weSPB!&4o<st#%%l>Xt$ORDP>%IB?D
z>Dk()7$>OYZ(Y|7*~nw2hAit_A3j!g%$yN+0!d&4<>GQ5UjE-c3zz+1CjxyIp7f}@
zp>%#Ae|P4ooB7zwesFsOY;g<CKSfex@Xy$VYn-27DL|8m7++3D2q%=1TT%zQP?u?L
zLe$I=mx}7d6ts|$dgkCBR+g4I<D)x)N)}4OAySSh^vKoyqip)(=fajf^~5dl9&h{L
zci~4j9b|=)95kcVBVxBjFiE1Na#yv`kcGepscFY~i!E8yepIFDwLLK@1CZlMP!&Qe
zjax>b5xtn)0_|A}H=SXVBE9p(l%y-Mg^oBnDtqJ}Cr>By^?bF2Am&ozq4Yjv%^-kH
z;dR!88>D$p;wcKBgox=}HuJ0EQgGJ1EN91q!>RR+jxT(iJ^I6nIeAe?$+R|yz*anC
zTJ{<Ne57W-avWF@;E^pP$@k=+y?Z?N>lfd|V5V)?-UWCEcA5Zw7QX(S8)0d=5677N
z8vuoj@g_+sgGr=vB-dk#W-`LLv3HOqBwEo9>wQ+T0HAT7cuqdZoGm}6-^Nknl-rG9
zX#u6=0D*#%W(FlFD@K%Iu0g}olN0H3lvs?`i=b(1Y*XezR*I6zrU6+}&f=kKUH(I+
ze_45!vQ(G?;4u?(JJ7p{#|>#2HCZT#ttXR6GbZOm$)n6~;`(?!GA~97=OoOPDnB`^
ziS3-~)=50Dy;}7Xi`^h#x5`%3c{uVV1g&2u{JAV_;hzw79KLd>qg_0xGRTG1YFS!3
zC@bKCLoRl?)IFhs@9Z@##cN6D4D&v65_xAM0W?b?_povI`NXRim-?}jjzdYEOGs)A
zlGqCf<XmdL_9f@@r|GG7Jok5h^*jXp0It3H0DRz6S41ctw`B&N`K0^6BOY`r@1a@X
znw$2++yDL|xaIa9U-$lJoeWQX%vn(~{NbBEog)#>JZ&31_kss9aQ5t9!hv>iq#fhd
zlIf`qE4NR6#NFfl=$YQ};qT%gJqpp<gXhmo<FQY=FFfLbry*F|eC*XX?typw{Wnox
zScEy$=-b#<FMYw2xZ|d#y75jIoPSq1cvOm(zwN`{1HW8yOvxmgyPoi~_k@Su|0J{)
zw2+!C<9i;2kACiQ*thSH+Uad21u=b%X#K+(U6Zh)Ra|RUEQ$8CaKG<vWS~$s3&&Ac
z0;F0KY1vYutHY8q>%r<{L*%ZtOj*$@%*As^DebhP(r0UtTe}v#c+p5E937zMOrt?w
z*=(o238z@|S_Yzab&To*XLQGuc8K(3h!UImxs#QJO(b$WH4VUfJ^D|Bi$+41B$~5n
z)+w+(Qi=z_^Ply=*ipN%BQHd0e9cV<SP8uJ`#Y0zsiX6fPy7}fYrE_RyWmBy`2<f>
zk9^>%@LzuCQ7|*rS#unL=T~0wcW})Odl^{Y{^-l%ceMY~D{qN^|9>xkGW^`5@6De-
zg;tl>zvavFUJjBC1fT7=t*8(D@zd7T2MD0Q_<JAZ`_e|1ocF)!8S6e9ZLj~!FTiKM
z{zK^aA^g)nyb|tcd(Nvq1H+{QaMGp{UjNFUXLt2_+gsoJHTcHG*RT>fMDyI@!QHSx
z87A0~+wXoJ=LA-0&8X3J@4Iv8hTnh`W{!)W6Gb6~k)zPKWI@G2SF-M*XU@#EHni5D
zY(Y!oj(B>fMeS{3vyv24B!+mw$YMHbDPqa)Z?D{&Dx-E<tV9}xvpOJ#X#zj5mf#X?
zB*61>7<HY>@<Pz8dZ*W~^;n^ZTxdOLtd7Q4dx*r}X|iXgDDjpg+Xw#fO73jiNJ>BJ
zDffZbz2s+6S$rCN>RrDKFCf6{^c>*MH=EgC_G=G`fFYoN`m5K(d(r;if1yZvnk7E@
zr7Pq4zxmvUfLUdZ-?kxwnYMR+=)39pb=5A5r+xO5?;F8<Ee^<ce&`a|y<hG}`+wsZ
zY2d!?kDeBvjgI-u*RP4k0zdmB`1-w30e7~M{dwD_8F>9G{!;|=)i)i2f4b~;xOMl@
zc-)JA>5*{CN!z$By_(G^5Q$<)Ix}c*CTTn|540dBnfSOXi7J(}KFbUbURnA~Yf;m6
z3MraXa`jT*wCNaa2x4Q7dW1?<G7;86S2xo_LE6poUYa$+K(!PqkONZux7Kgb+)Rj+
zR&2`hBg!TZl8~t}V7ZP`;E~+zlxSgYb_TQekgA19EEwc}gDxu1k}Zg&e8H<f0dIWO
z6HxKnw5GEN;G`ImM0@?4zsfK4fT#X7e|O0zels5Tl;^*X!D_U2$Cg><<7b{Kiqwn#
z%O|;k2}GZK`*ZmB1I{{$0lO2az$d==eFW}VeCz{|g4`d!yX4AS;r{nIDc*ywCj-JY
z3JTg_%_Z|YKYR&Xc*)K1!Owmle*Nd~57!~Uzy94Dx#NglT=?Ca;Ou)IkF!G?p8JZA
z!s1GwLGqRN{3<^i{hWbR=eisAzyqK9KlomseEYAlK0({dUj5f__05N2Zu?z0p5y6{
zI~yj|Hcdc&*T=46>jtf;^@~rs2R!cKcjNCK_P{gYeILDuO^cLc$P0HOm^m?)-UUAs
zfGP0Ek^4KwhZv2p;CuinHCA$FO;Mx;p@gfeb3!c#R#=hcK%MfSIGj}-P^qLrvVu4*
z0cM=pDRmK0OVV$xR*+h4-Y%(Z9IZ#|)lh5+KaVm#TcpTV7%)A8HsaP^c{FqUI7VWo
zuX+wMDeJOPLJHusU-CgX``*XF+4tDN7LB`|zLhN<wvol-Q(w87B`vryg-f@LQn6F!
z^>6uF1lq%ir%uUw+W9nZ(QB7pc^m%R%0Q;=QRkcq-^IV5^Ry&YKaCC^agC<;h%bSE
z(R<kThTnfYeDA7VJYWgDmtD0p(v5|s9=!407xL#5wr_;{-SapGIRS?B0DHdKnJHGn
zDCH@Ie`#l-Ex3R5S{R^Zp+u9~1I{`r`x4-(k2;;7iNKyy5IXMtAG-)05E9oxirn<J
zQ#lrdogn1=pdcw;-@7G_6tpRu$*-=Hh?8l)C1tua&^Xn04srGpXNr$;$6`Bn>d<iN
zGOwdUgDo<YvD25rKS8VN*ICT6nB)r07#A*FYVAF$vXv}PmYxNf^p;D+<+Po73}j%G
zzD~4B0G;&xWWv%E7a>rPdk(1s32c{Mxf8zo&$mhd3~qNlZ412n&l1mk($C(F0WAS0
zO+<TiPLvZZ20+o4m5}ax<}CcqGfw9La;z;qV}QSY-#6iJ-tcVR|8tMIH+=P?>)>vu
z$uhhonLqWFAFAmoQ*>hk1N=QIqmOvdX;D(2jX<UC;mGAlA0X!tgWic5^5wtwF!qeX
z9X%b#Fi&#XGRSN%E5i<~_^mMKCt)k4K4qYN=-J1<Cbu2gscX$9=}yDM{Ba-ywBo2b
zUub3vDQhh$(^l8AY_pXcViRFe#-iia92PjwbYo=2(S6JY2^LmBHtVWZ+pq>5Il;+@
zOQO}92y9+kr3W=Hroq?cm3~PwYh+#RLaNlHeJUwzH3uD4Avs@|hgV5AtDPA)$SI_8
z*?N2#M?r8gIWfAP^<u!ZU>e@^hfidxLDK8V&;Jlky;_G3y;rv$orTYSYcD+GF(Q3V
zJoyxuIpusQmZ+e$ZT2otgw;(cD`ope2Y>pa7EE>JS+2Y}z@8(4gV@ixn@dtUvkzZ#
z#jQ*;NQ%v%EB?)|y&zuyQnG*N_UPP6qPxig@`BfV93}4YJfje3?LI^mUiUkXhUdTf
zV@#v|{12WSflpLs&jBeC{;&t)J5IK<OY2Nfv~oQ2G*P!^Vb>v4%!+=aExz#0n_#)8
zYr4=vo%JxLS*`S>@@P#f3LsDJY&uEIeEdC`<qBSIZ3Jpw^R}|9B>bA+S;}@5T=CP)
zkSSY8_^L^{LNnAGb)QF4Eeh1dEv1M>5hDeXEf2(J3ymIRv!_Z?GP$X9jIA$D0LTML
z^B3#dynV@!z&%!4Cb-59#X>a-&m@?mm8K*x(sbrp6H=v<;tZ$}@Hg94*}H_CZFU-t
z-!ab@ppO4<fA}1D+h<3x_lR7T!1#y<wqi%!w66u7xs%sb47bfW*n2och47ra`3%f8
zyz+kyBSb!bzoun@L8CAIR+Q2YP$^BIw(XrCyd-nOLR|OT1~0uhne2$`)6WZE^GR+I
zGReK+4<66QFo5y6Gf&+b!Az3>g=m$Lp!pI$e$O2ZK$|p?xioudD>{k$_Ut=~^kye>
za_fyxeEC`iau}_^rnxp;@Yu7^!f`$P==y!4)el$UnHM}1p82011_zGz;V(aW6YM-7
z>x_qztQai?UC`{3U?NQ7k9}4x79fIEaw$!L3vn&R+)72qQpHj!!l*IFWTN9GJ0zO0
z8r5K{XwmyrTFy+TR0ehA*xGk8gSZBd&g*;_#c<k2dW20nY+BSZmy*(^?OSd?``2T~
zk9}xtq(^`J+ciArQ6dG-y}O6|oZ5mLb_bxO=KGxLA}DG5#6?wuI}`A?ZIJI@enAP}
z{!z{QK7LWvxX)?ZJ)FMX@im|Gh^Ezm1{ShfuvqC!u4r;;+DL-#Lbtk&<UH5~VzW2|
z?&Fvb^WXT@g%{rlXW#4icntAlI(H_spA*$0Nxq2RJsa)UJGP9Q{6e}@){M4lfK)8?
z@WIb~KLYx(=bgfF*jL}MA2!c*;BgN-6BWibJp93Dz+2z{P5An^u7<mxzJtL`8y)kX
zfAI`>@n8Os?bOVjb-^K?!HgH1LX~BihwLfqI%S+#{Der{xTqli;(#ID&&AnWt!Tl}
z$^ly7Jh{v*0Lq&y&jI8`^=Ux3N@75aYNQehkU73$3j*_b4aJBOJu(OvlNQQGU*sPe
zxRyUY{_PP1`LrGKHv#ypQ`ZiF_kVQ+dk!~c^B2EY!*g{o5U`(iPQlWcfd8e-D|qfB
z3%(u++W+~Y^=-3T?)@xS>i!TGZ~qRukdHDF-~aK;8i4*ZNBhNg%yfW!3+QmU6z$MY
z;lG~$j0f;fz7fZ!rnvCpo0(#nHRJF8{2B2W+aKE~7#AGBAN5kHYpRUk8>o1`>%*7A
zum8gR`P+w~V}*Y5?T6RxMJatF>nMv$%Z=|QJCbxkk#e5PCUhc&sCA`Z+N5B6(Ui_=
z8y3rf1!Gz)vnq^A>jbnyWk$O0d0F_(<OVFA1*B3Co@=ctCpNpZsZeIx6YG|8XU!Q*
z28b+y00g*Ii~`h02T7#01Y4=$BLm5=FOMNjo2D4zho#j3FZ!Q-1Z)+lM!sEnQw^_p
z_YmIqwJMDVJ?#Bo8{todd@(fcL6=@y1$g7fMvZIIac}$Fi1~D*GdJHIf&FZlJ^mb(
zpowaTGI(`tu%yh|4}byh@~d{kEB@s34ZAvR1kykMn{T15`C7il;>rMi@ns)w94E(o
z6TyB{+~*=F{5k_jpT((?hai0SM=pgw{;RJx?Af%ftPasr_yhR!cYi|wG918-H|>Vc
zeB%Z<a76g`N<Vq&XtP*nrW@3(x*Dx4FrR|2IKxxxY?!koXh{HBCPS9g5N?~Qk(!N~
z6icb)rvpTRYXSG>SriVhx>;5Ysqm@lsMloS5K<X7qd#>pWzc3<Ys1u)a-NzcT_ls>
z9`mZz^=R(;TRsywk+j=3dIsN~!_WlldZ+7yY}+WeA0HI7m!$tP(v8Jcy`H{DZeX`#
zNBsqO@5|a81xVXFK5z-V{R7{HMpij16Dh}S{D#yNXP&kRxp0T=%h#ckBTi#-QnZnr
zamqY@*u8ftn)T$pTy~C&*G<dOxlGx186}kTs~wxCnWrz}i|<kU{6@5S!)O(%RkXCA
zelv06&%k!1IB)vxv*6oT9fAM#`JD=$nx&`I*%OJDFTLS?a*PEn88+g$3p2fG34)ds
zHs_idRC|Md55*Km9yxjq_7sv-M9M&QL}(v<N3^8VZL1ZeW+l*8B<3-!HKG&!aJr_U
zcn5<@<vf{#2boFwkSVb)Vqaz$Cw6lQY-)s$LVSScj<LV9&!pJxJzOQAyJKA_VuQE6
zhnuv<PNyH@<N#?f8jx);n379BXWw-Lf;lOopZ?l4kjHGq1~M+~vIlY60{H*6Hymsv
z+s5=BX<0D#dEG6C<Gq~EGkvm`$p%ea|5|!AzG)ns>IB(ya9JgFh?HP;wFeW$2xdw&
zO-*k{bKfNV!E^4)()m*t?N_NeVpp|TMKn3NXlsnLI7dQ*N;;t=kfJE*mu2&Nb9m?%
z^c`KF{$@`hDS^a)wXtjgq@eZXYBiI2t+*sLNCKE^!;%MNu^$~s-o-KoCTID3nuKfx
zKIs&IEc#QzMZ^I^1JLUr$$i`jKq0+Q8VzguD>g_&+lXJ}Cx)>vv*Sa~cbkWWu}i_&
z^F8`!(&K*-dH6#6zHH+TV^fwCQvh($Y?aJc<AXLzQk^=Z2GnRJ)6R8D*KmPcD(l3W
zo}iW$wi-ny^)m(FlX+8W+Q|SM4r^Gz$#c(A39FTd$DMOL+OLtSeC9UTcc{le<8@Lh
zsrJO?w6Ybm$!!{TS;MB~m?84##-dJHZ4x?J>TTHI6{BQa6-$K{rA66*09EWvcqA$T
z(Yg`upE-TvBf6}AZO}DjpU+exA6cA*(N@@I<+#q|VExbbH2KX_$3Rm$kL`+ogfMpD
zbcZk|{ew%_GO3(z+mY@(`e%|A<ja@W(Ajtf|MU-C2dn%38Tsc@_KYbeH+QtS+&nb?
z9NB$c{$4IW&NZvHx@e7FXLB*)%~n2D1D6()*ZezON|=sE*#rCcAB6w<mM_3r_q_*#
zyCV^CoV77z+9DEEVl-_1MJrw?ORmcEn7cU71d``<(H$-27(7?^53$&|*q1rlu8t8N
z`uzMlC`dFTMvF)CyM|g7JyI1lH7yRT6jbCIi6o%<fG)9DdT<%I;?mtVAia7nwH?ch
z+N>+Fj=7CV(kxFk|CNpj>s@vn{jTwqb4}@N7p9|f>k4skQb_IbJM(AYG`$0Q2Y<*v
zX)Fbq=EqR!?4m!$7Te1;A2jY8=gHt2R7qye+!e1e4PX?h;Oa&|#bo$Iu^|tU&t7)P
z6)-oy3FfzMQ%{^s>jl@>lLa*MQp0H>QF%^|&#G&1v7ZIZR_@p6j%0;M@kuHEC}nHo
zrJP+qwSm=u2F)~KcR5IyDX)}U$h>7Cxl!?pyjj{TUus!GM&;g?j~FzNKei?4d+0UY
zqkn%jMEwVv{o453nGz^_m_M&$=~#o!>>_tMR@NO*>z{Gj4i7UEa=38$bw><K>D9eg
zK>zUda<%b?%R1L?-uN?ru6##6f}>KSd&ZU0Tmgu84ls*$ZHkAXjjSn`UA0S3lM|_)
z2G{5)CG*CBL%-*@Y=uo*w{wQMEIp@%TU;vi6J5%nZf<8BTBIj)PFgaq)0Q$03U(^X
zK-ny|UZLe*O7S9jhrw_V!$RpKiheWtQfY)AFY8Qek5m3*w<XV{cD0J>7dd{UHV9qE
zKxyluv%=^gu09LK!6jELmQ(<j95kg3yO4FZwS5EJ#97ZS;JN3E>H2+NMl;-3M$Ks%
z#%M-%Zv1W?pl7`tDNI<i6EXk++_<}LTx$HDwh^bEI^jI%qPcJB)~}-rc_};3H3F|d
z`Cohnmn5=9oad4k;&(}j3~?tw<H4<MRRTWq3HL-h^w|wh<AZ<x-7-z9!sMxjhw}8G
zjbhJpXx~1LS)NBwdyPdd)JAM>?4TWKIz))karvy0Wp{H%Ny$%XQF?Ty#4gKeBzfax
zrvXgbl5!7quGH!sH0n{Q<;1X6sN@%AQWQFFp<1hD>5>#&wpRs+S64p2jm{1ua|(gR
zMCXDiO#w;UzSB()iyePwr^NYU{o~iYM99BLe}vdoYd7bb=N6rLm^<SFm_~40Y)O*I
zE*_UB<htzLqOt=PCoJox#Kw$A0fcNyGAd!bkFH5hl;3^cgBxJBhc*RF9>C($q0uOo
zaB*<Y?wDcXv*|k8fcYN{@~I8nnSk*IW~XUTT0hWgXw<Tp=(xEvF5w4S8d&=!>KS#S
zQKp<)ik8m=V4-DsInKJWNIM^$BMkgf26KoHZual=j22bM!AVN_A|OKp;V=f6J3#CB
zVJ>Sp*VrBZSR>8d_(6AYpN0?&YrfCR&E${Po;w{n8%{^1@k;0)xt>>wk^^mox#me3
zO&Dh<0`f6|9N){O*()oCL+$ybN1hR{xqJT-yz3*EgDDHK!hZ-c4JlV;gHjj<A%f({
zf&H*)+ja<1u?q2Cxo$u}x$6m2@bX_cmH)nW*DCzQ$8Jqj1$<mWBWM<iEs5a@b6Z;l
ztrVqaDOz+RDS<22j#?!x#W%Y`)<=|QQ`4Fg`XL1{>sU9jP&c~SsX0-hPT4MI*EZ@=
zy8tmx$3ZFumiJv$V(t)JAtKhL=1X{tz=CG<=z8FW?7rFko1i`RW30bFq*=f<FGBme
zTh4+u0=u`L`1K9YNX5_I#Y|D$Y#ANlD>k@tQg{H8#vWfZGjyME@_c-jKl-b0a4dET
zln;<>>Ejmx<&5b)(zI@~me#A#`}r&!)PnQvkwqG6?}^CPyM?sa5u{m*788xLR7e9R
zxBVxjIH)aJN}8Ej&t{Y4AIJic^xAqT*dne{$VQ_xBfW8wtEgPvJd%DK966|LpM&)=
z6|!@phOAN|2W&%t**!w@9{Km<CpD<a`0qQ~BA6h%Nc!=uDVRL&T$nra0tUCqHQUTS
zOD*ZmIs!Sx$Y-Hu+L~Dq(r^35HL_*)kV7StcA>7DGnaxXKAD-Vvb)vlB_xH9*4^e(
zw=UBMqI7A_WTI%=5w6k4wt$b%97sloY}Ss82xVY|xX&KH))*FmxDcn^U%SHEovk6Y
z?MO9JpwS*W07H`262mQ)kTRE~`E1*e561w}eNOZ6w1<>%I$9hk9^(d7)ZYK)p#&zG
z^u}K=cv1_dC*(oi_UREk?Yx4|rQ_*u+c;?Hyb{j6hk%2wdE=g%6;QIM*mGQPZo&7Y
zKgnG8rOT|Q1n{*_-!9*M{M!{PkG4JcQ6+5MAdUL5i{v}H<}W{X7S6f*!(r>}x$Jtr
z_U1$I&JSH4Q@B)^a0{Ms>Lz&dBklqZd*I3PjA)&>7Tx9V{_y3n6Tz8S^w@9gh}XRM
zVQU)krO2h}8Wh3zKmO(-khHH3Jdy74fRkazmMOk3#czM+!t3F)7pk>Jfki6?oN-(i
z9)I3(aN?FOOm;lnx~~V{{=pHr=toESZbUWCxyKw#c2g|c37b3coJVb8AY6RyBKAcu
za%EP;Lg0{0i~FEJdb*gE9B|O2XbgTQYdof9vL!Ok6>7oIwN|2(SB>0-5J4R>o}2^O
zyo_#a)^!F@-5=jDO3!qSJDlpzy+?@_k95GcjR2<~SHQXV^ze#z4B*CHbsT-?-Lr`1
zzUc`%cWpB1)6NwON*;o0*Cgu-SybNll>~m;M;j#vL_h}ttzCl##M>3nbpPi(Ds|{v
zKQrRv-}>7f92|DfHq0Pk3AAV5a|gWWHJ^oDEI|d7&v^2^;AOw^pf%4<F&<~%b36S0
zpM8}F12>(^-Oi3@a{}r3_HZ2-yZ0?IpebDSuV43gi5tl_O0f8udu-?5!ntMtx%b%t
zFa3qn8^_-5q-p-yvY`W?zW4yl&$h5%HZ+c*kktp>P15GB+qnYQD@V2&*NW5|rLfox
zacro=#AzmW$fSI3I%K7`R&Sz%T)8xFVlbcuQ}K<8q>4;T=Tzz&B{Psm%Nzu-Qqh^%
zPn&VYwAf;EJN>xz(LRk}dc$wD8B}o~W!oAs<5Qk<cMmUoQmX;xy<_30&-vLBK`&Ou
zFJ6{nsLwhzB?p{!nr~d=G50GX!#L}dL<vZ$Q{WQ~3Ij9Uj|R*|Kay+j*gB08^`Vgt
zJP{SS9L$&fU=MueYu7Un?f5_a{YS<4=@hJP-24ut13;8GFMZyFBACfG{n@Wy4;Nl?
zYdq}N{?mQoe)kmHb!TD{p7Yof<9A=W<N$p0%0n?4@5$$Gf%)kYew;1V#DL7gRcn-;
z)&ybqa#q8`@K&o8g_*4;2v}>I0-F?P`&-*buO)BqqO&Ic&R~%A967q7j4RU0xHsn<
z*%sD(NZZH1iBj`RBUmDEAb5WBDFRBO7f*Xg!QZWO8Uym8t13Q^zJJk^Q-IM8y8^uK
zeSHSl_IU@deQuJV&p`=J=Ps|JXYj_F0ZbcF6q3@9IlDPnD7KmaPXNvbk_`y@F1`!W
z6N>ky?f0Gz@O?bzikryP_f%9IuY})t#@X>$q9gCZAKEA$`mKK~5|yMUN#PHE=7-G&
z(~l4S`M>4nz33y)i(g&vTmQfb3A9m%eebG0oJDiSsq^qlFaHEmjb-kW*Zk%~;R!0?
zNvWjcPCj8XY@U+=M1^cV@D)i)z7{3!=GhKhbNe!b``h0?0^j-JQ8)*s^z$AggW)=~
za{T2dcSR{n4>?5TZJ;i7o?%3Dgvv=E5MhOC_*J7(qy=R6Fh@#oKFfwlG>vP?R8q^1
zl{cR#gz#)>pkO9QFQviQl;<<<t%D%v?N&XPvF=@>9C|1;IJGo$<CksUMnJyxABS=G
zmoBY%`hV`D1)M}P2+-pjf$5DO9z=@@@m-@Mw7p)zOndeo3P@l2@UhoQ%rgO$W`-+o
z4DjtARuRzjn*eP9y#m30AN`Jg6QJ*NTDk`f25KAO*8=nxK2f+kWy;XC=^T0vQXKDf
zzw=N6H*Lnh{*0di<FUklZDZ-mjp<{{Mx)z0GohK`<a-C7yYL2-$~Um2CmO?^MErjH
zmXw!CnKN{q<x!gfO9B6z=34M)FS;8XKw#g79QyL>7T{V0bfgKe{tO|~wT8jUDy$wo
zLaT7X#PlSGlhQ`4xEfZf90y*JAWB~d(MrKinOX}qa_DKrOTgt569o^|?JTofF2a<B
z6JNCin^ilN|C16L|B8l!5U*jhB`SsPm^0!Ug!6X8u6oUpSKfg89xb1F>R(4Zf9X;I
zxjoBtDgnm{1bYtYXw_#TX-vQ}&~MuyCw~hE6wwsgNcw(!M-`7DaMLFOI)OZ=B?M+3
zFir*+DWR4cW&?t<a_E@X{oRn?GfP+G?Kcq2$J~@<#Fuo*{T%M#B>o<cot|vLAO7}3
z;NcHA>Dc!WAqeeu2R`{vd*NB<ODY*jYx=p{NmKCX`)|T_I0zs3@-C3|)W&2|5DCbV
zx!;GyLkAeVlu@&?P_cbl21CIsfte>xLSa=pYZ+Tx^@^@vltJrrcv)yZgzQ*ZF^iLF
zL&g*oxGp86$LEd4DdWo_)s(jOWW`e#Us{`j<??18>xAqN0c>cD{B85;^Bo2I=hr30
z%{HPc#KD)w&dou;tTbic;RJL7+;h)Ql!7EIox^~}p9^~FyKnt4)r+8e|I(lKnJy9E
zCTe5Ar|Z7r=_S1AErZ50k_7+6w}eU!j@|@exSU=JH%Sn1Yu=dODE4CZjZ57}pI(Dt
zewc!pIP^b#_cnf5lKjT48ECYqXSWMqxa1(*vbPTpx%UP*X?qt=+L{{c(f8W~S6sIU
z*X&#cD-hn;g2Z?%A6bxvIYF!uo2DHcII^5MGqi9GKo)qP6v5=-1kRuA&d$K(+)QST
z;1|_G=(a15dQ1a8Pe`aUt43TuC?(9u{k0B`n1XeU6%{1$C1LHyHQQtEU!b)0QBo7%
zHM&9D^*hZFvv$iHmdtS^na!;C+{ctmW$Xc-bAD4<yna`R!}yDrjS$F5O4CLXn523x
z!Oyuz6YSQEG<b-@kO}bR?-<1Qc<(DDPmltjXxn#Klt{~YBuYb+q#n(~;K)%p|EwO<
zgAaZBhiK(EJod5>M{r6D%eT}!(^IVoX4-!HwO@d1Z#m4Ty!u7wMnDtvC#Gf?Xq#qB
zIC<LyQ;c_h`c^I`^U7zQ0(U)Wl8-$TrS-K4Xpx5L-kZ?!L4cxK)4jv{plmtVvS|wb
z%Ws|sTjnQW|KU~m|K4^n{$62Ag_s^eV=n-5N0C@ZDu!jCgoDu}gv@LkoKyR{R%;4@
zGq!yee;qP!o=NVQT9MhfjYD%=az0{+u6E+zW$s9Ec^l`QvCc*SeCzLa(cUS_-Ff#a
z8o+zs7l$grVQmLz188X_uySdGLF~{4T!Hk3z-2s{Hac$Kp_Ea<6zBZr<q70;3zFWs
z;z%2DW&)>hSqCrw`Bt=flSC#f$79Y;$Frp+NIKZZzE#0<e^w?mvf_N{dldqE7P<M)
zL=)l@A9)wJ;6)!rQ{VC$C0qLB&WJ~I`xzW0i>pI;`29~@WAd9qDR|P>F1-HNWdDJq
z13s3Dl5d_%6E7)?(v1$eb((7CXG(a%6L-KqeAaLH{c!EA3-I`dp2lFNZOg_9{QDGm
z?<cR~^$BDCqH}BXE6doXccUbOR<{Fb4RDBn12w(n0bsF-GOuf%ag?`9EYD!eQ9y{E
zPE#&R2kYQArys`vwMo@;@3q#ZOkm!7crC}yZxFI&+(>ym{Wy=dQq2lSaM28qZ)E*=
z?-!MS>pqf{COK`RfnWz*abwj0w0$S970?MZ!0$UOsR`KU-lM7beervhJtEVL^KhV9
z#yf%d(PLJX_kD2{_Aa#IfNkn5E-41hrij03>5K1OwHKxRHs1Bp=RJUbXd~y#bQa9i
z=}y3{dwX#8t;@`ri95gQIZe<XTo|HaxWZDBEXTL)>*Kx=OLf}ra~dj|_;by*w=$rq
zq;KQVEJ@aA1td5)U3M)ALOG^G<<2^tH2?-97zXGuszqCEwmRd>&dM^_*>b+cUW*`3
z0!|`Q0yN#w$7t;Mqua;-X~aMIM&NqG2L~#hVO?Pq!q`RC7ykP9;CWvfuCYJUHEI8g
z{-P)RIeQj*kuP4FY|<o=_hsj^1kbkIeoY$<l2^W?zwSNX`spD8KD{6D=okHEpQZSE
z$G;67HShmAQj(J%1D%a$#s+4mgDxH!U;7vv9si%-@O8Fw<lE&4@^^jsipD;&LDQw)
z@(;JN{ds)5=C&2=i(A<0!2v;v#y5TBR=Do=)yA<aJt<Q2IlS-wLo2-R08)<6|I^L-
zT<OQV6weVS9epo~|7g!lu|f$EQwi9{Dr|r^Gli1F1TsO8Pjs%SE^@oZNJ&tjpZ~i{
z0kXqPfywDd&auY@_7qC#yBv?M*@Hn`-tL$zWzBVuwGpo+>A&YtmKnazOtJ0+?$++V
z)4!d}3iLzZ+<k~TIW(Tzjtd$S%?jj%OUVWKdxjw_-tZaxFl^3tYqqfViIhOjptWQB
z)+yMFlwd*4f<nPPD}$%p^=`UPfHB!EP$`_?xQ^Y2D_HG^q&#J9XO@bN$76Qi2+L@$
z8&o1)Ng<n_Xv4|J&%tfG7hz>k#~exKvo4p$5YZ{Kt%LUL987GSi_*8M^X051kcf(`
z(^}pZFhyH!3ALcnd){YlsUgA{Xk~C@nLYq%-}x`i0PPw&OxDcq4uRM_wmE9=2)NCY
z;Ep%tPCw2$iit5#(j8pd2Km_WYhEM2W_GtoFS7GicYhZKi?^(~bz&WwQ|Hz;k~~jX
zdr=TTZ``sKwjO_cikWa04;?r|q&qQ@-7hWMXJ$46!ph;paOjq65nyF3gX^+mI1;av
z@0_{810*YlKAPbpAa|a^=PKJ`38rHtfWMAXmNHOm?ZTq;jm9;LhAlB2?H<A_K!Xb9
zUKUQO*Nsk^;F@c!G`L@*9W&)lpU!2SlTQTcm;{nz4u)`y&&NDAtUV{6I`q77N7v3q
zYd*U3uhs*0<bN<e=tFF`_;}ni16d{w#sY1!`!xgC)58jt4Dp!kQ8;9>-JOWbG0VOb
zxI^*Gl*d=-LOkM%$RsO0V?Bc9gZpBIes*!Am7-uU7gB);<Xo<%uY*A3iP8j%+vaD$
z0Wm$p4i$U1N{qvjeWKO-Ey0#!GAc>Hb>rO>#I8(_pHd<nSa5jA=t9IDy_PPDRYJ%x
zk+rL?+0z7T-slhqk6yHyhUA)pC0@U=ZydBR{&wl3JJ#_z4>Ku#jO*vm+ZY=exW_KN
z<^s{W1Y^&Zw--qiT2P)P<}iWWt*tQ!5E}P!SuHD>)m`?CB0bwvQy>e}OWsVh1~BLp
z(7s640!VIR+SOZHfx*%dc4OBgsU=+mDT&KV7i$G2$<~(S+n6Gy(}9%hlClCo#n^FH
zNc3W?0W;;!xooAi?67ewn<;)FyUuv#jJ2h-6R<U=%<r3jwrOI#)8gM_xQYJwc%7yc
z&w&sHU>KKn&;X4+PlLiV-bnU^#`j|*0U+M^nDIel;9lnzjq7D5(|Aw=q}2ch%lnxE
za7{Q0?y;(#>XeY_Ri}7JQEG8u#1U*$uiS)IvhCxGc(nKOvcviSUL~l+O^mYBRJtmt
zDQ;u=z`kguptuZL`YoV6n!-hC*|yenN9)|-bN7Z!WBLP8kjswL%k!N!6ll%hH4eLz
zG3I&AOzI;nW7{=^fQ{DxVBSA({gt&t9%YwKNNsMQE*oNaosKr?mG6q33Tq{J7)L)q
zrtRvn*>P(mV_0+gv9~p1@>s`(=J9ZBDL#JR{LiosP025BGh=^wFAQpV$)Nt+G(dy4
zlZ&%jY=?C|!`R^Qoh}TqbK7Kd4Vtmyf)qA4>w~U=V$UR222s2Q%cuk{9nzwS%B?Bm
zyJ*4O=1nlUah}T})aVYU!tJf;IZlivmvx1p5BPgXD`NGejG6D2(3<E%BUVITmLvG8
ztdf6xmyj}VwCG}E_NzmKrpaK0#^xXi0K<zeya~--%cY%zb(Em2BeQd2CqTMME}d<~
zBgl?3DIP(RT`PNp^}&4yKwKB!?hXzHfQCkVtZjTY$flN@c2q0-A=GucapZg{V>&k2
zc&3ZqBPQRvw4Z*LBn?B}mSS74W4T#5cQhPvmNmq>&A`vJdT76<KuHD;Ibuo@>uftl
z3POQMBy90M)xrX}QQ$QYTN52<p?8ucZea`ccwOHxF!ia`+F=!^cowo^ic#5eIdhFm
zhSVX8o{L$s5Y4n!#v!I>It%CuIw)i-*PyvEvY{zL*NhTqNaZ!s7S@8i$wSAFPE(C^
z3^XZ6<HGBln#}+(_W17321OW~zhDgD<81-Zm?84rlz2-v11>0F&z~31i`RB*ZXan!
zNVPul_n~FmWPzVBrb{L;a{_5LplU6i*k9?vVBv71cqI><LK<&~)WiEW(j>`D46Ccc
zoz<jPv>eD%&OWXKPUlr5v1uXtc8fDsYLiUbX!0q|NE$gEm06}zd0rs{UCxUO5IGA%
zvS6>kOIO72xd~jeSYtvRWS!+2U&C0RL>@B+m?)jo;qiEv{m%Q<xK=K}a*&S$JjWY^
z=I30}A5-YAGbqyjCcx!g*1PdqoL4LRRJ#{Pj&ziWUgw&joa2hLB$2vIiE|CGmlKnE
zN2jaK%AX8c$Rrz=(!$R^aPdU4Dy$sb&kNgouEt->!j)M)XkPbkX+h2l6wTM-8r0+{
zp@lI6t>mgpG5b(PsUL7QsM}~`<`TJ5@pMp!XnC;0jpp66pWI3i^9vwZZ9oSB_rKMM
zws>o`1bGddGCOp6=be0vUcWPm2ThQNvEv#*59<p*v)49{%K$!h&xSw^a7^0qV@Z9t
z-u@&l;$Ry)wpx|SplL9fR9fe{Ii<*s&mS_SxzeIR6JWI{WXxIZIEdU7Ae}Qfg3_3l
zY^IubC{b7T?S%@taSel5a)6KYE*3g>Ln+WG>!RZxl<H(XXiZK?i32JSNlO740142#
zreM)dD_WIAdz{#Y**sZ8EO%h9m)gTh>9~k?TSi21;8OqV@m9suXEcVcUXIg=HJv@)
z$zw>d>155Z*#T?78rFWl-j-VvT)a*Kc)F)ex6qX4kWYLNA7TyY?*QES%m8Db?V$X9
zs@20F(o@Y&A!IWOMXY(2)~U^$wt-u7dl&M7O_h{7kORVHrG8~O2#EZ3co-GGVUO1?
z3`<L_z|G9fproFFK2nM0#bxOAWOdm(dp9l^NizXT@c~NSHUhkZl%kE2x;;6C&w$pA
z63u*ZP|<qhBLuTpP>LYd4yrba%taUfjBf;%$PhB|W0Z{bXQNWOoQ2c(u`76OTSHxl
z1<ytCO@(I0#UsEN8nXT4lJ{6rTn|_yow93&V+?}$E2QJxI>*?ny2iblvA+h|{8bv1
zXY76Q!H_?LJx6~3@oj_(A@fR-Tt3xf<7aecu5(fPhV^cm!8@0{q!7|EwR+%aaL|@3
zRCIhb9HN(UfgLbKX9E0WfzP#!BD;^u-88RdNWo2Hjw9uf>MIZNcW-qF{r*UckkcZY
z=p6Dru3OhZ4_~LV1f9t)diy$f?GAHhr=Tm^?YKO$3ssEgNM1aMd^vwZYI`n_&U7M^
z##V<zX@=1+cBkugA>+?hu(cfTuyv=}JL$wV-ydtf563<ym*OUwLe{DIDRv9Uzi)`+
z(72{dEG_{%z`B&9(F~z^|2v<#<YRy3kSy#@OS>_pAp30<-#<wd?O+#&&H5uRxX8gt
zA&lU6GPT>{Keq4>f2O=Z1SKhXfv5v5)QOU}rbU0ye$3v$R+m@DXmwM-S6z>IVIW$B
zeyBiaTRL8^*RNoiB>ny+RxoK{qm5hUpp7Ow`T@#tp@pr2)z6b>4AEyDVlu7d6z0w5
zVxe`eWLH=@UY(KkKwG-mW(L~KX3giSDYLPyadwP#VnfR1o#~*d;H()W$B^P7_FMCF
ze%rC}u}0Yp>Dlvl7?<LZ9UI0xiaGtr?`MzRxDSj8RlDYB8GN<E+_d5hX|4045;=d1
zG&5>4YCcsuD;Z!n!)uTtM~iAg04uL<_GOu&v?>vOhoEh5+RVuZ!-Ykej!_!7(K9$A
zkkh%kGM3lHIxWesg^FRvmWV^UGbnAKS{yV`sgMl;o`5u187hTB&fFXDeYo&TOBP5n
zdKhwgQfI;{q}S&AXfsHDVTheqtLr=p0RsUjrLm5vV%E1?*Vz$q=wJ<pbay~Q5)zK_
z9b_npf4XBIe+&RO4qZpmk6))bv!^dZSbL*2gBivK6~G$0G+I3h9GAw@vu4*Zt+bjH
zysSe2AWx1>(~!JDUIdb2EV>g@(54!3X6Dk%aQ)8+3}dEv{DuwaBA<rEJ$qpF;2v2g
z+@T~zkkaZ{5Hm&agtnB`rL|Ll!Hw?v;gA<M;@Z*el3kE-`D`c8ZtieOq8;`|;@If6
z&^nT+R(eNyMw&T@!q`j&d7A`XIm>AxtQDEe0GI0;Hc(_RD~AT%kzF%(Szb<dJvK3}
zRE<lucw;!W#7~{OPIk+f6mNWVu!g4O-{%7~zgoD1Yv}}+uB)}x?uee`UyYXc>A9Lj
z>S)nPDcs$73Inh@B2q=JMhl9yLHX3w%#2)zPNif}bv|TqOz7Q{wH3X(#8>w3hs7g@
zV7RivAnu`brWlXTgsdCRYaFVzL)PM!BI@J~Bzi*Uw2(8C#HGTG{HPr7p#e)ix$KQH
z5M3bt?6pv%Wv+;IM)^PJ5)}se(3IN5;R`LD%QKNr?UB;2LgQRpte`X+5kZi5Sp#7X
zp6xG!pYxZ&6f~Fj{lBt>AM^V=JMLd|+oV7LCfoI~CNfj<AEyf_TV2-@U922@_D~z%
zeETHS2NzkocDh}dnwo&gnJMT{DcZJVtPq$bFhngEYH<*!qy#bXASeq};Iw+E7AAKw
z8CJq$ZIL18gt`b-O0ho1w3u#;YNc9P9lhu@qJLAZ?6fYV3X!}n$9hv}F6Dm1e+|L>
zJ^1PN?{k|e0z6|&ANsxn?>#szN+X)%j^fYK!U}Y!x-g00?xMY!af1NoW!xyLPvfi^
zaHZIo9kkdU?OX~zqUFkSU8t@tMLQ_Nbg>9z2#Q%Aq*C{ei%e#Ua<b7Uq7j7DLyAI7
zRE}<2HaPOw)EY7=cfP+0e!Bhp-=4m42|ih$$QBF&5Si`BY&Pr<;V_!*+U-@CKyXX^
z2L+Gfv|pFXh$L2;I5W${k&8<d2Q}Y0q%%dkOcT6iWP`?G#MK5MmL#aunqoktkA-qQ
zxo>ij2NmhI97PD3l*j+dh6Q1a>gC)26Ex$e+yC)4<!hLjodpYypfUy&K1y*OQZ0!J
zsRIMO-$QD0c!>dO6_IGI?-tsm>2skg&@x!qV;G=aiLyzS7AY-IM;ACtX#G3r>Rk1(
zj&=2<h>hCTK|!rC9-&G=jb=d_bE-sG<ly>t=$|C-{OR@+-^fnQ;8n{8uOQpjCE;v+
zaBo%n<#?hG1C-(`D^h@_KuZNJLSMFI!6M@I7Gv$m;evEUltGAAjKayf-Bt%X+NC4o
z*5@;6%=Zp5SmO67w%cZgTwN-YYj&+g;iubw%#9ZH91T}xai38YO@w4)uIm9RiPI7Y
zg&^luwg})(6gG;iql)}gyH3_I6l+D%L12^Qo}I>@Npzk#9tbXpRfZOYs{+S^Ks1Lr
zjhbWFS|lJBjg<3j2@7EpA=&M-XgkAiiidWg89R{ydK8809rV-fKh`$2V;kD155V%m
z(U?EjCW-)J+wHHcvU#sHDRrU?t=!LLy4tkv3QF;^VyuvaC(swPG~7g+l}3e=1T*m+
zQ-(G#ryK;ZPAwxA+2S;R(ad*pYKY)B(_9M04YBO5Ewx<c{Mlu{Z8ZE8)Bo`{3Ll+2
zemfKg+HiR19$uurTpe&mHhB$6VGM)}^%PRN7dugci*d_gC=qs@d9-OycEsdI9zvh&
z%L2l*qy=!TX|E<c$eb@env82zE&;@0l&UO+SfLcwxW?4vSL@Qqw&gJs>ne&rfz3^z
zA^+ZY1vqpB>g#WTf63<Vaxz~h?A!|huk(Mp`3K$y0zS)n*P`#>&{2HWo6|nLzit1L
zcPJkBaHzj~#lOn4ueVhSteLHpa<u^#_Uwm+{Rd%nWq|uDwKI?KbDu#$(%X17Wx+6i
zrB$tH(fHD_Co!~J$uy_ZS%52+2wpOdZmz<W6~!V`@K}5Yu+YC?1l%R33+sr!W{;#r
z7TQ1vD%RuD$dJs13CurX>0CVG!B9T!vD}evegpp=zU4i~?AX>X{v3=xcVXlE^6`%V
z|L_L^toHaCbbb!Df5}GItnfb7cmH|qcMrNRRM*{%evg~^Z@Ope#m|f1)3a3{`vO$o
zzZ!nrjqW!*#sK=)*aBN3gu9YLx9ODQVS39v9K2~K(v4+VidX~n35cspJ;n$rfaJC=
z6}$x6KAQT96$Jl;uCWqQZI5_AQv58pPyxtE1CUos3e3xW6sqPO4AE=L#*|9Ft<*DF
zXT`Bn_$WXlx-9C4KS9PpKp-%WsPixUjsWA=p8+1H#)<&0lG`MuJANBV$NPf6eUC^p
z1TbwLkEy=?9jHEkArudPuw0wY#p8p1uD^dxy6-yDe0<;VT_3~&(m&?$>urPAznKRW
zN!t<!Uj6!;`5Eu%e))6#TW;*|s3fj}fY(8Ab*3j^>lr7({u^%P;^zf{L)QTBPRPRZ
zWYv%aSI;?yqy)CnHQwDgBV`Yqi&D99zbaGQf@H6xkXOMTTR$p^#0#d#1$Cro2x$zZ
zb(sr1qb?H5q4zT5G=C0eH~h&l4u9{vF#s6M2x0=@2!Uymw)M&vAee6kcfsRO;(Z?c
zSyBqCKnckpM=r>XcjYxArO!Bp_thv>X&|)lJbo7fK7K#=v$sQe!DIQpbR6Ati2I7i
zKb!{&=m4R8tzUm8&IDh__Ba{Od7M0l9)Cw00eD0M3uhiWzQAW<`jX#|o&i4tfgF#c
z8Rg%43%V#g#Z6N^x&fKf$P<Y6=$VakKoze!|4^5U6U7h}E(Gr+0>6bG#j=ZlrkIdU
zscR4l-7pR<*bz`l4727)0yKSpb@Kj+2`^Cv2B~@)>E9|OB`_+RF~?XOHl^hb@UD=F
zdVv3H3L$lH@gU@;N;?8dVSX(F8U9Tm9KP#A(0TJ~S)$hpX4*!d|2qFoJeEOEZKdB2
zNorF3?rUFy-=D$~oau-T8V23N9~@~49g}YXC1_3Hb2<Pgx_A06E<1*~vEC1K#;Gs9
z0^r_w|4nlLpTx$C&ZA9vNVPrMIMpw$;O`bx%PZ{Gra+|5l;;KPM+5OFQpIiuJ(xgC
z1}}C$)rln<41A){Nfx-Rfo#E3#-lBx+k%!Xh05Z-LrBN-sWD<t_v?8v;LBzNCo9YP
zwb5r81vkIqPe4o)KV>^5(u{iNZWy9Oq>Vcq1k4qFu92@2#fV!DDg~=MVH-;Niz63r
z96LW3ug5>v-2xR#_3Gk(j{DqMcjfau{?0c7B!Mp6z8CInV@gCb1HMmS1@~sTK1x2i
zUw!4(JhKoTVd;GE--a)*w~;-$NA)@ISymR8U}<5AKQqYDLkPOoH$~gAM-Y`hvW!#+
zx)Ci$j3`<?x(XG=K-=;VmSCWqH-&bNQxGRH(IKT!i6j<9k(WD;&KDUGQnOFiM;zj_
z4+a(6(g*lMk2~U6Z2|e(x*X}gy8VPm2X;0|Mgl<ll`rJZuMuRdh!Idx+O}T&%e;T6
zfTpRRj*p5To%8jJaf*Ksl#hFa@ZZ0C4|7!7=zIby(Fdj@sOWj57zJLR0j>LpihxRQ
z<L11fHNz8qn7nhzOf-c7OlC2hO=uha-6#3l1-=Vkn>aMhIA`50Ql_88)~7Zk2MH-+
z2xPJ)SCqLu7_s6fVV<IZaa0`g<5suDG1Z~nffZVp1BEm3XRaYloY)o<GPAEsdKvNS
zAxURQ5;sqFHvUWW!WOwVV@0irzy#)?65r0@<X*5sj)8&g9`!3n5@L@<F>wE9r~U$d
zQkzZF4KV5c@qNd<hSC+<h_@22CPi(%Yy7zT?r8u2&Xzyhzt%PXcebY-JrCX30|xN`
z@7tN0gf`ikhXaXs4zg4mNpfCT9`|*+ZRnuAndwHGs`S&}ZLx+BHp#3<<qb5x!|H-q
zfd8;BSuhgw<f9$B&R77QGhCH2X2SCo#1>OMmZid#Reh?AO42)0YU3#5j3a&dliO_S
zUvK}9eT`#SAb#BI9_wEJ8o(QWwx1-JX`^C{#FM!W2T9Jd)Fq9T%YvBpYF!tFtQ##3
zN)rA|e4EPQI$d9l!0J)5lS`bySI3NZh>jDlt7_FsAxQGqX4$Bd6@*;oRZI%VQmmYd
z8Q~D~2$R{u;zi0kvOSyU@ZbAJ%G~f@=%o3NxN)JGQKc%9*c^x}Q_YS_L2L=B#Gff}
ziGj@dhhAz#)8aoAVALBT1)G4l%9dFolr!+vD#_~RrQU{8wl~E}CzBif&_Ln!3>BdC
zEC%oxkdXnF3(Y`?X=r6Mlmtjd?s0qF|0Qe3zt+YQ@Fy$<|6ksS3$JoAZ@~-86F8~h
zVujWY0%KKMd@@8%%qdlcB*e1xMUW1baRA`8=4U1(LtNKA6k6dThH8T&gRfSnh-R~Z
zD1sJ2$2F-D)D+p*G|@q{Im<=Wq^D_VysMTPd)XQChh-9nhLQTG+kceJK<Sx!w50|w
z$1uz4Rc5nguB&yRiBeciCaRQlc;`Xrj{;0@o|Ujrb<%`9hftL|!x#aUJdJd1wpxtD
zY9W>Wf&XTT!m~iZmW)0{238?vgd0Vv&4d@%UldgPaju-(0b|Wx{8<hi`04iVe_P=k
z6yTMrIP8<maw>TXPPy_7wxCr@DTaeH#?@=sTUv#KyN^IIJq^>_Hn2C5l3HmaslBo?
zkl-f64w=+OHRRduVulNB`Ct&&X2l@)x7d@pfFw~A{BBqUE+APcMGDH#t6<#Ofvxl6
zbL(8l6hfmRwtb?1U-;?v?|=J7aUx4fs(vJ(rJ{?n0A`1B3Te?F3jSBOG%t<pBpaLn
zG(@#)a`Oi0&P{R9(g4kWR8ov=!$%IUz{>If=|Uwrg0<G+2qJyiK{KqCZm8oW2)GI4
zLp)|gzlRclWVJ&ATU~S@(DC@)NUv+kBZsm&mqptdZ_eD`@<9&%yZ(b=%Jt#V?H}>)
zpKkxYHj>O=Ebjsz^>;;_jMx!EQ+cbaOHDY(6_RMt%-QW*p?7pqL?DX1{%Rjq(Zsjm
zxXmy*-(iV6Io;)i04^Jb=k^KIXzidygN6uh4sfy{B}E)LKbVgfK4yQ@ev|05d0qa3
zz)LF>&_FOV9s!vNiwCf}fy|q=95BDfBcFS?!MPiB*{#9(8ah3$N3LfrS+gUL8F6Fh
z9rOG<|2}4^>w~YS+lH~{UiZ@02YS+)=fgjiZu<s=(dycFA8QCV_O9`>rD5c!=zX`H
zbh20os$pD(O498l3a(HI%2o!70gkImxmfp(?ZbuFjO|J-6OOG6#90^7Nwm1Q0$o%F
zTO1zh;(ZDYLYhR!3A@QFDkL*R#jy<&Xp8PncNpwL-0!tY6jf6qNlo`GxE5ZC&*gPR
zD{BkK_aOihtyt}iSQ;~t(8i-{5zqE&qh^obpo)tm6=kxFa2<}qN18!YDOOGbh`K=9
zLhAG!^*J!|j%svzrccH|73*MAI`jay=44oB<YfDf@j1OpSX0t$9ON;|&^4)*8y^Ls
ziBUe6fIM8)<6Yi*kXL{b+P3yZ>>hdixqTqhSacSsf^L=kgDOHK#mub5Am_5UUcoF+
zDgi^O$f4ALlN%CXmyaxQpOB<1*hEK)n8ZTUd`<&oh~OtlOfer+m9#@~94LW1s7M}J
zT0%w9M;kJE7~ATy_L-g7oFWm-Gyq1TD0<6cVR~VTCCDHMV*QXrTwoiyWSDC|a(0U2
z>=)-#C#oGfm3(d5NMK!{HKbfvE1}l|zgu&Dh~KCCu9f1@_<rp3IQXD>v*t4e2xHR^
zKYu+YtwWNQW0#9t)nA11)vT;KMdO|UnsE&IbB|wDrv$Du2PAn)t|w!FX(WD#`;0&P
zLI9mt?Jq0`u!2}@oPb(u0d{h6_mTT@8k8<(WY=+(dEXpY1*4#U&nsgAgPed%uJ4;~
z*bAGtZ-B|E4g;;=WZRYiTBRrfl+G;*8Em7GCB_0vT6!H*5IKaj5{~R#mCZ;(LtL2}
zPzI>9ML~nAl57@|*5&$*o%L+&q_qGKnev!Vnd|bCaa7Q*T#B1Sf(#59NbDN<i~wPM
zI*<>#d|%^l1-JufjKGlHXZ%$AuIe35&V&3rfGpk3Y8LBtTyto<{9W`psB_yB6S5>5
zfpj3@k!&w^5Tz}f$-t?bS;~IZVgitC6IJqT<tPj9lyU+NmQXsAg2n|Gk#-OlCaVW$
zqp-=$!|HO6A8_-Ic?nWNOUL5DMQCl`2z$}WF&qwI&+Ug`e%mZ;*f7OWZmo8qp29lT
znxj$4Rm50$kX1tlA!3&6;jJw7nH#q|;x=b4PXoaNQxA@yvvr-p#}#NzCh%-filk=x
zWsSLR$7i5fQ#{U2SO?(oa|ZAnAmbnypZ4=3+?wmV#(mr!NphFYJJvDHi6Jxr?wSdk
z_MA0J=<z8{;VbPGV|d5t2)HQOQ?!|UU+Xox6O*zk)lgy|%)RU^QI#aE&MKBv%92+b
zT9&gAX~%cem0vllnx|(ENB14VcNp^OmYnU4N*^s2G}Ib)T!$G!KDTWnOZnAd9}eAq
z09Fnz!0p%E4x3Irj*F)+9A1Khdlwj((+Fy!2gIFu&}XS6MkQ>?<EkghB-NrOTBAXA
ztP8NTZ;4X4x;he0uQN=(zLM3{6L4Ghw@>AC-8voZ)<YjOPZ*!Za{z>O&b=c^9{<d#
zN+yM6REDNl4sQGwP2~&L+3sKvgmKQ0AI4IyVhP<i$yrip8kw#!*b{#VYv+{s9oL&f
zK*x~GkZQo$%ByMG)ePx6#EcNHMG|YRS<B$?Qjxz_-b!m2t{h#~_X&~DR(>ck9jy`P
z2$JWJ6upBhN5lz20747M5W#=wmc1~4>UNmfIE~8XGAtZf;ZV*torh9&X08jSv|5J?
zg%463MiT~FwD2btwL$vB@z!24%(<`ioT5mX<6aR>f7|lO-fB%VXzH;=gR*Hb2Y3VA
z0n*Z1<J<U76MxOwwqX+FUoKrYb$oMLwgKSA&b9Ij2|unOQS)mxp9`QdBaIEN^&~xQ
z^<V*-yeE6lHCSyP(>z6E7{H<_99P`;alK+$=Y$J}YlIpfrIkxX5p?XPwgulA?sbYM
z=HSYpZJ=Cy6)A>`$JLfv%~lJtssyqD(*Qw99eRV99Lv>5r%{>%l?@)ik=qWy#*?;!
z+k~JdK=+1xAF@jHQ1Z@ino=;P)di9#F$Fz|ATQZtNV7!nUQ2~}1*>$vc?5aJ0qFuA
zt0|X}{|h1Zi2*J57RC;+eX#>!eMy`H!4A$Z7}m}PjqB-8V?Y@|vr9FA(l|E-x<Ce)
zd=Q28K%3or&6a(~bOZ8QYxZ90{gQNTUaxs*lH^u7v)!4{<23UFTvXcZ0(6!wuxZP?
zG1cIOH+?LI=pcc<)+$9L{g#m?)Nzt?X`nc9HwXP&LPu3<mJ;Ys)&C20zPNT9`irZu
zu=@~nao;o*mZ5qcL}R$I9Xna*CgO#JG>hrLXF%e$J7hIMn$p&q(LG%fL)tCb$Y}=)
zd{rvV;$v~uEQEb5G!xe8L)Wy&!dgk)090eDZd|BIF+yk#fH5Tr#-()gum(8RY;Nph
zu=B&%VQwvO*OTDud_N+EFbaWS{g<9I4sxxw=3L^}_Px?3dp}F%@1jB&GdNTMbaClq
zp&MT9(k5ZWvEU<*jB&_?nDY2ZVla^7Ochy>M`JGnC^z-unM-Ncu|o<kPLh$=Ya{S0
zyv{1p4FdY)mN|Zr#ly?!8t+4Qief?>96GoR8#hn!08}et*8hQtGu@3OwJ5J*b6#B@
z@bh-ME^Azwp4mJZLabU^#PtpJT6yO+%vaE?qy*p^Q+U?LiK=8B3S-|v{$1k&`g)D;
z+%aiLeqFczrPkcnt+~b+z^%dZ>x~T{JC|3v%0^lkYm@XPj8Uv?XoYl`t^ZAbcPFP5
zkg5bKpq#UX<9!^AHUo%#R{&8dXXRibC$*a`KABIWb-q{na_gc<{l`0eS|yfC6iMj;
zj+bU`Oz|8+sREi55rn<41d9~cfq!?9PfsJRmr-)}(9}0QJHe9n$e~r3pP!8O`ruOe
zTc-^zVH;@Wa1{@nKCS1n+~=8OVxnaGHRHdMwPtLFq`xcV&GtP%Tcgj`lT2Ah<p8k>
z(>f>$=yfFNdbH96)tb$aIR@}G$E*YJ(0tsrm&<06>|;Y}=GV9Pi}v>6B7$Pnyjf<x
ziItL#FKQz<rZ@;uVn;CJ)@n;}!#b{wEvZdKkyex9+o)5;mTK@?O}|zE2IsPcJ3$sO
z3gS#zU0MaJ@M(%C-?Y$KKuhSF`GB63&KDCUMal_%VCr3nxo~x~2uE%|2=iPDq07%d
z?2AdT?6laDap>R*a_R}bhL!rtYu*{9kU=B-dN3qO-RJk5p6c)#9K0S4^J}NkcR>r-
d_?UeA{{!Q3^Px>;xCH<J002ovPDHLkV1l6aB)I?p

diff --git a/app/img/no-trace-200x200.png b/app/img/no-trace-200x200.png
new file mode 100644
index 0000000000000000000000000000000000000000..ab1b40e474451726b6b3abbccc8b25f58a2d8c6d
GIT binary patch
literal 33043
zcmaHSbyOYAvM&z7-5r9vyIX<<cX!>mySoOr0Kr{?YjAhixVyV=9^bk5-247`=k2v-
z&(y4{Usrcm_ms>;{!oxcg2#sk0|P_)CL^Kzc^>}ffP?t_C+FiG`8?sdNNT#M0L)$7
zjhxKDL`?z4W~ATjj4aHQ&5TSv9Y@Rrz`!8MtyDE#H09;^OaOLFM*r|IdDuC8N`rw3
z2zxjfnb?@QkQ$p=SlJ7bU$%FXlUkVyl523vv&cJ$n^{`PcsZG=cqyowc-ffnnvx3(
zkqUV5eFE5-xfqdp*xA}U^LYr8{|lGz^ZK9L%;cp1VsWt%B>yj^H06JgiUXX?NI98U
z7)@BXSV*~8nONC5xVgC*NZD9eS(sVam|58vS-JVx+4xvkNdNms{@I$7sX3prgw%hx
z^+^emTe`S7@G&#HySp>FvoislESOn&d3pcAU}Iza<Y096w0AM`V6=Cp_&0)tnX`$L
zm4k~Fz@GFUL?dH>tBWA{r>6ha1v`iTfwg!3?_v5JFlG-U2WD0#mVdhRZ$^3f|39mp
z-T!bqyC|FeufG3JU}sfN2Qy}6GiQLSlga1AnN$4Jlmnl*lbMkVz)2MVu>JQa{;&kN
z0GurW4y58LoTTzbCRX<U(Es9>m*@Lt@9bh^Z({aMLXi9ufyv6sl#fT0SAvC|la-5&
zg@u(>QjC{Hid{;SSCUmsOiGGPg6rS15&#odJ2QKif6JQwuPobtl>NsP>>NH@mN0X&
zax*iPast?q{;SJ;R{v2K4ypf$_usOn|5+E7|0v7+sSNW!6Z?Nn^uKR?TF*b1|6{hF
z#Qzw+nf<4=JAIlpxc1}clJX7zCLyZov2x}M8=z~p@Zh_-S~7JuzIbNOwQMT}&*_3D
zs+37OD<QlJ_z)r})%*bkg^8*JrG!aP5QJGIi=vE?lpvKPzq#T5GG2A*Z{O|ih7rsN
z?jCV^F`mQkej)gneJF6qdnj3_O2B!W?)g?h;&FgEE?|ymbHHk%$sUi_m+ATcBfXLZ
zBc9V+dtOg^JFL3Ch{>oed@m}up)<#g+u!;osl=fsi5p$eQ-2myHi5f%+EihjAEI@T
zZW1p5YB534uCJ}D1DCTiHFY_ES<3YW72)XXCQjiL&RmUu{Xo%+=k`KdaZ%N#HQ;#x
z7IuLa5EQ+Ju7gPDZ6R~dj?JbFUf&7wJkCabPzvm}fgn*badrWg?Xxab%GEv~guLf_
zJ8ouuAFw{T-C)*1=fiQokJm{l4!;KgGkVmt2bE0*Yo#FhopIOIpBg=nb<Q+r!dLej
z%os%;5MvOHz|HV3;aE^b#qzHo4Byngyy0<8RBO_KOYHL4UlLLmS!vg425pX|(53UA
z4LOx2QKpTV#T>(f^^`;TkJdx1_6dSjH)=BcCD6L{;E)d&-o`O55YH?wA>NBIdZ!LD
z6iV~IT)u3*PbGK&=?xM4N*HWz$uie$L2vjfQ-_!X-E&-ab|hhKH<t@DJwEy|;`8Qa
zX69C5Vcy)CSwePQ_*`#BE>R_~fhKW?;bM@%;vBKP5eIIQyvM&W4D-U71znD3gK?O(
zfE$ZkT&x*m=Bq2(io)lZtdtigfr_G$rf-cZn_t?46!X?MxOg*y`45q-bpVDj(2u@6
zgxU{#!O_@^=@;KCqROLGuCN7OUSQ++w;KaN;5f0pgLRr`3mUn0mcu>|2soQQyYl%G
z>nB)as#?4|>CHL;h)v)mCfn>+tXm5%df|D+CEy8Z{zLqmpr^t|y@wndp}W9aI<@E0
z<_?uPQrW7vYxm|H_X}?Y;nVl#_dDs>*!xB5t`47lXdIuto?sNvtza_>5>od$k%jF>
z?E|nm=W1;Z#o(rjzP;Jr`?PKdbTuT5M@U#Nu!$IdpXaSQX4Yajr;R00{jsgs<-GrA
zu8X6h=-Ge6znbA2ry~|Q*4rj`_w~Lf0(NS&<N%yjJ=)55vxx7E6Y_>qs3b@fbB#`|
z5X^m-U*ViNh+?D6Zi{krL7Q(E)shH@BtFwg-^n&N7QJ@93<=)fZR%^)(P3ie`J5~#
zEBa3DZ?+x`Qy{<gmk1%}qisNZ`5Y)e1hPuHL1Z;OgKodwWJTd*W=z8=z;wl}6eq(K
zwvP<Y`A>KGS8GMUM=bY-)7*rxzn#frBSE(7fmObY>JnrtnMAdGR&&2e9X)e56dKW6
zf)RJotWLb}!%X;v-*)Q|iSJP^1u}okev9yi<EncN=z#*|{rIXVoXCHzE?(H_vSCWd
zbw)CeT?|YLMd(iBX@A^3PcCssNt!r!<o9LAt-WNDN8IH`{drCN+kUE!ANX~3YZ<r@
zT9a=3#h=Hn!@I}a+YMzhSXijYf#Um9lJ`@Lh41&VS*9II@dOYmCgOdfu#DB7UG3gF
zWvX2Vufq68By@W>o1F(RU}FyZ)?8VeoHd=DNV-WRJz#JCC&v~wpbeBs{>#c+W}faJ
zG!Toq{LPT#r6z8xB%rHsNNkt)hoxqQqZ6;CZ`3~f1yfDUO~fsx+eF>(S~@mk6%`u9
zZb!X?3Yu=~6*cxAc5`@_LMb>ZB^{>{S9U1E4~?ks;32~IKa(#yPIJu^h5xeLB`Y$`
z$**=kymB)c)Sawc`dX;3+OkmXCRm0YdcH|1=xvsUBVSPFR98&>epf_BiqCdjgmwoV
zckMIRn0hi1#=q}_!Y{iHK{dKQBVkBcZ#p*uOS5aGxcNgUu}U(S{%?f@+^&Gm?Kb*D
zxAENU@vif#Ax=&%pNnXN_M^Ydx_A2k7dJOT=W(=9vFEy>Jiem@af(D1sCpFtJAdJq
z85I9FjIbeeDE&n0OaHBzR%i1(uN5om&fR`#67Tx%64+np9?Pn1j>EmMfg^tR1Zf}J
zkN$Ad<X5S6iHSA7@3Xwl<_3<-OTFQu_D@v52sTQ?pgl5SQ81vImh?V$Cu*ud1I+$u
zGW}m9aWk1TMup#>Yr?{$x}6tXGpk?AV0-RWtdwQ2oLlRdefQBtmSg3Swv@n*dTw)a
zoC{|9->O@$yqVGtJ>3RIIroj5tb=~1YB4h4SOaVveK$KF*HKWB5-?05A2%LJiz))H
z#mTOx9)*2|jfS$X;@k}$-$^R)>qu2Oi2Ywi!U69C02JXf)VN(2-@)34uS+7}Hz{T)
z0o_+SQF-q>++rLJ_UkWy2)MM}Ac-v}GVdY9DIV9oKg3al55g@6jA>DAP@^Qo3@anz
zgx<DHnn63<SGsy_7bDbpexQN0ny#I!v0UGWQ-jypypNl!dW*dHA(QO{8Kr#hOK(FB
z#Y;s12&AGY=(-zU9o&rD6c_U6l&houWC8m25D5`k@O^v}l>+PmT@uZ<Q#IA4pwB`n
z!d#v&jcYu*`{d;Ea&6f}$~4Yv7YAmeQ~*2Mqu}_k<1xmR&B!!D?bsymP1pT#(SgU5
z4XxgcgX)U}>3N!&>u&J{!iGDSAx<y?BWCwUa8^$f*r_Hce$Yin=d@hSCbdQvDeYr{
z^E4|9pDaM=ZFu){skTtcX1J`^06uoVrs;nHZ?xH1GxPU$d>_29ZMqt-$N8Jc^6N~;
z{(Yf3x69(=0pd3@wpM0!Mf)y_yYTfMn?s19Lju{S!8`4raB>lScVYP<!$sotblsbO
zJ)-NjRK3xrdU8#jyRz1KetFZ$F0j~5PY-4C@_sHX{Fu$YJ*DIKF!u329?Cj5?DjaU
zXv*CAMv!LkqV`0@^uezvxH{DxY?nfh6~GfjN}5br@f}?gx1TxSW8pjWU+SV`W1jwc
zxjNMyQr<lz<u2uFTur2m!RlilO-v8s2dZysl1gO2$bvd?I6#VWh7m59ksF+pjM{v;
zD)b@zRA2H|a4&hU&ELR8y!bygmhLSD4$G6guZR((B(Hmi;1?|3d+2C`6&f|3hu^5d
zaJw&Hh5fFd)1Z~EhScHY48INM6K|ccDU?Fk1XM7FL5-mWjRhiAGV(4CZ}H^9z6MNK
zhI`fnRXwmWp268R2Bt;z;U5mv6Jpjg0r{J?YYSPuwK3ur=@*Qv3Ot||gSV51&yALx
zF!sXJyQMlABN?Oht;5r~`wQBH>8wr6f`M?x%i)E7K~SsN6{EM8#)N$dh!+F?F?I=p
zVPSs$=a?Cp_Bm3TWj|>Q!3q1jFQlQx{J6<rty>zw_oRG?TAH&?D2uI%r_MQsaRJcw
z5W#CTH0+&M12q^2yE<o|$;5xTWw+_9l^H`ZMxSKQD*>P21_FdtakIr>El8A|{GdA^
z$vpltll9MsbzlAW89#n9zcEoi8!=8du7Ru4fV&<J&b@h%`Po_bK&_9^ASdnK+kQp!
zul1Hv+E;de)Tzk`t7IBOi$8<hCYpdz77Gb((;`}b5~+Nvj`>C%E&jpkZg%-^?u<(q
z@^8)fc(+vSwCfGjrXY**dh0-y^Y*uMZ_DQ4oO-#Ra+i|{_gcmG=s8ChQj57Cs|A#|
zR4i0D<QX5~5sY-{_;c1SP`R*K=&U32!e}?-r8bn4%#<zuKoa>g>T|2_7mlDbP2AhT
zW;%j<)K}(^Vn@EfD;~AB9bDKIq?Q{KfAn#fAh1abj!C0{{NPx$DVx9E9|*S5p21l^
zq4QZXjTuFsf08(EAN!0G8yikk1R9_gxS1H`QnQP*)nBLKkzf0ZI`|NUK~sw@MS_2Q
zaP1~=s;17b<!nXC4)`cVtTlURODDRrbT?;R*gV@dHjz{L*(IGtkqV6=_6(jy1aHS|
zPDn}0viH*2ZK0nUtP&dzV=$zgeNm)@FRl{xwV<p67hOVMrO~)fra_Je^Tpkuuv0BT
zyAH-g;+#K)!ikuQWvE}`+XH*sOv^Z1<uOqL=OCmJz9(oDpgjB?eIgII9{v2~ikiz0
z<^vCD5_j1je}wemJPQ6I!zpeo%rQjlPhMQY`Oq2jAL%iglnOQ4Tp81oIl`fRC(put
z|EN*VlRiuA!<IP(@58zw!Yb<%!w*st^hv(kJ57PbxmD?`$F;6U%_8IDF@u-25~1sD
zP8)8YHS~1$aerXt*{zwr-;-owiVL0RYL)QGktG2U(d*q|SH0D3stga}(Bl03Q$yaH
z;pAD<rLODyCCI^@1D`b;|Iez8B?p`8Z-C!!^kI%~m@5BV?{vrGJ(AB}vH?Rc)&SSQ
z7BH1WJCRl-Ha&0(K6N<1vyuoGIELD&ErDC^swYJdKU1hK@Q_|81o{xVTWlu8iVNwr
zv0It<eZ9Qwx~=x!=JCwk3_cBtO^)nGS~6IlUAvo*t<nDT)(Y^wtw{5EFNlmh8@Uv6
zUnu7^hh6RBVsL=7t73HKGe6C=N77yn-ps|$Rq!1_B2-ECr-L&cH>Wk$2e)OFmU<{T
zb=W0#*(wMN8}FFp)i7`zX~pqD+<_*<Z>bJWWf=c`%9g<)V6<n6>Wf+*-z)X<>FaHo
zi5<ARx=m!UpFdgyvIbZP)AOtp)#2tk&Snqf-iN<EQV2#*vow)!H1~zg{b}O<A%%1m
z#E$6ZGlL`SJ<!~3e&48tQk&GA=kaDmop)FE(O#=d_r?76xA$zeSU>}Y1q5_9_S5n_
z5KLI5Oo9Rb>jBnXr=u6}(1Epvf763VUs_4^iFV}XLa4ynC4p{{ktqt|%>|`VxvD(M
zSfQiVAn0|(mO?71M`uFusucfSk&nkGH@re7hRp1W$@p#@&Nw1pYbVH_-dah*$xB^P
z_&z7^2?*=&vs)#`gIFS#8Y9YDtQJU%3y0`egHJINGX^FDEwr>-Z3&g<@e%A#gioAU
zz92z<orsbPD}DcjF{WOlKNh{SXUdf~rty_FMDj_ZCzEXE2$*R0tsEbz)bOjo)Jt(=
zZzrrlNkQr0H<K74lHN10`nP1(Sfq_Ft0EF?Q(zSsNUt(~e7GLB<KL$4m-N8_BqVuH
z>qPF=Uar2UmBqJH{N5uwkduOkG3Bc7M?=C053q-X#Mlo(zWC+ZxfmXkoIh5#Q2n1%
zmM(y;zK4?=Y5Lm4$k8cL%Xa2@)_7cKJ`@3+M!jv0ihngQpzJRvP7N?75$O~6CR>S|
z4_zDx5y*VziW%z*q96eH32V#CGaHMe*JsmP!-Mi!^eNwc#eG*Ru~~A6+P$_3DKNa4
zHCcr5krhp27v*aQc!|z$`3@m22nq3*TO1KO=rPg1)UC;rqCh#r3S6JdcHNw9>gzXH
zBe6lI!d9UoxeIqZPKzU3TgpM29v>gCHu;v&Xmi=wLL5F`c$2)mlU&YyEi>83e$4a7
z?r>RJfBe|7Xx{ljNWQfriLkZzxBb9n91A+%do|9dI$>mfg5OqwE^+w4X<er|HYTPI
zIygS$6l$r`M&IJJ5*zIO{XICVy?LY_IS+2gfCdwvfS^Z|YNu|d?m9NBt=GY>8A?5r
zR!cckN1Lhr&e+3vZ1Eh&XKR-}ty|6r8)B%c8T6vj-Lc=OqWIGDI@xu&@k-M2A?nbO
z(bg8&yKP+N@-!>1l^RI#8I_q^i{KV)bG3YcU@5;9;=zoYf!;h5Wh|Gfg))0@4<{f`
zee6`+h0-u2(G<Srt44)UNE6qU*41_Wpy?IzetjX&zuF*g&@8tDfRtQz!bsL3sLkHP
zVqIf%#D35C(k7)3NM}~RgJMlgc2jq0F{2*eo_oVmpT$~)Fl}02G6}#SwV3x2LfbDp
zNpb}YM`qrGgOiuf4!fQ>fxLYs@jM4aCc7A|KHG&PufieX2G4_L;^GvG?OR=*H)R&>
z*hIaOIy)JykuM5Q)Pp*!heT}^B{*Cy$EgO@o3&s3JV66kiKf!hOK1U6TT=+kU4-G<
zp&moqL%A=_hXzcT(Tm98(o!|8paY5bH;?zXwgbt7?g3ZE=s8B&g5zrOI3J5L-LMHE
z_nGD+8Sio{C6m|Q3IjcEA))6(SmK=Yar>2yKV|1V&3R562NzX_BDF<<ep~?lZN0;r
zI^M)K&saNH(8ELf)~O~5tef+u0dekv;}4pRL8;8mk9@^{Jk?GpfRF1$Tj8b`9V6G^
zth4cPoaVZ1)HlBycAN~W7QaPalHa92I;z*7(sE;grqYL^4kkSn-S6up+eM$QC06!T
zn!cae`O5v)W$!6qv+gt`c~XRjtHO6XE~njatj2fOskZXt^=-hxiyN@K$n{7{HGlOM
zJ$C#2x87{(a&5sxaw9FR=1kWi9oOpj^WAKrg3opl))sQr?%6rPQ-4W!#PYm8{<yF#
zq2`x!jjlW1C)iX_avtbr<rKi6L3b&5+gQ<cJ7H~g^D}w#`aZflU190{X32fcW3KAz
zep2XkJr6W5&0Vc?KO0Ste*MIIDM*2dT%o)lGpAT4`<3jp^)k2nZ3<S{<y>vEx<>Ki
z<w02gdHobNJWNqwyXCZ|GpPt~u6fC8@BWlq-)q?&T%X8!eioto%4#@^Av}z%cG$_p
z<lwQp^_X#p5Ipx_#3FZdt+P`ox$CLm<9+8)Sgl${ebzz}f&TfcXzIe>y?h6_>5+_*
zZu*RfLxcfUw);5}|C&$VeZQvTCFc@!^(S`yw*5fYb9sPJI=KC1Lv8bI>mwV%z+%7r
z&zMG~0_Dyn@9xhmz?*)NCf^0H(Efeo{`|ZOMc@wDT+?EHzOsbO=WxvocvsTX8_o7J
zNgHV&2d6a5tf|!R3pZI@fEGsx73+M5G>nGXu(mn?BabkqL>Ib==mYyvt=Eo>>N|AS
zB-`bN21BEak&DZR9UG9<*rmpR9@uzL1rUTW6nB5*x;m03^gFWnc*ICCCY}bKcX#a{
zQKVICHG{G?yIy+3NwOAZU3O8r-TM<|$M#1zc&hxlFvS>xYrvPu-~3)LFWO$bg~1r0
zpI5#be9T&vWX}s(^xo{(_-u*ieW${32W>w(07z<oo&I+3KoUduY1mu?4LxRizOYJ@
z)LG61x!Nq|+~>|2QoFA?YE=Jt8r2X&>HgRc3}^1%;fshwHMVa7jjC+8?j(Ih(5TWU
zsGq|-tA$Y|$LqeQ7Ji)*wCKECWADCdRkUAjD>R*4Vz-rKG;jcEp%!negN{m=ytcZe
z$w&I90Id(}CAoJQihf5A{1?Po=^WwCK)Jw-(00f91A;9agb#Zl@O^;U0LK0o`3R1_
z&p<(_Uc4Y^{9tKOQBH2dVST@0RVO(TS9j}nN)U2<YcR{c{jA;w>`>QZ=A-j4Cb<{t
z`NtD`-W!cXr-piU>)vdI^pMn2)#lTx!A6In-{Cbt@ZiE5^w*J<UE??7G}1OAIvRRM
zB3OyGi5u8`=Fu9^X=pN+ebUFkK=JW2Td<4be-!krcUuq%r3;TqNvd0E3y%BLdbW)7
z86LfZja_uT#udi%y#+wFZQ11cgS>IZFY)p4LRVb}Mi)>7-+*hp4cjX@{uf%zoh?29
zO^ySS8|8zK?2&Be1GjN&tFTSsyZlGrHxm*LkvwxkR*$mO)KnbM0|W2Fk$bks+kgRx
z(C~Z9u^n4@q`>uFJrV&|P*uk%5g<B(kQ7}+sk?J`Qp>JtLO!;3dF0aP^_V~rX3stb
zl}l99#^&}$L!CD!QJTbX{3xRHuKqNR{{e0|tIK<zdu!1}S;71`-*9NYeBt!NWlFqG
z6LV+Ft{X&wtIn4a(r#>M8FJ{cPDz<<{A*K(Y%E+$YgJzOeF7t12yf~)cnw%3?`~uA
z#nb)7h$*2@n6EXQcFQl>t>=-EHM{O-@oMeJkU|Z;+ugD1H*lpr7x9Ax@zkC$u%6F7
zhX)ATk6#g7<veL?{2QNYh0=1jnDL5oEn%p8|Hxq7Evx4<_gL~nx5b031^bBzERS4+
z!Q7)SOrC%nF!LJ%iid^a3Ei6)=_(W_Ej|`W1+)ES;g6x_V2V-e*Jzx~XOo)^;dg9>
zxN^EiUO}_oAWv+e*LKS1Q!a)UVfg0`Wm<LmY{!jz>sH-VGrWLvJ^z>6l|MB>7GbxL
zMvkVowz7|@@jhpT-7f?3SA*>rU4YX?JBwV$mx54)2-c!>rbB1<x9f{b#@4&+hE3<`
zUf7^QzoYFEZu_;hm5t(zi|v|t;ZED-hC~@CWnLvXaIuvR&#azk?D)_iDKO97rX2om
z&*wkgFUv?<ytZj3rg6g&F_>x^X)!~)13rOCSYr-q^7LwS>4Pw3d(1b_6(h(~R=${9
zGGyj=H{!<ETb<oj*5j4Boezo9pcPj43oVOmTS;XZWEy7(f)J;AC)aOt{0EczEdCpr
ze`->|46|TwPgaopJ8p9=DSwyZlY)DIT5$}p{}${ckQ#XIlv%vKz><Oao+dE^G`o$S
z$LM=v1E<O=YPt_j#<r6BCfqjjNLT=LyS6>e0dIv2j*HsN-UiHU5$gS-xweX3EP+J*
z{7+ac7Zc5IgeDOAQmA5Ak%sM8wB8u-2Hb<zwxu5rMF#JS`<rcVQ2?LAQGhS#Z?xOl
zk*Di~7X?a$)WyfxyKvXDd2K^s9AAfWbqw-jp3}{@tJyJn_0N^_y!in_swUym^4|u%
zl1!RA!xA;(CSa$Zkz91(*e`Bx&!|-_;T9)+7ku8s5PqAHH!&%cCicW7oy%$W^6gu!
zjW6P;wi3YZ+<ko9crJN`93Tn#%#3-C;-c_A!Y=80_2<LtU-jO0y%bGpYBYO~xh3Mz
z?5v>N+#WCHJ=`9ouoZ`q4xbc3qUge@Lr?jD3IP7c1<Zi;ra3PJU0_O0H3?A`s^s<w
zeV5;8yQ1go_0ZbG+-Wbo|3_9<?^j_^Kih4^SB+|)`!E7~?QYN?ig+H(0t@#?w?ZdF
zKg6{n-_FmZ-XJdf#>@<;2hv^7{oP&oZu`;T?Vefi8kqN4Nyxbp0E?t1@yB=E_P3ju
zDGe*z%dp4`-rT(g4qr`wX0qRo3gZcVrj6l33G`P@<zqlgp<-e@w^55r7GSt-iephu
zLzkB?2Spm7<H=1h8L!vXcvyzbHB(f_Dd7)tp3syE^*r~<jBpaSt6OFPShR*JyHwYm
zEti0EcXxpAQR0xWLoctoJ`xihW;8@<$6b^S4zth};}G%lZ1fbQkChddTZ@fFO@Sq0
z_;~@rA_ICv{a_B7DWc7Gi)_skh;@i?V`bKK1w44*3KB)oZ%Gg(*Ztv`1eE6t_O3~Y
zB2w|mCECg$NnvE{!LY|mn{3N2xA`>6WnnJ=FxV*C+FN3~-iF|$20YUc{t(Ug*zc9a
z*3^e*0k!=hsCn;ItnNHXqDUovn>O&XKuqMOH4{0FqI}<5Tm@HP6uj#(QxpUWvwRjN
zX2@k3sqOe6DHx;+>hd-p_(kqEpH4y(tbLvfre10WiMl`L(wMt20}>0Y)G1w8+9TD_
z>ZoG-CM%hZ_4$q0lLs}w&h2Zi;sUtk=i0hDdV1YkF1ujK>|TapH{Dm6?OS)E0OAtJ
zkq~QF8ormX-p9y~P3myO-rEJxU|CzbB5~&L1o*_ujh+bEHJtPs-FKrEs5bZ~>~)%^
z=PO7Fqwhz>I=n)NTdJs`2ZMtL2gTB$m%YMx!7mwG(ahcd1TrkBVdRIm1JAeo(nHjK
zeyad*8L>r31J}<?tICuB?1-wbuO2ztYP}gh*fxE27x)!6QZr|96&ri{L4G&`xGLz5
zow-t{dl{Eupe|UPqOcI7sv(oC$m=HKkjoVidiru?G8I5XX%t^KY|8aIUysB5HoDK;
z)d4?CK5BkjB>?6o3&z4IX!^w?rzEYjWh6ataE8OVe>QkDh3?EkV+!ooC8&2hhyQhD
zReQyp^D`n^ziC*dsB=(M{0NR0P%HbM@Z|!yoCQHi5-Vb=dp%l_rsw+p`QY*8AP#-q
z``kMrdy1G+hD}diUSLQATaM^AnNr58*|`$2-})2<uFvReDi5HaP~rlKi3q&62e39<
zPueQFygQ3+2&YanyG%z4OzFNX_h2Y8Lb|N7mYCRENI$09J+3{H`s7i>3lIif&W+{j
z{Bd%%IDCuyd^*E`ZViZo#^2LT;=qo&&j8E}26gBObDsslo_oDN))N?t%#h7@OGCK~
zKVz014PTzcwiCOBt|JxwjXp!x{7!nP^Yb65(Hs^>hI;EAZ2_uV5&?xlEbH??I2><G
zrsIA}4~XO}E|2ZvVkr-2{}0lTBuk!3ONWx<Mc+c)!a)y@F5~In98E?@Y<&U{EKm-1
zY+1o$gxHd`bke6~S%{o4%+QN4Ln1Ca1x&$NSf0bp+s+K+1W7T<MVSgk%C6rc=7WPN
z9E|?vU%9;CsgziZcZ)^U>8y{SY;Ca+@|qno4u(9Mk|Q^<^9dp2OkMd5-ifT=@p|QJ
zMoE#!-n%;da;WKhW(Di&z0k&j#uAa_z-Qb;5Et(w9O9Xiz9-EvK_m$=v9cWQ0fFm@
z94OJI8EL2+1p_lE7%SYo;9y4T5DCKy$`0PlG6R7~{#k!`a*M!g>B`{&rdH##F_q<Q
zylI4PaDxa2cn?s`_$}xnQ?9PA$8DH|mpwhCKKx+Q-guq{LydSm7sua2hI3${2zu_>
z19;_MhbHkM^})39&_e#4sE6%3Vn+og=a;p)231CNYW0gRuCPTJ*Q(e4;q{GooA<HL
z8Pml2`>4<V8!uWqJ#nA~XUp7Si-!=#2euYBEL1h{+DaFq5=+1;#khl)tJneBfe{Md
zU?9E6uJH8A6}LgAsE0jOQhSAdcXzA$_I${PU`;6%5vICS={*D^qKYF+lhc;bgJBRa
zn7txvUm;Zrq@Cfq!Z~MIS(i3gRc&p)9OXC+ZA=^>YJ^)d;5i}yW~_&>>6bvyT>GRm
z;X-)uqiu;5%|0)d)ycYN7<x+xJd)nUF|Qu?>mL2Z%Vy}>BHmskzkEtP(N;uW)|E>M
zXMM*prTSbs1M0Pb#|}3HeXIlY&Cjpr4c@^KDo#!Nb{9(=x#VpCYNju?!n;~Y`TOLr
z-3kfI8tRg~=)tt=k_(zxKvYMGG@*)mX!&AS%^ND?@2WlmfktYn4$$r2h_7GV2yfYQ
zB{}J0v~$XBz7;p${1S4c#3+tt^XIgpksu_fyCjwN0sA->Mf%0)3fV1%7xhKfH;|}1
zl<=Ljz(wcPMCTl|KG-t#dn9hSP>L7VG(pZ*1p`Dgs#HqW?h4_T&S_zLn$J*FFP_8K
zgK#{IQj(AdQ?YHv@?Zm8mpwfe(NmP7Sx3_}k_bv-Fs`sdt-FUt4vfpWG+yqsr!|y^
zGQ|ICdx=}xz%91?mubfp2%{ZljyM+dmRlbM-*~K4%}JV8cJoT-PQd(@5u|YHzMAZb
z`Lj166ExB(CNy+(xmW&m%|-ybJmt<4`x{0Hsu6;iU0@m@gO~?KCE9iarY%F(ke>nn
zz?`mcoX7IXJnN%*r{u7iLHE#u*7SuD>3ql+Z@lYEP=s4eIYmImV)<Jayf^q<9bKO-
zoEsRXn~r5A%Qqhd<L?0In{P-Zjo$K?hVOu{)%njH_f2mb0xmI$(M2%~bJudfX{GjX
zD<0}yep2y{nyi+ME1iQ4S9S!)_eIQS%7XiMU=ye?EL7LdQG`&t!Y1#e!nUFyp__AK
z{@G~f)-?5D>aZw*8ME!9uZ!*1)E}*M0C!atRN}9c<t2Wa4v9Eva9ByguH5wLY@V8v
zVJST-%HT^gAO?Ap;w;fsNU+#pfZppbtR_3hj|RpA;o}NIMAhV+R;qAc-Yu7|QNF65
z^uo2n(6$=(49sTt*UM&qS2(6QsSF^=Z!&<YEs|O?>m?>lhHY83t*_Lgu;!FbZLwf>
z$@K!sCPhsL>m7J5%^e3%j4j-V)Zr7;-y*yd`T;t{tOf5F!ynRush(^O6GyjJK|cbt
zuFyp=axtdLJ7#l{PGV(6TEh;T>COr(JDBj8=Wexd%JK=;eow~eKIA4M<xFU!O0Eg6
zLgO8Z%b7U&Ff`?-v!C|zVX6cJfT`D9vUcYy*u4rX5kwGwkJDY3;pS%YKURJm?HK~|
zV956nWbAqIW~$YmeN!S$t9rsBbb1=x58{2}DC!Gx&ne}X%zZ=51cg-X3o$tugHU1$
z$u@rBz1AC-yf3&J^)D<PrE)v5Nu&Q%rbruN^F?Bn<-wL<kI!(jMVJg55CxKsTOB*P
z8SzQj-W#83C?I@TtS_ia)l;4S?P^C;srJ5tW?9`DKMl7{9c!Y~Nj~(V4a%07K11Rl
zfYhs_+5dyl_7|7Kx8zsyc`IXty0K9Z?_QWa{}QRa<|B1&G54R%m^VxGjLk48Hu<w~
z^?r)OH=C5ib(XddHR3Tb4N=?uTNI{P`(QvgpQ~uXwqfm|K<%MEY7>z5(HMvt-tztn
z`J~z2iy#Wx!$o%Ju;8wzqS_6^vywn^t>Aa)B;(%&gzy6uJ~M9yZUub5P~dv?0S~OP
zCms-8r?LbKgK=^c=B7!pPss4s>S2G8;(9=fFfZd9iL=IV(JyP9j9!p&WXb{Q*d{Px
zlkdELebCboy<>n#T9WsDy2%PZZM{*h!e)ij%9zD^m>4MfCi#;Vn#dTI&se3NX^|Yc
zFibuO(sOe%O0%o{ClOu_&Uz!yk#p_tq|f9k1{aL|7aV&p7m!~ACd%#Qqk5nz!a|&z
zqhdQ2zl-o)UDfCXoFwwOJwMnwvVSAa*Dr3xxLPcmJtTp1c5Ew9(B?ug7;yE{<Ot6@
zJeguu+76K(0~EVYMB%2h@Tn+s@`qNYK0@7Qe8la|6OR5s+vq<@62a*rxsOh7KSMtz
z3KAx^J~VJsCF^0898f9wRh7XKNjJ@*T5pkUE7<&IXz6(BhQ(C5WTYS7q--Je{3VJz
z9214S#jjDPjQKP;@geN0a^BlKl@iT3%OAO%rTOyL($BLt!p^>F4x-quVBg3%&(WU_
zBB*as*w;3ddX9bJ%Na#Be-sgPf*^PDYqPKthPeFD@2l@j7N?cZ7q1iV*8zUdQ~t^k
zY0Y2zTnXQbHVv)Dh1kRpX=rc{)4mb}7L8pAB#krj2xA(CSNbw#m}p`u&pbxg=fJ@w
zVHidyHRr1)26!q}=&(+lXrkETSX^C8+0S5b+hD_4@6+L{vmJ1d4x^TeQ`12n-?{xV
zNY#2ajRyjlynd5-AozU`7}6}|x)xVuVXS9o*la{3(DwY&w#nYAjdSJ;Axd08PL*B2
za$}bKb8H-@9}{RpDy~{x9)tB&lHE4MEM0<!vX()&k7bH$u)k$E%Z!Fu<9?H}8tq6F
zQ>OB)cmL5hVJt2Zl-<Kv0Ly*^_8jN)Wt3y&mrkGvz&hScp1>K;VNY74OU1<IOT;a|
z)373Sd^0YC?K538sq15;@0=-`Xzp$;0)Kzb9gd3<T;dkbw{J>}u#t${rMZlFCX{F3
z-`dEi8V94E;?`FF@Y?@;g68Vy<d|dU9U-qf{z0%vP&2EZdqf%RRurN6+tz`OuFg~w
zJZ7Jdafg&K&CypSTr7Md*R7ryKFEt6>2ZA69GanPRI=Qy2*vw2AGSMt-U@ySqmgb2
zX_4H`HaTN3FR55I)3{!pM<a1tk;37)9NJ|Zjr4(R7A`ba2w7RF2R~96wuwGCS8S}F
zjyq)KVl3c?Lix$HZ__!HZ;D+CkV8w%tuWJ(E*GHOcY~IqfGU>DGI-C8tngRiOeD9R
zdpyid49^KyiQ--y`=x#mA|rV^f_rtbaK!hR=SEh|24zmdH0&JLL@kC(Q5?};Cg52@
zGse*+UzfP1wCo358CK3LR@5ZUSSnnWnFBdtzLhzR!My2bfj!GIT33JahNDf<XScw~
z^kc^qDg;<0zGoWY2EHog8kev#sLVtnTB%g>6QDoQC8_;U&6!UWF7c|0NSw}M7t)l7
z`p_okOG|Oy*rd}N??%TDG%6jJLz+{EKf(m_EqoDp?f2UmR=obKJ;0?&qdr-3q{6W)
zp`E6aFeN3zXKu2c*2bwvI%HA*iHZvSK}RWpo{u_#o84Yn?jRySedJO~m(}Lm{<d=@
zU_+L`A6&*YtAzZU@+W)#M7~p^_^`5l=!^zkWh@j|g2$~_rD5z}gY-fow^8qwKtvs$
zzj*1to<j!?kfLf)@cCW&Ok-my6`<<Im{Vuu+FQ6EDohe))PHeva=JEAjXk6B%@;V8
z^&V<$Ic4kvqsn{32V?aGV*0G82uW~{vp#d|@dZT<tAn>ivBAlF>MS#e?)$@kb@N1h
zvTM;W5|5kZx+dmzP8E_$GoV7oj6Cxv&sv*r6rvaFo0=0+b+Vg8DafkV{7IO5|GvGh
zVO?Kq3~PM8T?Tt@ZmYj0v7xI}5{U_`O-*PO)b|5dA<?72y+Zvkl|Lcg*~wVy7d<TR
z3C!^R@d$+ET&x&P*)W?5(e_R7sXEF%<t!Q5PcAC_2yLUG=^sTwA#7=t4tJHNl|qSx
zrCZm!xwD*mb4Z_WBx0MurIi=cnjgk|n>u+|a`R9?InJ;M_b4M{V?<GcO574~P~?>=
zF2f=Z@9>xl726Y|+1p=&@nKyhucWOrmo5$#KSPfNcvaqKUt^orFc^2uc%?o2H+i;7
zloBb`@wy`M4w$$9K5|Y3=F22v@X+LnW>#Vz$4$CuGb2{%w%4<Ch);hf7hm|A)TXRX
z$D28<Ny{d&QwKk&JiVNsL{)(qn<zKqRCI(PNujZbgMd(0%j)>Mpmdl%`30ebID9LT
zG+{H$_68##ELB=4ap0#D=%R5EU>YB4`^|eo1UJTqJxH*Be>mbiioo#>9Jd{Vm!W%q
z9CTONYqeh2>{ROH?;h6YzeIzb-8kaKKPVT%WKQi=r%A1(RirJUtR&(^HTP42`#N97
z&A3H(92;S`PDZs{9Si=JjF!3XR4O#krA?n8I@}}D%(Vew{!*zYLM>JmOK+}BB!o@!
zT1e%pQN6mmD$rbCF>7q5J!I46IG^5XU1R2IbF0plIYdxCYK9@sw`KH!23Xv(MowCf
z5QzIaXuNtc(g?A#97w=orO_V4;+6z<_RHH=6w|cf4v0nDa)OgXnp@cS8&|CUw~dW=
zIDOL3NNV(%mgPnwSOFpW$)%w_fX<pHNGCN)ptFKzBvC2_YcxV>piKaqv%opi^iSkV
zA(l^dfz?;7#PN$|?S%7Eiqf9HZcxzpQZyErlb9u(Me1?Z_9Q10=<w(5P$n9&dsJpk
zXf3GlCVMB5c5UFRJvb&7>}PAqjh(1qO@--wcF%JCO6{<w$UiAMZ%)L9FCQvRuz8wz
z(e!~UGU-=~GrBf(YB;-vXePj7It{8Jn3Fyi8N-7qYaZi`GhMY6+8K;GXgUlkF;#5i
z?=))a_dn`3NgUQe414eyf?DA<9}v%4f;)61zUVTt`QJT}LYbD#G*Cu<-fNUvot?!J
zz(<B7*48`(5Iu)4yob};wj-Uvu_cOs)r3ZsuC%yOQ>b(rfW#ck<-S_^A;@8mem6{>
zxJIS4b6ltUA+l!eD7hd_RnKNsDr>gk?je>eyZYLMArHNzR+Va2*5N7<9g&~ZX!q*j
zNSQ{T=8__Fi;e~tWdkpTz{eWK#_sT|TvX(jh!O7cai)%u1a{xCI!=tZ12v3ho1~7(
zLDX`hVy_&HD#A8ok$8>h1h&X!Ayck@kr7!*=^2L)d0tb$@)>!z9Gy&Tn@?F`g-g9~
zT6pt!LBG}%?%q+nr!Bq!k)<#q`SCDT6?R*2OWCm`Y#<HMhW4*h{Qd{1<>^k>)l?+R
zS=IycYY%5xSzS!ol$)^p8KP%+ag}AUlsOe={MD~W_XknC@I785cNv=ZUVf-#suQyc
zO?xm(#5UH=iWJHOTe^}l^!vB&qAQ&u$eM@;;c<@VI!vbqrkYfPj)<W*eN?0SYv*7G
z>V~$tbEf&a;C08P5lZxAes>pho|*Zx)@{;(qlHU1hlwU}0aJg+BU%dNUPXSWDaB{1
z`1hg_)gaO}ch`Ph<rfeV`bF?7As>%;oNt^}?|!8B8%NSasAkwu2-25@9|9WW-@Am>
z6P+?iHDnv}eSSrDB8J*9AvZcnY7A3z7TH>uelOz~)iMH8LSES6v)D<&lRp4|hBu$9
z`YYmD9Pxl=@WRZ(AUh>2iM9Jow^NxC5@gL_s%{&>yESJH3+Hy{E2<Z3r^dw4S6$u9
z%{jl$dsFs>Q1&*;k%q~MF!)xj$QnBrI__I&D;&i+Zcao<1%eLSm&8>e4)f{j7}lvO
z&FcBkfj$fFTSQx_q{x?h%SnlpB&E1%i5bhubO2>pgmWv0g_1Z45WaHMNYaFZNXw8p
zN2##prp>vuM>*ScG|BySB>4HzH|3&*wwoBHl_QDqw^O9JJBDp9Q-khqwV~A<QZ>;^
zPH^0*6ArJKeWQpyZ$Akr;X+sYaM3-8mMr1onjyBLoV+68hd{HLWn-ypd>Y+?^6S~&
z?4o5E?K0Xfb;I*P>cK%+m|StS^FubSG!_*M?Vl)IuH3Zfq?JN-m_hg$hA<jv1XlUQ
z+KHyDd!ammF>bkl9~(i{Z4>yw39j5Ra^i0%sg|~|dvM>-u3Z~nYEvd2cznav#m@*P
zYtLL5fNnto@j(gkqwvG;wH3HSG}DV>gysvU?e1GYyYtqY4@GQU(_M73D%**;e$M%Y
zmj?aDEJtUKkY-AU^|xPMZg(QhQ{$0Wx=pdRX%oZ%2>Oi#AuT6OhV!wNNyf&~WX@Jd
zisnpzO(~ei$a1o7eL4g7Q|t-~Y<{1S<3TSk{VG3a(@502koKnk^9Jet;X9;)Mo5Lk
z0%WpmM2*0aD3ct-qDnjEgOE`}y8mLiK*t#yE6*>5>piBfL9e-JJcMbWTPV>oqGN-Y
zSpF~2h}28}Wm~0tD*_a`MQWnP(IXpR$3<Nx6S<2HeIMIpB8*)qcj8uwN(xB$9rLG?
zR&UnWJzw8hjNB38z}O8$SqP6@S&}`fa(SHwmH;_U?4ZYQCGGpF+XFvC$FnqMfYt^(
zZT&+4r*zd8FCFas>J6T|E6bcKnrz9XHYKYCx8{Px=<)XjL9oyS=Mpqu6kVDXjU=;!
zyt;B)ia^4WeRYV=f+&r_dO7*Whadb!KvrovYfheAspYbH@=-{4bC;{O%XJPkG!5v(
zwMQUf54R8p)G@yZO_PFLr0s2X*lx0bao^NEc?#Kej4ny95>trB%nxtt%yP>%b1Iy4
z^Jh(GK|cH5v+(A$xU3}({?Jni^&0tP$hkTQ_g~>XGKQk+97rot8yXI87-Zlr*e<HC
z!F(CdLzPkK0`4O1TdAq%ehTe0M};tN5;QkeIFUKvD#N!y`q*2=simpLzXft5erd0l
zRh>|#60VhaH`l`iXfB+r+-F(E+=SBUNjFOs#u{yh3=lbn+<xc6#4yQFr9qdy3StVY
ztD{Oa;vU3r2)oOssh4p1)7o|6An$Y9@l%=BeoDQnASTbxU8F5fNBRN?TLM0UMT<)E
z)v`z8EKzfDF64$T+`E=|XV6f#^gfUK&yt<yZ)}a{T|P%ve)uF!QB~91kfttp{v74u
zqCdKcd=E%)*Hm{}L5!nIQ{T@Xfm=(~t|bBs#pfpS-*OssNkdg*MIhkHwt*skRw}SH
z8g6l^2b3+6_tqxK>7_Oz#$t=Kk}9;K90W~Zje%3fH=ZnG1yQ_Ym=)18TNV08%m8Ah
z2nHmrz~W@uF>Qq}(!?6*zvjw%b^_F$<1P%4(&sP6YjBay=8hd!xr1hxlx7_dvRc;J
z{3^wHDchktBUcwLyr`1JxXby%q-GsFIQAFqYSU!e#7)*xJ@=G#i3Jasb9q2h@PAVo
z`Nl@kyb&qgP`@<Q5UweQIY11EF#vmyEVr+UQ)w9E(!OfbDrNru;o)69|LJ{VaT3B~
z6lv39rYJ`m0cYx8{)#lADp<!hVBFi)oR889{Bd=v|5X;FASo%uNrioCKkj^>g>H~D
zP{^rA;0#*`bFl+v#HU8SyXY2?w_eI>)tDD9hL8=F)ExjeR%7%S_|hW-@p$&~<kHM0
z)B0nifi9fls(&K2f2yMR`Ner{!`EQFkND`DE;$100rXtemJO?^d7(v7#aG&qAQ_lK
z&9a|Vi~HrfNnFiL@@nO!KS>A)=`i8%%Op~!YcR(mu=vnNXWMxCJ`FgUPI|(o#+!4g
z#)dOGRdGL~gO$6VV6sS2L+>H)b!h<q%v&MaQ*Rocj6=S?EZ)=|N(zWZ*;<M5;9fxP
zU7gb1O8go|!k=s^Kn%{?u;`<e&)z%8<mnMfRv>^LO<ujfoHCMthWaO}@}!>Ouzax5
zT1{M_a0(D}hb<#Rr-13C6*-|!2d{)HZ(QLSYoZ1dYshLai!YfJBWW6@KDMvaIiG=O
z<?@hH=Tug?XNFYIBf&mX3YMqLq%nSc%O$)&;8-HFn|7BNkh*Nv&@te;-keO^K^tnV
ze>DYDD`eweL=e$T{5J2{$YW^%q`f8cm!_$2@1<#P=3xmVfTf-w-xNThn-0{ZP`#1H
zI}Gj^6!#8E;T(!0@0Hx$j&aTweWwS@wCrf|?<n&7iOtT)FmUx#HRY7{FPuxJWO+}6
zYwT^I0F$HvP&tDJ2gNFqT(pv=Q9se({P;5Wh$KvyCMsAD4*`jVVdxl!Rq5;8<}YIC
z%i4Uug<Sr-Q3Gvc#K^fv?8tT>pr4f{a@?Rw!7pZvO1;D}M%U$xU-mKta5tJN70sC5
z7ZVxNhXBQUt)Lp=zg)E4JOeX4z@9-_e1^=3dS=pIi3Tw&pdKbem{e=MuB3KGEi)1}
zc2hA=8)i{-8C(NtG7VaJjc!-Bdudfc-U9AP&8#nUR}YKDR33)d%9e!dbM;7x!D_*n
zvMP%PEIdLGuCbO7TC^pdM<e>11ScOYok)QfpTt;aQYM=2#bv(*`5@kX>{L!vb%KHG
zF5Z>jVO{pdPFem;N-a+_?8AO^m;M+3Xvolxh$EKW{sZrX8uQ&_H^B<{n1TU){-4P^
ztDLAh0vA6ley-11b%-W2#LaH)yEb(9X5-B#C@|_xrv?~+w_~hCSTNAbI%zGG|16-Z
zS1w2n;r|n@#_Jeh?vSs_sAgH^;vm~WSJ9dL^+~`6$vF-KBeJEO4iXZ?si5Rw1jV*q
z4?VaSW+k|asn$M}h+aNuafyQ^ZVpJm!kT7yay1Q9>n3_MZqL(>0_Sy}rm>wuZ-7~b
z9`(tEpU-+eBDn&XfmL7L?r{JI{+i<rQ8nn@ZQsXaN^o*rdU*c|ItGKKb}CR!&+Eak
zHpxA<L_Ah?bvm53q*YpyVYd>Uw<H_bf|M1nQ7`w`s-U7-iwIfd`M7syT;@=2d6?mR
z_+_^nXc+^StDRgDu?g|kVCH6l^T469H--8LHy_-*0kYM6xl@+Fln@ve7oSY0L2>1s
zxWt67{9`-P1gAEqb&|L^dF&oWQ2<5}buLyZZf_KI<9r^t+NF+Q(OF(9rPxqz&GXle
zi1_$oTg9usRFVoSN;OK`D5R*x6LBda0*<`9!Qa8h2OV|Uyo^ubM<fol!*`=U)h+h4
z@e}(8K!=EMu&jvadO3=`BWJHf3&uUTY1A(B=VRNi3Emg(C<m9X^dUB0Lbgjgp>&%b
zTHy%|oCiM{cPMg^5nh3?Q$x!?i*Ym)>0KRCkcRaomsYSIwkmVnc@^d}W5UMkvJc2I
zD)^6o>V0>_vsG2UPqMw6DonNHS>uaDN3p}d7(ZhC_MOg5J~z6W21~5}y0=$e$1A-S
zH`<{fO68z(TCDZvR%21Juu_>0Uqz%!)3#A{RW_L4VM@5<?$X4L!|X+DTI2&<Z%)YL
zjVNe7r}DFwjz7-;jOfJ+IQZqkzG2jiu)NT!qQ5@q73Oh`!Ot{iy<H#>*=FN!KahD7
z3vh{DWpl^)aGS8p<M&qQAl%WUqP!`pmmtic8fxh1ktEMwwwpLsCD)*#BaeziVt}`5
zv!ywsh41k&i6OZlS#B*9PK=^QtbmKGs~b5e^>{i<MJ68lqTTFxC|h%$&JI8`){;yt
zPtsMJH?GT`*#G?c2^J=-VxgShjrXWg231MUbAg+tIt<wrM>V71$Jch}Sj%pDF$#AD
zm2+MCO<G4d6P2fPUB3##n9jdgH<4&Rektq{l%BDw#wkw~-6+-SUeb(2?xLN0S`V@x
zT;b56BY(wUl>x_6OEz8RP9I2r7h&hH!ObqkJuN;)lxH56arLSGft7chC5PFjn6*i|
z7+uA9AJc#7VV<_O!O<H!H{hVh0mEM-#zB~cd%h}RRYVlJb5=YVCNrn|m7jN!Kb^iT
zQ@!p2f6NmP!^|aSdSgLd#%{slvCfov9d{W=!6u#<VVl&}9hSc}eVra{MNRDN;fpZ<
zCWYGFy&cfe8b3)61|;4Q84p5nyOoP~oUU7)-<M-``#sj5;d=TzTT}gK<j7wj<x}DJ
zR_zqCfxfT<zH7r6vR=)=h6b{c2wR%b$#2rTb#kI~2sa+$z7XN!=>wV)t{H7?S;RAc
z@6Sg(Vn+9=yu+lM9v{!~k7NhMT=;ma!?X+UqX`P7CuAA2bBrRD=M#U^MC3!~ev=ZH
znnICc19F!S$dxY6p#oeO_h%jYtIRO~2VeG2w>Fc9Rv@o7al*`C83ew<8GkfFua;@$
z_}Qn?hT2`4X{N9{5zWOVdZ^22`A$_+4%(vi+0!>PB&AW5^(t&OCJR3Cv9D>2D;?7q
z&>h}DM+77xBFl2dP4o+7vZ4k#AQDBD;Afu13mHznE$6HbQgN%BMn+G@Nv%r8s@78`
z<CB{HSYSi6{tjm>CKL9JZ(smpCO<LXuHCDA0ls%U5tixf#CAig+9AqKwa`OV+UZ@!
ztRjT%-s-!CGn$vE_j=$l&jgDWP*_6hqu%%-Nxw9;QVbO8MdLrz&^;_iqxhZu-BLfV
zEdQMzQ(;#$aZ0|u2k%uX<9RBP!nBqyre6>BFA=rw?xWrGK^Z+GQZ;uo84nXx&tkic
z4tiiON7z|xit2jk^v?lx3_2{792Y}py?Rh?tg3>1>CcvOKx5#L-nN4*;skbiyxZeG
z74>%ku@S!9BUOO{XE9k^cgktXP#7v_o!9W_BC&k!iQg*!CmTQHz?E>KQc>n7)$-&(
zS6xJr%EK~0h?+VX?Udu@JvXpDqLsr!D9LI<zLK5rrOOoYX%Orj&t2|dPh~^TP!QQ;
zB;B`<-FPg^GhsAkT|d)HVQ<1cb{Kg=`LqZon`2IPbw+ylbPDcrsmN{<v;L%A9iI)V
zh~uto8>4-4LARaSILW#-WY(Ov0Vg&pG7+AEWUr!VVNr}nL>l9&q(nuoy}e~l*X&qW
zRM_O;geEeinjcuTb9-BuK67sRu$0(4(Ery>+tu9I=umG<Jes74S}c@H5J}a1Me5$w
zyJ^z~xj4RI*RG06opb#06PSH$d*8u~Ha}CBE#}8?I1-7>i*fMLJ!M@`*)rdd>6iy@
zEy6JyHg)To<}S?RkSc~X!4a~we+50qMG=>tCvJ%mQQpF0d-PbYGuQ_MLZ&e+5@Z>s
zNe2Bx%KhDf$VJxP$SZF%xAWbdsqLs~kcXC>sSUn*ky8f3fjW;*I%h2V%&_LD5NvAr
z%&B~;E^8zij~+NH)s+c1HrJ(QXUdUqzY_1y8rQdx%g#+{nF!u7)L)()j0jv#lKaZ4
zNTZermm3*c5DmA6g#6_A@c7tRc5-NRG?yDws>Okc$+bKB+8UcrJ^IKNkr7l~m6c+-
zysBq-``Bc4a#W!8p;CE7BQZ?X#iDRc=QPxH&T3_JY9O1Xh-UV+8ZOl4MTnk>h^=*T
zqs0TEvaI+Pf~_en6SozNBK|s$zDIzy52i;>V_3-XNxl_tP>{QF(Ut42YFZ1iJ!9R1
z*x15Tm~zraLiwP*o%VS(N7p*R;Ss-|vkNpHs<PV7XScR=v^FQ=(Re%(35jFbVo_2x
zqaRfdhr|QgGxKI;_*8nAD$AOBfXE-(7_STIQC{PzYD_ComC4SAL^K+z$TFDavK1@x
z<w|=dqbia?pXvk*GzK|lETXZ(K(4}OW-U4V*!H%LHLtCo$Q4dLaQ^JN)HCZhGD3LC
zqJ>Kjm~&`HLnZ{EUqR)Gwm5$<UlgS5iXG!}tg)kOekc+`np^@09TknEmlc3g98ELW
zXmXSkRaO;uo+#Q)j6*JaO--w7KvU!9eu1%q32JbK5cCglZ>UCc<~B(X5}08?9A#iY
zLg}^O1rjEAWn4kv!GIuC(yD?eZ*3Hak35YM(a<oeYe>i6o{E)9#e^!wnQFdJ;Nyaz
z=`Ho?mZs#6lG44oyCo6XGBUbj*RHv(oz-}#r<e<;_;@s==CbWgEpuCEJ-u#IRmY3F
z7A5MNN4Knfd2_cw>5JQ2GpSTtCOuY?<Vqz!iCPlj*7nv^lalM(5yEN{k9EB=i^c0I
z+N8pCBvXrH^Bx`;7?UL$VtBEFOq0r%by?LFO(lC~fUL<{WLg{AznOQJ2nf=5H7k@5
zmss~nrijTr1?$Ji*LLnL!G-)f8@K5Xxu?$7#bZRMn$?b+!n4yWi15Jh*kmrRX}YHC
zs-nYfjGgr<yV@EWXU%<O*Epg^leE;=JFuZr>`14_%N32OHqr$19AgNnr1kw1k1t=D
zEtlSU$kO>Oty{Kt%f<YTLY<T^&W?mxPEa*e$mNRV%DPRP(Yke;w{Phi7=h2Z>d%iI
zzht4<&_>3y8w&cGfyosED&Rd`WXfvg=uAxDP*&FFHb&dT)Qi2PY7vJSDW<9;`4X+D
z*13@kI*qbeFE7yfR)BQ}{JE-BcQH9K&En8xpO>Sj3xxr;eR|lA{ObXDeehNk#XjGL
zf&*uq)n>e<Zm@3~ds?J7quW=^u`#}9h}a!HDl1Z{SS?o}otLYWN*G$#h^lF^L}YPG
zrYuv-2MV%8#<GQ;a#qx}_M}iPWx@VhIkhboO7N`6G60kipQ-S3S{s@c)w7Tkj+Lsz
z`Esnjy<CyhYUR~Un|g<b3v_hb(8!kU+jyEi@z6ulb?Fkt?(FHQ6NO^ARHk@IWp%_3
z6v`vAI+)ATk~%s*xp}-$EthGQ5d=X+!kS$pySg`5hbOS2*{x~j)Nh^Wlq+_$doYNH
zlRR^AX?J2lb5yJ7@@ww({X?1@nB7RZGmodR@6Px}hekkw0j!v~&2-35w7aY1STPQ}
zrDGpyfc&E)39)DJyL7x8Cqpd5FsKUHS=B8=B#<~}c=-7Eq(&5NerJmyibKPFdXd|e
zC2djaZEf+^sL(m9VK|po89t^~qb#l}Bog5ch(?t`vC_{aQu4wBsLrmgS$Q>~t8t7r
z?AX>nJc9XnD9K30$pcd1#F7&aZEFBXzIA9auTxxcytBPEr%{7tyt%(%6p=Ja#j1o*
zie*wFo8tHwi+7CXvXoSqC~u!AHl&-3`#_N)7}Cb1W>>K23TKE@Qt-l_jT{ISObPX%
zR4|YN+MaGd5c;9o0bbLV;i;M>5&|Lz-$<k2(pKI`?x{;1Q&jDQL+nZ3rdC4;5;$4_
z=R}#Lx;0T<$CZ)-8_$Z19mx<I5waCkCRDSib3B_6369be)l$#SUF)~^jVY8!>5cVG
ze5P4q@C#e}`m<Or2<q76Lq!UFSbwf`$eea15-vvTCdab#GY!?jUExTGgp!yK4~`eK
zsydJ_vf)@v2!~qcGOQTR<#>G<E@d?xibNPzk&-;kVWMC*J3g^%$BrB&?A*~ed(M)j
z2OaZjGG37j6Jz58gTpkcX(l97MGWrpz_nT#pA*|pD$si%NNeg#K^YA4!)+frcYEQ{
zH0vvyQ}6AyhA{H2|Bd`BtUB^_guR7ztO3c+f?C8L%1s#)`w69K#2v~&Q`E7s2-pO~
zu9l{TSgd~8rk=sV<l%Fh!j&D}+2V8KdMKY?5Q_ASXG?sf4$MSM$M_g{9h!+YCY1`E
z*EME)g%T8IXP)%#7}p|I2<|GMrbZ_sq4cDzZyOy?Fu1F+evIfPT}?<-wMz7%d{Lbc
zsuiLrgJpS3K9>=xMahs#3y|-{;^8>0FV4oE-8p<nhF!e4xlq<|v?USeGto`?@$r(R
zSc8>3&YkiPwAH9!F~>yj({icP*K^2zV_4HDt%6cAM0u+oAxDwoUk0A|X3Lt<(PvB^
zctBGv*;%^H`_mdph65U0f=X35-3F^*%_9Rt1YmUX{Q69o`{nBXtrPOx2)AHv%YrP`
z)3;?)wTi@;BG*Z5JsU^$SSWDe5YfY!4D8rGs8A`n)RInbDpV9vsKa_R5}7ELiz*7s
z%G^wbkHwm3JXtPDRV9K$d?d+Wx}RV+n&de)#`6H8x<|$uL?MlsQKGG{5<Z*HXJxgL
zk8w&@OQtiOK%sD3I&t!mhfGLlP47TKrMW5_CpZ!k@)e0TXcnD#li{p2rAgq<bf(J?
zSKmy?lo7YO|F%aIwNGSQ%ygXlZq@*D*1Ga_JX4-h)ETW}b^3X&zLdM<sZX0^^9ZPR
z0+HR=gS;i?Ynn0$ax9j3OVT-$XTZ?b4df#NBZreLMwv>l1kcC#_C)*Ek=(BSF;r^Q
zFx}i(ZtiNX2=Nf5wPorCL-ah%rx=n+#@f?SiDK(mgTiP|L<*9cX7q?C#yC#onAiHH
zxWI@=Wmvt1mZM^Lw5TDu!s`;IX(c-u64FOBg_A{n<3y!Q(Y@71jieKJm@ARt%J`-&
zn;W8nUX{dZwKK_#$XLx5SxOi$R<N-Wf~kr%P`pf0?&);Vx4rDN?o*-KlkEu=1X#$2
z(#XEb4Vm2q<>`n9s<!pn6Sz#XWsOJjFUC-7t7y847oq&Cq*w(ccT9^5?@UpO;m~M<
z%+&8&JJ3`g*CL7IThna`?X{t?7q|AD`j*4n8fYz_i!^|Ngb(d(P$)8{&{2l);Bdq+
zOEDZvVVb465KRytqD6skY~<=OZVIzt3R0m;hr(T*9nlCske49wOtUD?Gdpu-1>+3X
zLju#*+Q=bFr1b?1bzW0^%V?!Lk0^$rvhY#iae^1LG-&106D!xeZ|OoTYtI%-CDJgK
zFDi-xA5GB$LJS2~rAZWpe6A?SA52>yB-4(&eZAd?|H=o7rP=~dU>XJcZICm2*y#e$
zZNl9wzYyfCY3g*D+L{HMv#=K+!6uE4EeVb7oM>k=i>#+9htDwCEAv%~_@q0IJj*;r
zOdA8%;f7RX-Bo=_s@9qcAAjh=<vZniftsJL78Ggg@Fb&4$8<DOG{@37Td6XH*;*tM
zSeV69O_}t@!7&+g5u_`j&}g9&R`pq7hNGGOLX~6axpmPZg$BmP!;yH3k{jaDts|2f
z%V$^;ibe)=MUG+H!#I<O4CKK{;U<pMhXn9D1CmmaHCfT}6GI}YJiTG-@dwRazH6c=
z>!;7372^5l#)NgF9M1O+Y=5yVYc#_f{r|d3)RJ*piPfm@EWT=2sjVNnwJe31L~4}X
zucQ0GzFTV43AJw)Kw)-|*mtK7a~F58G_)uP>irlquqqLDenEdHcR{`eVP{2W;|E>C
z|6418_&l7>U=&J(CnZ9d)UYCv(J@jU4TU0`Mm1sA*hvdIM21;4Dh*Ir5Th)^Bc74C
zsLD$xwj@Vo^`(ML#UsWV5+YMl!SZN^LZZrd%W8p6WK^!C=#t3y>LSwliLx}V>9oSk
z0zWBh{iWiDp;3j#b9m})oh?$ey1u6;6J}*a0+-g+(sVRtM@EKs?byC#;X+AOLz(6#
z4GoO$XvkE1w&(_!(pAbbltBLH5LTpi%!3bL`90G#E%y6CD4d>XK-2ly-5$QBlOlm}
ztCTws%1=rVXPPu|s4#+j6Up4kw!|F>Xus1~UPL#Bep)vpxGsS;MsX;xEhnrS7*B`U
zkTN;HCDke>M#m@mdI!~XT}h{Tnuo_^zLH_M`4KV6Q9O}SYB@=#M3HA`wxZKp`-gd2
zlogef3zAMGo{gwlB{x}O`54D)s#YykumBELos~+>7NQFyEQisK$>Mq;0=`t{s112-
z%Se8*%C%x{Y%DvHpV-+y1leYPt`tW4f`$YWjZaKw3zK>>8rsy|U9L(j%K)@8y^C(I
z!|L#yexYBDVc9coYsR^ez?hqT)o;N}SJK-%?JSxqT13>8sdbcprk+nC=}j84TTh8Q
zCyij=2v2*D*zM(V8&ZjG^Mw#8LmVTkMomY=a!V$fipZO`kG#BQjGsTNzPagGB<Ay_
z`<Jh7O(Zm$K4#XeRJx%xm8=sOfLQ5tvP!dnlR7XiAa-7JU7Ev+RGpWtmWt(cNT?P|
zqr6sSLor%UN7=9z!F(tqpq5NrQ&mg|4fe08QMC*)J%Vv5t4xlKQan#-nABx*tguQd
zmgQ0;mN@%><_SgKwyQrygO#T$l1iy?M93b=XAYKe&xhrQ+`&7>60gSSZ`Eg1dN46`
zRb3|J-={r1%<f8^fwr7l{=sa%3WE6>!0ye)w&@mvoFUc788;NniV;OkPej;jLL%fb
z&x8UO#j~g)>ykpiR~02Af`vkSDh3#-+B;ZK!f}nk&vo}w8@9BxcOE&fRiH`V$VA`R
z<nif7ZESL9L6++h0>=(RYQ}=^qI+d|u%z)ELnY&V)o5Oev}WYS2t!hJF<Dc2KBP&p
z5X;v!C<tXZ3ewM>Jm4^_=;|&p8fq5~O@*3xibZ-`Ln2o$^QD|7sXV36P9z|e>>uvS
zO-dW{)h&ph6^=v%T&YM+sqn6GUaCm;>InAQbk_VByN%aeIEW^grHD-FG8LF<>ql1s
z|Fmzb)65<{)AYwicDoqD9-UtRd?61<5O>6@l>!nJjK6^x>QI8<Bv_29)_K)Q+3;6-
zl%kS+Y?N?mG#M>sbyBUHzj)QA%}=k}!l?S8vzsSI#|m_0Tak1KLZL#c1&!nA(MdVM
zqmoF2HEy3MQo7O_SGN>Hc}Y98e!RJ}4&dFIZ9_v<sga`^GMODC*`g{pFeDw170V@F
z;25NjsdT<l-B~G<Fb)aaWJv;3FjRl}!9!x9uv~13(XR|i_pj>dT6j>JpsXT}PL4t>
z4r4wX3RR0`$`nr<cbwVz8aBjPY*kjOs)}f9sx&}8#VP+gc_W!#>W;{?+2Xz`LL*nV
z?jt8%)t*_`bHwa56V<5T3fsuP?w4DyChpE$J(km@L5QbsC*H_OcTG9J9L6lX5=vHy
zqU+9WZVh9@1;Vik)tQMl)Q3AbnI|fn%&^hqSYB#OG{xf$JI1pNjpJf?yi&=RE1E{-
zWWa1R%dj$`^E$?iD6nExqpDQ7ttHWwia-qN)3`~4Lua{2qF<&etbiC^<;2!#WL7dh
zDpTMuv)N*QzC4*L_l_4<@9f<<Fjy=p8+!*w`ggHvadtYqZhK#uPj<Dp_xJXci=`xz
zSvE2($tse|ib52nv7w=<v56G~_{Padhye$stBRtTOUe>s)*Qe{T`?|%k+$eT$mOZw
ziC4F#_8Y@OdoV2jIxtRKsVlqlwsZyVu0>&QE~MAM6IgoA)hj#pO*<<Dcv@3GmkK9U
z)9v*p-9m>Hp~pBRYt-mKe|BOxO6y`Ii~)4hBwwPoR+@Ka8D1Xg%ESc*fsd=_=sNgC
zk~o?M6G;iYCTqEhfU(HvvM3M5!RHu7KU^OY$5qr{md7hfIiF<+ior%KBNClwnaPSI
zfq|CF8pGB_LcAEB)R4|{JSXI3wOlFh+S$FncOV}IAg40Lv1Xo{-`boBM_=APTqF{S
zvkFFVhz<4i@nl+|crYi7^iriP8J-x73U;RwwQ5_Hy{rxi((ZxM2;L9%SbHnn+Y`Pw
zw4eUAOCRe=`No*Li@v$?J|8f%r47#fS`vU1R?nEp>F9(7I2C6pDG@0vjLcHu0xgbA
z=2)6Zvm~qJ_5666j%=5dTty1YG9QUGH#H=gP;;1#id>TdX(dh@qIx=BU&oJVreYtp
zC!3>TA<5EF@Mu*%!f@djm=l?w5Rx37;3&u=2gmb0`C^z-6Ctdyq###>O4&HN+~}fN
zO^qU}jrXn??tx>h3rAV3HYLO(yJp2=v332~RU5Y^B6Us8Em=KR8JUz-wNk0F<&vrx
z+U2TJ$(Jgo^pWTRiGwxMNcY6bwqVN}GlKVnHBbKO1q6sY?PFSmM*JN+?ow7L0KqKB
zW39Apb<rE8Ka)YVz=CdcOdzjQ-JUsutvW5dOHi0-jAhT66N`j}dzNoo-#64$AE^?o
zGrUfVgOj;z&z6RCRjMle13Ugk)b_zK1<@_3WFi_HsmODin&QdSP^G-3pbQuJcvxg;
zI#(u@!WboT1LbN(R$0W(4RK+f<B-uk77o#=xTr<qrE(=jlNd+%WJ1#P6jpVqJg+g;
z6pO?Jc3@zqDixZO!g2FvAzm!&)YkrCrDu5i@aU{`QcpI_UofAis`qZ$KFBg0(xnPS
zMR3Nd4%TcA<*q?dWOvYs>=*Ra-;*Yj-7ZRIr7HiQy)SK&>pIUn+ueGb?wOtigOva&
zN{|wktXQ#BmJ+KXCy|q~%W;w_RrymY<?s1HsmfAGIgauncBDiqSrHw}ilb;JMS=tf
z4hFOK^h_^zKTF<o&fU5P1Sv`iF(4WsI7_ehzV}_9_j%r-Dnv?ElRUim5c{MRX_IOk
zBAr4M&j!^rEkv751x`u;mM|;MWuzo}{f9XOEHLE?i;yM~uIzxUt~2*zm$%1fBYwE^
zv!mT~a(Vme)oZ=>*5yl(Blj}p%FVYA_j{YqPZ5eEJiuyqo?qJ3yV1L|{FPC{ux?UO
zgpOv@)6veg;Z{5whiTT{xN_6y!=Zb36uvn++3I;Wu3z6jJ~=tw8&a`398Bi(OsS)E
z#*ldN@-}>;AMQN-KX>kcKfHDMGJN=-y#D5Wh?bPCw%a6&PbQAU;}zdMI64b@-P=Cx
zb~`&~aS}#6iKP@J8b&qvKM1PY5DQ&~n$BH8-26b(_V<@#RmswV8pXobxIuqaukloD
z3#0;%)(iDykqx3$*eQu_D=1gVrG~A(xOQ!jf?%29eCE4i2X}saoL}zHPd&GBrRPkh
zlONrCz^5lY%G(aTx_#|%Jefzyt?euQPWL2?TW+h<YPSX(tGyM7RtM8G7Q}OUQZY!>
zJO}a`wY9kcrW=u<x4!Y2YnxrqeaP9EL6~)^<3AXOhf$Q|iZeffbSmRVv*aksPbE2?
zC*Qxnzk9ehn;aa@qH!z_LI}fM$+OYnK1A@Y%QiN)jt|fN*Xs|RP7vhrEDU${4`;I}
z*Bce0?!DI?cDs<Xj2CTqF@-;f_0)IwSPfsb<Z>R#-1H8<7}rY=3y)QmeJlWNiLCPi
zTma_{k(GWHS`5MpJ|gW3r6JH4!mgm|?jmF4>UwV{hA%vZ!spuV`ju^t3G??+62)P(
zdvyAfdk1^7WVn9i*DhV_udcUxaX{!wfK$zLj85k13MH+6a2zYo)6>Y6fJ{j|P$CBh
zlE&`5L&=)r8A*~$UeIO81-F@JJj*!Zl)8cm?E1bw_x#?`v6IJ>(<2JeEt(@K(%#_K
zYG-56JDamRdHmTIwzt-Xf4y^ZZ+05=FX!1=qVUgl52chPvAb;G+>4>SEe0)=xtVg6
z-m5rv=m|8e_ZA8(b17MYnoF%V#8s?f^`l7DCa$ck!CkHzq~x;XpVqwUR!USqhC2G`
zMQ*m5C1ltxC2**rREN^++QzCgrLT=f<9_gP&JQQE!)bc+>b2)r{COOG`=@u;RyTk1
z(;vHgc=Fx1_CA`a-r8_|Fxc#O=5EXLyfrZ397U3CbG6ZfGSQt$IuE-8m-So0S(J3v
zhtpiGx4hfeHWecf?--L^ygrRuUK;kh{{6k_S)6T<WUbe`=8EsXwl@#wLZtofisv}L
z_2RV~n`^%7&9i(kSaC4F^Y;GTlT>uJh=^A^{mX0a>-TrET+o6IKrO~QToo>j%v>!`
zLX<*JKpcGJ5Lz{G!}uNG$me^f)yF1fuU!?=Q@Dw0SH<tFb5hm*rCDbtkQ`75NyR#b
zMns4re=XDoNd?7%AjpVnJ37@HXA(0qN#yM-TdoQZj*fB9la7CY+YgV<Na_>DQg3Cj
zvH9tb-#$%#`u)4FoK8*${r=Wq=nr3-xvi^f+4X==j*m`q{p#0;>tP%|oJ46j+gRO@
zLgt+Nxjch+zPWyUIu-==eY)OnyNnE0*L>b~B_w+)jn1CGb$xqn?f<@cZz?cTe2ryS
zZ{Lo&S|6-JxSK}t-soia_;fU#uMamj`oYd*bhXQd{mnZMCr+muXD7;t>PW<~syq`e
z95q_1_poZT+i_#C_=I^Z^`2H{m0F@OT9VU4B{@e02eqS#20g3gdnpD#;B-j&pV2CU
za6o85C#p3@Y->RoppqufHq=0HFG%S%E<n>VwmPFwte+g*zP3I+MKqc2%%`5`CcO3f
zSw1Fc*9+1~n11hJnD+kmr$2wPe{as(r^uC|igPB^JY><y$$XThh>N!mr%61Y<+<wx
zyu(D6&eKd~;~qf|BmD62evZj1m8+e>-oZUCcnfLqro%8KNM2ss9EE%L5B9o*-@Md0
zIA|Zla45VV?9DE7I-13AKRlfxoVuMbj(QY*YI}vOb?=UMcZ9pKeksqWYG0!=%unxd
zaK#IpwpA7-)uW3-_2euWE+p@@z!E;US&u3aFGWa|)K}Q#N{_Jqu4IEjOM5<x|B`y`
zqLvIJHUm|pV2d}-%^o#<)p|?|pMq5-xd>B!YpcJ~3b;RTG2h$Yg@3PY4L#q36ibA2
zh?A#^#o!W?<Y2xsk?osTwk~g7@_0I%oVa|3va{J_KO67hJkDpwEDgI3T4{F?VV)m!
zm<z8NCUfPrT5dp@GtDyWxW4PBQth9PXG!F>`Z;z{f1}%5%d#|@97rrWy}{&UXMYlg
zxN{ui{a7Zgeu@kOg~%PAUUJoEKlWVE?fl^AWRzxIx9>_3B_il<ytw9eNpcoOxeyk2
zh1Gd?RRFZg?*u_l(CruNW2uELoF<cs!eu&H;;t)rObIQrxtg@3#>G*SR#?;a1$FbP
zY+spT$B^-3N;)oE37n&ujB^er$_v`v-f$e}ua1uAJX#;kP@1d^2G{z%0l}}IhH5fj
z3lkJ&tbd#e|2wZf7_hX3BgoDIGXD7W?O7J|yw%O&=2Q~5)4SC6d!69HT%4t%%UmbV
zb`KBEl57|-$E7&;^EBxpo{9YWaJA#D-`d_3JU<BYlfAon9MXW!<8*Iye6YX&{M8#S
z3;ufNFvvqs<WLe0nB3~pVEZ!7<21`39G=c&(dzUERCy{mMrk(snPNSMV#^WN@*Hr^
zaV8tPgw@Eo&a?<Z=!uDgk2I_bfR7i5iIz*hGB<A;ld0)csg&E0X9Rnp1?W+gGP=r=
zV#rePvQEA%#f6EN26AQKr^O=_hD=OT=4Bdy1vON+<!1!{;P~`*+i5%5PBcp}iiv-;
zv&YEcEXBKygFQtOlyTu@Cv8Z+dRO9<kEWxb+sd8ZdV7tyIhE;PWuSQ)Twe=969-Xx
z==xL7{ac%qu3p&?@`bMcY*#ZO(`1!Gq{>1lBptF5$njZt@WY?X#{2uT*{C}R+AAmX
zNzU_ml6$V>Q8_&wz4mI}AFQvfIV#KE+S?D~WM`7~wyw0Dsg%5fvpIEL2hT>kck=+E
z9T%E~CIH_oMUv%Gp+_pCm@HM`C&{WF<FW8N!yIs35;oB>C4ROR@2chF?Gd475d+tx
z#;Vk@)dxowYp$x?+tjH9E(Xq)cDZ;Wk?F;BsoM<_;uSk4Qo7(jvZ2pD+1m^!C(-0+
zuAH+_Od@pRpd_8NQlXLrp=p2Xmcs1P<?Dmzw(pO|bZza2CsQ$<Y+-y#&i2QrD(GGA
zwpaV={v?^SdI95Xtfun>Qzu>Vlt@pa*oAk!27W8si}O5<u6X!hbbN1bj}5MNJJNxK
zFr5w6>GsX5V=_36AUKX>mdq3#rD*>IU+K})Xr4kU>7`dZItYaeWi4i-NZq)!HNeUJ
zqmxOTFv{Q%&Erg&<@=^p+1eTx<YVex3ALU8!>aq^3$1pg8axZg3bIpN$FQn<psFzs
z#4%gll}N~14!MAg>O}}@np08>gP|e_8qs5HVqtX<WwBFl?vdmw$&2>}XJpQ$hw#87
z(KMWn<D0{NzZ3j;_aIMlm$cM8zrK3u#?3AlIi>FE*0o5w8*A-LE6&<OF-IE4g;!U7
zsQbL=%8+m<BOUmV?9!^Uj%O}PI)P6pcn`_~a8+Cd1hT6sk+I}cC6Y8nVVV-!-`I8}
z=SL4Z1h?8ExN&K9_0qvxGc0qQCmKVhQY_hwx8ocKg15UZMzZ|}_jszHSm>_ZjHhXT
z!=c^w?r3b;$)psqE;pOiPh&l`&|{PzAX4-l$H~jf6g5L6T2#2K!80Xo5v?}BN{oX|
z<!OlqL=~=~gjvyw<rbIx3{wBlX8p7j_|ktEqg<GjoiJNGT2woHX*#0?%Jij=-a>x2
zgT+8j!I+OmM|l#b%n5@Il$L&mCmH*~Z+&jq@0jdP+VwomlK_s3TC*-#=%ppQvFA#6
zJ&bOyp(im+wP5Ljm|lP?v`GvqPk?O-<32U52hoc;R09%3?lSuNTStHS^2^7^4+sIj
zDqF2i&{=Px+?8{vH=V(19z{bha4}l#4)-J03+T?hpT4oPTO!n!+M&&y-6ju4DdEW@
zd_UiLSB?3}a^6)kSXAB7MR~@GeV{;!8imSgLapz!5D;adj3sRZgtJZzDjCd}Qp_A8
zb$cDotEZn-afb7jtBrD==4OQjxq9h2RXOv0yq_i=pRN!3TWin#=xFrX$t2^PA1A|&
zOM%A>m0lU0?SK+1q33ah5T`5`j7w6lqRP<j6)Zwp3U?(6H&IR!%n^W$j1h~UCbh~K
z^C4sU=<}EV@-H-6!Es%<N18@Ti;1aAz3#B<Vb@vp`&S$kW+F{PN4Ag8k_Sg)P2^0d
zLgy29*%Yid<nro?i-PZzV^w|i%5IGCHLbWj7u%uD<!8LmWG}2qVuM&Ok4SN7s>Z#w
zSd*dKmK6dU0LP*c?83NDvuB4b1WQo8{ahf#6-D%L9-XD>mZOG#cBRwldx7t`8-u}f
z5`}U4aIBMFIIo(52C33D5@jV(lqJ@)k-PBD(xi5_d0Rz)RjI(8gAtTCPOD9zOhdQu
zD5;W3l9xz+ZJSU$CW61XvGq6CS>F>%W=e7bSyU!w8RH7PcS~y48NDfj$@xt}eKl6c
zmK5lYCsCh*oln|voeW~M)QB%PzwD{499u!lstR_=GLcfH)3U#*#My~C6}r!EPlwr&
zH+~M=voDo^KbC-7vozTJ4zAx>nwKYCzmqi2y9lp(?v+4XZK)38lFK9_LrlTI66Qa5
zqchR@j4-TICfU~^Nf=SmLMvBR8*Qr8@Gi_<7Dx<*Xtmf-F_cuBGbKT&?FtLo817YT
zTT;U|>`LG#hW+cq?g-7#(#%o$P-Sqv98!M_6+sTpnRMG7r8vA#tv^uXj!<1SSKbSu
zCsy@@J#rdoPNIzl7~>_#dX0W5j;S@KN~^X8V3Cq0OcMB0Dx2ux4KBM~R#3@~770PB
z0g9LQH>xq0#j2(c(WfgHg67$JZ&k_pWFGT4_ZW8B)N$Mn@m%6K0qZknG9gh+F{K$q
z3S3qsWlI}3zN{eQsECoG9!Ob*F0}wGsDEiR18Rvuef=0LqH6ojpcQNmR=3uM66GVP
zVkLK^XsO)AwC6j5;Bmr{Ox6bd{#p;b?C$PE-Fz>1D;B__$~IswnwCzH&o(lw#o4nN
zyp&RKxK^maOX*jg<mzq$MO8_ugc%4LS+|OpTTgOGsk<b~hCM0r>p~vR{L1z)2-Bsh
zl2q|jqF8BBUP);vkfYKz{E{jU5_sZ(S%E7nlvvE{vRqNLp4V;_OH|RlkVRUll1<ir
z^nxC(h>xX?t1RAS1H5Pgzm(Rn;Lu!M>tET}j&kLo9D<^hdI2N_izmp<vX*e?P#hyj
z$a3WBH_IGwa)M_Cd8AGBaDji9_=!xd-o>y;4cSwVWQ3`BLCyInvFcS{%I3p$&(pBA
zn`cyogk@Qa6`4N9<w-L;7qZBHw69VHshWw8`hXT>e^doq+LlP-s&uYsq&yFTs2`ld
z)5YOUkuX<54M4!mq!}t2%MgVrm<}$MW&ceqaC=HryReFUy*3-A9*H2Tv;$QYQI#nd
zi{EtGt7)!0nJ}DeAfBsSY2!k1CZmMM$a7qOHa!|oPB$-Y>6fFX=~5bMtKEhlBnia-
zw30NtV1`w;NM(a@6x-fa!QE7W&gvyXRWe}V(!f;Fr!ZBs#DXYVir^TtDKt_lX*lCH
zR9OuWAGvKE2r}K6rqqF(IaN^Ib8uG#oDgBhv-vQfjI<)|6M^-54TKYp-hyXH^B&<_
zddXPdNZG8lmT$;uR0EK&$hnk7Rhc=il?WQ#FLj6_HnLU)jx;1NRD;H{Ja?J%!uG8U
zyOVS_pxL&EJA{T|9OZH<9JnM>(ssPgEIfJTtyg;8u0vU#Woa1e2yUJY9K7ecE@fQv
z%qgs%Xm|CvP-w1Ry13y`BhHI_rK}nkdhrd-SYwMsmBJO;wq)Je!bLJyQ98*|>E0C5
z)Wz*fGM#xS?G0~wD_hhJbTs8jIzOFFj-qfMaXwe-F3zs6Z@J8y<!&^~I)p1q_NB2?
zCD%Ad0!l--9AldlTUGDUL^R`SIKov3T!dvd(ADL9v@!kFpN7}XmdbgV9*N+C-pcj<
z+U80(l+h6nGl_<TKop#0cnWVA`I2?O5APn{-P^wpWn&aa_ujfI&DEgFHXD4DC<;?V
zEJyqkZdK?pS~_xBJpfgjTX<2Zw;cAB5=p8QDQt*;RnKJ<Oll%gj24u8%k3Q9dccIi
zk6Z1|+V$JGf1T4#M&KL-%59UN?{|l-PG1{i7S6-jBo2Lt`kv2`lL!()9dAg?d?b7D
z{QWJ+<1LMu<!`aMRrz%hyG$~qb8qv1-SsZ2d5csvZ2(o>+d3s(3)DYsNEO<z_1vi|
zWRFUQQ>s!TxDQX8=4Y`y<L(@_k<$&+=<eIE93AiKV@4?W<0OgU;Q8Qdb>l(WBvdoN
zYYKRYF2e0`>R(M=!m6`yUa_~#>v2QE5HCSQmu#yL7a+L4<jX3c`ibOm;IWl!w<FYw
zbB-0qg2Q3Wa}jbmPkGFd*Iok)qX;MQY&<=U)3D_-_>&5_FNXBplaMJRr@z4*lWAEy
zk)?%MQz?u=+C;A8KadtbAdICcS=<}dhEum1YEzQSUue;~(*v4KvC2`N20~!2&N6bw
zy@a$d^T%fg_aD5LB%x;Ntw^W|4P3`zG}k$rC3H{(V{~zD>@g{py<TfJz2)+-O7v0b
z07xZ(T{i`aP-9|ZNqc0+h#2ZQT+_`IJBGy~m~K9Fww|AJ#zowsI4}hvJWZ}IV9H!4
z#p*OX1;66<uDR|Cj*i3d<ZkrV*6MJzGvLTgIhsnsbAB_=J;P9=3?|1?GLjONzeu_y
zt9DT_4Y2LoWl+kZAk`A7UIm=O7~BsQi4>5aqbQYOhGXTX$TJ!(Vt@b6!DtVjh*D}S
zRa%8scyJ7bvl(7tB+&)Dv3G-ts)j?V<7Byqq|kzVs46EpsOpi{;u2-Ph0Nf?RO-@b
z>ta<+AN72Wz%?pG)>*rfvXwZAe0>j*bDeTS4$BAw7bPTSjCA?~$bhGsxq;EvcH1AI
z=xG0B1S!~Bx9<nNoO-8%#kp*2ccm&1tRC4#uNOpAfdVR%CBC5T{7xbws_x^-qGhUK
z&3O(*-;}dy#!}_x*nv-?vgCMtFrAzdr;TNbMMj_kVJ+8hGdB<ls=qkRBAI7I*T@3d
zZLp`ruq-?MGDTLyhH&M^sywOI`mQqis)uiF%lZOb`ULF{%&MX$`p_CnSQkN*v6aj7
zELS{-BtFUJnMfUo+fK`IWHpHG1x~N)fsKu@E~BzM3xZ3o)6HfFyGMJjbKGeU++Y=w
zU<fHi=L5eBPDnLpy0}4*r_chCv05T7DYM1~g`Tc}gqS39e~KdINb30vNuC@;**uN0
zfON5os9xOg;7@0$iIN;2Q#VUfl7%fOQzm=S*`c0b@(|?-zBtj4J=Ur!g5Ih;lnpZ~
zTRSDTxE#XM3K>y`IP14?X<KG3LRGXi$a0MtM__uSQn1!)jDsXi10p4dL?`7kfuszA
zr{J7|5i$rK@RA$~Lz?FSLK#JpfOE<d()K!+-Fzz3$>{8eOhz|u43+BW`I~8+<3|De
zacxGZj6Myr>vDjD9w%a>&^cm8GY4m5?(1d=N~dR|QIv!<0M9(^b~}E1BHeK;66!nd
zYM;VIgSCsxvz!Y;g4X&?-*2BD-B&qAi`4EH+hdiia;mAuzA(2@6<J@&FNbA=k+zX<
z$)a6V0=&xPs%+T9)y*>v1b{CT^`cA*%x8LK4?_-{36!E#iZF290TV4k=E})911sc7
z><dVPRHAbDj!UKx%bc~Azt&+`%gbRZ@~oKK;U+cQ^1h^66m@uXW2*o$;wBU3!Z@|@
zGcKUiP}FfSig)+lPLfFZE2!0lW0J8}0?tV);rS%!K=|~D2$;TZPvCy>)P!x;^7>x?
zN__N&(H4Sa0V+%W<cGy~4TZ(LQx!mx2G?lSqbfP*%8tDq?Nu^yWlSu~0ZU0x`!gGD
zi!E_I#nlY2f<tISnwK-r4B#o@()7nMH8hd%(3I!IVag~o>7FNC)QVGw+5Kq2#f+0s
zxPEI@5m(PiY^^~sYB-jfMjS1f)Iwxz+83@$l5%*pKx$lY{}*5nC>;(bW5s#b;owXi
z%4E>zP78wb1ZrEQTUCLF+Dy-RnA9UxcmkfqQ8I@k4r$kfJD9bJ*CBka#Tda;n?b_G
zHY`+)&gubTQ}NmWJ8N)hHN%m$8j3>A#wo5R*_L%iqQ;h3ai*p2&=V-tp;#wc&(dHY
zv@scr;U_|dlya;*)3k8)#tzt^-d;5ooYrX4|3G5J(|IyW)`?nSMJrYoGG%xvq+wJI
zZ5G{B(Q{Xe{MZW)OFc3qg0Vv(!qX&<ID7`_`8^d36B;OE<)+@#&YbepSNaN>M%?q9
zR?9V@A**ezhz1X#R&SW4Be-lRb3~S@iyjIa7qE3&3wsu2EG+jC%Larw(!%r?NM&-$
zLS`DL(G0@uSWr~d-*$x+^Vo-C$@Cw&nesRqM+%SEGuj-HL<mPyXeq8TJ(R|--n}52
zJxLL2A%yzQ=?qFqO@$ze!mjMZR@VovOiI;FmI~!jn9VXkWdZHKII6E)pxKl(5Wkk=
zdfaunr&37_Rv|B1QzAFVG)uAwOJC&Rkl;;YkC3%?KnaFgm}oI#$92|^rw4g7R*YYW
z9_f2s|EjPwsML=rY^!u*jYJ+b{FYs|FG-Qh(^QBe%f@wI6kI~TghD);5I=N?pMi}D
zZ7!zQAP|j(a<KH^DY=r6(Pn5aG?20*rCVx5>-rM>8*zQe{ln>LmL-PhK~^u_bUanw
zgcmaOCM;$_J|5M;ziRwkCk@Cdl@xtp1WwcK4&zis5Sx{0t-voFj~PCEedS@vNCfYV
z5=K1-J}MWvL-0!Afnmj|21ENUWQ~ORy=*qpqidz`Q)5_Vtda%Oe<Ox0U~FpPGg3=r
zn-+tT#oZLHI!e;^>x;6nIOjT6K^jlO1Ki$nu@(!^w06SOr^4D@PWAMI%yNmDnZEEC
z&WMrvC7KP;v_3dbk%nY-^IS(&<Hpot6hpN<NHy6leX&~N%WEimH>k!Jw%svaoL=ks
z0R-bQ2g_$Z1afQ<9y*W2j^k3s^rETqT#S9!hod`>vOL2ML%Eq4S*f72C<jM|i&a8(
zAzBVU-@+=X2ei16a#dLDx^8deTgpT_Vj`opqk@2~Ote(JI)-XldmfDqHfF6u@|>Vl
zU`W<^?qj`@VIk;xa|Y**f&@iR?s9`jFE&0P$wiFiTDXD=q$??PPQ`9fnQf_|fE(bt
zrWRM@Gpc&AeX)tJ*R_nAC&_tc2(&%K6GJ7c|1<kHil?#E1RxN&we@(KS|HETj4~)N
zsDTWD1;Vk@0aXh4C@FeWQ}JmqEIWNIM$UCWto#<K^9)>5I+ZPKn{_qne2i*jdDB=`
z!Q_Xdk&ce7RX9<uez=osaFv-h!a>(xLB>w3`;)~6goJaTF@qXP=s+2j@HEX*A-HM~
zCoPnK3lbX57K5tW>5n^^#phihhEW!&4dpF(Bqoh8z2@q*l&Xdx7@I91o!=vr3p`J>
zwmEe)A|vA#K8q5Gp$uUnXIeRy;Syx~v>8^JaMS~yCaC6IzJ)6ZW4lmaRaj+aQ;fH5
zqpUFzDTOcL7vZsnS_Z2WQx^-(8w}@3dnaoiP%;U_^^A+9ef<rCGX~Y85(#lR<jrSM
zG@i@@j}_9tq|j__>MS->tA^A_gCysiqgu8+wb1*staZ9Dg<?Y@@SqxNkBfaus;x?I
zxfQ~31SOdu_JWc{KS3)?Q%7o?zMzm&q8vR!5%g&>EK;tyDMXhN`I=1>5v6LkREExK
z1p^ly)H*b&CDqw-;l(6t(J|9&rJE8{hNZ(}p*bCxES?h%f3B=NlqKOeEZ>mqVtsxj
zc*)s(_R5=y?|VdZ1LbDqSRgbY%O^Gq)I8&bwlyidi!L;Au>wg7x)VYy^{vsHB4|l(
zcu@oh-rB*@2~?ye07~;XQf`Ku9x=5dO3Kx91ZDC-tv_sE-K>5Xu&dr%O2vGP%d-3_
zG_1-@AZ0d3)-p2Gl#b=(hoEN53aL6tD|50&DTa!fPlX_CW<YSycnmo__lLSb)aq|3
zQVCr4oU<JAFs%iW!_k+9Us9Lsg>6xZ0@H&`!aR>4ALfbVQ7Q9hW`bapd5rP|N#0Ok
zw6G3Mb*imF=g|_?%;N^ZqF1*G_5&IO+H)ox7hc&)rD~%<P7hK;0!g~-78pUu2hGy1
zH2Sd0Ao+;-1u?0CWz>XXgBl_y$o+M2$B2h#D$mRhm3k^YR#goal4ZtL>dYNiwqnzH
zf)<ri8}wkZ!2^gfen;sSW!JBx6Dl(7_K@QXa9BhTt{gqUhCGE~O>+QmMHmECX2t<#
zRbTrWirj#@Lh;PJIOBR_(YRAhk;^myT5^=lR2FI+K^4)di=4LpNJ2}3o6Duh9))dd
z=(k0+Yy>wa-zM?eZ!zO)^ixw;BQ}IErfK}J!zer=R6N&7yFnW1=g>C|>o8d&JQbJN
z?2{k|o-jS*@o9k#A=Ib{DRfaW@9)99q@DULBL-B1Z%tM{Y0116{hTH3t2de!#`r}Q
zk5x25$rMs3610)um5|6IsHv3isczdt$kEjp7t=Tc`$)8Y7u1j7AG8Wmr{zMtVWfqT
zn9k?$*T4n^xIY4hWdf+8P`iQmijZk`7d3|woz^C31Qw0O5F7fau?dK-x|VQUZ1sut
zeY7(p44yI*9D_X*!*ii4JSB5PIa~okBTw}TwXw{$i(N)XQ2BA~x^;F1ew29><s_e}
z*@0a+kp<m>TADjOfw#vYNZ*TXshZFiE#a6K?P5vJeyP?k6Z>L}jhfW>4e}b>50fg3
zQI;8?C4*nM6zd70$?D*mPq_{-91KDVyW>ExVpwlh+tezTgd+wKO7jMqRTw=&$s@2z
zL>xGs$mndL624rp3RXZ@Rcnf9Po`g|=H)doRH+#q;6=diXvmHQ%WCQeuqLj7@Y13p
zTdv0Y!9yIX<6)Sq1RkNKO*90}p_nCO6&@**^_v3#WiBliU2MYo^m(kMe9KbMHrK$K
zja6JMTH$(oA1z5@<3$0;YVW7YRU7P-db%5{c}yH1{0;NF5E4^}W(KI9>6wQ)b$Xbc
zfi2|<&4i)xj7#P>Tbwf2%0p?)rsEPwlO)$|CfC>I#Z&m!rec~6)xd|$YNOfr!Bz{_
zc1N@`v+&e1kJnIYUH28ogc}we@SV1AY-EE-u0<CGOSl%9LJaFH-^4$ngo`qgoQZg*
z7MeO1U@y@V4=epe4Xetx^r<4%hG2z*P>lhzTF#}au7yRDF3L#T?z~#YKdH(rQ}6(3
zgp#>Li66ANqKTxrqA54~8oFLjs9v8zIs5=zksa!myYQ8}wG#mCr5H0OPGHK5hJnWL
zWcn<co~CX$*)-cyhd>~6m>CH|8RIC6^DH!ojV&3o)$=7TwWoo|E2)_um>qv4W~maK
zDF}^3=ywI4k3)IF96l91fn3dnw=K;wbWv36R>UI}N}ocHRd<}tu4)slwB)*)i(<6{
zYd!;hgt}&x(KQ<qaIiNWXTTf?doG;fEYZzwLL~806X1x$G*1?!R!W|p&87(iz&brr
z6{i$N=lEKb?$zswo*^m*9|qZyChO)3vNv0ATBav37E|tN@*+s7%;~pOggVidmaJ8O
zS1fP9(H6YzJMEy$h@PWQ!Z<U>3^@)4%h%yM#VWx>V$TQ5+Kpr5EGs^&Qt=Tz=~z<s
z%X~6bOau)#pQ^fCO-w<9*`iuSBn?g42KO>PFBx3iQYnXy^B+F?iCe9fuxbKTd%R@n
z(t)l}DOY%HGZ*r)8j+=motH@{Xd_fZy{>LmmHpfX45xYnjjhWj{(<Q-u^=rMraW!r
zq-LL@=%zsgSAX>CkH30y*wx66X8RRgc%a|=OS!P6ylM)rF6esUMI4jBOYGhlKfauX
zlhLE>dEZ}U%xp(B%}<>J{8%<P_C8NWF($-Ia~<_Q>#|0JQ==9MUh3`Rsu8U_a+h6C
zuac3Av_|o(GOV(1UNnAiF<3-R#*8IZl_vY|Igj#4@1jwBspdnInUwG44ZZ(MyhcC#
zlDzuTmrF#o<+osQo}OG?$lb4Bm0>j|)&*>)UcpB-oVW3la}r|j5Cj(t_ZN6)<;&t`
z30i;A7=PA5xnPofcKe_W3s<^2<<d*prazxhDZDIgzQl5K?ziu|C=%cYa^$)C>nztb
zo1tVwMQ6agma8!ahC<M6BSLNHdyrr2$2O&F&^fzY`26MjOH$-8^Fq%I>zD1ja8cKZ
z^4yVg{9D!OczoEZ7E0e&Y%)**_J{w3y!f2>vp-iSr|h5qV-&~yEB}Lh`X$r~#DDz;
z{q4_-Z@jFIPsqnU;(Ymc6(#bof5^Y_GW%!$Nc{KzDc^d410U>CMX3ho1fFhCBnft1
z#3)pbdPW3>2)<2s{*hj*y>&y4PSiZo=B3m#!}?{qt}4Lc0x)lz*|HR@Z(;`DYbg8q
z-v>r<LVy1svM+pAeEntl`aSmL-&3<WZUyuUpF!JO*mdw9d`Uh$REHyN`Ik4)+JOJN
zuQ-4B`}*C#@s@@Ue)02YIuk#6jeYi0Xt*j~{w|mf``s_fSKm~72l&Oy>gWUy2k=7p
zxohyReDiJRU;Rt@y&vWO{=evMJ|WKx>sM-FRoGFs*;r;>xY3|*?kAr2Tk3r{PTivV
z_(#;}6koqWzxbQ-&ONXRjhg!N@5rxwjr{sc@K=5Rr+8~a9USVnaX8|C{HNs72KnSC
z)Wdypd5iqc7sNNegNLi^@BbaSyN_mb`ngZ5FmitVCGowVkXzUJ*I%ap;P0x@7+wfb
zD!%@0J#T6S$f6`ZG`A1z0<u^tbFxjtS`Ys<XM+K`Ni&7R>Jhh+9Y)HZ+ilrm;cO}&
z?t@8@+b^)sd{X@HAIQ5q<TpME)<#~qp&lN%fAnScd%uk`y%dVK)*)8XzxO%uy&t1?
zTON<q>u=GIJV!tNf;t+BZ+};JKeso<xBd#!FTB#l-46K#*b~8?%fI$5`RW}7PV3G+
zd4E@DS|1vB^+6ieBMUuaYEldAXds->8>-8HrTzOpi^0I-fAZhJk&wUf(fr?hCI6GJ
z;;Y*b_4t4O8hPn9oPP1uZ;995ls|hzIgWgIq)x`{OJCrB_D%VXzfkvg)%Z-!Lvi=*
z{6BqF3Bms0cjSY8{%^m+{^^&*t8eiC_^0yW0eRu3`sp3@#(i~irXO-R5`Xo5{QM2v
z>mV*ZJce~nnc^bcVkvF~?Qj0tZ)~|<`g6q>tl{N4*Qt~=NU8n@bz;to1YhqlI{FL2
z_52RLfP~#pteN}EvZgHwa3O66qoK^q3Q;-sDO>Q6%TubW!k_Dk$9lW)U%dLGf4#TU
zW6rZ2>&d>snP#+TG1$PQ>qJx}K!)x{lgpDre9;(0Nf1ZOJQ?oBXkm`cCvlyEGPl_V
zv;TLU4^?*clo;0gEDx)5U*$dZPa0-{$#P$clxY2TdXh&@hd)f&)de;z8-z4hGNmp2
zly<|-K8S<KGsF7-cXKg5%(6c|-1~T^lVA8KLvRW7kd2~*VmuS_d$WmqF}>Y|Ox`Vv
zNUSBYF7%iLmw{I=Qy`6^5fas$C6*7}TVk7d=COXIp%BhPi#|n(i?9NBixW_cFuJH$
z4!hXb`_q(BJzcjCUA6M;_RO%J-JTiNv)i-VGsAjzduCYAZqE$s+3nfwnPEM<{i<*O
bPk;dcU&?OuRm`WA00000NkvXXu0mjfm`iWk

literal 0
HcmV?d00001

diff --git a/templates/openvpn.php b/templates/openvpn.php
index 65976dee..df97ce32 100755
--- a/templates/openvpn.php
+++ b/templates/openvpn.php
@@ -57,7 +57,7 @@
                     </div>
                   </div><!-- col-->
                   <div class="col-sm">
-                      <a href="https://go.nordvpn.net/aff_c?offer_id=15&aff_id=36402&url_id=902"><img src="app/img/180x150.png" class="rounded float-left mb-3 mt-3"></a>
+                      <a href="https://go.nordvpn.net/aff_c?offer_id=15&aff_id=36402&url_id=902"><img src="app/img/no-trace-200x200.png" class="float-left mb-3 mt-3"></a>
                   </div>
                 </div><!-- main row -->
               </div>

From 76a997049b8341a0bc048d9cb314b3e11134fb8f Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 8 Feb 2021 07:12:31 +0000
Subject: [PATCH 044/300] Revert "Update openvpn template"

This reverts commit 33e5f791c75c778781b184c31ec9605f1b9cd956.
---
 app/img/180x150.png          | Bin 0 -> 38125 bytes
 app/img/no-trace-200x200.png | Bin 33043 -> 0 bytes
 templates/openvpn.php        |   2 +-
 3 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 app/img/180x150.png
 delete mode 100644 app/img/no-trace-200x200.png

diff --git a/app/img/180x150.png b/app/img/180x150.png
new file mode 100644
index 0000000000000000000000000000000000000000..975230ef0d692b3543085e781b31cb0ec103ba2e
GIT binary patch
literal 38125
zcmV(&K;gfMP)<h;3K|Lk000e1NJLTq006WA005Q<1^@s6cd4Qe00009a7bBm000XU
z000XU0RWnu7ytkO0drDELIAGL9O(c600d`2O+f$vv5yP<VFdsHl!8e_K~#7F?Y#%Q
zZdX|+{H(S2TTZ|C+@4-Y=mA4bLO1jxgi(s1*eEK32snZapx?}>fFt5accdsyn)FT(
z2q6hEfk1k{y`TEFz1R2Dwbp*mxe4PaGx}pE=brcMch|N4>skM&F1Pix`v>67HGV;m
z&(3-L9Owi7Z(jm`)<fcNI%fP>{+;cogXMTSKY+*IHU75i0Ds1NI{db-<+C2am&EIY
zAjbv0Sk1@TJ^;_phR1ulj+bZf1$g{%WeKim@n?NOd7-+(>r{B#3h!Hi-h@BbmF%Nu
z#uM>UC7&0n5mdtgemBI!<(*yG;bZtgLd`#NJ^4+yo0*<~9ox6UXxPK^YN+Y}%ga3&
zjw+}|Lp&Dm;jvvp;8v>XHSwPjzGn#Xj`W+}yDVG$o3_H2c&dY`sW}*phWrZkun!Z{
zbFl4%yFh1p9(L}!83wB>FzBuDclDqTGdoU!d!6$n=yWIH(B4~Mao_DQH#-lDy#XBQ
zufo*EQ}N<cFzEOBd7LY_N2vX3en<H&eeSg%ob)obf1qX~9O3t^P6sAuXQ4Ye3GG%3
zyT{3qUa$e)MHp(Y^LL*6O7Z4g6R#oNv80A!&?;C2Rd!K%IA~nJ3oh%>1g&l!JF`|`
zG3Y~xFP0Am84g~Kv%wSO`tlrhjx>_j0VLPePyFlzaIYPo-o@GT@<8%B;8Gjdd-1bS
zqtoExXYdSu+Fw`rCT_?BD=3&9g4vZaASyZ+K^<zkCw8nWpt-p;z_hbEtrE6v-H6v7
zB7lcHq({Rc-m-u;-lD=|hJ#A)j{vU(#4YT6L_UHyXuFEAk!Mse(7WT`OGghu*`9#*
z#1w+O;CAWtS75`|lcB(4>0V{K%LAl_etgaltbYr=oMQ|W<s?66fx>{>+<O%)4vHXs
z2(<_YzD7{+DK6+4f`YSw1(!NR?kz_UwtzwGLH-wEmJ3lHNPN5#$kYO$(q)~H;ZlJe
zBB<<!5HatQG`9z#8|f3ecnu#rS9aB4aJG(#*MX28BuEo@9Te0lB31R6;8cp!GuC=f
zm)gjsd+_+BjtFUB$}HexqkELvHqZ#bz!ImHhNA11a^C{M>{^{Pz*u^dC>+T?Z7-6r
z6@JIhTm^pI5+&$y+ct5FtfFN1zQxj+2Eq{k?)CZ%V0!nW@KI<GAS#sJ0uCSh#oDCA
z=c#aD(F3(7XIRS9JJ3MsOin=yfk@YNc)zXNPl4NRyB5D2FsLh(&;?6M=}!_!^y~%A
zLNz{PYZ4!?EkM?OXPDzN)2q?|t5vXoe$NtFo{|TJ2n(MCNbIfg8Qv~og2wT6lQ5%M
zNu{|7Qx%Mb7rc}ie$pt)?hqpNfH*pJHjV&~K(hV%UEl`yBBgBv>Wk4^hmfBDnKTpW
zsd867yL`5Ykc7GjGKzxH7HPcv5vAj8ZVJsiI_f}_x(E#FM5k0DAV6yZ20g#?(m`~c
zvW)=f$RHpIhoAwJ;v(gxi)e5VmGC|Y?cgc5gpG5P4AlN$z)wFIj&K?uz+f<9x>KrD
zq9<&jBquV)&qJW8U3@2!mJA}2zIb^7vwS=3_n?i`p~R`3-ivmZ-5C}meWVZ5vzuTV
zDM=uDGbAv#l~y`!Bl(f*6R;<nGp!vH|MpDR1c;v7zM>hehHOT3ksg9kP-Q1Uuf@PO
z>941Hr7E@3tk`Q=AJS}Ncp+|9N&`9lH=mQ^W2F6%UQDJLd4O60D<jJ2NTM8R6pEzu
z`a&T<)>!hg%!iHQ@NK=_jXP2XpG-5fn}6{XS<AE^(tzNOsZ%4_t1;*Ffx$x!M&FaP
zDv|$kyC9IMvqwk^NCL-h(ZNXP`)mYrXVmiizVNZ331}?M5P0pDhsntftRR4gI0y*D
zqhZCJZ-dw#yW1(DEIi+jB)BUa(~9A!MmjPQe#|$n7_`>ut|){q(0Mp3wAwA6QQF-p
z9#}^X?t&J6-f{ftu)4A==ZuD|6A06j{s}@<Wrl1`MXJYrfX~D4sKTk>87R$s!EgdH
z)3{JX4(&3zY_oIWRr>OTn<!f0)Ad+bC`LqvhA6>9rc=@1r3h?+vk~hw5%_FWKqiGl
znj#_q$3{=k&uJ_~iq0U@eRZwJ1m)z0R1l69=MAGZAw=FQ=hyKbLaWj>m<l-IfkHX5
z0mY#9e1DRLE#jP=DVeH^0fJeSK~nmx19)JJh_j+HNOwRm)FjO-QIWjPUN)#Zoi;zz
zR2QW`p1QEOf?ymWFioNg<!N_H)rA~O^^yle%@Ys3A93nRpS{w1fwp4^Bc>b#ZsOAf
zHhL!F&!nJE&df8YI}<Z-c+X9+_ttCSjI$mBr=EUy*mc_taCmtUMuUNZg>(eZbRwwm
z5ez60RTtqF#X&%d9kqFZ?a=S_aPU>i#YH^J?<oF~WQIfnLPBYreG8vNDC32%BZdM1
z$OeU8Bf$?jw9*Qr8;R07Fm7xhHnI<y1dI|`wL1fMh(K*J5u+e{RvpsIfLbQ>dAxUN
zcCZ1XN}qFy7A21CvXN{9#yGX|XP2aq4Nj7N)KLUz0tQ<&SkkUCm@A?O#;tAUQl*A1
zAPi2U2Fm}u%qkNd<hKaWL2niMWThBYJYYKAHV>*+tKd!#s*&+*hxcDbYeGR%m#)H!
zn@AxZ{3`uKI;sL55<J*yg3r`jT0lB9LeR}X7s2g`i{e13M`*b?dJs-N<*sntiKjDV
za!65ZBh1tpHSpzR6ds}^I;JUPt!QC;SwD|xV2^;?Bd9QQQ4l1=@wM!4=c2T=zrBMr
z!z$f^Y>rPjN^F8DwPLrl3po>^5eWHEQaTcMnYhgcK{op00LTDu&r|ah?xf}7RH4=m
zVf+GS?dYHc-^F1Tltu`sgPN@JErMC+%Ag#LMP32=o{5){v|*)CIiahip_xNh!#J>N
z=EX%MK%yJeI?k1YDvu-}w_t?4btvXGl4L0TCZ;CA9*m^vsG@hR_?;@Ub~usHqznnT
zkUl`o)PyM%h}n$Z&-PV_BsNLnc}&BcNKks-AzC+zxh+UFrkO_3dzSbeDWDrRq3Lk2
z3P)CZQHicq0k2iSL}5ZW#Cx<5%w#GgMY1gAIjGG@0UqK2Vu1s76k04>gDHoQu4ioz
zF3oB|2CBE&H_q@bwYP#^q@L<{kOWtm-#~7f(Ffg^2$b;{r#DHXBxF3=<^kI$&=Gzs
zQnX6^ng9|6<UvO)P3zv6M|vFvm5fN4%@kU-7z)WGRmVro=#y#1t}({-vj?-a*Tx}9
znhttuKUVNUh#EU@wT>3$ir~`hMjhNLP~juG!UL2n5uO1}yqY9s;f3c`$fN0=MJfAg
zy{9O9NPnsjC1zBP0;t_rDFEvMh1`oM$7sZZtAmnxVsaJ=(hu4lR6tjtJ3WhlZt=jQ
z8DoCi$>0`_Movo4M$CUeil{2%G+@cbO@pLW7??{|qUF)*C}h~|sSO=xYv-b{Fg?Tk
z03nmS%$*A#<*~PSjx;l<aZPnKZ5O&m#Un?p90}p+V4duhb1Ekd8CYC44d{iV@)kQA
z;(1AU*YO(p_uePvP^h`yBh<?8t(}s?AwGu+{L1cY96LUzHmpjDr2H1D$s=c_5yH+D
z0ufpsdP_Kkj^ugm{en{|V(p+DaePLzcL>snt<tGPWsV~}y^?qCbV@$DQk(N=q-_}F
zeCaH0v#f7QCjd5ONGMMwlMqT!mR9XHOiph=N5&RdT|B^T+Mbw(qBF^KYJ@<XoSTE$
zxeYuZs4a*(ka!sc0W`KMf_I7m%mWWWOp=)`LPQ_wo@&W4WnC;Eb!-ndK{5ssT@>A?
z$goHKAQ-ZNYR(!Ll5wITN*%-j!8i@Xp`%j;vMqtYrvIEqIBRj^lC;-&aW*gvykMF$
ze^$9^{jcVo$eV%!MaYzD+zL|A7YOP_is$JaohdQtHB34f72xT*NH%DGPLe_hrYa0s
zvFf8F3&>*=H?5VDrNL+vEGeGC#e+%}{<H9+#fQ|Q%u0yjnDoKFtC2{!sunwIrF4s@
z{<@BBUKV0iU{9q!8k-vtY-J0jFiK8R@Msnw)8dA?%`h{!jm>zA2Uqa>HniKseZ~G9
z5b$KPW{K^5##hq-B!a~h$cuBURF7-Weig+uSBizJ#~I6+qMYp9*8gVKwZ1Y-2!PTJ
zgJqgv8`v?ErdYT{pC}W^1fVXYDF9sV>4T&TB52Ne(9ggxT<`=q_W}2X6HnN|hyUP5
z*TGdkx*p#6mUqEzx9`b-<sxM;%$tDb_lf9M@Th0W#*n?VN#x+vJr0@u(q&v;fno+f
zF~k>gGX=FPRMBCHS+Qk+wEK!UGf8Fz3pq?`orR*M1sdZ!N@tcpYNthcgFqO?DLYqW
zL8%rAZkqN<G86w~b0Bf}Duo5m>;VjBdj67slU1fOF#!`KZ4sO;1ZJx}iTkGc7OTrk
ze9g}ECZ-tm08Ml_Nar?gMKjz4^K?WvT2K0DuSUCiSqa+>9&DZ!4ot#h#1h}DlEzZm
zhPgVR>X2q!)<JYuuX$j)BwPR@{WHszwPR_PjVSm;99mnuh?m4g>yU(r&Fy6Zsmec>
zOeXo1ZJ?Q*orX96$*bV8=RXw2w|m|F4E}k>1&@a}{^h$7*zazd*&-;?G!x$<14V2B
zmBO*3V*}U#Oy`6QSj^MBaAQ%H)bzyDY5`_X_8gNS9K2@buZl`00R>od7e|ZSFAYTd
z+ktO9KWImJSA)wtO+O14uGkh$VCDf^5G^U#D>*_S5{PL?x6zJVS0cGtp`4h6ndxbm
zLhm2NU66a*<4=LMVo#tWhYr5m^xRekQYbo1J5VEljq_Vz5v?2OWkJf&#&L>XN&KmY
z9X^*FExyy@=K$rcbnj60xGjs!f#I@u%^ceC9i4_pI16py!R+D;EX|PUr3eof^{qM=
zstjhePZuUmWX=>FEQ3NYD~HXAL8fhs@8B_-#cZ5#{C4>0``-d5;_o}#Uj943#&>w*
zTmB{~OPR!1+$DZZe90%XTcqbf`D6@0f;b3RYWSiVgrs1O!APnw*?02hUX=@V>yuK6
z1k5Q1CoMi8&txfteA<(vWi--83sD*c3p~=7kxmpxiZ5ztBY4c|B*8>v<`Y|SiD2!b
z>5HV;U@&B*i#cw`u@t6j_xd9~c5-q8f4U500wYld0%1XcP#`pfVob=3$;uYZKzK|*
zS9gJKYlrXB?xG~ecU(quUKpXx7|nOy1cI5;G-idZBzj#Mm_{KW7eo+Zn_3_7V6D?^
z$x>P=Q-)7ak*2_unbhY>wOzNCSwe&px41}r{cK@B2^WrMJunXI^ajp4OUIve;P1Wo
zSAHxoCs6-7EG#U;JKp;t0YbcSKq>wNn4Ou1cfR)@_+F2D%){{5CAjF~%k{xS;`NGr
zZSKh5fBvbDg~gRV+!JSo_k83Fu(Z6&r#$@$4~Jd*4#VBgJQ-%ErWnwdeg9gx<cjOy
zDUW^-pZkwr`VKc7{k?1NVc30O0ru`cLfuGO3@beq@=XFEaZ)njnTxj;t%hy77224s
zt>RRQ;Ao?yqbVIC-vk~guI)8I$ZIsAgGq`2R8h0q8^TJj&->fRd8ZM`olX~}wMbU)
zB-&46a70NHdL?v0T@bwS{fHkkbwTBC`(2>ie>3deeLGBTI)Rm6Ad6Fx976Q2opwjx
z62S~Z)}uIfL>*#gkEcQ4Vr+!~vCd4t4ZSGCw8VcHxRpmo!+`8J-6-0k8hpg%6Qa%y
z+^tYd&7bf(ZSQP84NYX?;pZY}{^LJ<39Pq${>$Hhty?yUXKZXc`@Z*r_kQ5xsAvr!
zXZC;es^5WMde&3ns;jSq>u<UZe*5{q2y?SDaM5=!k2dJYxAW)G(MgT)`agIv4A3g@
z*hiiN8#io#OMh@9Y}~j3KJ?bt!Z$9y3V!RCp9=Rl^Ax5@FM95iU@wC9=N@|=Jojmj
zg3GVE5%wNjfLFZW=T)K>aPPaG0@vTV7pL8}NJ0WpOTmOct&T*n5nrYKQK62uaL;^m
z0!?(?qT=0T9cbgUZ|-9D_SNF?s{*qcwpG($Tw3mPJJGa1HPwZ=nJJdy<iH?jMq$x@
zJo|VKZZfLDz(r|HQkusWM+CMQ_?|;%@jH4KeExd%5cJVpI5oEk->J*C<=ROoC)uql
zoH6Jg^o-<enx2`%YfmU>T#VT;Nh;>Wp;%*-T3TO6N0zn_@%@rr@&&hv&@&gWZOXpQ
z!bv|#bTydu!x`8~S=AXO$4QKN7>}gG&(D1N6X00eYyRt-;m_Xu?sdPLLohx5{D;A~
zS&O#YcJ78Z|Myq%F;2gvuYV8e%A5c651EV8&FMG&{KhZ;0?c41|K5v#6<&v6CJ9f-
z|Kf$;g{MC5A>7I5KjdtbxCi0O-@J^k_}B0KH2m5t{s(;RqATHk_r41sPv5`(cb|hU
z=}vs0uU+(g_{>)?iJCho7xX%vQ^yLBC)le<;HDo>!9Ar&L5|zSXXumxhI9>*^0<E$
zC2k)jZ?89C8bJ!+($WeXJ-i4<k1oOr0-5+T@#IOQ1~ce<nMS3rrJyu@fTglJbF9;%
zIm~F4%=M~7(U-NMft5-(F%KJeoDKst<ME;NUN~qt#1qA6x7~?KIL{(HOnVUG46E06
z=2Hk!Jlg$JoVrjrmfRZa65=y!k1H&^Dx2P!lTRcz(;qKB3WzF_a`YgQo2@^E&}A<|
zUmi3VfQ{p13L+_c;~Pn4;>fq&wg=w%o)5#fFa93>T)yVGb02iSq#R@e<wGC)99u^I
z0zqxe>W^Rb5_rbbo&dM++yj67>X*VVJdMEoMEIjuzl0_DU;fFf;c-9vFm9E5-tBZA
zt?&N(Pr~urH^bTYI29gw&VArJm;HdlBdM`}@u`o55B<;ojQh`mi!S><J8?e#`ESDQ
zyZ6ECU-oR_X-FkT6pS?NGq)U}vP2#<`b|@?*_#bS0x+`!tG!$QlL)aoPImOVEe+2k
z(2W?(s~luR9Zo=Mb;RpNGaPZ{&O}$FG6I@RaU2b3!0|3}c~*_MJu48`JiGIfWg)0p
zQIF;Kz~^plJP{^vF!vV^D;3m)3jB{E0cWNs)%PGaWTGWSSZyfXCJ0Q~_o|yj@v0QW
z!jGdw4N>@lPnVHFkeLm=4NiSklj3#k1`!}Mo0SH9=FrZBwCStr6@$!Ghub~J08K!C
z$KQS!&O<6<8tNO~^1omadGH^-`gfS3*e1N&rH0PX@zOu|@9^bM{tX<(^FH#4FT&%_
zKM&sYSAPp1`uOM29Jn2?b2cCOCcO5$-uDl%^G6rL(|_qD@SRJpkbB_JKXT|WeCN{d
z!&8w?od3}K!LwfY8tAVsaR=VIa~A{r>g#TSi@*0nc<N)$VW+|?|L867kMDT{xBtbL
zUxff(VSswICHpu_rDq-w!Xirnne~$PkCq4uG=d>mRtLo-lSC$uKL;GuVvI7Y4e?j8
zqT#vZ2tl9`MJd!)ZTC%zk&Dt&ICzLQ>w@@jD3lY|40N16#4b$$D})j{q$QK+4nJ`C
zFifi=$P!+?lVs5-(KHwaeNhP66t|4`?}`;Hf;Iuyd=O^KHbv1qeAZ@BIXA?aGHpts
zgXDD-JvHuAs;-h-f|v?(`f0y-lgI$sO?0HW_|Q!t-iFeXlsSqX`_^}_h{qGiZbQjO
zfNa2)JERn@%9^uzh#cI$Yab4dzZKBqZ9a^ke%Wt74_=P6;&Esi{0?59zMy+iAjU<P
zT*>_V^{;v{O6a@D6JtYt;Va*Ur$6bDc)h*w?eAQMJg_Hp1oyxDeIMtUgCsCpG!TTh
z+<H5_`5hl%X+-fQqd}kD-E>UN(z?g752W~!r6X`^){vz++pX&%pC`(qhDws_6`O)3
zElSyrx`;{2w%Y~%&}UIN$(Br<n54@@w~aJo3Z{{2kOEi~1*B{bnNFE+YRtA*4lOoe
zqawA&HdM*X7$fCCBylbFW)duu8_<k*XfF?L4#-j+oIRG5iQ)t-4s7luE6`F@(n9>l
zq5wjQqEsGC@8LCN&7Rjxwq%MkCKN+w6`1B*2+7$P1-}I)d5!sLYFPNp)0<9toq<k7
zy^jFSZO4y)^h06m=6T-#+W+=f@VzU3$on}UMefAMlTx!2K{|`{;C}bH2Ot0WuY40O
z{N|+)={+7hhy3^Yn{S63P$9hh%By+z53jiq-uIzT^ZoB~+KKr2Q}B^behKF0X5hw~
zcfrox`{ANXuVe+38t1}qUj{$C_GY;L#@pb=TX*9Ad88koz`t+jXFK7zt#JAGuVIiI
zmm}VN!_7PKdbh(r|KK{l7fJ6MZrK?ng-mBQRr+ZDlSBY<`H~Z&Ch4pe5IV1epq*$t
z_PmMGlsu`!p#&gNClIK~G}lGoPftzYGtIE_$5xC&O^x~t&H%xRUm=1arh$>N*I{P~
zo9$czI3H7}GRlHUoj&?p9)Z8-#;ag@9zBVZvrsun23TA;%=Cw1NLEof^f+5gqjN^&
z?ugH?LkVVMr!OdMluVCR9byVzCe3uBlNpKPK!i$_?BNuN>y=WN{aOU8ssquK2s#*8
z5EL$BuW69EZD%}OtuSHCxZ&bHYJivh_AjH<d>(xG<6l6U@F!p?P<f~6S^P7Dz`6J<
zf5!m&h3EYqS}(2y3l$8xTNBjgtv+zMo*AEXDyJ7Ml%v_BIi~?G<6F?_&a!1{$YVrQ
zBtVRt)+tnidz>_~E28bytE<^55KQ?Za~@d)`pZY5>aVgleQL4;lW6OuWLLT)dGn~V
ziI?_u;Ilp36Ez_)cUcLe0U**g3%PX48);fC#mXYQQ#^(o;8b=wywj7-oClGH(Go!D
zJ5*l9>*~eQp_UQ0O!N-JKY#f{u<67zVgBU1K~+rg{(U=dLZ!B(_%K+ZFjkx~wjXx_
zPeQf1{?P<jK_}Xod;K0PudK4Os1XnE01~AY(6zBmx)WqAYHLi0XA1=b)y#fQEg9Zo
zIvkk2qEyA(TX=L90|WrZz3uKkjjBlUMf-f$dq0MX+Fqm+@6nD`5a`2t<$0h$SzKC%
zm%aLpEFHgd=?_Hm#7t|i_i{-Z8CZipOQv-AQZg}2v54BV1?^<NgY74mEJ;rxuR;}Q
z8q?1dktUfb1O4f9z&=wCrW^x~bD-Zt1T6jLA2Ltzbw}~OHaNQI=%DM;tVJ|~-fA?g
z*}_3eAg5ZXJ$ec|bgCnkjNl-0aB$|)ES0a8BCS~KZzq$TlVe<=raAm9X1kURYq0Rv
z*k<NHagm775M!QiW1X%&l*p;5Pehri9NyQ9Nd5-GnH$1HuF3Ho3TnGc9R*9!`zOh2
zgE!a-IuO{z8KMk|1Kj(J4(lZa(-dtNMXL&M1)2>rd+~+EW%$+KdJS72j9*9di#Aw3
zQfU7dzx-|F)mLVw95v&FOhE`Kh$&-dV9d>p0oD>IB`C<Nr%t?mBHQIY>G~Rz!0}a8
zY8|_eQw7FJkdo7ZN5Id4;JoAwk_4}u#4Gb4P(_bILEA{6(a*x~XL^MxSZv0t$qrkh
zR4$ocd*#aBzzo7eM;v*lNwH`G^my$R@*0){n3~>z60{?Ek|1{JD1dyad>P{4u(Y)}
z`>9iktT?p0jS`p@K_^_81Dt3ObH+^z22SIySyU!L<HJ#IquNb0%y3{-L}%B!j!`*r
z;0nxqG|}<9sA8ECG?H8020)fO6CrDJuVvP2lB{n45%hs9VN=Xf0i7V%LyAoZjf<Oe
z!DV(C0_wuig`_})G~D8l(O77RV0QL}G)NVq2Z_I7{Yxwb0qWFvz&br7d$)$WW+t}?
z@XVX#^1oGa0#&w{5860);$jaYneI7wopTOH5ToxvoF*JBg!X9)#U!w|xORrbaFETk
zEImtUc^#LT;3R!&X_ZWd5~M}kl=(8*v`I=GIszLvZGp}6TX5=caVr$647%XeVqr?X
zn#P!>ke%5_Uqf$skq2jYavJ)iEY=dxMNXs@bn*}-ptiGoMM=x5G-NdBKwLp!k3eEJ
zG-ikTAv#l1z?kKVx(J03L1`vJQw|NBqzvcu(fd4+*VI856-x&(9vUE*k4{8t3i&k9
z7~Y~APh6PMaMJi*$E9ngMFkxkd}tKtbsVYAB_SI0AQ2FxY}84xLVBh+!fiNfT&~5W
zWQgYLNJHr}MsTa^pCxI{5?Hi<i|8Aw<VM8^ZN!otV)I?if7j|9q3NFzS$hafI)`|p
zQ@+_E^BgHgCRw#Dq%#FD)00!$7LtYTH8Xo@wGT&*9)a6#y#<aOJ_0*VJPkH%khC%H
zwM{t`w9vs{rC>7>2t|r3AFM9G#N;G9R(g2dnHkX+5_qKi0$FLqH65~99O8@|M#~V`
z=06!NB@*L;-}zd>9Fjm$3GSn`b|y=r0m4{k&_QO>na?%oLDRfv?^VWdrN*XbWczJe
z3F(a@7=zx@HT;fA3fpvIpK}SFjt*HSwb(8LWDLQ{TRLm7#$bzQ0flY4vWQBYNeHLB
zEM<VZGzc~8gag>kBNl_Dl-8NlV{3xAlWF5hN3PK94b2!qU{=hR15BdQH-Ug&aYC8U
z5W+DUu`Tu8h+=SjbS)`XG|kh%V-F?%kcV<&whJ5Qx5B<Xw{l+KjVnvA?f6q+$Bq-Y
z3K8%OP|Codcs;bj5Dj7JS&bqMp&4e_TY}m7&8++#J$e{sww=UnL<(N5LP#7x8l&tL
zV3zeAK+T6zzhtz!3+49|HpMi@ltY{iA?ZF~rn*FboW{L_>R?7tT$E~#qwGvVr-5O@
z%EjnB+FNROMSM1dYy`G^W4Uu+qbtZ%OowthyZ1Tz<@}7xTC6N&eA{RDw4na+@uf0M
z$|ht|&FXJB6CM`0Qxt0ZRBxU>x0&L67Sk(@Cp?ong1`u>z*rQwC{{%@p%rCY8>rBj
zV0pLTR6<kD4WtTP<foHUlYEs@3%Rt(WM{Q7tnLQ=#|}Bk^p@*M@Db4(@?N&PGaN2T
z@g+O9ACIo_4lFJ&!O?xULd#XKdGlsyb!V9}`BH+5NJ5YL%V>pJ;X*ZiRCoz%(;GH(
z7E4|CVb`vm(4E;V103IFP|14}_g`FEg6ZxAn1@#cLc&F!EkeIX{Ui8m8BsMy1ydww
zN|jhpyK&JfQ-H84cX3vRGytN=)ql+s7zLQ9Bshs^O%Ra4tmG*)oPzS3I3-B0Cj*F2
zlq0Wj6Jw1{-Wr%8jw17X#dND+N9u#RB)9D<CdN1&Crj-zd$|RCoAh<+z;Oy_3xkyb
zV{y?wPF<2K*NUO51R!?6R6}{b5YqHW?@3^`uv7wMMfTxQoB`S`1yhjnU9EP9lLk7-
ztBD_zv}Nmr6B@+>i9LP-ZUUWn$Gny$Km~F{0Pn&?F##o7MvBfX4vM3!T(UBZ)BdQB
zU~dVvA=*JeUOuuPy{HFa2{lzJ(J(Qy0XA$tfo<TUsm-wK`YVvS9ER=lJ0!uu3ymVB
zR7!|RbJP1*2Cx9p@eu*%EDHq{NOVY1?YyEhhwnbC{o^D$Q3Y06q--I8C>zsk=uBjZ
zDX&n^V6C%;;6VkWou?HC%2+?n2yMu!9T{~fe45goO_d=U>b*vRvFXT!dK^h|qXJxG
zU*Xb}9~6*La=I)FMFCwgz>KrX_4%BlNYsKPfY-PQlG09;q-ZXZw~2}dM`y7!qXd)t
zW?E!lTP-mX;u3dJ8Zq!gr4@oIi6I~tA@bNZIy$JV*M^OAu!vJRNmsHQ^l>WZ#8Rdz
zItYU(exfM0*=9{j<&mR{97am%Qbg6Ox`zNkzzqYM0FS`R;y$$d9_4{Y)`@Os746C^
z;AXs*?rO=i<F)6vZimhIcY9)%a|w&?6wfdR4)2ED=+&j;7LOi<*{vtXnUkb*e<T#8
z%4gUp<aA#q&|>fsABv{S)dNg<CZ@MSj#^7KE2Hk>vdj~m>A)C*2*1K7J;<xz@IjJM
zjM~>xDO3-RRR0N)9t&^EyoQ-2K(x?0lZrm$rz$NCls=N+XmT^Y>Q&0;SuM`{tO3P(
zZZ1{gnF2bIZVcu^09ZInw^FXF14SBGs)^QC8bP0(|E9Di^9CxY>3i}5)>WnbK*w1$
zTLx;1ch=_-Zi&x95|peGElN<G5|=e-Y%=H|%rteG>Eznfap*8aN!v$21z7I&G}9Wb
z9pNDELyzNN1ts7jUV|JvLv~IK2Lpa)3J>)tiF*qNpoh}AMrlczH|5M^43VWb?4dJg
z_s&~U+IJCn%VIr=&xFs=ZgH8iqLj>ZV}Meu2Sm|~872xey7sV=e&IM4<kf=(=r1Al
zn%cp$5~xlBQGrj{NF3&6sdivi6p7bRewo-WK&sZI?r&p4W$ql2nIptTmJ(4a(dZ`Z
zoTwqGp#d`0Hrj;I@~$A%X<7#W6GdwUro<9MU=@b~Wk-NUjX7v!gMdn4i^#HqeR0+Z
zmW)tyoIq`!PaO~p%33q1WB8?Jt8{7(4P`SOA2X69QZ|Kw7M`&Ld7owvmCkg@E}6OT
z{^&=6Hg;%lWtq))WbNpXH6ir%Ia6i^sOK?e-T=jc6tHn_BZ6v)yJ;CEbp_)2TSdzR
zmBB@%vg_BZ57c%gN?+gIz_sm;?7R-S_3aFz$?18RDRE%6XE=KW5f1xzUyam8W`N~G
z`-N_+q$4{yd;G}40?C<0x2me3p{dfQUh^H(1gJubC_<37B*8FP*@K3m4QRgH2xhvA
zehcTA;&jTaXs9xVoL@s`@kjwukj>We9Hj|~j4MD?t}@rK2XTKmv8Sj)2yvPM8@;hg
zUy^oSL12>6wor*ZnWkC;XB~NQeAXyc#pbI!S(4*`V2wKs9MEc^!iFr9Io;o8hd9#7
zmK?f@Z;{jm(gv82LNg|PJV&aTLdz#|Io*I#u%#|sYJjDcBQQTT$Nah0gj<NxN7{tV
zdrmryokoSmG!$ZQZgpl*2}H{X+KStq38oNLkTz+}&vVhm-qInwzSqJuILow&PRu}m
zaX(7mn>dqvqKjZ5@c9n5Q(GJ-Y)c=(GMefrfNMO7m!7Lnw*OKbDw7CsEr=@5uXb9=
z&`$eJSqBd3Y)PL&t?x|*Zw>=_3R<1*c+`aIC)SnfMA2&mvu>0rkJJX0B?}}H2{Arf
z%ITUa=v?H!rr;%|E2A9*NaAOuk3=W(o;dOZjydnNp&YabxV47ZEbAnNft;}+axPOC
z<Oaz}QaO#~s348(?By%t*GipaCh}^pl^73^0OB?_(;g?NBG0U<ws_NA791p+C4-VA
zINPdGinp0Vm+bbY+I7n)C8sA)V&cOMMgz4I7cpF>sjb_LW7JRb0NaxrVP=zKi9Dpp
zze)!F5S6_Gr9IJtP?Hi@aq?`dJIAhX3Rc>7{AsZJcC=NagJcyJz|Sr~YZfJ>Drfzn
z1XG2oZVYak-pQfEnJR7R)4I|=hICvkA{5OPiXm0DDW6gXNEO3yxhiQzvkO{6U`h)H
zIqh*}0CqVOu5qwr1kL%FfDz2T?d5#>t4u@1fNN7?Xo68MCd!7?VDm<};~~bklJ_QA
zF$|AY8fBT1$FUarECJHA6AgRuS`Y!i)jc&IEfFji2U$Hbo?Ys*CY!rufKcoMm$oX}
z3`%|rRrX2-h?wgNp9;IMAfi}}fIl5PhFr(qu~ei+K6K;=Pm$f06YGFVoV-Rz8c^D9
zAw55T<lrN;OrX^5@Ju1`*Hm|-zjOdrmX7dXLX{FGCug`02Q?QxN4ML7<BmH4-Q`0l
zCT3U?AJ}yxTUd@e^{#Bzqb!yF(t=Fo)(vX=Cn;-Hnnp^|MiQMAtwD^G;9`t-5@u>t
zAmO0>WHHiG@rnxI9m1Jn9`{Vg@nCj&r$CQ63Q8qo*SQdtz)BTWr&W^x%nogHhs$Cj
zO!LfW2fu_bz?NqS*+7cY5e(znS&f4%$u$=2ivLDRpq;BFIzWn<r=xAK+32MCFqsk|
zaVpjFgFdqj2$Kj#&SIpW+Mdla!c$z~v#>=Slp#%cG(ERVC*^!=^^Pf}*?Z`)l>5T{
zGaH@qO<lslGNUu))Q1q;pipTpHA)buY`3O?fX<WQ5q9RVy_@(t*>yP$tjj#SK<Y8G
z`9$a}AAt?zHEd5oYjT#O^~ftor3=V@O|*mgzs9FnnX^h2a0X>9wFoIBm}kAZ=`fK%
zCYhDknF2-`j3Q_Vt<vMTkFSpwnu0(%&Gq|uMh}T@Mt_Tp@l*mXN_J={ik3BA3YJ}@
z3T8SBwHf_2@zGmHCn*Y<=_L`G<hKtY<I8$LqZ|Ra$Z10ca2^i9VB^y4qi+~r)GncA
zT%!u0wT(IAj!O}d1gW&HgWe%tD{x3Bgq{EkWF(P2mEQ%#COcC8?er$J7E9?!LLxt`
z`a*GHYL-}4`fMpEHDpr;a_WKrsc4Fir4&S`s5Qn!2DnV$L$s=_K!4>BCmgWr91%_Y
zSt_fRJg|IcnryL9PRxl34#7_QxjY!X2Lg0vcAj15b)6EL>N+bIpk`1|$=U0RLQBq~
zqzef5rN}%2d~NH$Xbln3!{q7|eMoIs#CmpS*`hXFVon`GTd7M@2F)`V>JY6k0yP<Q
zrFW45SbvrVBqQjlrZ1$L9L9O|n+8?LfEFPc48SVMa|lPJFnf^5qU@MtU(9eDm6s%`
z<HQ2aZXRsrP(UbsVDn(D?ra8+kCNUBB+_)q(-}p&g(}{pinEVAC)<8e6tvNyGDN2Z
zdEqE8kQW>Ri-o9pDr{Lz3nzSCf`CMCh=W+oo5oIT{Q+(pj=HNji)PqcKo|3}(iP2e
zF13u8E-ezcDpX5irdcVF%ovkw^lsC08~B}Nwlxm#tnszI9WQ0kqjJI&7*$JkQS0cS
zeOYt)-iil`lvps+T!2^vUR~N2Qf8JZ8ARB2#VUUr!UR*a(maTetS@HONIHn6Wx2>8
z*duGUSHq=6I>jP|RxDAfi9;&f7$W#+t23}fQg29v6nSMkqdQeo&q-sCbV4PeO<neP
zEL;we2}2?}*$4=b-1PErQXPpR!>l?c*MauDXbw3zYAseM&mzDMku%n@Q)n1;+t}HT
z;+$7xta}OIAr1{8My>GiMUfS|q37}yE3%T&B3EQg5pbP^1`y~S*OgOi4|y;9i)h(E
zr^?C-o9rmaNg@JUDOZrE99^-C=id@yK#<o~s(M_JX~TwjIJ{@KNHvZF0gW{-nC7v9
zsP!{QLUW<^!4RxB<8&CbsG`rnOp>}%Zmu3rKFcJuvl&u>OU@HoyeLrV;c1YlK<m94
zaz`74pdfcqkvE|#*0{)%6&}VStT9b&gftC`gn$Sh19nsv(uwkYosN;;>D-i2k|yIk
zDl2G1+X#`7=pYTmBvIlh$|QS~{FO;zTV^dtG@33yQKLnJGEYYRRrc;tt>)U6bPGZQ
z$SS}NK}6&-@=&S?0)>>)DvDMXvyft1yjqKDtGsW6REI~j5P+5_i^8SWVm2eD7(;x%
z1@t@;3F@@kl3h+=sUY4?S#PD%@?}GvVd_SEt}Y#g+i$%Y2V@tvpK!9&#$XR+4KA8i
z0|z>>%{e&ZeFA~3pX_g=8gbgpGK4I_fQPr{6>@(XpD~bXkxCj!?Q$8vTjgh}qF$uX
zHa!m{ZX=i4LFq~vy>y_U&df<XEo8t<($mMPpg|?4jhK8hs6lj*ry`6t6FAK*L8he{
zC!xVJV}0tJeyG&<kaKjC(=OfHxH;Q;#c^TgNRtjBYZ!SS1sESA7Lvw$Q5?i@5gXib
zuuw^JoFnT<TAG9Yt)gkEnY<8dx;ZOQUP}!*maK)C__gh;T9OJVqh`=s=8Tt3b2D5`
zl(S46)vYVCnNI_CG;B1mxlrg8J<IL4-U#~-9D*&|SJ4tO2^+U=gS|H|r*_qWNGW6O
z&SYwToANTcVLfb~U^b-{@{Pr>i^E8>nF^f&eHz3xOWE=hCO3(vm1Uo2hpO(fen%0C
zarG-@w_@dp!(U=OfbHxB<fb`$F>!jN2aoJ0l5@{y9(yUCj4jkKV;u5k>UQ-$$y0qP
zPB4X_N@$(VG14rEg9gd4L6!0F6wqSF>O(lt*p3zl%3EP@bJ<7Q678DCY4w>c;nk=5
zY7Ui{76P3lS>fzi&0Xs>{8Fww7)f$$!6_jX<iS{E+omGq)LUMQhl9)Y3UUgfs~f2X
zEsepnhD>EFMOrMqqX1&*Eakf>W4&;b>Kv0->a8rop1r&Hx)e`+mox9mk$VN(*L}RN
zSUHM_11oDleG_L+MT0k!oC-oNr2uJmmD<~~l7QuCa_IrK9)YG(sRhFuEt0`ddUWS|
z^fHbn*$QHHIT~2asEg4ctv;H$bM=wM4P2?0uZE=9d5!VV6nEvp0LF)WYG4pIwpYhS
zto)gYTypW(L*kEQX;4dmO7C3jjR0*(Yn7xSgS$(Ez^Nj}ZskHtV_B_ZGwG?c=4W<F
zN8(JYM*TtyKL(9s@srR2RF=X}Cm_$uLP*%E=S&rw0R|{ZDT0oYVnyMsHQ+{Q0!dnn
zJ`?&SUQ+^P&4q7PWgQpXsOB71T&fqBxE(ia*aV_iSe;Ly8Kw|BwM<cC-g48moYzQJ
zm!n6Iz@dW&V8h0F*abo3STZSTWds5wON{lozAu$wpp8qKadIr(x0IP!SMZ{PX(cY{
zCiQfdh1Q#P{NA7-jS~ULtpsm1+VV*WCQt4}6dG2KCMDFWxDC$Yp#==`E<ORosU^Tz
zYoUpmIWR4Z)3|t)${K(af#o$zBgG=qKh+?JbmGKJ{Hc9>B*B^5m|f;k$`r-O!yvNd
z2qveLfrEDNhfG+u7KxQ;P;FBMv#fgMbmVjFGnJ$*q;vq==shI?NQ4}%#X@#nt5@y3
z22^EKh%SBb@L@P^>*g%g2-1uYQeYN2N6PjLf|-=fRZYenT4x{)=x}NmC*i7fgAxE-
zIicaXLc%KVqxY8nK6>~7967qcB?Kr=gZg3TZMVQZ&pI0iNjJ8y7_;(aj%C1eDP6UY
z$aAy>sCXI;*xpEmm)g~>{H|l*w@l{n{tlNNlbRp0EJqcEkTZu)uvy+J%=V#$)M?1l
zI&pY;))28vhnC4*oIzWqvH+(7%eW>97qoM8#Vv*s#vDZAg^u}gh|{aov;eh~2*;u!
zi-!+tjwzNUhC`J65czC~qS?y*<_mNhMR6JUK?kJgOy~};F+!1NUSp=60YAPgtvNCP
zb8dJW5NyM3s}?VLfuxd@Xz=91=w1k(gk6?mgUz0mI)J2VZx*HWL>D3t4Wime-DOdl
zT4+1w0mYJAc(dsqBoS*>ju6xAD4E=_9Xd0cp*6Jue0Nr6%4(IJEVQJX6|Y}FkKl%l
zn>aRlG^#YISCR>)P)f7uFKVn12Oe$oe4Q=|gHaWQ7zH&^btlzu(R)c5?S0iHoEDf-
zDO{!iH!hgtU0h>EVmM^xGa({F*Xi1ZGDB9}-xVseNWX?{7*s827z}KMGcZqK<ROWB
z@<nYq1SjBN`cR~NxJUyaMa=PoRc2&2&ywWRF@4QBZxGqf(?2(A5L>VT&Rdz;f+Nf-
zl3bdhV1qETUPp-%=>qpo5oeZT#cP9eQMt(N(#}gKhPsu^Ok5CfB&IPZG1dLyASydX
z-)srvp!F;c9X<-%+u~+d%}-68h0cB@l${yecbEg@ciz5>J8R?I9F$$D7ftn`sp=`O
zJ2<rwfxHocTk=xP9N-S>Pk^AcqRHsdgQ>}BSVEdY(SL2tD5tKW<>t6hj#)2k)>2`>
zfY$1%MNvfsu-)y*O1Ikgw5a`Xppv;1P{-I52aSABp?gZP)Y}`=@>Ei@7z~hvAqc1o
zq*UEjj}_his0%JjFf?ji+D#$yR5McBR9q=g9T;zpZ(;yq>r7JQjE93tWa<c(azzI$
zp}<x_vNWm|KahvqqL3Uo1~;5`mJgtF;V_%B4B0N1<iP;z$GCkFxts_iQ_ccd)-tHs
zDrK;jYALbnqREWv*1=HL<gSLIrN=-hkeYDd+4>=g05w}<h$}BFEW!p}phtv<k046#
z$kMsr;}XCN3oCG7{{k0gq0(aA$-wc?Ep%s>lN-@uIK{Q~oVwke!x@Hxp^$%<Gn?46
zSPfTUa%w6%Qpf>9*BGq!gr;cuUG6UHe?tRNno`1BU8{_PzEH{Q3sD-`kyQHVMRZE}
zq<oogNPWhvmPJVFUC2y*D)jVN!=|p2%7JUGa>(@qd({*`Mv;?*HWKOLtHcX&cWWkb
zLCYV|bf(2ktUMNXjuzGqQ4@AxW;0W~ToR7}nMERlu>NmT4?rVx24AB+wGCR`jnH4(
z3!~m)h^=Id(LweurkrGwN2jR}8?RXs7QjF+*I=%!iWc!W%Ek!#w^M5iPoLZ#>DEO{
z;ycK~F|6dcK1#CXm1UTop4PUNoI9QoXlAJT0!*IPOPJrd0YSZr5^%^>OM5Gnr#M1@
z<IhqBQ(KQ`P7URVdH!g5zew_l8MeC*SJ1spE7Nu-IFHdvbq#t#YigtsJ(SXOT9T_a
z|AO;zrXc}U#H3@VoYzVU_$1JRuH(qUpj7IX@m-aoLDS1(zlH#5xjfT_R3Pd&=fCj-
z`K`EEJas9W2q)2IJ*>LOt=mzcmaWOnYQj=&v}h-b1Z0`hEPP#qJ4b{lsLZhv<$q!%
zYb1O8GOXQaq#=YH{CYRK2M(Uj><Q4B-U@@|eK1@-3~7eZb3z*3G3O1;JSESP3@%<J
zw!M!?Z;4r!B_0Yb6F|#pk|(Qhx*!l)G_+%Bx(zC|=@_mNM_*TI(Dr(giZzKeK%&<Q
zbu85E*x`AhMX?R5?0Vj`sf9}2D&K2@;xq909*30n@je|GP0m7#V!&y}A_{}l%%hUH
za_}aU&`Zp(Ns3cRwmr+stV9w;;Kes_aIK)Sxb2Lt^ficQw2mR|VtR`-p|;O1wj+xT
zZxYq#Vl{ysbOvu^ECGak_H*`k5`gr%QV%rUe`G~#DqY7CC^(E34XvR!Y%#S(rFt8f
zT{J$Sfk+jF<S;M^9^sY#4)#67sVRM}=S3cx_)|W;$l)RtLX^}wpj{jjtQ_Lt>&%|W
z37Lb1-PjR>c&OOd({qIUsY7#)h>fo^ORbcM*Ds`U0stJp5fpe{Gpd~zvlXvB7%a?D
zs166%Bj4?@G*t7Mwn4wwXD;1EWlIy$_+80ENi!d1pNI}p@jBp}wzLt{D{S@HfQsP6
zhAkYvT24%H?K$73852!stEiZDH^BfU^YVe)xH>;qD@A})75=b$uOutr^G(mr!I1+8
zC7O=b`ZnqnAn5~;ghSLds0|<`c&Jlb3ewb~_*omrc$FYa)!A$qyCuZSgK7ZMPC@iH
zZ^;`3<U$4)EviJjT0w;n(HXQ^ciXhk>4XK~8Jcpyy0O0@lgciWp1BOpVFOL<L%M#*
zft@iP0iG&o4wQ?f^OAs<DclA_*_nmOEq8@3N^MTzj}k)YhLDjIOJWX?Xq5p-<p{tm
zH^AT`YjqbjY>zhQf?Ts?w&Oy|11(#t@07I{2m9A#iO{6jkYbKa*`^{iL?djFvunK4
zRk&~;Nm8%NPn4Y&Y(8!qbSAsZiASr85Qcq_+99Bs9iCILc+Ew+9$FlTa*S4wGMDbO
z9H&=#HLJ}az!w)5<k{;?XsI8;*8CQ$kW$8AU2LGuXhMLL%&Nl3sD&l4I%tr~OxXDb
zy6ZZZ;1L=+h$zAjg~F(gvjj)uk<A*dAf<`Mpf8bbB3DTJUB+y4aHpvSvXW5Nfk}Wn
zRXP$QiBeq)Yq<Pn)5YVC5E7V^i3j5BQcj?vgyyT^%0X5hoj#kH0G*D0X*V53S=3vt
z&LERW1lSoW`Z-#XLW?}B)aWJDYM4PBHY7PGx{}7l$pY$CBpWRAYps)<1b~Ftt}HLX
z)XZ#Zms$dps2xe+BfBwo7AGN~VmP-ML{BIg<ONzk3R;OaNG1Q?>Jc_gI<-dCLzHN}
zMU>`8xVX)x`OR?PzyX-pv;|g|mUuvk=_@6#YNN+KkQi?n<Z<a}h~rR9gF(yahS0FU
z^HNGmU!-VF<Q5`eG%}fILFXcnjqU_3LK}4xNSvCwf~0j>c(CF(oQ?+3h}}ez+}GxJ
z`{mM?2}cQ_@tDv!F1rLs^`oW|U=lyk3D=+t%`KlD?3&p#p-g4P5y4H|no4*<gYwul
zQj&oM<+xz$ePcr*XgX-B;$S4Q)*xv6)rfg<TQz<Tn?#F3hm<a~7MN9o93Vw+z|xSi
zN2vO!y_btIzBT7ht{|_Sq$FA=ra5PJe*iY)aYz80>Ly|V9X9cGDe+ZS=^`*4x%~%h
z7VU00j<Z@?-APnJmsrspEg#}RH8XP@(+x^3yA{oXq$pAq-Bwvf4l6cb^9nlUy$MOV
z!zFoH9a#B;<Ylg-V2HR;u!v8?as)wuTe!rbGc1IVU|?7?H+ZGUF3kn+xr_lMN$Q$F
zY3Oh{c8v8Yu&goGfN>0naeA`9$FMJdy8H+TQKY*yPtkaG+pi7m(L~sp+0G!Th6@@J
zstTerei!0gCbnmZaN{K+uz|a+njIXJvll{(0YFQ&QK0*X=|PAKxmQ|hiwf7Y*lsKF
z5M(l2Ug~A<l<cr9#qc_-sGLnqP9;eRk}XYv?<AdFIVlpGvQD_rjW~?xT?ybzd#{5-
zw_Oc0n>I0EiPjHS7DTePr_ri`)S_HK?tLQ88aRXXO4u=vH0`)ecwMA6({m9xwN`kQ
z9bWYY`O?y|2t+iP>%ynfxkkBiz=Kehn&Uw{*PZU5gh2KKrBX^>V_m5MwRu%*T!%BN
zA$`i}RyIJK+4v<mPU5OHILT@;N6DIjEKviwVTv&hIou*4a``!sR73-5BN8s+(nZb%
z&NXKSqazWkHjpxUvIghbz4#njlxGvZJXItjU}+esW`pE*W_H@t65uo0nZ{0#+8m?W
z@yb_yG;vX7d#Zy$&W%>5WV0FNBT_OeFIPs+3qOfce3_j&R7t5jiBg&rHszQGcF-&q
z>KH1R*qtPx>jFWwM&S7_m<yj{i|Z;@jiO^mt4mymgQo2PN_z+U^%?PcQ|NiDdR$<J
zY}1tH<#BeY7SXb?5q$#K7VV9jVd(Jrbe57Om<wpkp6UrDuv3OgSx5;ql9ZfB8EHU(
z6aZ_peo$H<i2&7b#7>!!mhhFpFFC2?87!_4AN$;^8I^;d3R#2PiZp`G_7wfd1#ApJ
z(Ug?|G6LO2LDrDsrj(_v3HA_=O8@4E#yDC?Q(1_kaC~s+cny$QM8-Fpr*Z{S--B}V
zXwe(&;JRKGi46kmxb9t$C6Z@mXJM+_W+1h3YA@Tf*b$4!%a^%POU>~k3j&oH;8kCH
zG_|k7)@@sOdhe3NrDG7#l%ZV@M<7dD2sb3~3zr_ofl7sAXmE&PEYe$iQ<|Ww1#^O0
zaH{??O6TjLJ-r=feH#|{-h|)v7!Wi|bT@28QBASli%7%fh{NE(!@tWJmTKhjqf{+V
z3MO&zA@DL8oDb`)Oqm4KOWo?g(w3b6luKB|TGm1%3KAZL1RoK2xyM;ZNb+v!rGvTT
zuup=_s{|%7+fpgbiln!JQb%DW4jPNfG+F8*+DbSUC?J6%YQZkqp^XEN(~^b+w^6|7
z`bfH?Lg|`k0c1kfBzAC7dWUg(VfS!}-!(i=dYurLe8znRPTRbm$N*J9s=pFi3RaZr
zxX8n};3BK|193DIR7wD?1^pH7Fq-yBa*CU`#ih4s#VuMqld27^uJq6(Hj5Nunv+=_
zXJJpWQb~#smq{punsAy@5QUK?J?&Ektk429f$J|<G5~8a5qe6TLo3VfYcEDSEZVfu
zx-qr+H00IO>>h4YYzNVrQmq<Pf($7OfzYu<q{Rhk3WpSm6{`X!=v~mIzszwu66n<C
zbzH=m!UISXVwo?OvM?u0-H{|gNZsoq#zA*zfuvGaAfSC6UO1^0%S({L%qH|0H7o+O
z-6}FVA+s<mj%snqqXQF^#88lx7)yYOhHYiyQUI{jT)AXnfTj?HJcA%|90;*CgGu}K
z2T{(8LwrHzwxa>0V5vm96Jv1=g;MXH0X`cv{5~i}+Q=JQ(+KKCY_*<xzyPMEr%*ae
zV9kiC=ChhHRM54Q+fv7MB$x;vZ*dW)eO3JWtIK>13LY}r)0vuucCW8NOm!>{$<_#G
zIfx|>5R&MWxy>cK+Fe-`h-kp5$HflW4}+$=fIkD|$sHU#9%mfaAE0|&mZb1(A?Yyq
zomyGA+CH!E;Q6{U6VqaOp?GDANkK4oQ8}F%*8Dz9AAAv&I|j8y)CW<BX{$9_jw5a~
z%8%+!Q}zFDr=|IsBB|RGT^?k#APrk3Z~zn}unN`3*v9QR{VW!__d&})nC=tQq3a@9
z2r1WBVmYGd22li(3)nHAw3U})ect#__8~L9iQN(SLDTV>LB}M2Na^Pd65)&m2e6#J
zdN^zV*1#FEF_Oqm;{oHB76xk%!EXD`Mp?G4e~6?1Hg4F6O3P4^Oc6|?1eI*f;4%T|
z`Y(7T*%=lc{lQ_G#)HH-(C-0C?1`C8yvRJDgl$tMc6pS&h;=1&s)!2_$$L;<A30PC
z^b*>SYe_H?w+Gq0sip<z7ZPvY0~=<@`T<NSpg`(?RDu?&=k-~@#W-{>fi{wNk{BBs
z+)|B-GS-1igSdANO?$H&H?rc}IdT||E-s~64^mK>O}zBGg%Wjs^E?MqxvaRNNNwTG
zg+|}88@=#xIS!{Y0MyChQVWO#Z^6ZTv3s2$Ut47?VPT+Dh90ZT<+hn(qUR7qn)$eH
zUIJV$Ez|L`c}trzE(}fSoV<f+5WqSnLJLl!tO^NoAD<aq1GWYZ2at`L9PF;ay^WR-
zZ!IR#1J|L34gzLhN>1Uhr&NWeQVFnXPtW5ylU$6jx3a?1p;ww<x&p0fShlDFlVfR1
zD`JiMPO`8GJiG+4*7M-X{WKMKHFg`pOyRDymI^)b0B4ZFvH%+IvwCzF4~7;>{-RCZ
z!Wp(^5Ur5nm8$I0@px@=tSlee1LfQal7HyRl-O#z3>8@?sjM{!$&0yt`*E;g<0|ak
zyBDt!qH<>S>trC7u>JTQ98ATDwQT(XT_eV^ot}AhOIHVIP*>BJWROXIBFO+s8_NUa
zL`qleB@Agf<=i3=BucNeKa$inaJozyYHF47)Ci!&w;K{RGvTG*NjfH2HYq_iUXn@~
zO>HjIOkwQ4>80{#h)Qd)4rq+KOiKn)WRTAuM%+wwP-#I6hs5tvA}T3#9hTS>XY74f
z9^1?MfE>ggYL!5xy7e{WQ!`{bNKeRmK{e<c7n1=2F?X~SDd%#x>KGxhBP)0f(FAuC
z`pX9q)T^vS1}y_z<6v@w3JRnN?U|Ab(iE|_h67t0e1J5FD2T6?5cpd(Ptx<Ct2L;{
zs({+xK`Z@G=;=u(b>Oz!Zf8e~)%m7xiJR{@ZU=(D9q}UOvx=ptgbd5F&oUbW+nbZK
z%V#=Io%$||72#P=`_pJ^UPs2V!#RE$)+|Y308SD*h1Fypw_w%=m%%CruZ-S?JdO1-
zAWBd(a>U_af6#HkUMf=}vuDh&n@lqfn#Mt!W#k4HXl`Gdgl6fgrZkdVOFgmgPPM6$
zC`A`dFxZ6qwpbd91z?FAaRMzJL|cd#(n_#w!BD9;fxPzKcij%t(`Uk-eFxyWJtNM7
zsZruqXdkw*%<;>-?x1kr*x4v$`{=%2pemt6|7i8B7IM!KnflNL4vTotWiD{uo!g3v
z;Vj2+h%ziRqdT`v?Aea0qk8pj4mqTi@2fMh(-2slG9_S&;z@9zoOJSuaKrUCan(}B
z91f~&+qWWbpAZ|o_B~;7I1(Fw8#y$kT!9)UEUk+gPisDcIaxw5FQW_?qZIlmd>+xY
zT92V`3dz-q_Hm{hG5f=g^GQNO_HO`)qhfZt3(tD;ec*ogIsuN`I?G4w+P46o{_2n5
zQ(wIrA|tm^72Fsop=p)KBxghM(*yGm(ul@Pf?N8LapYwA21qLuWMJkNk^w5|LQ;fW
zq^<%RTYPbqsx3|N0-0QypOiS_x~&N=xhn%@q>hvc4vs3V4hPbhCqMcD@QkON#|v`W
z_Uu=Fgkw**JP2A@sJs_Xt_<ilSbRx6=<&N%yhQVmfkXp_mRP2E=>E!*tYS4a&F{>#
zjE*HmdgTB<)+#$+%Gqs5a)%o7n=0WGr)H-KSz>gFxlkvL%skhp_;<3xoOIIhaKnwa
zu;pRH{06kHOlVc3B2`WbVrQp5AbYd<Xlkca)M-XM>565Dm1)^(GO8dCgsVm&lV6IV
z81R(hI1Fn%)2^{@fJ;0OA{OG5e>?*C?f>-x*s*n{flvDTe)l>ap8w1T!Sny{W3YRl
z1isi*5ypl{1a(GNY&6;lR@?@lIj|a_=BdU*XnZp^c<f#-DU6mYm$Gks<Lbf{sbdOQ
zTqe(;gXx)R?4)T1O0DT-9kdpZTbwvCB_7!7wx^xE9e(whk6QB>T!W5dhn-T6j=YQK
zC?i?s%}IPY(F@H*5>QasY9ZmDoZiot3Muu=9#M4s^iWBq8Y3;VCllAFWg!BaDdnEL
z7^#<FD5pT6>~ATAlWg*!pyt69B=%xzdImPk&B6*=ROZOK!Xb!S^UkEN0)`}WT*;T&
zi)JSk8j7oN8&-~t^$!k9v6ZuAf2~#xmfG!-#J`vewU!>lfg*jL7T%296XJp9MGPvw
zkJ~o4E|~L;zI)RjJQ1Gt(hoqC)cEu1xBqfH?<p^QFYMmCn0IqLuHmr+2eA-MSSz1}
zPuae7jV9lM$l)3KUaT8FmND@0qKR_{$m>|sH>+sETkRi#so5Gf&Wj`+Ah+#wXHf4N
zun7u=n(Kzr`$;IBZQFln2|n_<e-^hj0*WjqL^s4s)>1%QAy~;-tkuL9G%u2EKI-J4
zSdE&K2P#&B*x7?rWA*4kUfqfo7y@**gy~Hb+#w1VD6Ju-mkYT|^-iksL4%RDN(GFq
zNp8j71z5GlXK#XXX-PbaAtXu|XWO8HBFB?#weSPB!&4o<st#%%l>Xt$ORDP>%IB?D
z>Dk()7$>OYZ(Y|7*~nw2hAit_A3j!g%$yN+0!d&4<>GQ5UjE-c3zz+1CjxyIp7f}@
zp>%#Ae|P4ooB7zwesFsOY;g<CKSfex@Xy$VYn-27DL|8m7++3D2q%=1TT%zQP?u?L
zLe$I=mx}7d6ts|$dgkCBR+g4I<D)x)N)}4OAySSh^vKoyqip)(=fajf^~5dl9&h{L
zci~4j9b|=)95kcVBVxBjFiE1Na#yv`kcGepscFY~i!E8yepIFDwLLK@1CZlMP!&Qe
zjax>b5xtn)0_|A}H=SXVBE9p(l%y-Mg^oBnDtqJ}Cr>By^?bF2Am&ozq4Yjv%^-kH
z;dR!88>D$p;wcKBgox=}HuJ0EQgGJ1EN91q!>RR+jxT(iJ^I6nIeAe?$+R|yz*anC
zTJ{<Ne57W-avWF@;E^pP$@k=+y?Z?N>lfd|V5V)?-UWCEcA5Zw7QX(S8)0d=5677N
z8vuoj@g_+sgGr=vB-dk#W-`LLv3HOqBwEo9>wQ+T0HAT7cuqdZoGm}6-^Nknl-rG9
zX#u6=0D*#%W(FlFD@K%Iu0g}olN0H3lvs?`i=b(1Y*XezR*I6zrU6+}&f=kKUH(I+
ze_45!vQ(G?;4u?(JJ7p{#|>#2HCZT#ttXR6GbZOm$)n6~;`(?!GA~97=OoOPDnB`^
ziS3-~)=50Dy;}7Xi`^h#x5`%3c{uVV1g&2u{JAV_;hzw79KLd>qg_0xGRTG1YFS!3
zC@bKCLoRl?)IFhs@9Z@##cN6D4D&v65_xAM0W?b?_povI`NXRim-?}jjzdYEOGs)A
zlGqCf<XmdL_9f@@r|GG7Jok5h^*jXp0It3H0DRz6S41ctw`B&N`K0^6BOY`r@1a@X
znw$2++yDL|xaIa9U-$lJoeWQX%vn(~{NbBEog)#>JZ&31_kss9aQ5t9!hv>iq#fhd
zlIf`qE4NR6#NFfl=$YQ};qT%gJqpp<gXhmo<FQY=FFfLbry*F|eC*XX?typw{Wnox
zScEy$=-b#<FMYw2xZ|d#y75jIoPSq1cvOm(zwN`{1HW8yOvxmgyPoi~_k@Su|0J{)
zw2+!C<9i;2kACiQ*thSH+Uad21u=b%X#K+(U6Zh)Ra|RUEQ$8CaKG<vWS~$s3&&Ac
z0;F0KY1vYutHY8q>%r<{L*%ZtOj*$@%*As^DebhP(r0UtTe}v#c+p5E937zMOrt?w
z*=(o238z@|S_Yzab&To*XLQGuc8K(3h!UImxs#QJO(b$WH4VUfJ^D|Bi$+41B$~5n
z)+w+(Qi=z_^Ply=*ipN%BQHd0e9cV<SP8uJ`#Y0zsiX6fPy7}fYrE_RyWmBy`2<f>
zk9^>%@LzuCQ7|*rS#unL=T~0wcW})Odl^{Y{^-l%ceMY~D{qN^|9>xkGW^`5@6De-
zg;tl>zvavFUJjBC1fT7=t*8(D@zd7T2MD0Q_<JAZ`_e|1ocF)!8S6e9ZLj~!FTiKM
z{zK^aA^g)nyb|tcd(Nvq1H+{QaMGp{UjNFUXLt2_+gsoJHTcHG*RT>fMDyI@!QHSx
z87A0~+wXoJ=LA-0&8X3J@4Iv8hTnh`W{!)W6Gb6~k)zPKWI@G2SF-M*XU@#EHni5D
zY(Y!oj(B>fMeS{3vyv24B!+mw$YMHbDPqa)Z?D{&Dx-E<tV9}xvpOJ#X#zj5mf#X?
zB*61>7<HY>@<Pz8dZ*W~^;n^ZTxdOLtd7Q4dx*r}X|iXgDDjpg+Xw#fO73jiNJ>BJ
zDffZbz2s+6S$rCN>RrDKFCf6{^c>*MH=EgC_G=G`fFYoN`m5K(d(r;if1yZvnk7E@
zr7Pq4zxmvUfLUdZ-?kxwnYMR+=)39pb=5A5r+xO5?;F8<Ee^<ce&`a|y<hG}`+wsZ
zY2d!?kDeBvjgI-u*RP4k0zdmB`1-w30e7~M{dwD_8F>9G{!;|=)i)i2f4b~;xOMl@
zc-)JA>5*{CN!z$By_(G^5Q$<)Ix}c*CTTn|540dBnfSOXi7J(}KFbUbURnA~Yf;m6
z3MraXa`jT*wCNaa2x4Q7dW1?<G7;86S2xo_LE6poUYa$+K(!PqkONZux7Kgb+)Rj+
zR&2`hBg!TZl8~t}V7ZP`;E~+zlxSgYb_TQekgA19EEwc}gDxu1k}Zg&e8H<f0dIWO
z6HxKnw5GEN;G`ImM0@?4zsfK4fT#X7e|O0zels5Tl;^*X!D_U2$Cg><<7b{Kiqwn#
z%O|;k2}GZK`*ZmB1I{{$0lO2az$d==eFW}VeCz{|g4`d!yX4AS;r{nIDc*ywCj-JY
z3JTg_%_Z|YKYR&Xc*)K1!Owmle*Nd~57!~Uzy94Dx#NglT=?Ca;Ou)IkF!G?p8JZA
z!s1GwLGqRN{3<^i{hWbR=eisAzyqK9KlomseEYAlK0({dUj5f__05N2Zu?z0p5y6{
zI~yj|Hcdc&*T=46>jtf;^@~rs2R!cKcjNCK_P{gYeILDuO^cLc$P0HOm^m?)-UUAs
zfGP0Ek^4KwhZv2p;CuinHCA$FO;Mx;p@gfeb3!c#R#=hcK%MfSIGj}-P^qLrvVu4*
z0cM=pDRmK0OVV$xR*+h4-Y%(Z9IZ#|)lh5+KaVm#TcpTV7%)A8HsaP^c{FqUI7VWo
zuX+wMDeJOPLJHusU-CgX``*XF+4tDN7LB`|zLhN<wvol-Q(w87B`vryg-f@LQn6F!
z^>6uF1lq%ir%uUw+W9nZ(QB7pc^m%R%0Q;=QRkcq-^IV5^Ry&YKaCC^agC<;h%bSE
z(R<kThTnfYeDA7VJYWgDmtD0p(v5|s9=!407xL#5wr_;{-SapGIRS?B0DHdKnJHGn
zDCH@Ie`#l-Ex3R5S{R^Zp+u9~1I{`r`x4-(k2;;7iNKyy5IXMtAG-)05E9oxirn<J
zQ#lrdogn1=pdcw;-@7G_6tpRu$*-=Hh?8l)C1tua&^Xn04srGpXNr$;$6`Bn>d<iN
zGOwdUgDo<YvD25rKS8VN*ICT6nB)r07#A*FYVAF$vXv}PmYxNf^p;D+<+Po73}j%G
zzD~4B0G;&xWWv%E7a>rPdk(1s32c{Mxf8zo&$mhd3~qNlZ412n&l1mk($C(F0WAS0
zO+<TiPLvZZ20+o4m5}ax<}CcqGfw9La;z;qV}QSY-#6iJ-tcVR|8tMIH+=P?>)>vu
z$uhhonLqWFAFAmoQ*>hk1N=QIqmOvdX;D(2jX<UC;mGAlA0X!tgWic5^5wtwF!qeX
z9X%b#Fi&#XGRSN%E5i<~_^mMKCt)k4K4qYN=-J1<Cbu2gscX$9=}yDM{Ba-ywBo2b
zUub3vDQhh$(^l8AY_pXcViRFe#-iia92PjwbYo=2(S6JY2^LmBHtVWZ+pq>5Il;+@
zOQO}92y9+kr3W=Hroq?cm3~PwYh+#RLaNlHeJUwzH3uD4Avs@|hgV5AtDPA)$SI_8
z*?N2#M?r8gIWfAP^<u!ZU>e@^hfidxLDK8V&;Jlky;_G3y;rv$orTYSYcD+GF(Q3V
zJoyxuIpusQmZ+e$ZT2otgw;(cD`ope2Y>pa7EE>JS+2Y}z@8(4gV@ixn@dtUvkzZ#
z#jQ*;NQ%v%EB?)|y&zuyQnG*N_UPP6qPxig@`BfV93}4YJfje3?LI^mUiUkXhUdTf
zV@#v|{12WSflpLs&jBeC{;&t)J5IK<OY2Nfv~oQ2G*P!^Vb>v4%!+=aExz#0n_#)8
zYr4=vo%JxLS*`S>@@P#f3LsDJY&uEIeEdC`<qBSIZ3Jpw^R}|9B>bA+S;}@5T=CP)
zkSSY8_^L^{LNnAGb)QF4Eeh1dEv1M>5hDeXEf2(J3ymIRv!_Z?GP$X9jIA$D0LTML
z^B3#dynV@!z&%!4Cb-59#X>a-&m@?mm8K*x(sbrp6H=v<;tZ$}@Hg94*}H_CZFU-t
z-!ab@ppO4<fA}1D+h<3x_lR7T!1#y<wqi%!w66u7xs%sb47bfW*n2och47ra`3%f8
zyz+kyBSb!bzoun@L8CAIR+Q2YP$^BIw(XrCyd-nOLR|OT1~0uhne2$`)6WZE^GR+I
zGReK+4<66QFo5y6Gf&+b!Az3>g=m$Lp!pI$e$O2ZK$|p?xioudD>{k$_Ut=~^kye>
za_fyxeEC`iau}_^rnxp;@Yu7^!f`$P==y!4)el$UnHM}1p82011_zGz;V(aW6YM-7
z>x_qztQai?UC`{3U?NQ7k9}4x79fIEaw$!L3vn&R+)72qQpHj!!l*IFWTN9GJ0zO0
z8r5K{XwmyrTFy+TR0ehA*xGk8gSZBd&g*;_#c<k2dW20nY+BSZmy*(^?OSd?``2T~
zk9}xtq(^`J+ciArQ6dG-y}O6|oZ5mLb_bxO=KGxLA}DG5#6?wuI}`A?ZIJI@enAP}
z{!z{QK7LWvxX)?ZJ)FMX@im|Gh^Ezm1{ShfuvqC!u4r;;+DL-#Lbtk&<UH5~VzW2|
z?&Fvb^WXT@g%{rlXW#4icntAlI(H_spA*$0Nxq2RJsa)UJGP9Q{6e}@){M4lfK)8?
z@WIb~KLYx(=bgfF*jL}MA2!c*;BgN-6BWibJp93Dz+2z{P5An^u7<mxzJtL`8y)kX
zfAI`>@n8Os?bOVjb-^K?!HgH1LX~BihwLfqI%S+#{Der{xTqli;(#ID&&AnWt!Tl}
z$^ly7Jh{v*0Lq&y&jI8`^=Ux3N@75aYNQehkU73$3j*_b4aJBOJu(OvlNQQGU*sPe
zxRyUY{_PP1`LrGKHv#ypQ`ZiF_kVQ+dk!~c^B2EY!*g{o5U`(iPQlWcfd8e-D|qfB
z3%(u++W+~Y^=-3T?)@xS>i!TGZ~qRukdHDF-~aK;8i4*ZNBhNg%yfW!3+QmU6z$MY
z;lG~$j0f;fz7fZ!rnvCpo0(#nHRJF8{2B2W+aKE~7#AGBAN5kHYpRUk8>o1`>%*7A
zum8gR`P+w~V}*Y5?T6RxMJatF>nMv$%Z=|QJCbxkk#e5PCUhc&sCA`Z+N5B6(Ui_=
z8y3rf1!Gz)vnq^A>jbnyWk$O0d0F_(<OVFA1*B3Co@=ctCpNpZsZeIx6YG|8XU!Q*
z28b+y00g*Ii~`h02T7#01Y4=$BLm5=FOMNjo2D4zho#j3FZ!Q-1Z)+lM!sEnQw^_p
z_YmIqwJMDVJ?#Bo8{todd@(fcL6=@y1$g7fMvZIIac}$Fi1~D*GdJHIf&FZlJ^mb(
zpowaTGI(`tu%yh|4}byh@~d{kEB@s34ZAvR1kykMn{T15`C7il;>rMi@ns)w94E(o
z6TyB{+~*=F{5k_jpT((?hai0SM=pgw{;RJx?Af%ftPasr_yhR!cYi|wG918-H|>Vc
zeB%Z<a76g`N<Vq&XtP*nrW@3(x*Dx4FrR|2IKxxxY?!koXh{HBCPS9g5N?~Qk(!N~
z6icb)rvpTRYXSG>SriVhx>;5Ysqm@lsMloS5K<X7qd#>pWzc3<Ys1u)a-NzcT_ls>
z9`mZz^=R(;TRsywk+j=3dIsN~!_WlldZ+7yY}+WeA0HI7m!$tP(v8Jcy`H{DZeX`#
zNBsqO@5|a81xVXFK5z-V{R7{HMpij16Dh}S{D#yNXP&kRxp0T=%h#ckBTi#-QnZnr
zamqY@*u8ftn)T$pTy~C&*G<dOxlGx186}kTs~wxCnWrz}i|<kU{6@5S!)O(%RkXCA
zelv06&%k!1IB)vxv*6oT9fAM#`JD=$nx&`I*%OJDFTLS?a*PEn88+g$3p2fG34)ds
zHs_idRC|Md55*Km9yxjq_7sv-M9M&QL}(v<N3^8VZL1ZeW+l*8B<3-!HKG&!aJr_U
zcn5<@<vf{#2boFwkSVb)Vqaz$Cw6lQY-)s$LVSScj<LV9&!pJxJzOQAyJKA_VuQE6
zhnuv<PNyH@<N#?f8jx);n379BXWw-Lf;lOopZ?l4kjHGq1~M+~vIlY60{H*6Hymsv
z+s5=BX<0D#dEG6C<Gq~EGkvm`$p%ea|5|!AzG)ns>IB(ya9JgFh?HP;wFeW$2xdw&
zO-*k{bKfNV!E^4)()m*t?N_NeVpp|TMKn3NXlsnLI7dQ*N;;t=kfJE*mu2&Nb9m?%
z^c`KF{$@`hDS^a)wXtjgq@eZXYBiI2t+*sLNCKE^!;%MNu^$~s-o-KoCTID3nuKfx
zKIs&IEc#QzMZ^I^1JLUr$$i`jKq0+Q8VzguD>g_&+lXJ}Cx)>vv*Sa~cbkWWu}i_&
z^F8`!(&K*-dH6#6zHH+TV^fwCQvh($Y?aJc<AXLzQk^=Z2GnRJ)6R8D*KmPcD(l3W
zo}iW$wi-ny^)m(FlX+8W+Q|SM4r^Gz$#c(A39FTd$DMOL+OLtSeC9UTcc{le<8@Lh
zsrJO?w6Ybm$!!{TS;MB~m?84##-dJHZ4x?J>TTHI6{BQa6-$K{rA66*09EWvcqA$T
z(Yg`upE-TvBf6}AZO}DjpU+exA6cA*(N@@I<+#q|VExbbH2KX_$3Rm$kL`+ogfMpD
zbcZk|{ew%_GO3(z+mY@(`e%|A<ja@W(Ajtf|MU-C2dn%38Tsc@_KYbeH+QtS+&nb?
z9NB$c{$4IW&NZvHx@e7FXLB*)%~n2D1D6()*ZezON|=sE*#rCcAB6w<mM_3r_q_*#
zyCV^CoV77z+9DEEVl-_1MJrw?ORmcEn7cU71d``<(H$-27(7?^53$&|*q1rlu8t8N
z`uzMlC`dFTMvF)CyM|g7JyI1lH7yRT6jbCIi6o%<fG)9DdT<%I;?mtVAia7nwH?ch
z+N>+Fj=7CV(kxFk|CNpj>s@vn{jTwqb4}@N7p9|f>k4skQb_IbJM(AYG`$0Q2Y<*v
zX)Fbq=EqR!?4m!$7Te1;A2jY8=gHt2R7qye+!e1e4PX?h;Oa&|#bo$Iu^|tU&t7)P
z6)-oy3FfzMQ%{^s>jl@>lLa*MQp0H>QF%^|&#G&1v7ZIZR_@p6j%0;M@kuHEC}nHo
zrJP+qwSm=u2F)~KcR5IyDX)}U$h>7Cxl!?pyjj{TUus!GM&;g?j~FzNKei?4d+0UY
zqkn%jMEwVv{o453nGz^_m_M&$=~#o!>>_tMR@NO*>z{Gj4i7UEa=38$bw><K>D9eg
zK>zUda<%b?%R1L?-uN?ru6##6f}>KSd&ZU0Tmgu84ls*$ZHkAXjjSn`UA0S3lM|_)
z2G{5)CG*CBL%-*@Y=uo*w{wQMEIp@%TU;vi6J5%nZf<8BTBIj)PFgaq)0Q$03U(^X
zK-ny|UZLe*O7S9jhrw_V!$RpKiheWtQfY)AFY8Qek5m3*w<XV{cD0J>7dd{UHV9qE
zKxyluv%=^gu09LK!6jELmQ(<j95kg3yO4FZwS5EJ#97ZS;JN3E>H2+NMl;-3M$Ks%
z#%M-%Zv1W?pl7`tDNI<i6EXk++_<}LTx$HDwh^bEI^jI%qPcJB)~}-rc_};3H3F|d
z`Cohnmn5=9oad4k;&(}j3~?tw<H4<MRRTWq3HL-h^w|wh<AZ<x-7-z9!sMxjhw}8G
zjbhJpXx~1LS)NBwdyPdd)JAM>?4TWKIz))karvy0Wp{H%Ny$%XQF?Ty#4gKeBzfax
zrvXgbl5!7quGH!sH0n{Q<;1X6sN@%AQWQFFp<1hD>5>#&wpRs+S64p2jm{1ua|(gR
zMCXDiO#w;UzSB()iyePwr^NYU{o~iYM99BLe}vdoYd7bb=N6rLm^<SFm_~40Y)O*I
zE*_UB<htzLqOt=PCoJox#Kw$A0fcNyGAd!bkFH5hl;3^cgBxJBhc*RF9>C($q0uOo
zaB*<Y?wDcXv*|k8fcYN{@~I8nnSk*IW~XUTT0hWgXw<Tp=(xEvF5w4S8d&=!>KS#S
zQKp<)ik8m=V4-DsInKJWNIM^$BMkgf26KoHZual=j22bM!AVN_A|OKp;V=f6J3#CB
zVJ>Sp*VrBZSR>8d_(6AYpN0?&YrfCR&E${Po;w{n8%{^1@k;0)xt>>wk^^mox#me3
zO&Dh<0`f6|9N){O*()oCL+$ybN1hR{xqJT-yz3*EgDDHK!hZ-c4JlV;gHjj<A%f({
zf&H*)+ja<1u?q2Cxo$u}x$6m2@bX_cmH)nW*DCzQ$8Jqj1$<mWBWM<iEs5a@b6Z;l
ztrVqaDOz+RDS<22j#?!x#W%Y`)<=|QQ`4Fg`XL1{>sU9jP&c~SsX0-hPT4MI*EZ@=
zy8tmx$3ZFumiJv$V(t)JAtKhL=1X{tz=CG<=z8FW?7rFko1i`RW30bFq*=f<FGBme
zTh4+u0=u`L`1K9YNX5_I#Y|D$Y#ANlD>k@tQg{H8#vWfZGjyME@_c-jKl-b0a4dET
zln;<>>Ejmx<&5b)(zI@~me#A#`}r&!)PnQvkwqG6?}^CPyM?sa5u{m*788xLR7e9R
zxBVxjIH)aJN}8Ej&t{Y4AIJic^xAqT*dne{$VQ_xBfW8wtEgPvJd%DK966|LpM&)=
z6|!@phOAN|2W&%t**!w@9{Km<CpD<a`0qQ~BA6h%Nc!=uDVRL&T$nra0tUCqHQUTS
zOD*ZmIs!Sx$Y-Hu+L~Dq(r^35HL_*)kV7StcA>7DGnaxXKAD-Vvb)vlB_xH9*4^e(
zw=UBMqI7A_WTI%=5w6k4wt$b%97sloY}Ss82xVY|xX&KH))*FmxDcn^U%SHEovk6Y
z?MO9JpwS*W07H`262mQ)kTRE~`E1*e561w}eNOZ6w1<>%I$9hk9^(d7)ZYK)p#&zG
z^u}K=cv1_dC*(oi_UREk?Yx4|rQ_*u+c;?Hyb{j6hk%2wdE=g%6;QIM*mGQPZo&7Y
zKgnG8rOT|Q1n{*_-!9*M{M!{PkG4JcQ6+5MAdUL5i{v}H<}W{X7S6f*!(r>}x$Jtr
z_U1$I&JSH4Q@B)^a0{Ms>Lz&dBklqZd*I3PjA)&>7Tx9V{_y3n6Tz8S^w@9gh}XRM
zVQU)krO2h}8Wh3zKmO(-khHH3Jdy74fRkazmMOk3#czM+!t3F)7pk>Jfki6?oN-(i
z9)I3(aN?FOOm;lnx~~V{{=pHr=toESZbUWCxyKw#c2g|c37b3coJVb8AY6RyBKAcu
za%EP;Lg0{0i~FEJdb*gE9B|O2XbgTQYdof9vL!Ok6>7oIwN|2(SB>0-5J4R>o}2^O
zyo_#a)^!F@-5=jDO3!qSJDlpzy+?@_k95GcjR2<~SHQXV^ze#z4B*CHbsT-?-Lr`1
zzUc`%cWpB1)6NwON*;o0*Cgu-SybNll>~m;M;j#vL_h}ttzCl##M>3nbpPi(Ds|{v
zKQrRv-}>7f92|DfHq0Pk3AAV5a|gWWHJ^oDEI|d7&v^2^;AOw^pf%4<F&<~%b36S0
zpM8}F12>(^-Oi3@a{}r3_HZ2-yZ0?IpebDSuV43gi5tl_O0f8udu-?5!ntMtx%b%t
zFa3qn8^_-5q-p-yvY`W?zW4yl&$h5%HZ+c*kktp>P15GB+qnYQD@V2&*NW5|rLfox
zacro=#AzmW$fSI3I%K7`R&Sz%T)8xFVlbcuQ}K<8q>4;T=Tzz&B{Psm%Nzu-Qqh^%
zPn&VYwAf;EJN>xz(LRk}dc$wD8B}o~W!oAs<5Qk<cMmUoQmX;xy<_30&-vLBK`&Ou
zFJ6{nsLwhzB?p{!nr~d=G50GX!#L}dL<vZ$Q{WQ~3Ij9Uj|R*|Kay+j*gB08^`Vgt
zJP{SS9L$&fU=MueYu7Un?f5_a{YS<4=@hJP-24ut13;8GFMZyFBACfG{n@Wy4;Nl?
zYdq}N{?mQoe)kmHb!TD{p7Yof<9A=W<N$p0%0n?4@5$$Gf%)kYew;1V#DL7gRcn-;
z)&ybqa#q8`@K&o8g_*4;2v}>I0-F?P`&-*buO)BqqO&Ic&R~%A967q7j4RU0xHsn<
z*%sD(NZZH1iBj`RBUmDEAb5WBDFRBO7f*Xg!QZWO8Uym8t13Q^zJJk^Q-IM8y8^uK
zeSHSl_IU@deQuJV&p`=J=Ps|JXYj_F0ZbcF6q3@9IlDPnD7KmaPXNvbk_`y@F1`!W
z6N>ky?f0Gz@O?bzikryP_f%9IuY})t#@X>$q9gCZAKEA$`mKK~5|yMUN#PHE=7-G&
z(~l4S`M>4nz33y)i(g&vTmQfb3A9m%eebG0oJDiSsq^qlFaHEmjb-kW*Zk%~;R!0?
zNvWjcPCj8XY@U+=M1^cV@D)i)z7{3!=GhKhbNe!b``h0?0^j-JQ8)*s^z$AggW)=~
za{T2dcSR{n4>?5TZJ;i7o?%3Dgvv=E5MhOC_*J7(qy=R6Fh@#oKFfwlG>vP?R8q^1
zl{cR#gz#)>pkO9QFQviQl;<<<t%D%v?N&XPvF=@>9C|1;IJGo$<CksUMnJyxABS=G
zmoBY%`hV`D1)M}P2+-pjf$5DO9z=@@@m-@Mw7p)zOndeo3P@l2@UhoQ%rgO$W`-+o
z4DjtARuRzjn*eP9y#m30AN`Jg6QJ*NTDk`f25KAO*8=nxK2f+kWy;XC=^T0vQXKDf
zzw=N6H*Lnh{*0di<FUklZDZ-mjp<{{Mx)z0GohK`<a-C7yYL2-$~Um2CmO?^MErjH
zmXw!CnKN{q<x!gfO9B6z=34M)FS;8XKw#g79QyL>7T{V0bfgKe{tO|~wT8jUDy$wo
zLaT7X#PlSGlhQ`4xEfZf90y*JAWB~d(MrKinOX}qa_DKrOTgt569o^|?JTofF2a<B
z6JNCin^ilN|C16L|B8l!5U*jhB`SsPm^0!Ug!6X8u6oUpSKfg89xb1F>R(4Zf9X;I
zxjoBtDgnm{1bYtYXw_#TX-vQ}&~MuyCw~hE6wwsgNcw(!M-`7DaMLFOI)OZ=B?M+3
zFir*+DWR4cW&?t<a_E@X{oRn?GfP+G?Kcq2$J~@<#Fuo*{T%M#B>o<cot|vLAO7}3
z;NcHA>Dc!WAqeeu2R`{vd*NB<ODY*jYx=p{NmKCX`)|T_I0zs3@-C3|)W&2|5DCbV
zx!;GyLkAeVlu@&?P_cbl21CIsfte>xLSa=pYZ+Tx^@^@vltJrrcv)yZgzQ*ZF^iLF
zL&g*oxGp86$LEd4DdWo_)s(jOWW`e#Us{`j<??18>xAqN0c>cD{B85;^Bo2I=hr30
z%{HPc#KD)w&dou;tTbic;RJL7+;h)Ql!7EIox^~}p9^~FyKnt4)r+8e|I(lKnJy9E
zCTe5Ar|Z7r=_S1AErZ50k_7+6w}eU!j@|@exSU=JH%Sn1Yu=dODE4CZjZ57}pI(Dt
zewc!pIP^b#_cnf5lKjT48ECYqXSWMqxa1(*vbPTpx%UP*X?qt=+L{{c(f8W~S6sIU
z*X&#cD-hn;g2Z?%A6bxvIYF!uo2DHcII^5MGqi9GKo)qP6v5=-1kRuA&d$K(+)QST
z;1|_G=(a15dQ1a8Pe`aUt43TuC?(9u{k0B`n1XeU6%{1$C1LHyHQQtEU!b)0QBo7%
zHM&9D^*hZFvv$iHmdtS^na!;C+{ctmW$Xc-bAD4<yna`R!}yDrjS$F5O4CLXn523x
z!Oyuz6YSQEG<b-@kO}bR?-<1Qc<(DDPmltjXxn#Klt{~YBuYb+q#n(~;K)%p|EwO<
zgAaZBhiK(EJod5>M{r6D%eT}!(^IVoX4-!HwO@d1Z#m4Ty!u7wMnDtvC#Gf?Xq#qB
zIC<LyQ;c_h`c^I`^U7zQ0(U)Wl8-$TrS-K4Xpx5L-kZ?!L4cxK)4jv{plmtVvS|wb
z%Ws|sTjnQW|KU~m|K4^n{$62Ag_s^eV=n-5N0C@ZDu!jCgoDu}gv@LkoKyR{R%;4@
zGq!yee;qP!o=NVQT9MhfjYD%=az0{+u6E+zW$s9Ec^l`QvCc*SeCzLa(cUS_-Ff#a
z8o+zs7l$grVQmLz188X_uySdGLF~{4T!Hk3z-2s{Hac$Kp_Ea<6zBZr<q70;3zFWs
z;z%2DW&)>hSqCrw`Bt=flSC#f$79Y;$Frp+NIKZZzE#0<e^w?mvf_N{dldqE7P<M)
zL=)l@A9)wJ;6)!rQ{VC$C0qLB&WJ~I`xzW0i>pI;`29~@WAd9qDR|P>F1-HNWdDJq
z13s3Dl5d_%6E7)?(v1$eb((7CXG(a%6L-KqeAaLH{c!EA3-I`dp2lFNZOg_9{QDGm
z?<cR~^$BDCqH}BXE6doXccUbOR<{Fb4RDBn12w(n0bsF-GOuf%ag?`9EYD!eQ9y{E
zPE#&R2kYQArys`vwMo@;@3q#ZOkm!7crC}yZxFI&+(>ym{Wy=dQq2lSaM28qZ)E*=
z?-!MS>pqf{COK`RfnWz*abwj0w0$S970?MZ!0$UOsR`KU-lM7beervhJtEVL^KhV9
z#yf%d(PLJX_kD2{_Aa#IfNkn5E-41hrij03>5K1OwHKxRHs1Bp=RJUbXd~y#bQa9i
z=}y3{dwX#8t;@`ri95gQIZe<XTo|HaxWZDBEXTL)>*Kx=OLf}ra~dj|_;by*w=$rq
zq;KQVEJ@aA1td5)U3M)ALOG^G<<2^tH2?-97zXGuszqCEwmRd>&dM^_*>b+cUW*`3
z0!|`Q0yN#w$7t;Mqua;-X~aMIM&NqG2L~#hVO?Pq!q`RC7ykP9;CWvfuCYJUHEI8g
z{-P)RIeQj*kuP4FY|<o=_hsj^1kbkIeoY$<l2^W?zwSNX`spD8KD{6D=okHEpQZSE
z$G;67HShmAQj(J%1D%a$#s+4mgDxH!U;7vv9si%-@O8Fw<lE&4@^^jsipD;&LDQw)
z@(;JN{ds)5=C&2=i(A<0!2v;v#y5TBR=Do=)yA<aJt<Q2IlS-wLo2-R08)<6|I^L-
zT<OQV6weVS9epo~|7g!lu|f$EQwi9{Dr|r^Gli1F1TsO8Pjs%SE^@oZNJ&tjpZ~i{
z0kXqPfywDd&auY@_7qC#yBv?M*@Hn`-tL$zWzBVuwGpo+>A&YtmKnazOtJ0+?$++V
z)4!d}3iLzZ+<k~TIW(Tzjtd$S%?jj%OUVWKdxjw_-tZaxFl^3tYqqfViIhOjptWQB
z)+yMFlwd*4f<nPPD}$%p^=`UPfHB!EP$`_?xQ^Y2D_HG^q&#J9XO@bN$76Qi2+L@$
z8&o1)Ng<n_Xv4|J&%tfG7hz>k#~exKvo4p$5YZ{Kt%LUL987GSi_*8M^X051kcf(`
z(^}pZFhyH!3ALcnd){YlsUgA{Xk~C@nLYq%-}x`i0PPw&OxDcq4uRM_wmE9=2)NCY
z;Ep%tPCw2$iit5#(j8pd2Km_WYhEM2W_GtoFS7GicYhZKi?^(~bz&WwQ|Hz;k~~jX
zdr=TTZ``sKwjO_cikWa04;?r|q&qQ@-7hWMXJ$46!ph;paOjq65nyF3gX^+mI1;av
z@0_{810*YlKAPbpAa|a^=PKJ`38rHtfWMAXmNHOm?ZTq;jm9;LhAlB2?H<A_K!Xb9
zUKUQO*Nsk^;F@c!G`L@*9W&)lpU!2SlTQTcm;{nz4u)`y&&NDAtUV{6I`q77N7v3q
zYd*U3uhs*0<bN<e=tFF`_;}ni16d{w#sY1!`!xgC)58jt4Dp!kQ8;9>-JOWbG0VOb
zxI^*Gl*d=-LOkM%$RsO0V?Bc9gZpBIes*!Am7-uU7gB);<Xo<%uY*A3iP8j%+vaD$
z0Wm$p4i$U1N{qvjeWKO-Ey0#!GAc>Hb>rO>#I8(_pHd<nSa5jA=t9IDy_PPDRYJ%x
zk+rL?+0z7T-slhqk6yHyhUA)pC0@U=ZydBR{&wl3JJ#_z4>Ku#jO*vm+ZY=exW_KN
z<^s{W1Y^&Zw--qiT2P)P<}iWWt*tQ!5E}P!SuHD>)m`?CB0bwvQy>e}OWsVh1~BLp
z(7s640!VIR+SOZHfx*%dc4OBgsU=+mDT&KV7i$G2$<~(S+n6Gy(}9%hlClCo#n^FH
zNc3W?0W;;!xooAi?67ewn<;)FyUuv#jJ2h-6R<U=%<r3jwrOI#)8gM_xQYJwc%7yc
z&w&sHU>KKn&;X4+PlLiV-bnU^#`j|*0U+M^nDIel;9lnzjq7D5(|Aw=q}2ch%lnxE
za7{Q0?y;(#>XeY_Ri}7JQEG8u#1U*$uiS)IvhCxGc(nKOvcviSUL~l+O^mYBRJtmt
zDQ;u=z`kguptuZL`YoV6n!-hC*|yenN9)|-bN7Z!WBLP8kjswL%k!N!6ll%hH4eLz
zG3I&AOzI;nW7{=^fQ{DxVBSA({gt&t9%YwKNNsMQE*oNaosKr?mG6q33Tq{J7)L)q
zrtRvn*>P(mV_0+gv9~p1@>s`(=J9ZBDL#JR{LiosP025BGh=^wFAQpV$)Nt+G(dy4
zlZ&%jY=?C|!`R^Qoh}TqbK7Kd4Vtmyf)qA4>w~U=V$UR222s2Q%cuk{9nzwS%B?Bm
zyJ*4O=1nlUah}T})aVYU!tJf;IZlivmvx1p5BPgXD`NGejG6D2(3<E%BUVITmLvG8
ztdf6xmyj}VwCG}E_NzmKrpaK0#^xXi0K<zeya~--%cY%zb(Em2BeQd2CqTMME}d<~
zBgl?3DIP(RT`PNp^}&4yKwKB!?hXzHfQCkVtZjTY$flN@c2q0-A=GucapZg{V>&k2
zc&3ZqBPQRvw4Z*LBn?B}mSS74W4T#5cQhPvmNmq>&A`vJdT76<KuHD;Ibuo@>uftl
z3POQMBy90M)xrX}QQ$QYTN52<p?8ucZea`ccwOHxF!ia`+F=!^cowo^ic#5eIdhFm
zhSVX8o{L$s5Y4n!#v!I>It%CuIw)i-*PyvEvY{zL*NhTqNaZ!s7S@8i$wSAFPE(C^
z3^XZ6<HGBln#}+(_W17321OW~zhDgD<81-Zm?84rlz2-v11>0F&z~31i`RB*ZXan!
zNVPul_n~FmWPzVBrb{L;a{_5LplU6i*k9?vVBv71cqI><LK<&~)WiEW(j>`D46Ccc
zoz<jPv>eD%&OWXKPUlr5v1uXtc8fDsYLiUbX!0q|NE$gEm06}zd0rs{UCxUO5IGA%
zvS6>kOIO72xd~jeSYtvRWS!+2U&C0RL>@B+m?)jo;qiEv{m%Q<xK=K}a*&S$JjWY^
z=I30}A5-YAGbqyjCcx!g*1PdqoL4LRRJ#{Pj&ziWUgw&joa2hLB$2vIiE|CGmlKnE
zN2jaK%AX8c$Rrz=(!$R^aPdU4Dy$sb&kNgouEt->!j)M)XkPbkX+h2l6wTM-8r0+{
zp@lI6t>mgpG5b(PsUL7QsM}~`<`TJ5@pMp!XnC;0jpp66pWI3i^9vwZZ9oSB_rKMM
zws>o`1bGddGCOp6=be0vUcWPm2ThQNvEv#*59<p*v)49{%K$!h&xSw^a7^0qV@Z9t
z-u@&l;$Ry)wpx|SplL9fR9fe{Ii<*s&mS_SxzeIR6JWI{WXxIZIEdU7Ae}Qfg3_3l
zY^IubC{b7T?S%@taSel5a)6KYE*3g>Ln+WG>!RZxl<H(XXiZK?i32JSNlO740142#
zreM)dD_WIAdz{#Y**sZ8EO%h9m)gTh>9~k?TSi21;8OqV@m9suXEcVcUXIg=HJv@)
z$zw>d>155Z*#T?78rFWl-j-VvT)a*Kc)F)ex6qX4kWYLNA7TyY?*QES%m8Db?V$X9
zs@20F(o@Y&A!IWOMXY(2)~U^$wt-u7dl&M7O_h{7kORVHrG8~O2#EZ3co-GGVUO1?
z3`<L_z|G9fproFFK2nM0#bxOAWOdm(dp9l^NizXT@c~NSHUhkZl%kE2x;;6C&w$pA
z63u*ZP|<qhBLuTpP>LYd4yrba%taUfjBf;%$PhB|W0Z{bXQNWOoQ2c(u`76OTSHxl
z1<ytCO@(I0#UsEN8nXT4lJ{6rTn|_yow93&V+?}$E2QJxI>*?ny2iblvA+h|{8bv1
zXY76Q!H_?LJx6~3@oj_(A@fR-Tt3xf<7aecu5(fPhV^cm!8@0{q!7|EwR+%aaL|@3
zRCIhb9HN(UfgLbKX9E0WfzP#!BD;^u-88RdNWo2Hjw9uf>MIZNcW-qF{r*UckkcZY
z=p6Dru3OhZ4_~LV1f9t)diy$f?GAHhr=Tm^?YKO$3ssEgNM1aMd^vwZYI`n_&U7M^
z##V<zX@=1+cBkugA>+?hu(cfTuyv=}JL$wV-ydtf563<ym*OUwLe{DIDRv9Uzi)`+
z(72{dEG_{%z`B&9(F~z^|2v<#<YRy3kSy#@OS>_pAp30<-#<wd?O+#&&H5uRxX8gt
zA&lU6GPT>{Keq4>f2O=Z1SKhXfv5v5)QOU}rbU0ye$3v$R+m@DXmwM-S6z>IVIW$B
zeyBiaTRL8^*RNoiB>ny+RxoK{qm5hUpp7Ow`T@#tp@pr2)z6b>4AEyDVlu7d6z0w5
zVxe`eWLH=@UY(KkKwG-mW(L~KX3giSDYLPyadwP#VnfR1o#~*d;H()W$B^P7_FMCF
ze%rC}u}0Yp>Dlvl7?<LZ9UI0xiaGtr?`MzRxDSj8RlDYB8GN<E+_d5hX|4045;=d1
zG&5>4YCcsuD;Z!n!)uTtM~iAg04uL<_GOu&v?>vOhoEh5+RVuZ!-Ykej!_!7(K9$A
zkkh%kGM3lHIxWesg^FRvmWV^UGbnAKS{yV`sgMl;o`5u187hTB&fFXDeYo&TOBP5n
zdKhwgQfI;{q}S&AXfsHDVTheqtLr=p0RsUjrLm5vV%E1?*Vz$q=wJ<pbay~Q5)zK_
z9b_npf4XBIe+&RO4qZpmk6))bv!^dZSbL*2gBivK6~G$0G+I3h9GAw@vu4*Zt+bjH
zysSe2AWx1>(~!JDUIdb2EV>g@(54!3X6Dk%aQ)8+3}dEv{DuwaBA<rEJ$qpF;2v2g
z+@T~zkkaZ{5Hm&agtnB`rL|Ll!Hw?v;gA<M;@Z*el3kE-`D`c8ZtieOq8;`|;@If6
z&^nT+R(eNyMw&T@!q`j&d7A`XIm>AxtQDEe0GI0;Hc(_RD~AT%kzF%(Szb<dJvK3}
zRE<lucw;!W#7~{OPIk+f6mNWVu!g4O-{%7~zgoD1Yv}}+uB)}x?uee`UyYXc>A9Lj
z>S)nPDcs$73Inh@B2q=JMhl9yLHX3w%#2)zPNif}bv|TqOz7Q{wH3X(#8>w3hs7g@
zV7RivAnu`brWlXTgsdCRYaFVzL)PM!BI@J~Bzi*Uw2(8C#HGTG{HPr7p#e)ix$KQH
z5M3bt?6pv%Wv+;IM)^PJ5)}se(3IN5;R`LD%QKNr?UB;2LgQRpte`X+5kZi5Sp#7X
zp6xG!pYxZ&6f~Fj{lBt>AM^V=JMLd|+oV7LCfoI~CNfj<AEyf_TV2-@U922@_D~z%
zeETHS2NzkocDh}dnwo&gnJMT{DcZJVtPq$bFhngEYH<*!qy#bXASeq};Iw+E7AAKw
z8CJq$ZIL18gt`b-O0ho1w3u#;YNc9P9lhu@qJLAZ?6fYV3X!}n$9hv}F6Dm1e+|L>
zJ^1PN?{k|e0z6|&ANsxn?>#szN+X)%j^fYK!U}Y!x-g00?xMY!af1NoW!xyLPvfi^
zaHZIo9kkdU?OX~zqUFkSU8t@tMLQ_Nbg>9z2#Q%Aq*C{ei%e#Ua<b7Uq7j7DLyAI7
zRE}<2HaPOw)EY7=cfP+0e!Bhp-=4m42|ih$$QBF&5Si`BY&Pr<;V_!*+U-@CKyXX^
z2L+Gfv|pFXh$L2;I5W${k&8<d2Q}Y0q%%dkOcT6iWP`?G#MK5MmL#aunqoktkA-qQ
zxo>ij2NmhI97PD3l*j+dh6Q1a>gC)26Ex$e+yC)4<!hLjodpYypfUy&K1y*OQZ0!J
zsRIMO-$QD0c!>dO6_IGI?-tsm>2skg&@x!qV;G=aiLyzS7AY-IM;ACtX#G3r>Rk1(
zj&=2<h>hCTK|!rC9-&G=jb=d_bE-sG<ly>t=$|C-{OR@+-^fnQ;8n{8uOQpjCE;v+
zaBo%n<#?hG1C-(`D^h@_KuZNJLSMFI!6M@I7Gv$m;evEUltGAAjKayf-Bt%X+NC4o
z*5@;6%=Zp5SmO67w%cZgTwN-YYj&+g;iubw%#9ZH91T}xai38YO@w4)uIm9RiPI7Y
zg&^luwg})(6gG;iql)}gyH3_I6l+D%L12^Qo}I>@Npzk#9tbXpRfZOYs{+S^Ks1Lr
zjhbWFS|lJBjg<3j2@7EpA=&M-XgkAiiidWg89R{ydK8809rV-fKh`$2V;kD155V%m
z(U?EjCW-)J+wHHcvU#sHDRrU?t=!LLy4tkv3QF;^VyuvaC(swPG~7g+l}3e=1T*m+
zQ-(G#ryK;ZPAwxA+2S;R(ad*pYKY)B(_9M04YBO5Ewx<c{Mlu{Z8ZE8)Bo`{3Ll+2
zemfKg+HiR19$uurTpe&mHhB$6VGM)}^%PRN7dugci*d_gC=qs@d9-OycEsdI9zvh&
z%L2l*qy=!TX|E<c$eb@env82zE&;@0l&UO+SfLcwxW?4vSL@Qqw&gJs>ne&rfz3^z
zA^+ZY1vqpB>g#WTf63<Vaxz~h?A!|huk(Mp`3K$y0zS)n*P`#>&{2HWo6|nLzit1L
zcPJkBaHzj~#lOn4ueVhSteLHpa<u^#_Uwm+{Rd%nWq|uDwKI?KbDu#$(%X17Wx+6i
zrB$tH(fHD_Co!~J$uy_ZS%52+2wpOdZmz<W6~!V`@K}5Yu+YC?1l%R33+sr!W{;#r
z7TQ1vD%RuD$dJs13CurX>0CVG!B9T!vD}evegpp=zU4i~?AX>X{v3=xcVXlE^6`%V
z|L_L^toHaCbbb!Df5}GItnfb7cmH|qcMrNRRM*{%evg~^Z@Ope#m|f1)3a3{`vO$o
zzZ!nrjqW!*#sK=)*aBN3gu9YLx9ODQVS39v9K2~K(v4+VidX~n35cspJ;n$rfaJC=
z6}$x6KAQT96$Jl;uCWqQZI5_AQv58pPyxtE1CUos3e3xW6sqPO4AE=L#*|9Ft<*DF
zXT`Bn_$WXlx-9C4KS9PpKp-%WsPixUjsWA=p8+1H#)<&0lG`MuJANBV$NPf6eUC^p
z1TbwLkEy=?9jHEkArudPuw0wY#p8p1uD^dxy6-yDe0<;VT_3~&(m&?$>urPAznKRW
zN!t<!Uj6!;`5Eu%e))6#TW;*|s3fj}fY(8Ab*3j^>lr7({u^%P;^zf{L)QTBPRPRZ
zWYv%aSI;?yqy)CnHQwDgBV`Yqi&D99zbaGQf@H6xkXOMTTR$p^#0#d#1$Cro2x$zZ
zb(sr1qb?H5q4zT5G=C0eH~h&l4u9{vF#s6M2x0=@2!Uymw)M&vAee6kcfsRO;(Z?c
zSyBqCKnckpM=r>XcjYxArO!Bp_thv>X&|)lJbo7fK7K#=v$sQe!DIQpbR6Ati2I7i
zKb!{&=m4R8tzUm8&IDh__Ba{Od7M0l9)Cw00eD0M3uhiWzQAW<`jX#|o&i4tfgF#c
z8Rg%43%V#g#Z6N^x&fKf$P<Y6=$VakKoze!|4^5U6U7h}E(Gr+0>6bG#j=ZlrkIdU
zscR4l-7pR<*bz`l4727)0yKSpb@Kj+2`^Cv2B~@)>E9|OB`_+RF~?XOHl^hb@UD=F
zdVv3H3L$lH@gU@;N;?8dVSX(F8U9Tm9KP#A(0TJ~S)$hpX4*!d|2qFoJeEOEZKdB2
zNorF3?rUFy-=D$~oau-T8V23N9~@~49g}YXC1_3Hb2<Pgx_A06E<1*~vEC1K#;Gs9
z0^r_w|4nlLpTx$C&ZA9vNVPrMIMpw$;O`bx%PZ{Gra+|5l;;KPM+5OFQpIiuJ(xgC
z1}}C$)rln<41A){Nfx-Rfo#E3#-lBx+k%!Xh05Z-LrBN-sWD<t_v?8v;LBzNCo9YP
zwb5r81vkIqPe4o)KV>^5(u{iNZWy9Oq>Vcq1k4qFu92@2#fV!DDg~=MVH-;Niz63r
z96LW3ug5>v-2xR#_3Gk(j{DqMcjfau{?0c7B!Mp6z8CInV@gCb1HMmS1@~sTK1x2i
zUw!4(JhKoTVd;GE--a)*w~;-$NA)@ISymR8U}<5AKQqYDLkPOoH$~gAM-Y`hvW!#+
zx)Ci$j3`<?x(XG=K-=;VmSCWqH-&bNQxGRH(IKT!i6j<9k(WD;&KDUGQnOFiM;zj_
z4+a(6(g*lMk2~U6Z2|e(x*X}gy8VPm2X;0|Mgl<ll`rJZuMuRdh!Idx+O}T&%e;T6
zfTpRRj*p5To%8jJaf*Ksl#hFa@ZZ0C4|7!7=zIby(Fdj@sOWj57zJLR0j>LpihxRQ
z<L11fHNz8qn7nhzOf-c7OlC2hO=uha-6#3l1-=Vkn>aMhIA`50Ql_88)~7Zk2MH-+
z2xPJ)SCqLu7_s6fVV<IZaa0`g<5suDG1Z~nffZVp1BEm3XRaYloY)o<GPAEsdKvNS
zAxURQ5;sqFHvUWW!WOwVV@0irzy#)?65r0@<X*5sj)8&g9`!3n5@L@<F>wE9r~U$d
zQkzZF4KV5c@qNd<hSC+<h_@22CPi(%Yy7zT?r8u2&Xzyhzt%PXcebY-JrCX30|xN`
z@7tN0gf`ikhXaXs4zg4mNpfCT9`|*+ZRnuAndwHGs`S&}ZLx+BHp#3<<qb5x!|H-q
zfd8;BSuhgw<f9$B&R77QGhCH2X2SCo#1>OMmZid#Reh?AO42)0YU3#5j3a&dliO_S
zUvK}9eT`#SAb#BI9_wEJ8o(QWwx1-JX`^C{#FM!W2T9Jd)Fq9T%YvBpYF!tFtQ##3
zN)rA|e4EPQI$d9l!0J)5lS`bySI3NZh>jDlt7_FsAxQGqX4$Bd6@*;oRZI%VQmmYd
z8Q~D~2$R{u;zi0kvOSyU@ZbAJ%G~f@=%o3NxN)JGQKc%9*c^x}Q_YS_L2L=B#Gff}
ziGj@dhhAz#)8aoAVALBT1)G4l%9dFolr!+vD#_~RrQU{8wl~E}CzBif&_Ln!3>BdC
zEC%oxkdXnF3(Y`?X=r6Mlmtjd?s0qF|0Qe3zt+YQ@Fy$<|6ksS3$JoAZ@~-86F8~h
zVujWY0%KKMd@@8%%qdlcB*e1xMUW1baRA`8=4U1(LtNKA6k6dThH8T&gRfSnh-R~Z
zD1sJ2$2F-D)D+p*G|@q{Im<=Wq^D_VysMTPd)XQChh-9nhLQTG+kceJK<Sx!w50|w
z$1uz4Rc5nguB&yRiBeciCaRQlc;`Xrj{;0@o|Ujrb<%`9hftL|!x#aUJdJd1wpxtD
zY9W>Wf&XTT!m~iZmW)0{238?vgd0Vv&4d@%UldgPaju-(0b|Wx{8<hi`04iVe_P=k
z6yTMrIP8<maw>TXPPy_7wxCr@DTaeH#?@=sTUv#KyN^IIJq^>_Hn2C5l3HmaslBo?
zkl-f64w=+OHRRduVulNB`Ct&&X2l@)x7d@pfFw~A{BBqUE+APcMGDH#t6<#Ofvxl6
zbL(8l6hfmRwtb?1U-;?v?|=J7aUx4fs(vJ(rJ{?n0A`1B3Te?F3jSBOG%t<pBpaLn
zG(@#)a`Oi0&P{R9(g4kWR8ov=!$%IUz{>If=|Uwrg0<G+2qJyiK{KqCZm8oW2)GI4
zLp)|gzlRclWVJ&ATU~S@(DC@)NUv+kBZsm&mqptdZ_eD`@<9&%yZ(b=%Jt#V?H}>)
zpKkxYHj>O=Ebjsz^>;;_jMx!EQ+cbaOHDY(6_RMt%-QW*p?7pqL?DX1{%Rjq(Zsjm
zxXmy*-(iV6Io;)i04^Jb=k^KIXzidygN6uh4sfy{B}E)LKbVgfK4yQ@ev|05d0qa3
zz)LF>&_FOV9s!vNiwCf}fy|q=95BDfBcFS?!MPiB*{#9(8ah3$N3LfrS+gUL8F6Fh
z9rOG<|2}4^>w~YS+lH~{UiZ@02YS+)=fgjiZu<s=(dycFA8QCV_O9`>rD5c!=zX`H
zbh20os$pD(O498l3a(HI%2o!70gkImxmfp(?ZbuFjO|J-6OOG6#90^7Nwm1Q0$o%F
zTO1zh;(ZDYLYhR!3A@QFDkL*R#jy<&Xp8PncNpwL-0!tY6jf6qNlo`GxE5ZC&*gPR
zD{BkK_aOihtyt}iSQ;~t(8i-{5zqE&qh^obpo)tm6=kxFa2<}qN18!YDOOGbh`K=9
zLhAG!^*J!|j%svzrccH|73*MAI`jay=44oB<YfDf@j1OpSX0t$9ON;|&^4)*8y^Ls
ziBUe6fIM8)<6Yi*kXL{b+P3yZ>>hdixqTqhSacSsf^L=kgDOHK#mub5Am_5UUcoF+
zDgi^O$f4ALlN%CXmyaxQpOB<1*hEK)n8ZTUd`<&oh~OtlOfer+m9#@~94LW1s7M}J
zT0%w9M;kJE7~ATy_L-g7oFWm-Gyq1TD0<6cVR~VTCCDHMV*QXrTwoiyWSDC|a(0U2
z>=)-#C#oGfm3(d5NMK!{HKbfvE1}l|zgu&Dh~KCCu9f1@_<rp3IQXD>v*t4e2xHR^
zKYu+YtwWNQW0#9t)nA11)vT;KMdO|UnsE&IbB|wDrv$Du2PAn)t|w!FX(WD#`;0&P
zLI9mt?Jq0`u!2}@oPb(u0d{h6_mTT@8k8<(WY=+(dEXpY1*4#U&nsgAgPed%uJ4;~
z*bAGtZ-B|E4g;;=WZRYiTBRrfl+G;*8Em7GCB_0vT6!H*5IKaj5{~R#mCZ;(LtL2}
zPzI>9ML~nAl57@|*5&$*o%L+&q_qGKnev!Vnd|bCaa7Q*T#B1Sf(#59NbDN<i~wPM
zI*<>#d|%^l1-JufjKGlHXZ%$AuIe35&V&3rfGpk3Y8LBtTyto<{9W`psB_yB6S5>5
zfpj3@k!&w^5Tz}f$-t?bS;~IZVgitC6IJqT<tPj9lyU+NmQXsAg2n|Gk#-OlCaVW$
zqp-=$!|HO6A8_-Ic?nWNOUL5DMQCl`2z$}WF&qwI&+Ug`e%mZ;*f7OWZmo8qp29lT
znxj$4Rm50$kX1tlA!3&6;jJw7nH#q|;x=b4PXoaNQxA@yvvr-p#}#NzCh%-filk=x
zWsSLR$7i5fQ#{U2SO?(oa|ZAnAmbnypZ4=3+?wmV#(mr!NphFYJJvDHi6Jxr?wSdk
z_MA0J=<z8{;VbPGV|d5t2)HQOQ?!|UU+Xox6O*zk)lgy|%)RU^QI#aE&MKBv%92+b
zT9&gAX~%cem0vllnx|(ENB14VcNp^OmYnU4N*^s2G}Ib)T!$G!KDTWnOZnAd9}eAq
z09Fnz!0p%E4x3Irj*F)+9A1Khdlwj((+Fy!2gIFu&}XS6MkQ>?<EkghB-NrOTBAXA
ztP8NTZ;4X4x;he0uQN=(zLM3{6L4Ghw@>AC-8voZ)<YjOPZ*!Za{z>O&b=c^9{<d#
zN+yM6REDNl4sQGwP2~&L+3sKvgmKQ0AI4IyVhP<i$yrip8kw#!*b{#VYv+{s9oL&f
zK*x~GkZQo$%ByMG)ePx6#EcNHMG|YRS<B$?Qjxz_-b!m2t{h#~_X&~DR(>ck9jy`P
z2$JWJ6upBhN5lz20747M5W#=wmc1~4>UNmfIE~8XGAtZf;ZV*torh9&X08jSv|5J?
zg%463MiT~FwD2btwL$vB@z!24%(<`ioT5mX<6aR>f7|lO-fB%VXzH;=gR*Hb2Y3VA
z0n*Z1<J<U76MxOwwqX+FUoKrYb$oMLwgKSA&b9Ij2|unOQS)mxp9`QdBaIEN^&~xQ
z^<V*-yeE6lHCSyP(>z6E7{H<_99P`;alK+$=Y$J}YlIpfrIkxX5p?XPwgulA?sbYM
z=HSYpZJ=Cy6)A>`$JLfv%~lJtssyqD(*Qw99eRV99Lv>5r%{>%l?@)ik=qWy#*?;!
z+k~JdK=+1xAF@jHQ1Z@ino=;P)di9#F$Fz|ATQZtNV7!nUQ2~}1*>$vc?5aJ0qFuA
zt0|X}{|h1Zi2*J57RC;+eX#>!eMy`H!4A$Z7}m}PjqB-8V?Y@|vr9FA(l|E-x<Ce)
zd=Q28K%3or&6a(~bOZ8QYxZ90{gQNTUaxs*lH^u7v)!4{<23UFTvXcZ0(6!wuxZP?
zG1cIOH+?LI=pcc<)+$9L{g#m?)Nzt?X`nc9HwXP&LPu3<mJ;Ys)&C20zPNT9`irZu
zu=@~nao;o*mZ5qcL}R$I9Xna*CgO#JG>hrLXF%e$J7hIMn$p&q(LG%fL)tCb$Y}=)
zd{rvV;$v~uEQEb5G!xe8L)Wy&!dgk)090eDZd|BIF+yk#fH5Tr#-()gum(8RY;Nph
zu=B&%VQwvO*OTDud_N+EFbaWS{g<9I4sxxw=3L^}_Px?3dp}F%@1jB&GdNTMbaClq
zp&MT9(k5ZWvEU<*jB&_?nDY2ZVla^7Ochy>M`JGnC^z-unM-Ncu|o<kPLh$=Ya{S0
zyv{1p4FdY)mN|Zr#ly?!8t+4Qief?>96GoR8#hn!08}et*8hQtGu@3OwJ5J*b6#B@
z@bh-ME^Azwp4mJZLabU^#PtpJT6yO+%vaE?qy*p^Q+U?LiK=8B3S-|v{$1k&`g)D;
z+%aiLeqFczrPkcnt+~b+z^%dZ>x~T{JC|3v%0^lkYm@XPj8Uv?XoYl`t^ZAbcPFP5
zkg5bKpq#UX<9!^AHUo%#R{&8dXXRibC$*a`KABIWb-q{na_gc<{l`0eS|yfC6iMj;
zj+bU`Oz|8+sREi55rn<41d9~cfq!?9PfsJRmr-)}(9}0QJHe9n$e~r3pP!8O`ruOe
zTc-^zVH;@Wa1{@nKCS1n+~=8OVxnaGHRHdMwPtLFq`xcV&GtP%Tcgj`lT2Ah<p8k>
z(>f>$=yfFNdbH96)tb$aIR@}G$E*YJ(0tsrm&<06>|;Y}=GV9Pi}v>6B7$Pnyjf<x
ziItL#FKQz<rZ@;uVn;CJ)@n;}!#b{wEvZdKkyex9+o)5;mTK@?O}|zE2IsPcJ3$sO
z3gS#zU0MaJ@M(%C-?Y$KKuhSF`GB63&KDCUMal_%VCr3nxo~x~2uE%|2=iPDq07%d
z?2AdT?6laDap>R*a_R}bhL!rtYu*{9kU=B-dN3qO-RJk5p6c)#9K0S4^J}NkcR>r-
d_?UeA{{!Q3^Px>;xCH<J002ovPDHLkV1l6aB)I?p

literal 0
HcmV?d00001

diff --git a/app/img/no-trace-200x200.png b/app/img/no-trace-200x200.png
deleted file mode 100644
index ab1b40e474451726b6b3abbccc8b25f58a2d8c6d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 33043
zcmaHSbyOYAvM&z7-5r9vyIX<<cX!>mySoOr0Kr{?YjAhixVyV=9^bk5-247`=k2v-
z&(y4{Usrcm_ms>;{!oxcg2#sk0|P_)CL^Kzc^>}ffP?t_C+FiG`8?sdNNT#M0L)$7
zjhxKDL`?z4W~ATjj4aHQ&5TSv9Y@Rrz`!8MtyDE#H09;^OaOLFM*r|IdDuC8N`rw3
z2zxjfnb?@QkQ$p=SlJ7bU$%FXlUkVyl523vv&cJ$n^{`PcsZG=cqyowc-ffnnvx3(
zkqUV5eFE5-xfqdp*xA}U^LYr8{|lGz^ZK9L%;cp1VsWt%B>yj^H06JgiUXX?NI98U
z7)@BXSV*~8nONC5xVgC*NZD9eS(sVam|58vS-JVx+4xvkNdNms{@I$7sX3prgw%hx
z^+^emTe`S7@G&#HySp>FvoislESOn&d3pcAU}Iza<Y096w0AM`V6=Cp_&0)tnX`$L
zm4k~Fz@GFUL?dH>tBWA{r>6ha1v`iTfwg!3?_v5JFlG-U2WD0#mVdhRZ$^3f|39mp
z-T!bqyC|FeufG3JU}sfN2Qy}6GiQLSlga1AnN$4Jlmnl*lbMkVz)2MVu>JQa{;&kN
z0GurW4y58LoTTzbCRX<U(Es9>m*@Lt@9bh^Z({aMLXi9ufyv6sl#fT0SAvC|la-5&
zg@u(>QjC{Hid{;SSCUmsOiGGPg6rS15&#odJ2QKif6JQwuPobtl>NsP>>NH@mN0X&
zax*iPast?q{;SJ;R{v2K4ypf$_usOn|5+E7|0v7+sSNW!6Z?Nn^uKR?TF*b1|6{hF
z#Qzw+nf<4=JAIlpxc1}clJX7zCLyZov2x}M8=z~p@Zh_-S~7JuzIbNOwQMT}&*_3D
zs+37OD<QlJ_z)r})%*bkg^8*JrG!aP5QJGIi=vE?lpvKPzq#T5GG2A*Z{O|ih7rsN
z?jCV^F`mQkej)gneJF6qdnj3_O2B!W?)g?h;&FgEE?|ymbHHk%$sUi_m+ATcBfXLZ
zBc9V+dtOg^JFL3Ch{>oed@m}up)<#g+u!;osl=fsi5p$eQ-2myHi5f%+EihjAEI@T
zZW1p5YB534uCJ}D1DCTiHFY_ES<3YW72)XXCQjiL&RmUu{Xo%+=k`KdaZ%N#HQ;#x
z7IuLa5EQ+Ju7gPDZ6R~dj?JbFUf&7wJkCabPzvm}fgn*badrWg?Xxab%GEv~guLf_
zJ8ouuAFw{T-C)*1=fiQokJm{l4!;KgGkVmt2bE0*Yo#FhopIOIpBg=nb<Q+r!dLej
z%os%;5MvOHz|HV3;aE^b#qzHo4Byngyy0<8RBO_KOYHL4UlLLmS!vg425pX|(53UA
z4LOx2QKpTV#T>(f^^`;TkJdx1_6dSjH)=BcCD6L{;E)d&-o`O55YH?wA>NBIdZ!LD
z6iV~IT)u3*PbGK&=?xM4N*HWz$uie$L2vjfQ-_!X-E&-ab|hhKH<t@DJwEy|;`8Qa
zX69C5Vcy)CSwePQ_*`#BE>R_~fhKW?;bM@%;vBKP5eIIQyvM&W4D-U71znD3gK?O(
zfE$ZkT&x*m=Bq2(io)lZtdtigfr_G$rf-cZn_t?46!X?MxOg*y`45q-bpVDj(2u@6
zgxU{#!O_@^=@;KCqROLGuCN7OUSQ++w;KaN;5f0pgLRr`3mUn0mcu>|2soQQyYl%G
z>nB)as#?4|>CHL;h)v)mCfn>+tXm5%df|D+CEy8Z{zLqmpr^t|y@wndp}W9aI<@E0
z<_?uPQrW7vYxm|H_X}?Y;nVl#_dDs>*!xB5t`47lXdIuto?sNvtza_>5>od$k%jF>
z?E|nm=W1;Z#o(rjzP;Jr`?PKdbTuT5M@U#Nu!$IdpXaSQX4Yajr;R00{jsgs<-GrA
zu8X6h=-Ge6znbA2ry~|Q*4rj`_w~Lf0(NS&<N%yjJ=)55vxx7E6Y_>qs3b@fbB#`|
z5X^m-U*ViNh+?D6Zi{krL7Q(E)shH@BtFwg-^n&N7QJ@93<=)fZR%^)(P3ie`J5~#
zEBa3DZ?+x`Qy{<gmk1%}qisNZ`5Y)e1hPuHL1Z;OgKodwWJTd*W=z8=z;wl}6eq(K
zwvP<Y`A>KGS8GMUM=bY-)7*rxzn#frBSE(7fmObY>JnrtnMAdGR&&2e9X)e56dKW6
zf)RJotWLb}!%X;v-*)Q|iSJP^1u}okev9yi<EncN=z#*|{rIXVoXCHzE?(H_vSCWd
zbw)CeT?|YLMd(iBX@A^3PcCssNt!r!<o9LAt-WNDN8IH`{drCN+kUE!ANX~3YZ<r@
zT9a=3#h=Hn!@I}a+YMzhSXijYf#Um9lJ`@Lh41&VS*9II@dOYmCgOdfu#DB7UG3gF
zWvX2Vufq68By@W>o1F(RU}FyZ)?8VeoHd=DNV-WRJz#JCC&v~wpbeBs{>#c+W}faJ
zG!Toq{LPT#r6z8xB%rHsNNkt)hoxqQqZ6;CZ`3~f1yfDUO~fsx+eF>(S~@mk6%`u9
zZb!X?3Yu=~6*cxAc5`@_LMb>ZB^{>{S9U1E4~?ks;32~IKa(#yPIJu^h5xeLB`Y$`
z$**=kymB)c)Sawc`dX;3+OkmXCRm0YdcH|1=xvsUBVSPFR98&>epf_BiqCdjgmwoV
zckMIRn0hi1#=q}_!Y{iHK{dKQBVkBcZ#p*uOS5aGxcNgUu}U(S{%?f@+^&Gm?Kb*D
zxAENU@vif#Ax=&%pNnXN_M^Ydx_A2k7dJOT=W(=9vFEy>Jiem@af(D1sCpFtJAdJq
z85I9FjIbeeDE&n0OaHBzR%i1(uN5om&fR`#67Tx%64+np9?Pn1j>EmMfg^tR1Zf}J
zkN$Ad<X5S6iHSA7@3Xwl<_3<-OTFQu_D@v52sTQ?pgl5SQ81vImh?V$Cu*ud1I+$u
zGW}m9aWk1TMup#>Yr?{$x}6tXGpk?AV0-RWtdwQ2oLlRdefQBtmSg3Swv@n*dTw)a
zoC{|9->O@$yqVGtJ>3RIIroj5tb=~1YB4h4SOaVveK$KF*HKWB5-?05A2%LJiz))H
z#mTOx9)*2|jfS$X;@k}$-$^R)>qu2Oi2Ywi!U69C02JXf)VN(2-@)34uS+7}Hz{T)
z0o_+SQF-q>++rLJ_UkWy2)MM}Ac-v}GVdY9DIV9oKg3al55g@6jA>DAP@^Qo3@anz
zgx<DHnn63<SGsy_7bDbpexQN0ny#I!v0UGWQ-jypypNl!dW*dHA(QO{8Kr#hOK(FB
z#Y;s12&AGY=(-zU9o&rD6c_U6l&houWC8m25D5`k@O^v}l>+PmT@uZ<Q#IA4pwB`n
z!d#v&jcYu*`{d;Ea&6f}$~4Yv7YAmeQ~*2Mqu}_k<1xmR&B!!D?bsymP1pT#(SgU5
z4XxgcgX)U}>3N!&>u&J{!iGDSAx<y?BWCwUa8^$f*r_Hce$Yin=d@hSCbdQvDeYr{
z^E4|9pDaM=ZFu){skTtcX1J`^06uoVrs;nHZ?xH1GxPU$d>_29ZMqt-$N8Jc^6N~;
z{(Yf3x69(=0pd3@wpM0!Mf)y_yYTfMn?s19Lju{S!8`4raB>lScVYP<!$sotblsbO
zJ)-NjRK3xrdU8#jyRz1KetFZ$F0j~5PY-4C@_sHX{Fu$YJ*DIKF!u329?Cj5?DjaU
zXv*CAMv!LkqV`0@^uezvxH{DxY?nfh6~GfjN}5br@f}?gx1TxSW8pjWU+SV`W1jwc
zxjNMyQr<lz<u2uFTur2m!RlilO-v8s2dZysl1gO2$bvd?I6#VWh7m59ksF+pjM{v;
zD)b@zRA2H|a4&hU&ELR8y!bygmhLSD4$G6guZR((B(Hmi;1?|3d+2C`6&f|3hu^5d
zaJw&Hh5fFd)1Z~EhScHY48INM6K|ccDU?Fk1XM7FL5-mWjRhiAGV(4CZ}H^9z6MNK
zhI`fnRXwmWp268R2Bt;z;U5mv6Jpjg0r{J?YYSPuwK3ur=@*Qv3Ot||gSV51&yALx
zF!sXJyQMlABN?Oht;5r~`wQBH>8wr6f`M?x%i)E7K~SsN6{EM8#)N$dh!+F?F?I=p
zVPSs$=a?Cp_Bm3TWj|>Q!3q1jFQlQx{J6<rty>zw_oRG?TAH&?D2uI%r_MQsaRJcw
z5W#CTH0+&M12q^2yE<o|$;5xTWw+_9l^H`ZMxSKQD*>P21_FdtakIr>El8A|{GdA^
z$vpltll9MsbzlAW89#n9zcEoi8!=8du7Ru4fV&<J&b@h%`Po_bK&_9^ASdnK+kQp!
zul1Hv+E;de)Tzk`t7IBOi$8<hCYpdz77Gb((;`}b5~+Nvj`>C%E&jpkZg%-^?u<(q
z@^8)fc(+vSwCfGjrXY**dh0-y^Y*uMZ_DQ4oO-#Ra+i|{_gcmG=s8ChQj57Cs|A#|
zR4i0D<QX5~5sY-{_;c1SP`R*K=&U32!e}?-r8bn4%#<zuKoa>g>T|2_7mlDbP2AhT
zW;%j<)K}(^Vn@EfD;~AB9bDKIq?Q{KfAn#fAh1abj!C0{{NPx$DVx9E9|*S5p21l^
zq4QZXjTuFsf08(EAN!0G8yikk1R9_gxS1H`QnQP*)nBLKkzf0ZI`|NUK~sw@MS_2Q
zaP1~=s;17b<!nXC4)`cVtTlURODDRrbT?;R*gV@dHjz{L*(IGtkqV6=_6(jy1aHS|
zPDn}0viH*2ZK0nUtP&dzV=$zgeNm)@FRl{xwV<p67hOVMrO~)fra_Je^Tpkuuv0BT
zyAH-g;+#K)!ikuQWvE}`+XH*sOv^Z1<uOqL=OCmJz9(oDpgjB?eIgII9{v2~ikiz0
z<^vCD5_j1je}wemJPQ6I!zpeo%rQjlPhMQY`Oq2jAL%iglnOQ4Tp81oIl`fRC(put
z|EN*VlRiuA!<IP(@58zw!Yb<%!w*st^hv(kJ57PbxmD?`$F;6U%_8IDF@u-25~1sD
zP8)8YHS~1$aerXt*{zwr-;-owiVL0RYL)QGktG2U(d*q|SH0D3stga}(Bl03Q$yaH
z;pAD<rLODyCCI^@1D`b;|Iez8B?p`8Z-C!!^kI%~m@5BV?{vrGJ(AB}vH?Rc)&SSQ
z7BH1WJCRl-Ha&0(K6N<1vyuoGIELD&ErDC^swYJdKU1hK@Q_|81o{xVTWlu8iVNwr
zv0It<eZ9Qwx~=x!=JCwk3_cBtO^)nGS~6IlUAvo*t<nDT)(Y^wtw{5EFNlmh8@Uv6
zUnu7^hh6RBVsL=7t73HKGe6C=N77yn-ps|$Rq!1_B2-ECr-L&cH>Wk$2e)OFmU<{T
zb=W0#*(wMN8}FFp)i7`zX~pqD+<_*<Z>bJWWf=c`%9g<)V6<n6>Wf+*-z)X<>FaHo
zi5<ARx=m!UpFdgyvIbZP)AOtp)#2tk&Snqf-iN<EQV2#*vow)!H1~zg{b}O<A%%1m
z#E$6ZGlL`SJ<!~3e&48tQk&GA=kaDmop)FE(O#=d_r?76xA$zeSU>}Y1q5_9_S5n_
z5KLI5Oo9Rb>jBnXr=u6}(1Epvf763VUs_4^iFV}XLa4ynC4p{{ktqt|%>|`VxvD(M
zSfQiVAn0|(mO?71M`uFusucfSk&nkGH@re7hRp1W$@p#@&Nw1pYbVH_-dah*$xB^P
z_&z7^2?*=&vs)#`gIFS#8Y9YDtQJU%3y0`egHJINGX^FDEwr>-Z3&g<@e%A#gioAU
zz92z<orsbPD}DcjF{WOlKNh{SXUdf~rty_FMDj_ZCzEXE2$*R0tsEbz)bOjo)Jt(=
zZzrrlNkQr0H<K74lHN10`nP1(Sfq_Ft0EF?Q(zSsNUt(~e7GLB<KL$4m-N8_BqVuH
z>qPF=Uar2UmBqJH{N5uwkduOkG3Bc7M?=C053q-X#Mlo(zWC+ZxfmXkoIh5#Q2n1%
zmM(y;zK4?=Y5Lm4$k8cL%Xa2@)_7cKJ`@3+M!jv0ihngQpzJRvP7N?75$O~6CR>S|
z4_zDx5y*VziW%z*q96eH32V#CGaHMe*JsmP!-Mi!^eNwc#eG*Ru~~A6+P$_3DKNa4
zHCcr5krhp27v*aQc!|z$`3@m22nq3*TO1KO=rPg1)UC;rqCh#r3S6JdcHNw9>gzXH
zBe6lI!d9UoxeIqZPKzU3TgpM29v>gCHu;v&Xmi=wLL5F`c$2)mlU&YyEi>83e$4a7
z?r>RJfBe|7Xx{ljNWQfriLkZzxBb9n91A+%do|9dI$>mfg5OqwE^+w4X<er|HYTPI
zIygS$6l$r`M&IJJ5*zIO{XICVy?LY_IS+2gfCdwvfS^Z|YNu|d?m9NBt=GY>8A?5r
zR!cckN1Lhr&e+3vZ1Eh&XKR-}ty|6r8)B%c8T6vj-Lc=OqWIGDI@xu&@k-M2A?nbO
z(bg8&yKP+N@-!>1l^RI#8I_q^i{KV)bG3YcU@5;9;=zoYf!;h5Wh|Gfg))0@4<{f`
zee6`+h0-u2(G<Srt44)UNE6qU*41_Wpy?IzetjX&zuF*g&@8tDfRtQz!bsL3sLkHP
zVqIf%#D35C(k7)3NM}~RgJMlgc2jq0F{2*eo_oVmpT$~)Fl}02G6}#SwV3x2LfbDp
zNpb}YM`qrGgOiuf4!fQ>fxLYs@jM4aCc7A|KHG&PufieX2G4_L;^GvG?OR=*H)R&>
z*hIaOIy)JykuM5Q)Pp*!heT}^B{*Cy$EgO@o3&s3JV66kiKf!hOK1U6TT=+kU4-G<
zp&moqL%A=_hXzcT(Tm98(o!|8paY5bH;?zXwgbt7?g3ZE=s8B&g5zrOI3J5L-LMHE
z_nGD+8Sio{C6m|Q3IjcEA))6(SmK=Yar>2yKV|1V&3R562NzX_BDF<<ep~?lZN0;r
zI^M)K&saNH(8ELf)~O~5tef+u0dekv;}4pRL8;8mk9@^{Jk?GpfRF1$Tj8b`9V6G^
zth4cPoaVZ1)HlBycAN~W7QaPalHa92I;z*7(sE;grqYL^4kkSn-S6up+eM$QC06!T
zn!cae`O5v)W$!6qv+gt`c~XRjtHO6XE~njatj2fOskZXt^=-hxiyN@K$n{7{HGlOM
zJ$C#2x87{(a&5sxaw9FR=1kWi9oOpj^WAKrg3opl))sQr?%6rPQ-4W!#PYm8{<yF#
zq2`x!jjlW1C)iX_avtbr<rKi6L3b&5+gQ<cJ7H~g^D}w#`aZflU190{X32fcW3KAz
zep2XkJr6W5&0Vc?KO0Ste*MIIDM*2dT%o)lGpAT4`<3jp^)k2nZ3<S{<y>vEx<>Ki
z<w02gdHobNJWNqwyXCZ|GpPt~u6fC8@BWlq-)q?&T%X8!eioto%4#@^Av}z%cG$_p
z<lwQp^_X#p5Ipx_#3FZdt+P`ox$CLm<9+8)Sgl${ebzz}f&TfcXzIe>y?h6_>5+_*
zZu*RfLxcfUw);5}|C&$VeZQvTCFc@!^(S`yw*5fYb9sPJI=KC1Lv8bI>mwV%z+%7r
z&zMG~0_Dyn@9xhmz?*)NCf^0H(Efeo{`|ZOMc@wDT+?EHzOsbO=WxvocvsTX8_o7J
zNgHV&2d6a5tf|!R3pZI@fEGsx73+M5G>nGXu(mn?BabkqL>Ib==mYyvt=Eo>>N|AS
zB-`bN21BEak&DZR9UG9<*rmpR9@uzL1rUTW6nB5*x;m03^gFWnc*ICCCY}bKcX#a{
zQKVICHG{G?yIy+3NwOAZU3O8r-TM<|$M#1zc&hxlFvS>xYrvPu-~3)LFWO$bg~1r0
zpI5#be9T&vWX}s(^xo{(_-u*ieW${32W>w(07z<oo&I+3KoUduY1mu?4LxRizOYJ@
z)LG61x!Nq|+~>|2QoFA?YE=Jt8r2X&>HgRc3}^1%;fshwHMVa7jjC+8?j(Ih(5TWU
zsGq|-tA$Y|$LqeQ7Ji)*wCKECWADCdRkUAjD>R*4Vz-rKG;jcEp%!negN{m=ytcZe
z$w&I90Id(}CAoJQihf5A{1?Po=^WwCK)Jw-(00f91A;9agb#Zl@O^;U0LK0o`3R1_
z&p<(_Uc4Y^{9tKOQBH2dVST@0RVO(TS9j}nN)U2<YcR{c{jA;w>`>QZ=A-j4Cb<{t
z`NtD`-W!cXr-piU>)vdI^pMn2)#lTx!A6In-{Cbt@ZiE5^w*J<UE??7G}1OAIvRRM
zB3OyGi5u8`=Fu9^X=pN+ebUFkK=JW2Td<4be-!krcUuq%r3;TqNvd0E3y%BLdbW)7
z86LfZja_uT#udi%y#+wFZQ11cgS>IZFY)p4LRVb}Mi)>7-+*hp4cjX@{uf%zoh?29
zO^ySS8|8zK?2&Be1GjN&tFTSsyZlGrHxm*LkvwxkR*$mO)KnbM0|W2Fk$bks+kgRx
z(C~Z9u^n4@q`>uFJrV&|P*uk%5g<B(kQ7}+sk?J`Qp>JtLO!;3dF0aP^_V~rX3stb
zl}l99#^&}$L!CD!QJTbX{3xRHuKqNR{{e0|tIK<zdu!1}S;71`-*9NYeBt!NWlFqG
z6LV+Ft{X&wtIn4a(r#>M8FJ{cPDz<<{A*K(Y%E+$YgJzOeF7t12yf~)cnw%3?`~uA
z#nb)7h$*2@n6EXQcFQl>t>=-EHM{O-@oMeJkU|Z;+ugD1H*lpr7x9Ax@zkC$u%6F7
zhX)ATk6#g7<veL?{2QNYh0=1jnDL5oEn%p8|Hxq7Evx4<_gL~nx5b031^bBzERS4+
z!Q7)SOrC%nF!LJ%iid^a3Ei6)=_(W_Ej|`W1+)ES;g6x_V2V-e*Jzx~XOo)^;dg9>
zxN^EiUO}_oAWv+e*LKS1Q!a)UVfg0`Wm<LmY{!jz>sH-VGrWLvJ^z>6l|MB>7GbxL
zMvkVowz7|@@jhpT-7f?3SA*>rU4YX?JBwV$mx54)2-c!>rbB1<x9f{b#@4&+hE3<`
zUf7^QzoYFEZu_;hm5t(zi|v|t;ZED-hC~@CWnLvXaIuvR&#azk?D)_iDKO97rX2om
z&*wkgFUv?<ytZj3rg6g&F_>x^X)!~)13rOCSYr-q^7LwS>4Pw3d(1b_6(h(~R=${9
zGGyj=H{!<ETb<oj*5j4Boezo9pcPj43oVOmTS;XZWEy7(f)J;AC)aOt{0EczEdCpr
ze`->|46|TwPgaopJ8p9=DSwyZlY)DIT5$}p{}${ckQ#XIlv%vKz><Oao+dE^G`o$S
z$LM=v1E<O=YPt_j#<r6BCfqjjNLT=LyS6>e0dIv2j*HsN-UiHU5$gS-xweX3EP+J*
z{7+ac7Zc5IgeDOAQmA5Ak%sM8wB8u-2Hb<zwxu5rMF#JS`<rcVQ2?LAQGhS#Z?xOl
zk*Di~7X?a$)WyfxyKvXDd2K^s9AAfWbqw-jp3}{@tJyJn_0N^_y!in_swUym^4|u%
zl1!RA!xA;(CSa$Zkz91(*e`Bx&!|-_;T9)+7ku8s5PqAHH!&%cCicW7oy%$W^6gu!
zjW6P;wi3YZ+<ko9crJN`93Tn#%#3-C;-c_A!Y=80_2<LtU-jO0y%bGpYBYO~xh3Mz
z?5v>N+#WCHJ=`9ouoZ`q4xbc3qUge@Lr?jD3IP7c1<Zi;ra3PJU0_O0H3?A`s^s<w
zeV5;8yQ1go_0ZbG+-Wbo|3_9<?^j_^Kih4^SB+|)`!E7~?QYN?ig+H(0t@#?w?ZdF
zKg6{n-_FmZ-XJdf#>@<;2hv^7{oP&oZu`;T?Vefi8kqN4Nyxbp0E?t1@yB=E_P3ju
zDGe*z%dp4`-rT(g4qr`wX0qRo3gZcVrj6l33G`P@<zqlgp<-e@w^55r7GSt-iephu
zLzkB?2Spm7<H=1h8L!vXcvyzbHB(f_Dd7)tp3syE^*r~<jBpaSt6OFPShR*JyHwYm
zEti0EcXxpAQR0xWLoctoJ`xihW;8@<$6b^S4zth};}G%lZ1fbQkChddTZ@fFO@Sq0
z_;~@rA_ICv{a_B7DWc7Gi)_skh;@i?V`bKK1w44*3KB)oZ%Gg(*Ztv`1eE6t_O3~Y
zB2w|mCECg$NnvE{!LY|mn{3N2xA`>6WnnJ=FxV*C+FN3~-iF|$20YUc{t(Ug*zc9a
z*3^e*0k!=hsCn;ItnNHXqDUovn>O&XKuqMOH4{0FqI}<5Tm@HP6uj#(QxpUWvwRjN
zX2@k3sqOe6DHx;+>hd-p_(kqEpH4y(tbLvfre10WiMl`L(wMt20}>0Y)G1w8+9TD_
z>ZoG-CM%hZ_4$q0lLs}w&h2Zi;sUtk=i0hDdV1YkF1ujK>|TapH{Dm6?OS)E0OAtJ
zkq~QF8ormX-p9y~P3myO-rEJxU|CzbB5~&L1o*_ujh+bEHJtPs-FKrEs5bZ~>~)%^
z=PO7Fqwhz>I=n)NTdJs`2ZMtL2gTB$m%YMx!7mwG(ahcd1TrkBVdRIm1JAeo(nHjK
zeyad*8L>r31J}<?tICuB?1-wbuO2ztYP}gh*fxE27x)!6QZr|96&ri{L4G&`xGLz5
zow-t{dl{Eupe|UPqOcI7sv(oC$m=HKkjoVidiru?G8I5XX%t^KY|8aIUysB5HoDK;
z)d4?CK5BkjB>?6o3&z4IX!^w?rzEYjWh6ataE8OVe>QkDh3?EkV+!ooC8&2hhyQhD
zReQyp^D`n^ziC*dsB=(M{0NR0P%HbM@Z|!yoCQHi5-Vb=dp%l_rsw+p`QY*8AP#-q
z``kMrdy1G+hD}diUSLQATaM^AnNr58*|`$2-})2<uFvReDi5HaP~rlKi3q&62e39<
zPueQFygQ3+2&YanyG%z4OzFNX_h2Y8Lb|N7mYCRENI$09J+3{H`s7i>3lIif&W+{j
z{Bd%%IDCuyd^*E`ZViZo#^2LT;=qo&&j8E}26gBObDsslo_oDN))N?t%#h7@OGCK~
zKVz014PTzcwiCOBt|JxwjXp!x{7!nP^Yb65(Hs^>hI;EAZ2_uV5&?xlEbH??I2><G
zrsIA}4~XO}E|2ZvVkr-2{}0lTBuk!3ONWx<Mc+c)!a)y@F5~In98E?@Y<&U{EKm-1
zY+1o$gxHd`bke6~S%{o4%+QN4Ln1Ca1x&$NSf0bp+s+K+1W7T<MVSgk%C6rc=7WPN
z9E|?vU%9;CsgziZcZ)^U>8y{SY;Ca+@|qno4u(9Mk|Q^<^9dp2OkMd5-ifT=@p|QJ
zMoE#!-n%;da;WKhW(Di&z0k&j#uAa_z-Qb;5Et(w9O9Xiz9-EvK_m$=v9cWQ0fFm@
z94OJI8EL2+1p_lE7%SYo;9y4T5DCKy$`0PlG6R7~{#k!`a*M!g>B`{&rdH##F_q<Q
zylI4PaDxa2cn?s`_$}xnQ?9PA$8DH|mpwhCKKx+Q-guq{LydSm7sua2hI3${2zu_>
z19;_MhbHkM^})39&_e#4sE6%3Vn+og=a;p)231CNYW0gRuCPTJ*Q(e4;q{GooA<HL
z8Pml2`>4<V8!uWqJ#nA~XUp7Si-!=#2euYBEL1h{+DaFq5=+1;#khl)tJneBfe{Md
zU?9E6uJH8A6}LgAsE0jOQhSAdcXzA$_I${PU`;6%5vICS={*D^qKYF+lhc;bgJBRa
zn7txvUm;Zrq@Cfq!Z~MIS(i3gRc&p)9OXC+ZA=^>YJ^)d;5i}yW~_&>>6bvyT>GRm
z;X-)uqiu;5%|0)d)ycYN7<x+xJd)nUF|Qu?>mL2Z%Vy}>BHmskzkEtP(N;uW)|E>M
zXMM*prTSbs1M0Pb#|}3HeXIlY&Cjpr4c@^KDo#!Nb{9(=x#VpCYNju?!n;~Y`TOLr
z-3kfI8tRg~=)tt=k_(zxKvYMGG@*)mX!&AS%^ND?@2WlmfktYn4$$r2h_7GV2yfYQ
zB{}J0v~$XBz7;p${1S4c#3+tt^XIgpksu_fyCjwN0sA->Mf%0)3fV1%7xhKfH;|}1
zl<=Ljz(wcPMCTl|KG-t#dn9hSP>L7VG(pZ*1p`Dgs#HqW?h4_T&S_zLn$J*FFP_8K
zgK#{IQj(AdQ?YHv@?Zm8mpwfe(NmP7Sx3_}k_bv-Fs`sdt-FUt4vfpWG+yqsr!|y^
zGQ|ICdx=}xz%91?mubfp2%{ZljyM+dmRlbM-*~K4%}JV8cJoT-PQd(@5u|YHzMAZb
z`Lj166ExB(CNy+(xmW&m%|-ybJmt<4`x{0Hsu6;iU0@m@gO~?KCE9iarY%F(ke>nn
zz?`mcoX7IXJnN%*r{u7iLHE#u*7SuD>3ql+Z@lYEP=s4eIYmImV)<Jayf^q<9bKO-
zoEsRXn~r5A%Qqhd<L?0In{P-Zjo$K?hVOu{)%njH_f2mb0xmI$(M2%~bJudfX{GjX
zD<0}yep2y{nyi+ME1iQ4S9S!)_eIQS%7XiMU=ye?EL7LdQG`&t!Y1#e!nUFyp__AK
z{@G~f)-?5D>aZw*8ME!9uZ!*1)E}*M0C!atRN}9c<t2Wa4v9Eva9ByguH5wLY@V8v
zVJST-%HT^gAO?Ap;w;fsNU+#pfZppbtR_3hj|RpA;o}NIMAhV+R;qAc-Yu7|QNF65
z^uo2n(6$=(49sTt*UM&qS2(6QsSF^=Z!&<YEs|O?>m?>lhHY83t*_Lgu;!FbZLwf>
z$@K!sCPhsL>m7J5%^e3%j4j-V)Zr7;-y*yd`T;t{tOf5F!ynRush(^O6GyjJK|cbt
zuFyp=axtdLJ7#l{PGV(6TEh;T>COr(JDBj8=Wexd%JK=;eow~eKIA4M<xFU!O0Eg6
zLgO8Z%b7U&Ff`?-v!C|zVX6cJfT`D9vUcYy*u4rX5kwGwkJDY3;pS%YKURJm?HK~|
zV956nWbAqIW~$YmeN!S$t9rsBbb1=x58{2}DC!Gx&ne}X%zZ=51cg-X3o$tugHU1$
z$u@rBz1AC-yf3&J^)D<PrE)v5Nu&Q%rbruN^F?Bn<-wL<kI!(jMVJg55CxKsTOB*P
z8SzQj-W#83C?I@TtS_ia)l;4S?P^C;srJ5tW?9`DKMl7{9c!Y~Nj~(V4a%07K11Rl
zfYhs_+5dyl_7|7Kx8zsyc`IXty0K9Z?_QWa{}QRa<|B1&G54R%m^VxGjLk48Hu<w~
z^?r)OH=C5ib(XddHR3Tb4N=?uTNI{P`(QvgpQ~uXwqfm|K<%MEY7>z5(HMvt-tztn
z`J~z2iy#Wx!$o%Ju;8wzqS_6^vywn^t>Aa)B;(%&gzy6uJ~M9yZUub5P~dv?0S~OP
zCms-8r?LbKgK=^c=B7!pPss4s>S2G8;(9=fFfZd9iL=IV(JyP9j9!p&WXb{Q*d{Px
zlkdELebCboy<>n#T9WsDy2%PZZM{*h!e)ij%9zD^m>4MfCi#;Vn#dTI&se3NX^|Yc
zFibuO(sOe%O0%o{ClOu_&Uz!yk#p_tq|f9k1{aL|7aV&p7m!~ACd%#Qqk5nz!a|&z
zqhdQ2zl-o)UDfCXoFwwOJwMnwvVSAa*Dr3xxLPcmJtTp1c5Ew9(B?ug7;yE{<Ot6@
zJeguu+76K(0~EVYMB%2h@Tn+s@`qNYK0@7Qe8la|6OR5s+vq<@62a*rxsOh7KSMtz
z3KAx^J~VJsCF^0898f9wRh7XKNjJ@*T5pkUE7<&IXz6(BhQ(C5WTYS7q--Je{3VJz
z9214S#jjDPjQKP;@geN0a^BlKl@iT3%OAO%rTOyL($BLt!p^>F4x-quVBg3%&(WU_
zBB*as*w;3ddX9bJ%Na#Be-sgPf*^PDYqPKthPeFD@2l@j7N?cZ7q1iV*8zUdQ~t^k
zY0Y2zTnXQbHVv)Dh1kRpX=rc{)4mb}7L8pAB#krj2xA(CSNbw#m}p`u&pbxg=fJ@w
zVHidyHRr1)26!q}=&(+lXrkETSX^C8+0S5b+hD_4@6+L{vmJ1d4x^TeQ`12n-?{xV
zNY#2ajRyjlynd5-AozU`7}6}|x)xVuVXS9o*la{3(DwY&w#nYAjdSJ;Axd08PL*B2
za$}bKb8H-@9}{RpDy~{x9)tB&lHE4MEM0<!vX()&k7bH$u)k$E%Z!Fu<9?H}8tq6F
zQ>OB)cmL5hVJt2Zl-<Kv0Ly*^_8jN)Wt3y&mrkGvz&hScp1>K;VNY74OU1<IOT;a|
z)373Sd^0YC?K538sq15;@0=-`Xzp$;0)Kzb9gd3<T;dkbw{J>}u#t${rMZlFCX{F3
z-`dEi8V94E;?`FF@Y?@;g68Vy<d|dU9U-qf{z0%vP&2EZdqf%RRurN6+tz`OuFg~w
zJZ7Jdafg&K&CypSTr7Md*R7ryKFEt6>2ZA69GanPRI=Qy2*vw2AGSMt-U@ySqmgb2
zX_4H`HaTN3FR55I)3{!pM<a1tk;37)9NJ|Zjr4(R7A`ba2w7RF2R~96wuwGCS8S}F
zjyq)KVl3c?Lix$HZ__!HZ;D+CkV8w%tuWJ(E*GHOcY~IqfGU>DGI-C8tngRiOeD9R
zdpyid49^KyiQ--y`=x#mA|rV^f_rtbaK!hR=SEh|24zmdH0&JLL@kC(Q5?};Cg52@
zGse*+UzfP1wCo358CK3LR@5ZUSSnnWnFBdtzLhzR!My2bfj!GIT33JahNDf<XScw~
z^kc^qDg;<0zGoWY2EHog8kev#sLVtnTB%g>6QDoQC8_;U&6!UWF7c|0NSw}M7t)l7
z`p_okOG|Oy*rd}N??%TDG%6jJLz+{EKf(m_EqoDp?f2UmR=obKJ;0?&qdr-3q{6W)
zp`E6aFeN3zXKu2c*2bwvI%HA*iHZvSK}RWpo{u_#o84Yn?jRySedJO~m(}Lm{<d=@
zU_+L`A6&*YtAzZU@+W)#M7~p^_^`5l=!^zkWh@j|g2$~_rD5z}gY-fow^8qwKtvs$
zzj*1to<j!?kfLf)@cCW&Ok-my6`<<Im{Vuu+FQ6EDohe))PHeva=JEAjXk6B%@;V8
z^&V<$Ic4kvqsn{32V?aGV*0G82uW~{vp#d|@dZT<tAn>ivBAlF>MS#e?)$@kb@N1h
zvTM;W5|5kZx+dmzP8E_$GoV7oj6Cxv&sv*r6rvaFo0=0+b+Vg8DafkV{7IO5|GvGh
zVO?Kq3~PM8T?Tt@ZmYj0v7xI}5{U_`O-*PO)b|5dA<?72y+Zvkl|Lcg*~wVy7d<TR
z3C!^R@d$+ET&x&P*)W?5(e_R7sXEF%<t!Q5PcAC_2yLUG=^sTwA#7=t4tJHNl|qSx
zrCZm!xwD*mb4Z_WBx0MurIi=cnjgk|n>u+|a`R9?InJ;M_b4M{V?<GcO574~P~?>=
zF2f=Z@9>xl726Y|+1p=&@nKyhucWOrmo5$#KSPfNcvaqKUt^orFc^2uc%?o2H+i;7
zloBb`@wy`M4w$$9K5|Y3=F22v@X+LnW>#Vz$4$CuGb2{%w%4<Ch);hf7hm|A)TXRX
z$D28<Ny{d&QwKk&JiVNsL{)(qn<zKqRCI(PNujZbgMd(0%j)>Mpmdl%`30ebID9LT
zG+{H$_68##ELB=4ap0#D=%R5EU>YB4`^|eo1UJTqJxH*Be>mbiioo#>9Jd{Vm!W%q
z9CTONYqeh2>{ROH?;h6YzeIzb-8kaKKPVT%WKQi=r%A1(RirJUtR&(^HTP42`#N97
z&A3H(92;S`PDZs{9Si=JjF!3XR4O#krA?n8I@}}D%(Vew{!*zYLM>JmOK+}BB!o@!
zT1e%pQN6mmD$rbCF>7q5J!I46IG^5XU1R2IbF0plIYdxCYK9@sw`KH!23Xv(MowCf
z5QzIaXuNtc(g?A#97w=orO_V4;+6z<_RHH=6w|cf4v0nDa)OgXnp@cS8&|CUw~dW=
zIDOL3NNV(%mgPnwSOFpW$)%w_fX<pHNGCN)ptFKzBvC2_YcxV>piKaqv%opi^iSkV
zA(l^dfz?;7#PN$|?S%7Eiqf9HZcxzpQZyErlb9u(Me1?Z_9Q10=<w(5P$n9&dsJpk
zXf3GlCVMB5c5UFRJvb&7>}PAqjh(1qO@--wcF%JCO6{<w$UiAMZ%)L9FCQvRuz8wz
z(e!~UGU-=~GrBf(YB;-vXePj7It{8Jn3Fyi8N-7qYaZi`GhMY6+8K;GXgUlkF;#5i
z?=))a_dn`3NgUQe414eyf?DA<9}v%4f;)61zUVTt`QJT}LYbD#G*Cu<-fNUvot?!J
zz(<B7*48`(5Iu)4yob};wj-Uvu_cOs)r3ZsuC%yOQ>b(rfW#ck<-S_^A;@8mem6{>
zxJIS4b6ltUA+l!eD7hd_RnKNsDr>gk?je>eyZYLMArHNzR+Va2*5N7<9g&~ZX!q*j
zNSQ{T=8__Fi;e~tWdkpTz{eWK#_sT|TvX(jh!O7cai)%u1a{xCI!=tZ12v3ho1~7(
zLDX`hVy_&HD#A8ok$8>h1h&X!Ayck@kr7!*=^2L)d0tb$@)>!z9Gy&Tn@?F`g-g9~
zT6pt!LBG}%?%q+nr!Bq!k)<#q`SCDT6?R*2OWCm`Y#<HMhW4*h{Qd{1<>^k>)l?+R
zS=IycYY%5xSzS!ol$)^p8KP%+ag}AUlsOe={MD~W_XknC@I785cNv=ZUVf-#suQyc
zO?xm(#5UH=iWJHOTe^}l^!vB&qAQ&u$eM@;;c<@VI!vbqrkYfPj)<W*eN?0SYv*7G
z>V~$tbEf&a;C08P5lZxAes>pho|*Zx)@{;(qlHU1hlwU}0aJg+BU%dNUPXSWDaB{1
z`1hg_)gaO}ch`Ph<rfeV`bF?7As>%;oNt^}?|!8B8%NSasAkwu2-25@9|9WW-@Am>
z6P+?iHDnv}eSSrDB8J*9AvZcnY7A3z7TH>uelOz~)iMH8LSES6v)D<&lRp4|hBu$9
z`YYmD9Pxl=@WRZ(AUh>2iM9Jow^NxC5@gL_s%{&>yESJH3+Hy{E2<Z3r^dw4S6$u9
z%{jl$dsFs>Q1&*;k%q~MF!)xj$QnBrI__I&D;&i+Zcao<1%eLSm&8>e4)f{j7}lvO
z&FcBkfj$fFTSQx_q{x?h%SnlpB&E1%i5bhubO2>pgmWv0g_1Z45WaHMNYaFZNXw8p
zN2##prp>vuM>*ScG|BySB>4HzH|3&*wwoBHl_QDqw^O9JJBDp9Q-khqwV~A<QZ>;^
zPH^0*6ArJKeWQpyZ$Akr;X+sYaM3-8mMr1onjyBLoV+68hd{HLWn-ypd>Y+?^6S~&
z?4o5E?K0Xfb;I*P>cK%+m|StS^FubSG!_*M?Vl)IuH3Zfq?JN-m_hg$hA<jv1XlUQ
z+KHyDd!ammF>bkl9~(i{Z4>yw39j5Ra^i0%sg|~|dvM>-u3Z~nYEvd2cznav#m@*P
zYtLL5fNnto@j(gkqwvG;wH3HSG}DV>gysvU?e1GYyYtqY4@GQU(_M73D%**;e$M%Y
zmj?aDEJtUKkY-AU^|xPMZg(QhQ{$0Wx=pdRX%oZ%2>Oi#AuT6OhV!wNNyf&~WX@Jd
zisnpzO(~ei$a1o7eL4g7Q|t-~Y<{1S<3TSk{VG3a(@502koKnk^9Jet;X9;)Mo5Lk
z0%WpmM2*0aD3ct-qDnjEgOE`}y8mLiK*t#yE6*>5>piBfL9e-JJcMbWTPV>oqGN-Y
zSpF~2h}28}Wm~0tD*_a`MQWnP(IXpR$3<Nx6S<2HeIMIpB8*)qcj8uwN(xB$9rLG?
zR&UnWJzw8hjNB38z}O8$SqP6@S&}`fa(SHwmH;_U?4ZYQCGGpF+XFvC$FnqMfYt^(
zZT&+4r*zd8FCFas>J6T|E6bcKnrz9XHYKYCx8{Px=<)XjL9oyS=Mpqu6kVDXjU=;!
zyt;B)ia^4WeRYV=f+&r_dO7*Whadb!KvrovYfheAspYbH@=-{4bC;{O%XJPkG!5v(
zwMQUf54R8p)G@yZO_PFLr0s2X*lx0bao^NEc?#Kej4ny95>trB%nxtt%yP>%b1Iy4
z^Jh(GK|cH5v+(A$xU3}({?Jni^&0tP$hkTQ_g~>XGKQk+97rot8yXI87-Zlr*e<HC
z!F(CdLzPkK0`4O1TdAq%ehTe0M};tN5;QkeIFUKvD#N!y`q*2=simpLzXft5erd0l
zRh>|#60VhaH`l`iXfB+r+-F(E+=SBUNjFOs#u{yh3=lbn+<xc6#4yQFr9qdy3StVY
ztD{Oa;vU3r2)oOssh4p1)7o|6An$Y9@l%=BeoDQnASTbxU8F5fNBRN?TLM0UMT<)E
z)v`z8EKzfDF64$T+`E=|XV6f#^gfUK&yt<yZ)}a{T|P%ve)uF!QB~91kfttp{v74u
zqCdKcd=E%)*Hm{}L5!nIQ{T@Xfm=(~t|bBs#pfpS-*OssNkdg*MIhkHwt*skRw}SH
z8g6l^2b3+6_tqxK>7_Oz#$t=Kk}9;K90W~Zje%3fH=ZnG1yQ_Ym=)18TNV08%m8Ah
z2nHmrz~W@uF>Qq}(!?6*zvjw%b^_F$<1P%4(&sP6YjBay=8hd!xr1hxlx7_dvRc;J
z{3^wHDchktBUcwLyr`1JxXby%q-GsFIQAFqYSU!e#7)*xJ@=G#i3Jasb9q2h@PAVo
z`Nl@kyb&qgP`@<Q5UweQIY11EF#vmyEVr+UQ)w9E(!OfbDrNru;o)69|LJ{VaT3B~
z6lv39rYJ`m0cYx8{)#lADp<!hVBFi)oR889{Bd=v|5X;FASo%uNrioCKkj^>g>H~D
zP{^rA;0#*`bFl+v#HU8SyXY2?w_eI>)tDD9hL8=F)ExjeR%7%S_|hW-@p$&~<kHM0
z)B0nifi9fls(&K2f2yMR`Ner{!`EQFkND`DE;$100rXtemJO?^d7(v7#aG&qAQ_lK
z&9a|Vi~HrfNnFiL@@nO!KS>A)=`i8%%Op~!YcR(mu=vnNXWMxCJ`FgUPI|(o#+!4g
z#)dOGRdGL~gO$6VV6sS2L+>H)b!h<q%v&MaQ*Rocj6=S?EZ)=|N(zWZ*;<M5;9fxP
zU7gb1O8go|!k=s^Kn%{?u;`<e&)z%8<mnMfRv>^LO<ujfoHCMthWaO}@}!>Ouzax5
zT1{M_a0(D}hb<#Rr-13C6*-|!2d{)HZ(QLSYoZ1dYshLai!YfJBWW6@KDMvaIiG=O
z<?@hH=Tug?XNFYIBf&mX3YMqLq%nSc%O$)&;8-HFn|7BNkh*Nv&@te;-keO^K^tnV
ze>DYDD`eweL=e$T{5J2{$YW^%q`f8cm!_$2@1<#P=3xmVfTf-w-xNThn-0{ZP`#1H
zI}Gj^6!#8E;T(!0@0Hx$j&aTweWwS@wCrf|?<n&7iOtT)FmUx#HRY7{FPuxJWO+}6
zYwT^I0F$HvP&tDJ2gNFqT(pv=Q9se({P;5Wh$KvyCMsAD4*`jVVdxl!Rq5;8<}YIC
z%i4Uug<Sr-Q3Gvc#K^fv?8tT>pr4f{a@?Rw!7pZvO1;D}M%U$xU-mKta5tJN70sC5
z7ZVxNhXBQUt)Lp=zg)E4JOeX4z@9-_e1^=3dS=pIi3Tw&pdKbem{e=MuB3KGEi)1}
zc2hA=8)i{-8C(NtG7VaJjc!-Bdudfc-U9AP&8#nUR}YKDR33)d%9e!dbM;7x!D_*n
zvMP%PEIdLGuCbO7TC^pdM<e>11ScOYok)QfpTt;aQYM=2#bv(*`5@kX>{L!vb%KHG
zF5Z>jVO{pdPFem;N-a+_?8AO^m;M+3Xvolxh$EKW{sZrX8uQ&_H^B<{n1TU){-4P^
ztDLAh0vA6ley-11b%-W2#LaH)yEb(9X5-B#C@|_xrv?~+w_~hCSTNAbI%zGG|16-Z
zS1w2n;r|n@#_Jeh?vSs_sAgH^;vm~WSJ9dL^+~`6$vF-KBeJEO4iXZ?si5Rw1jV*q
z4?VaSW+k|asn$M}h+aNuafyQ^ZVpJm!kT7yay1Q9>n3_MZqL(>0_Sy}rm>wuZ-7~b
z9`(tEpU-+eBDn&XfmL7L?r{JI{+i<rQ8nn@ZQsXaN^o*rdU*c|ItGKKb}CR!&+Eak
zHpxA<L_Ah?bvm53q*YpyVYd>Uw<H_bf|M1nQ7`w`s-U7-iwIfd`M7syT;@=2d6?mR
z_+_^nXc+^StDRgDu?g|kVCH6l^T469H--8LHy_-*0kYM6xl@+Fln@ve7oSY0L2>1s
zxWt67{9`-P1gAEqb&|L^dF&oWQ2<5}buLyZZf_KI<9r^t+NF+Q(OF(9rPxqz&GXle
zi1_$oTg9usRFVoSN;OK`D5R*x6LBda0*<`9!Qa8h2OV|Uyo^ubM<fol!*`=U)h+h4
z@e}(8K!=EMu&jvadO3=`BWJHf3&uUTY1A(B=VRNi3Emg(C<m9X^dUB0Lbgjgp>&%b
zTHy%|oCiM{cPMg^5nh3?Q$x!?i*Ym)>0KRCkcRaomsYSIwkmVnc@^d}W5UMkvJc2I
zD)^6o>V0>_vsG2UPqMw6DonNHS>uaDN3p}d7(ZhC_MOg5J~z6W21~5}y0=$e$1A-S
zH`<{fO68z(TCDZvR%21Juu_>0Uqz%!)3#A{RW_L4VM@5<?$X4L!|X+DTI2&<Z%)YL
zjVNe7r}DFwjz7-;jOfJ+IQZqkzG2jiu)NT!qQ5@q73Oh`!Ot{iy<H#>*=FN!KahD7
z3vh{DWpl^)aGS8p<M&qQAl%WUqP!`pmmtic8fxh1ktEMwwwpLsCD)*#BaeziVt}`5
zv!ywsh41k&i6OZlS#B*9PK=^QtbmKGs~b5e^>{i<MJ68lqTTFxC|h%$&JI8`){;yt
zPtsMJH?GT`*#G?c2^J=-VxgShjrXWg231MUbAg+tIt<wrM>V71$Jch}Sj%pDF$#AD
zm2+MCO<G4d6P2fPUB3##n9jdgH<4&Rektq{l%BDw#wkw~-6+-SUeb(2?xLN0S`V@x
zT;b56BY(wUl>x_6OEz8RP9I2r7h&hH!ObqkJuN;)lxH56arLSGft7chC5PFjn6*i|
z7+uA9AJc#7VV<_O!O<H!H{hVh0mEM-#zB~cd%h}RRYVlJb5=YVCNrn|m7jN!Kb^iT
zQ@!p2f6NmP!^|aSdSgLd#%{slvCfov9d{W=!6u#<VVl&}9hSc}eVra{MNRDN;fpZ<
zCWYGFy&cfe8b3)61|;4Q84p5nyOoP~oUU7)-<M-``#sj5;d=TzTT}gK<j7wj<x}DJ
zR_zqCfxfT<zH7r6vR=)=h6b{c2wR%b$#2rTb#kI~2sa+$z7XN!=>wV)t{H7?S;RAc
z@6Sg(Vn+9=yu+lM9v{!~k7NhMT=;ma!?X+UqX`P7CuAA2bBrRD=M#U^MC3!~ev=ZH
znnICc19F!S$dxY6p#oeO_h%jYtIRO~2VeG2w>Fc9Rv@o7al*`C83ew<8GkfFua;@$
z_}Qn?hT2`4X{N9{5zWOVdZ^22`A$_+4%(vi+0!>PB&AW5^(t&OCJR3Cv9D>2D;?7q
z&>h}DM+77xBFl2dP4o+7vZ4k#AQDBD;Afu13mHznE$6HbQgN%BMn+G@Nv%r8s@78`
z<CB{HSYSi6{tjm>CKL9JZ(smpCO<LXuHCDA0ls%U5tixf#CAig+9AqKwa`OV+UZ@!
ztRjT%-s-!CGn$vE_j=$l&jgDWP*_6hqu%%-Nxw9;QVbO8MdLrz&^;_iqxhZu-BLfV
zEdQMzQ(;#$aZ0|u2k%uX<9RBP!nBqyre6>BFA=rw?xWrGK^Z+GQZ;uo84nXx&tkic
z4tiiON7z|xit2jk^v?lx3_2{792Y}py?Rh?tg3>1>CcvOKx5#L-nN4*;skbiyxZeG
z74>%ku@S!9BUOO{XE9k^cgktXP#7v_o!9W_BC&k!iQg*!CmTQHz?E>KQc>n7)$-&(
zS6xJr%EK~0h?+VX?Udu@JvXpDqLsr!D9LI<zLK5rrOOoYX%Orj&t2|dPh~^TP!QQ;
zB;B`<-FPg^GhsAkT|d)HVQ<1cb{Kg=`LqZon`2IPbw+ylbPDcrsmN{<v;L%A9iI)V
zh~uto8>4-4LARaSILW#-WY(Ov0Vg&pG7+AEWUr!VVNr}nL>l9&q(nuoy}e~l*X&qW
zRM_O;geEeinjcuTb9-BuK67sRu$0(4(Ery>+tu9I=umG<Jes74S}c@H5J}a1Me5$w
zyJ^z~xj4RI*RG06opb#06PSH$d*8u~Ha}CBE#}8?I1-7>i*fMLJ!M@`*)rdd>6iy@
zEy6JyHg)To<}S?RkSc~X!4a~we+50qMG=>tCvJ%mQQpF0d-PbYGuQ_MLZ&e+5@Z>s
zNe2Bx%KhDf$VJxP$SZF%xAWbdsqLs~kcXC>sSUn*ky8f3fjW;*I%h2V%&_LD5NvAr
z%&B~;E^8zij~+NH)s+c1HrJ(QXUdUqzY_1y8rQdx%g#+{nF!u7)L)()j0jv#lKaZ4
zNTZermm3*c5DmA6g#6_A@c7tRc5-NRG?yDws>Okc$+bKB+8UcrJ^IKNkr7l~m6c+-
zysBq-``Bc4a#W!8p;CE7BQZ?X#iDRc=QPxH&T3_JY9O1Xh-UV+8ZOl4MTnk>h^=*T
zqs0TEvaI+Pf~_en6SozNBK|s$zDIzy52i;>V_3-XNxl_tP>{QF(Ut42YFZ1iJ!9R1
z*x15Tm~zraLiwP*o%VS(N7p*R;Ss-|vkNpHs<PV7XScR=v^FQ=(Re%(35jFbVo_2x
zqaRfdhr|QgGxKI;_*8nAD$AOBfXE-(7_STIQC{PzYD_ComC4SAL^K+z$TFDavK1@x
z<w|=dqbia?pXvk*GzK|lETXZ(K(4}OW-U4V*!H%LHLtCo$Q4dLaQ^JN)HCZhGD3LC
zqJ>Kjm~&`HLnZ{EUqR)Gwm5$<UlgS5iXG!}tg)kOekc+`np^@09TknEmlc3g98ELW
zXmXSkRaO;uo+#Q)j6*JaO--w7KvU!9eu1%q32JbK5cCglZ>UCc<~B(X5}08?9A#iY
zLg}^O1rjEAWn4kv!GIuC(yD?eZ*3Hak35YM(a<oeYe>i6o{E)9#e^!wnQFdJ;Nyaz
z=`Ho?mZs#6lG44oyCo6XGBUbj*RHv(oz-}#r<e<;_;@s==CbWgEpuCEJ-u#IRmY3F
z7A5MNN4Knfd2_cw>5JQ2GpSTtCOuY?<Vqz!iCPlj*7nv^lalM(5yEN{k9EB=i^c0I
z+N8pCBvXrH^Bx`;7?UL$VtBEFOq0r%by?LFO(lC~fUL<{WLg{AznOQJ2nf=5H7k@5
zmss~nrijTr1?$Ji*LLnL!G-)f8@K5Xxu?$7#bZRMn$?b+!n4yWi15Jh*kmrRX}YHC
zs-nYfjGgr<yV@EWXU%<O*Epg^leE;=JFuZr>`14_%N32OHqr$19AgNnr1kw1k1t=D
zEtlSU$kO>Oty{Kt%f<YTLY<T^&W?mxPEa*e$mNRV%DPRP(Yke;w{Phi7=h2Z>d%iI
zzht4<&_>3y8w&cGfyosED&Rd`WXfvg=uAxDP*&FFHb&dT)Qi2PY7vJSDW<9;`4X+D
z*13@kI*qbeFE7yfR)BQ}{JE-BcQH9K&En8xpO>Sj3xxr;eR|lA{ObXDeehNk#XjGL
zf&*uq)n>e<Zm@3~ds?J7quW=^u`#}9h}a!HDl1Z{SS?o}otLYWN*G$#h^lF^L}YPG
zrYuv-2MV%8#<GQ;a#qx}_M}iPWx@VhIkhboO7N`6G60kipQ-S3S{s@c)w7Tkj+Lsz
z`Esnjy<CyhYUR~Un|g<b3v_hb(8!kU+jyEi@z6ulb?Fkt?(FHQ6NO^ARHk@IWp%_3
z6v`vAI+)ATk~%s*xp}-$EthGQ5d=X+!kS$pySg`5hbOS2*{x~j)Nh^Wlq+_$doYNH
zlRR^AX?J2lb5yJ7@@ww({X?1@nB7RZGmodR@6Px}hekkw0j!v~&2-35w7aY1STPQ}
zrDGpyfc&E)39)DJyL7x8Cqpd5FsKUHS=B8=B#<~}c=-7Eq(&5NerJmyibKPFdXd|e
zC2djaZEf+^sL(m9VK|po89t^~qb#l}Bog5ch(?t`vC_{aQu4wBsLrmgS$Q>~t8t7r
z?AX>nJc9XnD9K30$pcd1#F7&aZEFBXzIA9auTxxcytBPEr%{7tyt%(%6p=Ja#j1o*
zie*wFo8tHwi+7CXvXoSqC~u!AHl&-3`#_N)7}Cb1W>>K23TKE@Qt-l_jT{ISObPX%
zR4|YN+MaGd5c;9o0bbLV;i;M>5&|Lz-$<k2(pKI`?x{;1Q&jDQL+nZ3rdC4;5;$4_
z=R}#Lx;0T<$CZ)-8_$Z19mx<I5waCkCRDSib3B_6369be)l$#SUF)~^jVY8!>5cVG
ze5P4q@C#e}`m<Or2<q76Lq!UFSbwf`$eea15-vvTCdab#GY!?jUExTGgp!yK4~`eK
zsydJ_vf)@v2!~qcGOQTR<#>G<E@d?xibNPzk&-;kVWMC*J3g^%$BrB&?A*~ed(M)j
z2OaZjGG37j6Jz58gTpkcX(l97MGWrpz_nT#pA*|pD$si%NNeg#K^YA4!)+frcYEQ{
zH0vvyQ}6AyhA{H2|Bd`BtUB^_guR7ztO3c+f?C8L%1s#)`w69K#2v~&Q`E7s2-pO~
zu9l{TSgd~8rk=sV<l%Fh!j&D}+2V8KdMKY?5Q_ASXG?sf4$MSM$M_g{9h!+YCY1`E
z*EME)g%T8IXP)%#7}p|I2<|GMrbZ_sq4cDzZyOy?Fu1F+evIfPT}?<-wMz7%d{Lbc
zsuiLrgJpS3K9>=xMahs#3y|-{;^8>0FV4oE-8p<nhF!e4xlq<|v?USeGto`?@$r(R
zSc8>3&YkiPwAH9!F~>yj({icP*K^2zV_4HDt%6cAM0u+oAxDwoUk0A|X3Lt<(PvB^
zctBGv*;%^H`_mdph65U0f=X35-3F^*%_9Rt1YmUX{Q69o`{nBXtrPOx2)AHv%YrP`
z)3;?)wTi@;BG*Z5JsU^$SSWDe5YfY!4D8rGs8A`n)RInbDpV9vsKa_R5}7ELiz*7s
z%G^wbkHwm3JXtPDRV9K$d?d+Wx}RV+n&de)#`6H8x<|$uL?MlsQKGG{5<Z*HXJxgL
zk8w&@OQtiOK%sD3I&t!mhfGLlP47TKrMW5_CpZ!k@)e0TXcnD#li{p2rAgq<bf(J?
zSKmy?lo7YO|F%aIwNGSQ%ygXlZq@*D*1Ga_JX4-h)ETW}b^3X&zLdM<sZX0^^9ZPR
z0+HR=gS;i?Ynn0$ax9j3OVT-$XTZ?b4df#NBZreLMwv>l1kcC#_C)*Ek=(BSF;r^Q
zFx}i(ZtiNX2=Nf5wPorCL-ah%rx=n+#@f?SiDK(mgTiP|L<*9cX7q?C#yC#onAiHH
zxWI@=Wmvt1mZM^Lw5TDu!s`;IX(c-u64FOBg_A{n<3y!Q(Y@71jieKJm@ARt%J`-&
zn;W8nUX{dZwKK_#$XLx5SxOi$R<N-Wf~kr%P`pf0?&);Vx4rDN?o*-KlkEu=1X#$2
z(#XEb4Vm2q<>`n9s<!pn6Sz#XWsOJjFUC-7t7y847oq&Cq*w(ccT9^5?@UpO;m~M<
z%+&8&JJ3`g*CL7IThna`?X{t?7q|AD`j*4n8fYz_i!^|Ngb(d(P$)8{&{2l);Bdq+
zOEDZvVVb465KRytqD6skY~<=OZVIzt3R0m;hr(T*9nlCske49wOtUD?Gdpu-1>+3X
zLju#*+Q=bFr1b?1bzW0^%V?!Lk0^$rvhY#iae^1LG-&106D!xeZ|OoTYtI%-CDJgK
zFDi-xA5GB$LJS2~rAZWpe6A?SA52>yB-4(&eZAd?|H=o7rP=~dU>XJcZICm2*y#e$
zZNl9wzYyfCY3g*D+L{HMv#=K+!6uE4EeVb7oM>k=i>#+9htDwCEAv%~_@q0IJj*;r
zOdA8%;f7RX-Bo=_s@9qcAAjh=<vZniftsJL78Ggg@Fb&4$8<DOG{@37Td6XH*;*tM
zSeV69O_}t@!7&+g5u_`j&}g9&R`pq7hNGGOLX~6axpmPZg$BmP!;yH3k{jaDts|2f
z%V$^;ibe)=MUG+H!#I<O4CKK{;U<pMhXn9D1CmmaHCfT}6GI}YJiTG-@dwRazH6c=
z>!;7372^5l#)NgF9M1O+Y=5yVYc#_f{r|d3)RJ*piPfm@EWT=2sjVNnwJe31L~4}X
zucQ0GzFTV43AJw)Kw)-|*mtK7a~F58G_)uP>irlquqqLDenEdHcR{`eVP{2W;|E>C
z|6418_&l7>U=&J(CnZ9d)UYCv(J@jU4TU0`Mm1sA*hvdIM21;4Dh*Ir5Th)^Bc74C
zsLD$xwj@Vo^`(ML#UsWV5+YMl!SZN^LZZrd%W8p6WK^!C=#t3y>LSwliLx}V>9oSk
z0zWBh{iWiDp;3j#b9m})oh?$ey1u6;6J}*a0+-g+(sVRtM@EKs?byC#;X+AOLz(6#
z4GoO$XvkE1w&(_!(pAbbltBLH5LTpi%!3bL`90G#E%y6CD4d>XK-2ly-5$QBlOlm}
ztCTws%1=rVXPPu|s4#+j6Up4kw!|F>Xus1~UPL#Bep)vpxGsS;MsX;xEhnrS7*B`U
zkTN;HCDke>M#m@mdI!~XT}h{Tnuo_^zLH_M`4KV6Q9O}SYB@=#M3HA`wxZKp`-gd2
zlogef3zAMGo{gwlB{x}O`54D)s#YykumBELos~+>7NQFyEQisK$>Mq;0=`t{s112-
z%Se8*%C%x{Y%DvHpV-+y1leYPt`tW4f`$YWjZaKw3zK>>8rsy|U9L(j%K)@8y^C(I
z!|L#yexYBDVc9coYsR^ez?hqT)o;N}SJK-%?JSxqT13>8sdbcprk+nC=}j84TTh8Q
zCyij=2v2*D*zM(V8&ZjG^Mw#8LmVTkMomY=a!V$fipZO`kG#BQjGsTNzPagGB<Ay_
z`<Jh7O(Zm$K4#XeRJx%xm8=sOfLQ5tvP!dnlR7XiAa-7JU7Ev+RGpWtmWt(cNT?P|
zqr6sSLor%UN7=9z!F(tqpq5NrQ&mg|4fe08QMC*)J%Vv5t4xlKQan#-nABx*tguQd
zmgQ0;mN@%><_SgKwyQrygO#T$l1iy?M93b=XAYKe&xhrQ+`&7>60gSSZ`Eg1dN46`
zRb3|J-={r1%<f8^fwr7l{=sa%3WE6>!0ye)w&@mvoFUc788;NniV;OkPej;jLL%fb
z&x8UO#j~g)>ykpiR~02Af`vkSDh3#-+B;ZK!f}nk&vo}w8@9BxcOE&fRiH`V$VA`R
z<nif7ZESL9L6++h0>=(RYQ}=^qI+d|u%z)ELnY&V)o5Oev}WYS2t!hJF<Dc2KBP&p
z5X;v!C<tXZ3ewM>Jm4^_=;|&p8fq5~O@*3xibZ-`Ln2o$^QD|7sXV36P9z|e>>uvS
zO-dW{)h&ph6^=v%T&YM+sqn6GUaCm;>InAQbk_VByN%aeIEW^grHD-FG8LF<>ql1s
z|Fmzb)65<{)AYwicDoqD9-UtRd?61<5O>6@l>!nJjK6^x>QI8<Bv_29)_K)Q+3;6-
zl%kS+Y?N?mG#M>sbyBUHzj)QA%}=k}!l?S8vzsSI#|m_0Tak1KLZL#c1&!nA(MdVM
zqmoF2HEy3MQo7O_SGN>Hc}Y98e!RJ}4&dFIZ9_v<sga`^GMODC*`g{pFeDw170V@F
z;25NjsdT<l-B~G<Fb)aaWJv;3FjRl}!9!x9uv~13(XR|i_pj>dT6j>JpsXT}PL4t>
z4r4wX3RR0`$`nr<cbwVz8aBjPY*kjOs)}f9sx&}8#VP+gc_W!#>W;{?+2Xz`LL*nV
z?jt8%)t*_`bHwa56V<5T3fsuP?w4DyChpE$J(km@L5QbsC*H_OcTG9J9L6lX5=vHy
zqU+9WZVh9@1;Vik)tQMl)Q3AbnI|fn%&^hqSYB#OG{xf$JI1pNjpJf?yi&=RE1E{-
zWWa1R%dj$`^E$?iD6nExqpDQ7ttHWwia-qN)3`~4Lua{2qF<&etbiC^<;2!#WL7dh
zDpTMuv)N*QzC4*L_l_4<@9f<<Fjy=p8+!*w`ggHvadtYqZhK#uPj<Dp_xJXci=`xz
zSvE2($tse|ib52nv7w=<v56G~_{Padhye$stBRtTOUe>s)*Qe{T`?|%k+$eT$mOZw
ziC4F#_8Y@OdoV2jIxtRKsVlqlwsZyVu0>&QE~MAM6IgoA)hj#pO*<<Dcv@3GmkK9U
z)9v*p-9m>Hp~pBRYt-mKe|BOxO6y`Ii~)4hBwwPoR+@Ka8D1Xg%ESc*fsd=_=sNgC
zk~o?M6G;iYCTqEhfU(HvvM3M5!RHu7KU^OY$5qr{md7hfIiF<+ior%KBNClwnaPSI
zfq|CF8pGB_LcAEB)R4|{JSXI3wOlFh+S$FncOV}IAg40Lv1Xo{-`boBM_=APTqF{S
zvkFFVhz<4i@nl+|crYi7^iriP8J-x73U;RwwQ5_Hy{rxi((ZxM2;L9%SbHnn+Y`Pw
zw4eUAOCRe=`No*Li@v$?J|8f%r47#fS`vU1R?nEp>F9(7I2C6pDG@0vjLcHu0xgbA
z=2)6Zvm~qJ_5666j%=5dTty1YG9QUGH#H=gP;;1#id>TdX(dh@qIx=BU&oJVreYtp
zC!3>TA<5EF@Mu*%!f@djm=l?w5Rx37;3&u=2gmb0`C^z-6Ctdyq###>O4&HN+~}fN
zO^qU}jrXn??tx>h3rAV3HYLO(yJp2=v332~RU5Y^B6Us8Em=KR8JUz-wNk0F<&vrx
z+U2TJ$(Jgo^pWTRiGwxMNcY6bwqVN}GlKVnHBbKO1q6sY?PFSmM*JN+?ow7L0KqKB
zW39Apb<rE8Ka)YVz=CdcOdzjQ-JUsutvW5dOHi0-jAhT66N`j}dzNoo-#64$AE^?o
zGrUfVgOj;z&z6RCRjMle13Ugk)b_zK1<@_3WFi_HsmODin&QdSP^G-3pbQuJcvxg;
zI#(u@!WboT1LbN(R$0W(4RK+f<B-uk77o#=xTr<qrE(=jlNd+%WJ1#P6jpVqJg+g;
z6pO?Jc3@zqDixZO!g2FvAzm!&)YkrCrDu5i@aU{`QcpI_UofAis`qZ$KFBg0(xnPS
zMR3Nd4%TcA<*q?dWOvYs>=*Ra-;*Yj-7ZRIr7HiQy)SK&>pIUn+ueGb?wOtigOva&
zN{|wktXQ#BmJ+KXCy|q~%W;w_RrymY<?s1HsmfAGIgauncBDiqSrHw}ilb;JMS=tf
z4hFOK^h_^zKTF<o&fU5P1Sv`iF(4WsI7_ehzV}_9_j%r-Dnv?ElRUim5c{MRX_IOk
zBAr4M&j!^rEkv751x`u;mM|;MWuzo}{f9XOEHLE?i;yM~uIzxUt~2*zm$%1fBYwE^
zv!mT~a(Vme)oZ=>*5yl(Blj}p%FVYA_j{YqPZ5eEJiuyqo?qJ3yV1L|{FPC{ux?UO
zgpOv@)6veg;Z{5whiTT{xN_6y!=Zb36uvn++3I;Wu3z6jJ~=tw8&a`398Bi(OsS)E
z#*ldN@-}>;AMQN-KX>kcKfHDMGJN=-y#D5Wh?bPCw%a6&PbQAU;}zdMI64b@-P=Cx
zb~`&~aS}#6iKP@J8b&qvKM1PY5DQ&~n$BH8-26b(_V<@#RmswV8pXobxIuqaukloD
z3#0;%)(iDykqx3$*eQu_D=1gVrG~A(xOQ!jf?%29eCE4i2X}saoL}zHPd&GBrRPkh
zlONrCz^5lY%G(aTx_#|%Jefzyt?euQPWL2?TW+h<YPSX(tGyM7RtM8G7Q}OUQZY!>
zJO}a`wY9kcrW=u<x4!Y2YnxrqeaP9EL6~)^<3AXOhf$Q|iZeffbSmRVv*aksPbE2?
zC*Qxnzk9ehn;aa@qH!z_LI}fM$+OYnK1A@Y%QiN)jt|fN*Xs|RP7vhrEDU${4`;I}
z*Bce0?!DI?cDs<Xj2CTqF@-;f_0)IwSPfsb<Z>R#-1H8<7}rY=3y)QmeJlWNiLCPi
zTma_{k(GWHS`5MpJ|gW3r6JH4!mgm|?jmF4>UwV{hA%vZ!spuV`ju^t3G??+62)P(
zdvyAfdk1^7WVn9i*DhV_udcUxaX{!wfK$zLj85k13MH+6a2zYo)6>Y6fJ{j|P$CBh
zlE&`5L&=)r8A*~$UeIO81-F@JJj*!Zl)8cm?E1bw_x#?`v6IJ>(<2JeEt(@K(%#_K
zYG-56JDamRdHmTIwzt-Xf4y^ZZ+05=FX!1=qVUgl52chPvAb;G+>4>SEe0)=xtVg6
z-m5rv=m|8e_ZA8(b17MYnoF%V#8s?f^`l7DCa$ck!CkHzq~x;XpVqwUR!USqhC2G`
zMQ*m5C1ltxC2**rREN^++QzCgrLT=f<9_gP&JQQE!)bc+>b2)r{COOG`=@u;RyTk1
z(;vHgc=Fx1_CA`a-r8_|Fxc#O=5EXLyfrZ397U3CbG6ZfGSQt$IuE-8m-So0S(J3v
zhtpiGx4hfeHWecf?--L^ygrRuUK;kh{{6k_S)6T<WUbe`=8EsXwl@#wLZtofisv}L
z_2RV~n`^%7&9i(kSaC4F^Y;GTlT>uJh=^A^{mX0a>-TrET+o6IKrO~QToo>j%v>!`
zLX<*JKpcGJ5Lz{G!}uNG$me^f)yF1fuU!?=Q@Dw0SH<tFb5hm*rCDbtkQ`75NyR#b
zMns4re=XDoNd?7%AjpVnJ37@HXA(0qN#yM-TdoQZj*fB9la7CY+YgV<Na_>DQg3Cj
zvH9tb-#$%#`u)4FoK8*${r=Wq=nr3-xvi^f+4X==j*m`q{p#0;>tP%|oJ46j+gRO@
zLgt+Nxjch+zPWyUIu-==eY)OnyNnE0*L>b~B_w+)jn1CGb$xqn?f<@cZz?cTe2ryS
zZ{Lo&S|6-JxSK}t-soia_;fU#uMamj`oYd*bhXQd{mnZMCr+muXD7;t>PW<~syq`e
z95q_1_poZT+i_#C_=I^Z^`2H{m0F@OT9VU4B{@e02eqS#20g3gdnpD#;B-j&pV2CU
za6o85C#p3@Y->RoppqufHq=0HFG%S%E<n>VwmPFwte+g*zP3I+MKqc2%%`5`CcO3f
zSw1Fc*9+1~n11hJnD+kmr$2wPe{as(r^uC|igPB^JY><y$$XThh>N!mr%61Y<+<wx
zyu(D6&eKd~;~qf|BmD62evZj1m8+e>-oZUCcnfLqro%8KNM2ss9EE%L5B9o*-@Md0
zIA|Zla45VV?9DE7I-13AKRlfxoVuMbj(QY*YI}vOb?=UMcZ9pKeksqWYG0!=%unxd
zaK#IpwpA7-)uW3-_2euWE+p@@z!E;US&u3aFGWa|)K}Q#N{_Jqu4IEjOM5<x|B`y`
zqLvIJHUm|pV2d}-%^o#<)p|?|pMq5-xd>B!YpcJ~3b;RTG2h$Yg@3PY4L#q36ibA2
zh?A#^#o!W?<Y2xsk?osTwk~g7@_0I%oVa|3va{J_KO67hJkDpwEDgI3T4{F?VV)m!
zm<z8NCUfPrT5dp@GtDyWxW4PBQth9PXG!F>`Z;z{f1}%5%d#|@97rrWy}{&UXMYlg
zxN{ui{a7Zgeu@kOg~%PAUUJoEKlWVE?fl^AWRzxIx9>_3B_il<ytw9eNpcoOxeyk2
zh1Gd?RRFZg?*u_l(CruNW2uELoF<cs!eu&H;;t)rObIQrxtg@3#>G*SR#?;a1$FbP
zY+spT$B^-3N;)oE37n&ujB^er$_v`v-f$e}ua1uAJX#;kP@1d^2G{z%0l}}IhH5fj
z3lkJ&tbd#e|2wZf7_hX3BgoDIGXD7W?O7J|yw%O&=2Q~5)4SC6d!69HT%4t%%UmbV
zb`KBEl57|-$E7&;^EBxpo{9YWaJA#D-`d_3JU<BYlfAon9MXW!<8*Iye6YX&{M8#S
z3;ufNFvvqs<WLe0nB3~pVEZ!7<21`39G=c&(dzUERCy{mMrk(snPNSMV#^WN@*Hr^
zaV8tPgw@Eo&a?<Z=!uDgk2I_bfR7i5iIz*hGB<A;ld0)csg&E0X9Rnp1?W+gGP=r=
zV#rePvQEA%#f6EN26AQKr^O=_hD=OT=4Bdy1vON+<!1!{;P~`*+i5%5PBcp}iiv-;
zv&YEcEXBKygFQtOlyTu@Cv8Z+dRO9<kEWxb+sd8ZdV7tyIhE;PWuSQ)Twe=969-Xx
z==xL7{ac%qu3p&?@`bMcY*#ZO(`1!Gq{>1lBptF5$njZt@WY?X#{2uT*{C}R+AAmX
zNzU_ml6$V>Q8_&wz4mI}AFQvfIV#KE+S?D~WM`7~wyw0Dsg%5fvpIEL2hT>kck=+E
z9T%E~CIH_oMUv%Gp+_pCm@HM`C&{WF<FW8N!yIs35;oB>C4ROR@2chF?Gd475d+tx
z#;Vk@)dxowYp$x?+tjH9E(Xq)cDZ;Wk?F;BsoM<_;uSk4Qo7(jvZ2pD+1m^!C(-0+
zuAH+_Od@pRpd_8NQlXLrp=p2Xmcs1P<?Dmzw(pO|bZza2CsQ$<Y+-y#&i2QrD(GGA
zwpaV={v?^SdI95Xtfun>Qzu>Vlt@pa*oAk!27W8si}O5<u6X!hbbN1bj}5MNJJNxK
zFr5w6>GsX5V=_36AUKX>mdq3#rD*>IU+K})Xr4kU>7`dZItYaeWi4i-NZq)!HNeUJ
zqmxOTFv{Q%&Erg&<@=^p+1eTx<YVex3ALU8!>aq^3$1pg8axZg3bIpN$FQn<psFzs
z#4%gll}N~14!MAg>O}}@np08>gP|e_8qs5HVqtX<WwBFl?vdmw$&2>}XJpQ$hw#87
z(KMWn<D0{NzZ3j;_aIMlm$cM8zrK3u#?3AlIi>FE*0o5w8*A-LE6&<OF-IE4g;!U7
zsQbL=%8+m<BOUmV?9!^Uj%O}PI)P6pcn`_~a8+Cd1hT6sk+I}cC6Y8nVVV-!-`I8}
z=SL4Z1h?8ExN&K9_0qvxGc0qQCmKVhQY_hwx8ocKg15UZMzZ|}_jszHSm>_ZjHhXT
z!=c^w?r3b;$)psqE;pOiPh&l`&|{PzAX4-l$H~jf6g5L6T2#2K!80Xo5v?}BN{oX|
z<!OlqL=~=~gjvyw<rbIx3{wBlX8p7j_|ktEqg<GjoiJNGT2woHX*#0?%Jij=-a>x2
zgT+8j!I+OmM|l#b%n5@Il$L&mCmH*~Z+&jq@0jdP+VwomlK_s3TC*-#=%ppQvFA#6
zJ&bOyp(im+wP5Ljm|lP?v`GvqPk?O-<32U52hoc;R09%3?lSuNTStHS^2^7^4+sIj
zDqF2i&{=Px+?8{vH=V(19z{bha4}l#4)-J03+T?hpT4oPTO!n!+M&&y-6ju4DdEW@
zd_UiLSB?3}a^6)kSXAB7MR~@GeV{;!8imSgLapz!5D;adj3sRZgtJZzDjCd}Qp_A8
zb$cDotEZn-afb7jtBrD==4OQjxq9h2RXOv0yq_i=pRN!3TWin#=xFrX$t2^PA1A|&
zOM%A>m0lU0?SK+1q33ah5T`5`j7w6lqRP<j6)Zwp3U?(6H&IR!%n^W$j1h~UCbh~K
z^C4sU=<}EV@-H-6!Es%<N18@Ti;1aAz3#B<Vb@vp`&S$kW+F{PN4Ag8k_Sg)P2^0d
zLgy29*%Yid<nro?i-PZzV^w|i%5IGCHLbWj7u%uD<!8LmWG}2qVuM&Ok4SN7s>Z#w
zSd*dKmK6dU0LP*c?83NDvuB4b1WQo8{ahf#6-D%L9-XD>mZOG#cBRwldx7t`8-u}f
z5`}U4aIBMFIIo(52C33D5@jV(lqJ@)k-PBD(xi5_d0Rz)RjI(8gAtTCPOD9zOhdQu
zD5;W3l9xz+ZJSU$CW61XvGq6CS>F>%W=e7bSyU!w8RH7PcS~y48NDfj$@xt}eKl6c
zmK5lYCsCh*oln|voeW~M)QB%PzwD{499u!lstR_=GLcfH)3U#*#My~C6}r!EPlwr&
zH+~M=voDo^KbC-7vozTJ4zAx>nwKYCzmqi2y9lp(?v+4XZK)38lFK9_LrlTI66Qa5
zqchR@j4-TICfU~^Nf=SmLMvBR8*Qr8@Gi_<7Dx<*Xtmf-F_cuBGbKT&?FtLo817YT
zTT;U|>`LG#hW+cq?g-7#(#%o$P-Sqv98!M_6+sTpnRMG7r8vA#tv^uXj!<1SSKbSu
zCsy@@J#rdoPNIzl7~>_#dX0W5j;S@KN~^X8V3Cq0OcMB0Dx2ux4KBM~R#3@~770PB
z0g9LQH>xq0#j2(c(WfgHg67$JZ&k_pWFGT4_ZW8B)N$Mn@m%6K0qZknG9gh+F{K$q
z3S3qsWlI}3zN{eQsECoG9!Ob*F0}wGsDEiR18Rvuef=0LqH6ojpcQNmR=3uM66GVP
zVkLK^XsO)AwC6j5;Bmr{Ox6bd{#p;b?C$PE-Fz>1D;B__$~IswnwCzH&o(lw#o4nN
zyp&RKxK^maOX*jg<mzq$MO8_ugc%4LS+|OpTTgOGsk<b~hCM0r>p~vR{L1z)2-Bsh
zl2q|jqF8BBUP);vkfYKz{E{jU5_sZ(S%E7nlvvE{vRqNLp4V;_OH|RlkVRUll1<ir
z^nxC(h>xX?t1RAS1H5Pgzm(Rn;Lu!M>tET}j&kLo9D<^hdI2N_izmp<vX*e?P#hyj
z$a3WBH_IGwa)M_Cd8AGBaDji9_=!xd-o>y;4cSwVWQ3`BLCyInvFcS{%I3p$&(pBA
zn`cyogk@Qa6`4N9<w-L;7qZBHw69VHshWw8`hXT>e^doq+LlP-s&uYsq&yFTs2`ld
z)5YOUkuX<54M4!mq!}t2%MgVrm<}$MW&ceqaC=HryReFUy*3-A9*H2Tv;$QYQI#nd
zi{EtGt7)!0nJ}DeAfBsSY2!k1CZmMM$a7qOHa!|oPB$-Y>6fFX=~5bMtKEhlBnia-
zw30NtV1`w;NM(a@6x-fa!QE7W&gvyXRWe}V(!f;Fr!ZBs#DXYVir^TtDKt_lX*lCH
zR9OuWAGvKE2r}K6rqqF(IaN^Ib8uG#oDgBhv-vQfjI<)|6M^-54TKYp-hyXH^B&<_
zddXPdNZG8lmT$;uR0EK&$hnk7Rhc=il?WQ#FLj6_HnLU)jx;1NRD;H{Ja?J%!uG8U
zyOVS_pxL&EJA{T|9OZH<9JnM>(ssPgEIfJTtyg;8u0vU#Woa1e2yUJY9K7ecE@fQv
z%qgs%Xm|CvP-w1Ry13y`BhHI_rK}nkdhrd-SYwMsmBJO;wq)Je!bLJyQ98*|>E0C5
z)Wz*fGM#xS?G0~wD_hhJbTs8jIzOFFj-qfMaXwe-F3zs6Z@J8y<!&^~I)p1q_NB2?
zCD%Ad0!l--9AldlTUGDUL^R`SIKov3T!dvd(ADL9v@!kFpN7}XmdbgV9*N+C-pcj<
z+U80(l+h6nGl_<TKop#0cnWVA`I2?O5APn{-P^wpWn&aa_ujfI&DEgFHXD4DC<;?V
zEJyqkZdK?pS~_xBJpfgjTX<2Zw;cAB5=p8QDQt*;RnKJ<Oll%gj24u8%k3Q9dccIi
zk6Z1|+V$JGf1T4#M&KL-%59UN?{|l-PG1{i7S6-jBo2Lt`kv2`lL!()9dAg?d?b7D
z{QWJ+<1LMu<!`aMRrz%hyG$~qb8qv1-SsZ2d5csvZ2(o>+d3s(3)DYsNEO<z_1vi|
zWRFUQQ>s!TxDQX8=4Y`y<L(@_k<$&+=<eIE93AiKV@4?W<0OgU;Q8Qdb>l(WBvdoN
zYYKRYF2e0`>R(M=!m6`yUa_~#>v2QE5HCSQmu#yL7a+L4<jX3c`ibOm;IWl!w<FYw
zbB-0qg2Q3Wa}jbmPkGFd*Iok)qX;MQY&<=U)3D_-_>&5_FNXBplaMJRr@z4*lWAEy
zk)?%MQz?u=+C;A8KadtbAdICcS=<}dhEum1YEzQSUue;~(*v4KvC2`N20~!2&N6bw
zy@a$d^T%fg_aD5LB%x;Ntw^W|4P3`zG}k$rC3H{(V{~zD>@g{py<TfJz2)+-O7v0b
z07xZ(T{i`aP-9|ZNqc0+h#2ZQT+_`IJBGy~m~K9Fww|AJ#zowsI4}hvJWZ}IV9H!4
z#p*OX1;66<uDR|Cj*i3d<ZkrV*6MJzGvLTgIhsnsbAB_=J;P9=3?|1?GLjONzeu_y
zt9DT_4Y2LoWl+kZAk`A7UIm=O7~BsQi4>5aqbQYOhGXTX$TJ!(Vt@b6!DtVjh*D}S
zRa%8scyJ7bvl(7tB+&)Dv3G-ts)j?V<7Byqq|kzVs46EpsOpi{;u2-Ph0Nf?RO-@b
z>ta<+AN72Wz%?pG)>*rfvXwZAe0>j*bDeTS4$BAw7bPTSjCA?~$bhGsxq;EvcH1AI
z=xG0B1S!~Bx9<nNoO-8%#kp*2ccm&1tRC4#uNOpAfdVR%CBC5T{7xbws_x^-qGhUK
z&3O(*-;}dy#!}_x*nv-?vgCMtFrAzdr;TNbMMj_kVJ+8hGdB<ls=qkRBAI7I*T@3d
zZLp`ruq-?MGDTLyhH&M^sywOI`mQqis)uiF%lZOb`ULF{%&MX$`p_CnSQkN*v6aj7
zELS{-BtFUJnMfUo+fK`IWHpHG1x~N)fsKu@E~BzM3xZ3o)6HfFyGMJjbKGeU++Y=w
zU<fHi=L5eBPDnLpy0}4*r_chCv05T7DYM1~g`Tc}gqS39e~KdINb30vNuC@;**uN0
zfON5os9xOg;7@0$iIN;2Q#VUfl7%fOQzm=S*`c0b@(|?-zBtj4J=Ur!g5Ih;lnpZ~
zTRSDTxE#XM3K>y`IP14?X<KG3LRGXi$a0MtM__uSQn1!)jDsXi10p4dL?`7kfuszA
zr{J7|5i$rK@RA$~Lz?FSLK#JpfOE<d()K!+-Fzz3$>{8eOhz|u43+BW`I~8+<3|De
zacxGZj6Myr>vDjD9w%a>&^cm8GY4m5?(1d=N~dR|QIv!<0M9(^b~}E1BHeK;66!nd
zYM;VIgSCsxvz!Y;g4X&?-*2BD-B&qAi`4EH+hdiia;mAuzA(2@6<J@&FNbA=k+zX<
z$)a6V0=&xPs%+T9)y*>v1b{CT^`cA*%x8LK4?_-{36!E#iZF290TV4k=E})911sc7
z><dVPRHAbDj!UKx%bc~Azt&+`%gbRZ@~oKK;U+cQ^1h^66m@uXW2*o$;wBU3!Z@|@
zGcKUiP}FfSig)+lPLfFZE2!0lW0J8}0?tV);rS%!K=|~D2$;TZPvCy>)P!x;^7>x?
zN__N&(H4Sa0V+%W<cGy~4TZ(LQx!mx2G?lSqbfP*%8tDq?Nu^yWlSu~0ZU0x`!gGD
zi!E_I#nlY2f<tISnwK-r4B#o@()7nMH8hd%(3I!IVag~o>7FNC)QVGw+5Kq2#f+0s
zxPEI@5m(PiY^^~sYB-jfMjS1f)Iwxz+83@$l5%*pKx$lY{}*5nC>;(bW5s#b;owXi
z%4E>zP78wb1ZrEQTUCLF+Dy-RnA9UxcmkfqQ8I@k4r$kfJD9bJ*CBka#Tda;n?b_G
zHY`+)&gubTQ}NmWJ8N)hHN%m$8j3>A#wo5R*_L%iqQ;h3ai*p2&=V-tp;#wc&(dHY
zv@scr;U_|dlya;*)3k8)#tzt^-d;5ooYrX4|3G5J(|IyW)`?nSMJrYoGG%xvq+wJI
zZ5G{B(Q{Xe{MZW)OFc3qg0Vv(!qX&<ID7`_`8^d36B;OE<)+@#&YbepSNaN>M%?q9
zR?9V@A**ezhz1X#R&SW4Be-lRb3~S@iyjIa7qE3&3wsu2EG+jC%Larw(!%r?NM&-$
zLS`DL(G0@uSWr~d-*$x+^Vo-C$@Cw&nesRqM+%SEGuj-HL<mPyXeq8TJ(R|--n}52
zJxLL2A%yzQ=?qFqO@$ze!mjMZR@VovOiI;FmI~!jn9VXkWdZHKII6E)pxKl(5Wkk=
zdfaunr&37_Rv|B1QzAFVG)uAwOJC&Rkl;;YkC3%?KnaFgm}oI#$92|^rw4g7R*YYW
z9_f2s|EjPwsML=rY^!u*jYJ+b{FYs|FG-Qh(^QBe%f@wI6kI~TghD);5I=N?pMi}D
zZ7!zQAP|j(a<KH^DY=r6(Pn5aG?20*rCVx5>-rM>8*zQe{ln>LmL-PhK~^u_bUanw
zgcmaOCM;$_J|5M;ziRwkCk@Cdl@xtp1WwcK4&zis5Sx{0t-voFj~PCEedS@vNCfYV
z5=K1-J}MWvL-0!Afnmj|21ENUWQ~ORy=*qpqidz`Q)5_Vtda%Oe<Ox0U~FpPGg3=r
zn-+tT#oZLHI!e;^>x;6nIOjT6K^jlO1Ki$nu@(!^w06SOr^4D@PWAMI%yNmDnZEEC
z&WMrvC7KP;v_3dbk%nY-^IS(&<Hpot6hpN<NHy6leX&~N%WEimH>k!Jw%svaoL=ks
z0R-bQ2g_$Z1afQ<9y*W2j^k3s^rETqT#S9!hod`>vOL2ML%Eq4S*f72C<jM|i&a8(
zAzBVU-@+=X2ei16a#dLDx^8deTgpT_Vj`opqk@2~Ote(JI)-XldmfDqHfF6u@|>Vl
zU`W<^?qj`@VIk;xa|Y**f&@iR?s9`jFE&0P$wiFiTDXD=q$??PPQ`9fnQf_|fE(bt
zrWRM@Gpc&AeX)tJ*R_nAC&_tc2(&%K6GJ7c|1<kHil?#E1RxN&we@(KS|HETj4~)N
zsDTWD1;Vk@0aXh4C@FeWQ}JmqEIWNIM$UCWto#<K^9)>5I+ZPKn{_qne2i*jdDB=`
z!Q_Xdk&ce7RX9<uez=osaFv-h!a>(xLB>w3`;)~6goJaTF@qXP=s+2j@HEX*A-HM~
zCoPnK3lbX57K5tW>5n^^#phihhEW!&4dpF(Bqoh8z2@q*l&Xdx7@I91o!=vr3p`J>
zwmEe)A|vA#K8q5Gp$uUnXIeRy;Syx~v>8^JaMS~yCaC6IzJ)6ZW4lmaRaj+aQ;fH5
zqpUFzDTOcL7vZsnS_Z2WQx^-(8w}@3dnaoiP%;U_^^A+9ef<rCGX~Y85(#lR<jrSM
zG@i@@j}_9tq|j__>MS->tA^A_gCysiqgu8+wb1*staZ9Dg<?Y@@SqxNkBfaus;x?I
zxfQ~31SOdu_JWc{KS3)?Q%7o?zMzm&q8vR!5%g&>EK;tyDMXhN`I=1>5v6LkREExK
z1p^ly)H*b&CDqw-;l(6t(J|9&rJE8{hNZ(}p*bCxES?h%f3B=NlqKOeEZ>mqVtsxj
zc*)s(_R5=y?|VdZ1LbDqSRgbY%O^Gq)I8&bwlyidi!L;Au>wg7x)VYy^{vsHB4|l(
zcu@oh-rB*@2~?ye07~;XQf`Ku9x=5dO3Kx91ZDC-tv_sE-K>5Xu&dr%O2vGP%d-3_
zG_1-@AZ0d3)-p2Gl#b=(hoEN53aL6tD|50&DTa!fPlX_CW<YSycnmo__lLSb)aq|3
zQVCr4oU<JAFs%iW!_k+9Us9Lsg>6xZ0@H&`!aR>4ALfbVQ7Q9hW`bapd5rP|N#0Ok
zw6G3Mb*imF=g|_?%;N^ZqF1*G_5&IO+H)ox7hc&)rD~%<P7hK;0!g~-78pUu2hGy1
zH2Sd0Ao+;-1u?0CWz>XXgBl_y$o+M2$B2h#D$mRhm3k^YR#goal4ZtL>dYNiwqnzH
zf)<ri8}wkZ!2^gfen;sSW!JBx6Dl(7_K@QXa9BhTt{gqUhCGE~O>+QmMHmECX2t<#
zRbTrWirj#@Lh;PJIOBR_(YRAhk;^myT5^=lR2FI+K^4)di=4LpNJ2}3o6Duh9))dd
z=(k0+Yy>wa-zM?eZ!zO)^ixw;BQ}IErfK}J!zer=R6N&7yFnW1=g>C|>o8d&JQbJN
z?2{k|o-jS*@o9k#A=Ib{DRfaW@9)99q@DULBL-B1Z%tM{Y0116{hTH3t2de!#`r}Q
zk5x25$rMs3610)um5|6IsHv3isczdt$kEjp7t=Tc`$)8Y7u1j7AG8Wmr{zMtVWfqT
zn9k?$*T4n^xIY4hWdf+8P`iQmijZk`7d3|woz^C31Qw0O5F7fau?dK-x|VQUZ1sut
zeY7(p44yI*9D_X*!*ii4JSB5PIa~okBTw}TwXw{$i(N)XQ2BA~x^;F1ew29><s_e}
z*@0a+kp<m>TADjOfw#vYNZ*TXshZFiE#a6K?P5vJeyP?k6Z>L}jhfW>4e}b>50fg3
zQI;8?C4*nM6zd70$?D*mPq_{-91KDVyW>ExVpwlh+tezTgd+wKO7jMqRTw=&$s@2z
zL>xGs$mndL624rp3RXZ@Rcnf9Po`g|=H)doRH+#q;6=diXvmHQ%WCQeuqLj7@Y13p
zTdv0Y!9yIX<6)Sq1RkNKO*90}p_nCO6&@**^_v3#WiBliU2MYo^m(kMe9KbMHrK$K
zja6JMTH$(oA1z5@<3$0;YVW7YRU7P-db%5{c}yH1{0;NF5E4^}W(KI9>6wQ)b$Xbc
zfi2|<&4i)xj7#P>Tbwf2%0p?)rsEPwlO)$|CfC>I#Z&m!rec~6)xd|$YNOfr!Bz{_
zc1N@`v+&e1kJnIYUH28ogc}we@SV1AY-EE-u0<CGOSl%9LJaFH-^4$ngo`qgoQZg*
z7MeO1U@y@V4=epe4Xetx^r<4%hG2z*P>lhzTF#}au7yRDF3L#T?z~#YKdH(rQ}6(3
zgp#>Li66ANqKTxrqA54~8oFLjs9v8zIs5=zksa!myYQ8}wG#mCr5H0OPGHK5hJnWL
zWcn<co~CX$*)-cyhd>~6m>CH|8RIC6^DH!ojV&3o)$=7TwWoo|E2)_um>qv4W~maK
zDF}^3=ywI4k3)IF96l91fn3dnw=K;wbWv36R>UI}N}ocHRd<}tu4)slwB)*)i(<6{
zYd!;hgt}&x(KQ<qaIiNWXTTf?doG;fEYZzwLL~806X1x$G*1?!R!W|p&87(iz&brr
z6{i$N=lEKb?$zswo*^m*9|qZyChO)3vNv0ATBav37E|tN@*+s7%;~pOggVidmaJ8O
zS1fP9(H6YzJMEy$h@PWQ!Z<U>3^@)4%h%yM#VWx>V$TQ5+Kpr5EGs^&Qt=Tz=~z<s
z%X~6bOau)#pQ^fCO-w<9*`iuSBn?g42KO>PFBx3iQYnXy^B+F?iCe9fuxbKTd%R@n
z(t)l}DOY%HGZ*r)8j+=motH@{Xd_fZy{>LmmHpfX45xYnjjhWj{(<Q-u^=rMraW!r
zq-LL@=%zsgSAX>CkH30y*wx66X8RRgc%a|=OS!P6ylM)rF6esUMI4jBOYGhlKfauX
zlhLE>dEZ}U%xp(B%}<>J{8%<P_C8NWF($-Ia~<_Q>#|0JQ==9MUh3`Rsu8U_a+h6C
zuac3Av_|o(GOV(1UNnAiF<3-R#*8IZl_vY|Igj#4@1jwBspdnInUwG44ZZ(MyhcC#
zlDzuTmrF#o<+osQo}OG?$lb4Bm0>j|)&*>)UcpB-oVW3la}r|j5Cj(t_ZN6)<;&t`
z30i;A7=PA5xnPofcKe_W3s<^2<<d*prazxhDZDIgzQl5K?ziu|C=%cYa^$)C>nztb
zo1tVwMQ6agma8!ahC<M6BSLNHdyrr2$2O&F&^fzY`26MjOH$-8^Fq%I>zD1ja8cKZ
z^4yVg{9D!OczoEZ7E0e&Y%)**_J{w3y!f2>vp-iSr|h5qV-&~yEB}Lh`X$r~#DDz;
z{q4_-Z@jFIPsqnU;(Ymc6(#bof5^Y_GW%!$Nc{KzDc^d410U>CMX3ho1fFhCBnft1
z#3)pbdPW3>2)<2s{*hj*y>&y4PSiZo=B3m#!}?{qt}4Lc0x)lz*|HR@Z(;`DYbg8q
z-v>r<LVy1svM+pAeEntl`aSmL-&3<WZUyuUpF!JO*mdw9d`Uh$REHyN`Ik4)+JOJN
zuQ-4B`}*C#@s@@Ue)02YIuk#6jeYi0Xt*j~{w|mf``s_fSKm~72l&Oy>gWUy2k=7p
zxohyReDiJRU;Rt@y&vWO{=evMJ|WKx>sM-FRoGFs*;r;>xY3|*?kAr2Tk3r{PTivV
z_(#;}6koqWzxbQ-&ONXRjhg!N@5rxwjr{sc@K=5Rr+8~a9USVnaX8|C{HNs72KnSC
z)Wdypd5iqc7sNNegNLi^@BbaSyN_mb`ngZ5FmitVCGowVkXzUJ*I%ap;P0x@7+wfb
zD!%@0J#T6S$f6`ZG`A1z0<u^tbFxjtS`Ys<XM+K`Ni&7R>Jhh+9Y)HZ+ilrm;cO}&
z?t@8@+b^)sd{X@HAIQ5q<TpME)<#~qp&lN%fAnScd%uk`y%dVK)*)8XzxO%uy&t1?
zTON<q>u=GIJV!tNf;t+BZ+};JKeso<xBd#!FTB#l-46K#*b~8?%fI$5`RW}7PV3G+
zd4E@DS|1vB^+6ieBMUuaYEldAXds->8>-8HrTzOpi^0I-fAZhJk&wUf(fr?hCI6GJ
z;;Y*b_4t4O8hPn9oPP1uZ;995ls|hzIgWgIq)x`{OJCrB_D%VXzfkvg)%Z-!Lvi=*
z{6BqF3Bms0cjSY8{%^m+{^^&*t8eiC_^0yW0eRu3`sp3@#(i~irXO-R5`Xo5{QM2v
z>mV*ZJce~nnc^bcVkvF~?Qj0tZ)~|<`g6q>tl{N4*Qt~=NU8n@bz;to1YhqlI{FL2
z_52RLfP~#pteN}EvZgHwa3O66qoK^q3Q;-sDO>Q6%TubW!k_Dk$9lW)U%dLGf4#TU
zW6rZ2>&d>snP#+TG1$PQ>qJx}K!)x{lgpDre9;(0Nf1ZOJQ?oBXkm`cCvlyEGPl_V
zv;TLU4^?*clo;0gEDx)5U*$dZPa0-{$#P$clxY2TdXh&@hd)f&)de;z8-z4hGNmp2
zly<|-K8S<KGsF7-cXKg5%(6c|-1~T^lVA8KLvRW7kd2~*VmuS_d$WmqF}>Y|Ox`Vv
zNUSBYF7%iLmw{I=Qy`6^5fas$C6*7}TVk7d=COXIp%BhPi#|n(i?9NBixW_cFuJH$
z4!hXb`_q(BJzcjCUA6M;_RO%J-JTiNv)i-VGsAjzduCYAZqE$s+3nfwnPEM<{i<*O
bPk;dcU&?OuRm`WA00000NkvXXu0mjfm`iWk

diff --git a/templates/openvpn.php b/templates/openvpn.php
index df97ce32..65976dee 100755
--- a/templates/openvpn.php
+++ b/templates/openvpn.php
@@ -57,7 +57,7 @@
                     </div>
                   </div><!-- col-->
                   <div class="col-sm">
-                      <a href="https://go.nordvpn.net/aff_c?offer_id=15&aff_id=36402&url_id=902"><img src="app/img/no-trace-200x200.png" class="float-left mb-3 mt-3"></a>
+                      <a href="https://go.nordvpn.net/aff_c?offer_id=15&aff_id=36402&url_id=902"><img src="app/img/180x150.png" class="rounded float-left mb-3 mt-3"></a>
                   </div>
                 </div><!-- main row -->
               </div>

From 04edc3a185315108565ff495cb2d3cae5c99a3b5 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 9 Feb 2021 21:57:15 +0000
Subject: [PATCH 045/300] Implement openvpn logging

---
 includes/openvpn.php          | 12 +++++++++++-
 installers/openvpnlog.sh      |  3 +++
 installers/raspap.sudoers     |  1 +
 templates/openvpn/logging.php | 23 ++++++++++++++---------
 4 files changed, 29 insertions(+), 10 deletions(-)
 create mode 100755 installers/openvpnlog.sh

diff --git a/includes/openvpn.php b/includes/openvpn.php
index 7b54d4de..16954d23 100755
--- a/includes/openvpn.php
+++ b/includes/openvpn.php
@@ -20,7 +20,9 @@ function DisplayOpenVPNConfig()
             if (isset($_POST['authPassword'])) {
                 $authPassword = strip_tags(trim($_POST['authPassword']));
             }
-            $return = SaveOpenVPNConfig($status, $_FILES['customFile'], $authUser, $authPassword);
+            if (is_uploaded_file( $_FILES["customFile"]["tmp_name"])) {
+                $return = SaveOpenVPNConfig($status, $_FILES['customFile'], $authUser, $authPassword);
+            }
         } elseif (isset($_POST['StartOpenVPN'])) {
             $status->addMessage('Attempting to start OpenVPN', 'info');
             exec('sudo /bin/systemctl start openvpn-client@client', $return);
@@ -53,11 +55,19 @@ function DisplayOpenVPNConfig()
     }
     $clients = preg_grep('~\login.(conf)$~', scandir(pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME)));
 
+    if (isset($_POST['log-openvpn'])) {
+        $logEnable = 1;
+        exec("sudo /etc/raspap/openvpn/openvpnlog.sh", $logOutput);
+        $logOutput = file_get_contents('/tmp/openvpn.log');
+    }
+
     echo renderTemplate(
         "openvpn", compact(
             "status",
             "serviceStatus",
             "openvpnstatus",
+            "logEnable",
+            "logOutput",
             "public_ip",
             "authUser",
             "authPassword",
diff --git a/installers/openvpnlog.sh b/installers/openvpnlog.sh
new file mode 100755
index 00000000..3e2d681c
--- /dev/null
+++ b/installers/openvpnlog.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+touch /tmp/openvpn.log
+grep -m 50 openvpn /var/log/syslog | sudo tee /tmp/openvpn.log
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index d141653e..49d4032b 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -36,6 +36,7 @@ www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/disablelog.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/servicestart.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/lighttpd/configport.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
+www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/openvpnlog.sh
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
diff --git a/templates/openvpn/logging.php b/templates/openvpn/logging.php
index caba8862..4d44cece 100644
--- a/templates/openvpn/logging.php
+++ b/templates/openvpn/logging.php
@@ -1,11 +1,16 @@
+<!-- logging tab -->
 <div class="tab-pane fade" id="openvpnlogging">
-  <h4 class="mt-3"><?php echo _("Client log"); ?></h4>
-  <div class="row">
-    <div class="form-group col-md-8">
-      <?php
-          echo '<textarea class="logoutput"></textarea>';
-      ?>
-    </div>
-  </div><!-- /.row -->
-</div><!-- /.tab-pane | logging tab -->
+  <h4 class="mt-3 mb-3"><?php echo _("Logging") ?></h4>
+  <p><?php echo _("Enable this option to log <code>openvpn</code> activity.") ?></p>
+
+  <div class="custom-control custom-switch">
+    <input class="custom-control-input" id="log-openvpn" type="checkbox" name="log-openvpn" value="<?php echo $logEnable; ?>" <?php echo $logEnable ? ' checked="checked"' : "" ?> aria-describedby="log-openvpn">
+    <label class="custom-control-label" for="log-openvpn"><?php echo _("Enable logging") ?></label>
+  </div>
+  <div class="row">
+    <div class="form-group col-md-8 mt-2">
+      <textarea class="logoutput"><?php echo htmlspecialchars($logOutput, ENT_QUOTES); ?></textarea>
+    </div>
+  </div>
+</div><!-- /.tab-pane -->
 

From 0ffe0ecd4b7481b412b0c8014a29b1e4c29bb3c9 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 10 Feb 2021 11:27:24 +0000
Subject: [PATCH 046/300] Persist log-openvpn option

---
 includes/openvpn.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/includes/openvpn.php b/includes/openvpn.php
index 16954d23..810746a2 100755
--- a/includes/openvpn.php
+++ b/includes/openvpn.php
@@ -55,7 +55,15 @@ function DisplayOpenVPNConfig()
     }
     $clients = preg_grep('~\login.(conf)$~', scandir(pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME)));
 
-    if (isset($_POST['log-openvpn'])) {
+    $logEnable = 0;
+    if (!empty($_POST) && !isset($_POST['log-openvpn'])) {
+        $logOutput = "";
+        $f = @fopen("/tmp/openvpn.log", "r+");
+        if ($f !== false) {
+            ftruncate($f, 0);
+            fclose($f);
+        }
+    } elseif (isset($_POST['log-openvpn']) || filesize('/tmp/openvpn.log') >0) {
         $logEnable = 1;
         exec("sudo /etc/raspap/openvpn/openvpnlog.sh", $logOutput);
         $logOutput = file_get_contents('/tmp/openvpn.log');

From 7798e710c1edc8852e59c5d170036be6a916d4f8 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 10 Feb 2021 11:28:33 +0000
Subject: [PATCH 047/300] Install openvpn logging script

---
 installers/common.sh     | 5 +++--
 installers/openvpnlog.sh | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index 9f9c9d87..7edad9c6 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -313,9 +313,10 @@ function _create_openvpn_scripts() {
     _install_log "Creating OpenVPN control scripts"
     sudo mkdir $raspap_dir/openvpn || _install_status 1 "Unable to create directory '$raspap_dir/openvpn'"
 
-   # Move service auth control shell scripts
+   # Move service auth control & logging shell scripts
     sudo cp "$webroot_dir/installers/"configauth.sh "$raspap_dir/openvpn" || _install_status 1 "Unable to move auth control script"
-    # Make configauth.sh writable by www-data group
+    sudo cp "$webroot_dir/installers/"openvpnlog.sh "$raspap_dir/openvpn" || _install_status 1 "Unable to move logging script"
+    # Make scripts executable by www-data group
     sudo chown -c root:"$raspap_user" "$raspap_dir/openvpn/"*.sh || _install_status 1 "Unable change owner and/or group"
     sudo chmod 750 "$raspap_dir/openvpn/"*.sh || _install_status 1 "Unable to change file permissions"
     _install_status 0
diff --git a/installers/openvpnlog.sh b/installers/openvpnlog.sh
index 3e2d681c..96e79e2d 100755
--- a/installers/openvpnlog.sh
+++ b/installers/openvpnlog.sh
@@ -1,3 +1,3 @@
 #!/bin/bash
 touch /tmp/openvpn.log
-grep -m 50 openvpn /var/log/syslog | sudo tee /tmp/openvpn.log
+grep -m 100 openvpn /var/log/syslog | sudo tee /tmp/openvpn.log

From 76dc60ca4162d68f26f307b81f8be018e7f9fab7 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 10 Feb 2021 11:29:12 +0000
Subject: [PATCH 048/300] Update logging template

---
 templates/openvpn/logging.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/openvpn/logging.php b/templates/openvpn/logging.php
index 4d44cece..0aef4217 100644
--- a/templates/openvpn/logging.php
+++ b/templates/openvpn/logging.php
@@ -4,7 +4,7 @@
   <p><?php echo _("Enable this option to log <code>openvpn</code> activity.") ?></p>
 
   <div class="custom-control custom-switch">
-    <input class="custom-control-input" id="log-openvpn" type="checkbox" name="log-openvpn" value="<?php echo $logEnable; ?>" <?php echo $logEnable ? ' checked="checked"' : "" ?> aria-describedby="log-openvpn">
+    <input class="custom-control-input" id="log-openvpn" type="checkbox" name="log-openvpn" value="1" <?php echo $logEnable ? ' checked="checked"' : "" ?> aria-describedby="log-openvpn">
     <label class="custom-control-label" for="log-openvpn"><?php echo _("Enable logging") ?></label>
   </div>
   <div class="row">

From 196e17bfd68a469806f2a0697f0bd3fbc150c682 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 10 Feb 2021 11:29:34 +0000
Subject: [PATCH 049/300] Update en_US locale

---
 locale/en_US/LC_MESSAGES/messages.po | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index b212270d..dcd715ae 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -704,6 +704,15 @@ msgstr "Activate"
 msgid "Cancel"
 msgstr "Cancel"
 
+msgid "Enable this option to log <code>openvpn</code> activity."
+msgstr "Enable this option to log <code>openvpn</code> activity."
+
+msgid "Cancel"
+msgstr "Cancel"
+
+msgid "Cancel"
+msgstr "Cancel"
+
 #: includes/torproxy.php
 msgid "TOR is not running"
 msgstr "TOR is not running"

From 0f7ff60a81d3fe9922699f5ab88eb04eccb3b718 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 10 Feb 2021 16:20:43 +0000
Subject: [PATCH 050/300] Update about page

---
 app/img/insiders.png                           | Bin 0 -> 4122 bytes
 templates/about.php                            |   4 ++--
 templates/about/general.php                    |   6 +++---
 templates/about/{sponsors.php => insiders.php} |   0
 4 files changed, 5 insertions(+), 5 deletions(-)
 create mode 100644 app/img/insiders.png
 rename templates/about/{sponsors.php => insiders.php} (100%)

diff --git a/app/img/insiders.png b/app/img/insiders.png
new file mode 100644
index 0000000000000000000000000000000000000000..b29574f747ee8e91a9331bdf14cd7b36554bc086
GIT binary patch
literal 4122
zcmai%c{Cf?+s9KH)Kavyl%|*t+SFFH#yZ++sU=Kei>0KfHDXC<g=#H>qCct>MOq|c
z7hA<rRl<;JsaQi*?fVv6@R~EfcY4m8_nh~id+zx@_xV20x%c_weqy0!xB0lmxB&nF
zpV6J0mH@zs{^R{SE{@|hY$x9Z0N|f6y7?O{czBU90v{Q?$axP<50QX~=5QN;-xmT1
zPxOJ2veSIQKTZ)P&45xu-(Ujfz%`hkwvb;{%F<aX@^0m?NQWkryrO%XNZ`<z-a*h1
zBseV04DfjV&{Yud7zza7xd8@3009y}5_UqL$o7{M2?lV%|B`;jkENgS<CMSS$I^fE
z|4#XD{=Y2$@;{ENj5o_a@#f^@e4U=u)z#(9n%QJBF}^f5(=`@r^mX@aZ#P%JlR@Bf
z-Gp8$I@FOXV(&S}LUlC{7aR|U4aCek@0}xkN!iiv*zLF_R=iDDl7uZFw^8wJ4)yVp
zI>YOe)^j(AY(&_;ZDHwRFQ4;6o3*P>g#P)jb{sGgxL+6cW@NdSLC5FwO2Q}?@>=s)
z3Jw5f$MSdsuxgUgj80qjSKUkQM-FZw2BuV<dZ|0d{T1{BM*Ns%(2_H6;*aaxb>ILY
z?oa$6h!1>V!|}o?;ZFKuc~aU*$vLv3K|}i*No6G=x!9<5;~;FR=V<l*mARRUFXHSb
z09+9);edj`@qPU^I?uUhNL=pdRTyuA*o&b=^@*0TUC#B`Gs5~Zvf!<eTkDgR8Q`(}
zq~Gz}lCXV+Q4U|rDW1jez@5%zr=M^2*TrH!4K-I;(O*&FJ)SbyA^v2Ew{G&KRNqmD
zxbG^b)f%*e`Zy!OtobXG)$H-^?#@9Ox;UHNmGX#y>?X{AqWkNlQp5^2JX^g`y)k@>
zp6=U<<vv^3+KDMYL@Q<I;_(mwNzJX#2KZBGm%JmOKpTJizDLLJd|aDIEiTwT9+8JD
zNYj-Qc<xO^!yz_n?PY~mq#y~<_H;`Q$DK6wXe~NCr)?m&miG|w;uIZi*2WEn1Ab1*
zKa-TZZ%^PBa&UA^>?OS2Tm$cJ)jZhPTyx(`9~&FfT@DueFfP&F+`O!C&Dk%yc`_h9
z+crLJTM{Q$%-Z%I-#AC`5+(Qqfg(NjuPPiFK}t3X<eI^k?&XiGKHFd+SbW8MXL4jK
z7&OY51Q&c~=r{YaL#N?W_U?fu)^o@g_s5+A&y7n!QUr=cf-rJ(+u7}NqCXmf>ek=c
zW@RVMZJON0<Sjf~I9*#;-0H90xkH)2#V5pkjtCEJ!JMVH>_$U}HeVUpGbhCknUZC+
zc307YwZQ5|1;yG;vIy|dZHKkLgNp%<FyO33mC{VA8fx$q{PMJ?Dd&39^FJmYRZn3R
zeaCc+^^R)hcj_vX56Vq%H@OICwQpBEZ60#Th(5oeXXIIbm)0BIH76{g6_>QFC{WN^
zcbY?5_Yl|m>p>!RZexU7+-`;Ltz`Ogz?FB5k_FHPYxKO;=!uagU@O9wKcKGGP|Tu=
zkR)jN2Oh-i+@x2mz60L?K{O7|wpD15d)!wF$Fk~9jcabx=B7?6@7I3UqY~ps9Uf!?
zBJx|6KAiQ}DM(2L9}oON>}0;=z7<k-^&IwXYT;P6=i;ESSOBFa@S+}U)X!sN6ZF!D
zU(*L;VI;EU9>HC0w&9TDB?-evq<Stc&W{>61?IUzrumHyA|T_;y7@%*g{r~?DJvo+
zz3G;C5!sTVc9I}Iz3ayrA!brP=&Vt|J!IgzqdL@(sp#zyZaeqffPk^gCFz)I6=%Mo
z_PzYHN?Q=sqs~mN@Z}ungdIMhX{$(;FV}Dt+paHEjQnPav-Td_<m2(?qNNRg^!6A|
z<mpBXJ{Iq{Xl!dehmcQthMXq=)qY$==4;uWU5&@oLUeMXz?<qe)(lxav&wYTAX~G7
zpXKeHqt$G5%Up0;->V$gz>bvs(^!F{<&dn}MyxN|cIvhLx#=~jPK{QLupT2u|NR!v
zC7G&tJ|CA0YPl||8Pyd*)_sPbzC^37hR`^^q0JsNbq)QY)iv06&35Q=XzjV)B!@-0
zNU--xaYw#@)VJ^XD(2@=T0_6U$fU2CZ-mTv^U5v!B+PV&w$UY`Hdr7SPi`RTe!6S3
z%x_dperw&>Q^@ikxoNXJ7uaZ2X|60D8CN$yG~q?sBlC@GUMcrY^q+oYSI)pS8$x{T
zc_|NRBqXW)slLPf9T`o$CdmdDx}wt89N^^UMsk$hHHZ)b_mwDU#e#z6g@SosZa{`_
zX2qy?mQki_3wgUv&M$CF;a-p(3#5nbWzC^yNac<D$x?wSeI7GbziY0%stSGQ2DB25
zn(^-G!)ADo=|F~ROh4YkU4D1_O}F8_)HtOg2JVYASAQutA|5p<yxQ1SahBZR*FAgF
z-H7>^>nWR4N>KMgS&hQi;3Xuz;kD{LWipr=pFI9*OAGXIatxl}HJA{ZzLBX<#8i^Q
z&teFX63`27Cgt>%g73mddG}R62gz#U%Lne_T<SosurK)qiZ%IEP;G2aSdBsIL&!eV
zf+n9a-0h{o+?hE|SlNDQRTxjsQ4e|W{=S>(I2BYA`zL;njVjMs&w(Gll_XvBWav{M
zb$pHV?P9EHw7f&9ZJ&-;$K!L<5f-yX#iIq1k!r7IkZP6Tx|q!B`tFf1Dwyog0h0KL
zOz|Oiy(e`Q#GxHq^;b89Pg>Env+040*2G>>%v#M&(*ckhj_SapRcDxED~2^k*%kDO
z4S%d+Ut*>>)k2q&i_PZL;|T$}GcZby=Y<ys(!AFlGu2qzs!JA>E^RzGao`zrDOy8r
z1aj#vA)wueITpKu?Je9@bD<Qok->Sk>@wGj){iK+mlReaE6T-pyt>q8Bf;XY%jU}0
z4T<=u?`s<kUamK&Ow}>d{LW#e^jmb)1NvKxy3u+PT2XEGVe>WA;y9BBTeEXcYh?9?
zp6NQ(BEJ!2FIuK<Kcd+kvH%Yqw-rxhRDX`iUSev;`z$NDKUKK!<g$tx**H~(2N5%2
zWqu??Y!oo;0iStsJDyY>L75(g0+%;<M-73NE!X1H_TQr9buKv&4fu=tZ*f{zu{Fj`
zK)gSD-;W}7wP3Vt?hIkn8Nb-@BUO*S)^_<uf~&M_WD${rzc&bK!1(BI9-WOwKP^><
z7eS+hIlcC{K%;8x2hG?5x2xUaqss>6O=fZYpDT!VkI=lsvBsYd{TdTxV@9RhqUE&X
z;0u{e*(R1x=MtZydN=v%H|Kn`N7Sn*zeOZP-9;sHjQ(j(WQ!ujs3QXXpHyeWXBc*R
zKBDl52PCbXDc$%ryo2_Mvxw3BxzS8vG2^QLezQQaVJking9VK^{D&{0FIc`23bgyu
zLYu?|#b*_2`nTw+R#R-X+ns*2FIhY2T(uz@V71;sRavr~&6{o#?kC-&4vM1XJ}7F!
zbr(h$xMDjp9X)6oDh-RE!%K_~RZI5kf<{#ctv(QUbN5=xF9TJWbvoKWXiu;h6#%IV
zh}hyMKN|=esN@EEjh!-@amYmBxesQ)8R*{!EkGVlcv+L#imp(s$OY(JxR57y;^RAX
zJ0jXZ=z$lfy03Bi6l1tViUK6yxSxXRJz6+kK!L^~-q5Z7Sx?nvwH)`8%_*sID1B4$
zrW40KSvFPu3QH2NY>+u$*4UTjX`6U#R3ej*{X%Fp$X;uo1ne6W3Ey@#i~^S{hNSJj
z7;6+WuP0sFycke`exUjb4BvcO9M)#$?^x#l?v_0KzV=0puHddz8F&YZ&l7w6@t~nQ
z|E$2Q-OMdE_Jd6*=RjJQr6#ML)2J0CUzFa0OeiXE4TS98%m?MIZ4gXP_0I;F!4L2s
zLxmfKY%M0UJm*X2U%j8$FxBCyiN=VqZ4rO-F(a}atu*MtW<yt!X_Ronqk7;d((GPB
zP2tH&zxZmaMD#oD9}P=|iwUQ`tLRD77^xSgm+DRG+I#LN$m<A_-Zzn=EQ(c{+x$R6
zEN>0`^c8|JZjc%(#9Lf`4V~6s7&G7!Wmi=R^3^QdHaY~X<<tz#o^sC6ZEE*8Y!bnH
z^v_$Sh6s%~Opvt0m|n>^+S-kQup(c}(@RQrh05kgS?wgmez=StCZA^gWb)Tei9621
zw-Li>0yZJ)bzu@S>LxR3`MbPQfemiEa-&}@PDHPoA7MnP%-=sDL>64n5CRyG5TTp_
zQ&c)#hVg!%@n`f68~&BP-OM)3_JDD9NL`igx|%?H$R)2rScHRSC-J#q#r4ym!@k~0
z@D(-XFOFJkHYLKZqHhtJv~wg}o|o_tjT%Cjc?EN!CUFcFPB1%@-gz0x?y~s-sU$L#
zj&K)9+wcFAg^OFbtO#v|G|ztLhZ7B2`-5py!}<x^4vZps_M$(gavibCUs2M8>nB?j
ziuPLbq$VfYTX`s4J1e!9M*FUX;<*=9pj6XWonq`>Up#t*g%&clFTm433DDKGY)+Cj
z7%9=k$tfU?`Kls4D?B%!$kP?M&Wn+`CNny|-x{*pLgW!`k@^oCM?I+FJp-^vc)<o_
z7kzdaLhsa$-dx}Sdin_xib~_wB^C<evxqk{84aJeY0QIzYXB-bZPX|kXYZTx`IXLB
zfr6B*_oWSj|M}!T2)d9+do7aHvx-G2Ps?Yy+AT;PpFcXQ7^|shaS$ECvPa`WO)9Cf
zrOM$_Caw7@+ZB!S!w!}%x)NeFE#=oadwP26r;CAse$e@ViTcvK-5crfvHlm=bJWrC
z*`Pnt)FP>pI97JCp5~9cyjezwo~mbQZoC8C$n+dP<{a`YDJNL7TWL4MaJ@cA@QLT}
z^kdulZW-^z20QYXv(sp_+Fo8qMW4ddb7LVpFh^$<=Z2<{ozfls(Ff-d5(m@i|BHA(
z5pMWH5GjOb_M2p(A6mW5Bw1ph%1n-XHs{y_N?W5!gxkx~BtGJ=Li8ffe_n!C@2ii$
zyS3`#-2gDCo;)qj)+MG-q$7O=ZRp3sMSkH3S3XIYm%vKpndPe*WEG6esMvf0IXt2!
zfQcGo1BWcs`q(=<Mk8Y<{9ik-PrkH>9|13ANU}3ONvj%cNk72|R+c5_Y(F?hdJOeZ
z+Wy^#*#F42U0hP4%@~s|`UjhSKFPAAIs+urk2zliJCRB<PPL&$>u1SDE#6&J=Fra{
zZZxjem)5#di9IhaEC4O!hU4v&@2B-BXA>eGqWIVi;6yh4Nm15`{}*`w0pg#x^>5()
p2V?$bqyNkD-;BLTJvu20NO&FMQPO9qaLoJwqg!S-OAYQl`5%A`?8^WE

literal 0
HcmV?d00001

diff --git a/templates/about.php b/templates/about.php
index 2d108da2..80ac2dd1 100755
--- a/templates/about.php
+++ b/templates/about.php
@@ -18,14 +18,14 @@ require_once 'app/lib/Parsedown.php';
         <!-- Nav tabs -->
         <ul class="nav nav-tabs">
           <li class="nav-item"><a class="nav-link active" href="#aboutgeneral" data-toggle="tab"><?php echo _("About"); ?></a></li>
-          <li class="nav-item"><a class="nav-link" href="#aboutsponsors" data-toggle="tab"><?php echo _("Sponsors"); ?></a></li>
+          <li class="nav-item"><a class="nav-link" href="#aboutsponsors" data-toggle="tab"><?php echo _("Insiders"); ?></a></li>
         </ul>
         <!-- /.nav-tabs -->
 
         <!-- Tab panes -->
         <div class="tab-content">
           <?php echo renderTemplate("about/general", $__template_data) ?>
-          <?php echo renderTemplate("about/sponsors", $__template_data) ?>
+          <?php echo renderTemplate("about/insiders", $__template_data) ?>
         </div>
         <!-- /.tab-content -->
 
diff --git a/templates/about/general.php b/templates/about/general.php
index db16a9ef..df44bc77 100644
--- a/templates/about/general.php
+++ b/templates/about/general.php
@@ -7,12 +7,12 @@
         <div class="mt-3">RaspAP is a co-creation of <a href="https://github.com/billz">billz</a> and <a href="https://github.com/sirlagz">SirLagz</a>
           with the contributions of our <a href="https://github.com/raspap/raspap-webgui/graphs/contributors">developer community</a>
           and <a href="https://crowdin.com/project/raspap">language translators</a>.
-          Learn more about joining the project as a <a href="https://github.com/raspap/raspap-webgui/blob/master/CONTRIBUTING.md">code contributor</a>,
-        <a href="https://docs.raspap.com/translations/">translator</a> or <a href="https://github.com/sponsors/billz">financial sponsor</a>.</div>
+          Learn more about joining the project as a <a href="https://docs.raspap.com/#get-involved">code contributor</a>,
+        <a href="https://docs.raspap.com/translations/">translator</a> or <a href="https://github.com/sponsors/RaspAP">financial sponsor</a> with immediate access to <a href="https://github.com/sponsors/RaspAP#exclusive-features">exclusive features</a> available to <strong>Insiders</strong>.</div>
         <div class="mt-3">Project documentation is available at <a href="https://docs.raspap.com/">https://docs.raspap.com/</a></div>
         <div class="mt-3 project-links">
         <div class="row">
-          <div class="col-md-6">GitHub <i class="fab fa-github"></i> <a href="https://github.com/raspap/raspap-webgui">raspap-webgui</a></div>
+          <div class="col-md-6">GitHub <i class="fab fa-github"></i> <a href="https://github.com/RaspAP/">RaspAP</a></div>
           <div class="col-md-6">Twitter <span style="color: #55acee"><i class="fab fa-twitter"></i></span> <a href="https://twitter.com/rasp_ap">@RaspAP</a></div>
           <div class="col-md-6">Reddit <span style="color: #ff4500"><i class="fab fa-reddit"></i></span> <a href="https://www.reddit.com/r/RaspAP/">/r/raspap</a></div>
           <div class="col-md-6">License <i class="fas fa-balance-scale"></i> <a href="https://github.com/raspap/raspap-webgui/blob/master/LICENSE">GPL-3.0</a></div>
diff --git a/templates/about/sponsors.php b/templates/about/insiders.php
similarity index 100%
rename from templates/about/sponsors.php
rename to templates/about/insiders.php

From deb071a2697e6779bf4928eea06713d557c47115 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 10 Feb 2021 16:21:29 +0000
Subject: [PATCH 051/300] Update BACKERS.md

---
 BACKERS.md | 82 +++++++++++++++++++++++++++++++++++-------------------
 1 file changed, 53 insertions(+), 29 deletions(-)

diff --git a/BACKERS.md b/BACKERS.md
index 16c6e2e7..6c51208d 100644
--- a/BACKERS.md
+++ b/BACKERS.md
@@ -1,39 +1,63 @@
-## Sponors 
+## Insiders
 
-Development of RaspAP is made possible thanks to our awesome sponsors. If you use RaspAP in a commerical application, consider sponsoring the project at a commerical tier. There are several benefits for sponsors at this level. Find out more about [becoming a sponsor](https://github.com/sponsors/billz).
+Development of RaspAP is made possible thanks to a sponsorware release model. This means that new features are first exclusively released to sponsors as part of [**Insiders**](https://github.com/sponsors/RaspAP). Read on to learn how sponsorship works, and how easy it is to get access to Insiders.
 
-#### 💖 Benefactors
+<img width="461" alt="Untitled" src="app/img/insiders.png"> 
 
-#### 🏆 Gilded supporters 
+### How sponsorship works
+New features first land in **Insiders**, which means that *sponsors will have access to them immediately*. Every feature is tied to a funding goal in monthly subscriptions. When a funding goal is hit, the features that are tied to it are merged back into the [public RaspAP repository](https://github.com/RaspAP/raspap-webgui) and released for general availability. Bugfixes and minor enhancements are always released simultaneously in both editions.
 
-#### 🤖 Robot fuelers 
+Don't want to sponsor? No problem, RaspAP already has tons of features available, so chances are that most of your requirements are already satisfied. See the list of exclusive features to learn which features are currently only available to sponsors.
 
-#### ☕️  Coffee supporters 
+### How to become a sponsor
+You can [become a sponsor](https://github.com/sponsors/RaspAP) using your individual or organization's GitHub account. Just  pick any tier from $10/month and complete the checkout. Then, after a few hours, you will be added as a team member to the super-secret private GitHub repository containing the Insiders edition, which has all exclusive features. In addition, you get access to Insiders-only team discussions and content.
 
-## Donors
+> ℹ️  **Important**: If you're sponsoring [RaspAP](https://github.com/RaspAP/sponsors) through a GitHub organization, please send a short email to [sponsors@raspap.com](mailto:sponsors@raspap.com) with the name of your organization and the account that should be added as a collaborator.
 
-Recurring and one-time donors are vital to the continued development of this project. Join these awesome donors by pledging via [OpenCollective](https://opencollective.com/raspap) or [PayPal](https://paypal.me/billzgithub).
+### Exclusive features
+When backers were asked which feature they'd most like to see added to RaspAP, the ability to manage multiple OpenVPN client configurations topped the list of requests. We think this is a great idea, so we're adding this as the first feature exclusive to insiders. 
 
-## OpenCollective
-Navisense GmbH - $500  
-Wechaty - "RaspAP is awesome!" -$20  
-Pheppy -  $10  
-Mark H - "I've used this project for some time, great in combi with a Sixfab LTE HAT." -$10  
-Phil K - $10  
-T.Paul L - $5  
-Wouter D - $20  
-Andy N - "This is a great solution with a very responsive lead. Thanks for all your hard work." -$20  
-Paul B - $20  
-Bert S - "I use RaspAP for IoT devices in combination with OpenVPN. Works like a charm." -€25  
+✅ Multiple OpenVPN client configs  
+✅ OpenVPN service logging  
+⚙️  Traffic shaping (in progress)  
 
-## PayPal
-Ray E - "This project is awesome and just works; saved me and my client tons of work. Thank you!" -$20  
-Erin C - "Just got Raspap up and running, looks very cool, thanks!" -$20 CAD  
-Ralf J - "Thanks for RaspAP including OpenVPN. It was a big help for me." -€15  
-Felipe C - "Thanks for the good work on RaspAP!" -$6  
-Webagentur S - "Like what you and RaspAP are doing." -€20  
-Matthew B - "Great project, easy to set up." -£15  
-Mikko M - "Thanks for the great RaspAP." -€10  
-Oren G - "Needed to create an AP with my pi, this just worked so well! Thank you!" -$25  
-Vince H - "Such a great project! Thank you and keep up the great work!" -$20  
+Look for the list above to grow as we add more exclusive features. 
+
+### Funding targets
+Below is a list of funding targets. When a funding target is reached, the features that are tied to it are merged back into RaspAP and released to the public for general availability.
+
+#### $500 
+✅ Multiple OpenVPN client configs  
+✅ OpenVPN service logging  
+⚙️  Traffic shaping (in progress)  
+
+### Frequently asked questions
+
+#### Upgrading
+*I have an existing RaspAP installation. How do I upgrade to Insiders?*
+
+Upgrading is easy. Simply invoke the [Quick Installer](https://docs.raspap.com/quick/) with the `--upgrade` switch, specifying the private Insiders repo, like so:
+
+```
+curl -sL https://install.raspap.com | bash -s -- --upgrade --repo raspap/raspap-insiders
+```
+
+If you haven't [added SSH keys to your GitHub account](https://docs.github.com/en/github/authenticating-to-github/connecting-to-github-with-ssh) you will be prompted to authenticate. If so, just enter your GitHub credentials during the install:
+
+```
+RaspAP Install: Cloning latest files from github
+Cloning into '/tmp/raspap-webgui'...
+Username for 'https://github.com': octocat
+Password for 'https://octocat@github.com': 
+```
+
+> ℹ️  **Note**: your password is sent securely via SSH to GitHub. The above prompt is actually from GitHub, so the installer does _not_ know your credentials.
+
+#### Terms
+*We're using RaspAP for a commercial project. Can we use Insiders under the same terms and conditions?*
+
+Yes. Whether you're an individual or a company, you may use RaspAP Insiders precisely under the same terms as RaspAP, which are defined by the GNU GPL 3.0 license. However, we kindly ask you to respect the following guidelines:
+
+* Please **don't distribute the source code** of Insiders. You may freely use it for public, private or commercial projects, fork it, mirror it, do whatever you want with it, but please don't release the source code, as it would counteract the sponsorware strategy.
+* If you cancel your subscription, you're removed as a collaborator and will miss out on future updates of Insiders. However, you may *use the latest version* that's available to you as long as you like. Just remember that [GitHub deletes private forks](https://docs.github.com/en/github/setting-up-and-managing-your-github-user-account/removing-a-collaborator-from-a-personal-repository).
 

From 72515b0734b6977bca0745a74af5874a2c79c8e8 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 10 Feb 2021 16:23:56 +0000
Subject: [PATCH 052/300] Update release version

---
 README.md             | 30 +++++++++++++++++++++++++++---
 includes/defaults.php |  2 +-
 index.php             |  4 ++--
 installers/common.sh  |  3 +--
 4 files changed, 31 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 0eded8f9..c3b0fa5c 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/DpgvLIO.png)
-[![Release 2.6](https://img.shields.io/badge/release-v2.6-green)](https://github.com/raspap/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.7](https://img.shields.io/badge/release-v2.7-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.
 
@@ -27,7 +27,9 @@ As part of the initial rollout of Insiders, all previous one-time backers of Ras
 ## Exclusive features
 When backers were asked which feature they'd most like to see added to RaspAP, the ability to manage multiple OpenVPN client configurations topped the list of requests. Therefore, we're adding this as the first feature exclusive to insiders. 
 
- ✅ Manage OpenVPN client configs
+✅ Manage OpenVPN client configs
+✅ OpenVPN service logging
+⚙️ Traffic shaping (in progress)
 
 Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/orgs/RaspAP/teams/insiders/discussions) and let us know!
 
@@ -35,10 +37,32 @@ Look for the list above to grow as we add more exlcusive features. Have an idea
 Following is a list of funding targets. When a funding target is reached, the features that are tied to it are merged back into RaspAP and released to the public for general availability.
 
 ### $500 
-✅ Manage OpenVPN client configs 
+✅ Manage OpenVPN client configs
+✅ OpenVPN service logging
+⚙️ Traffic shaping (in progress)
 
 ## Frequently asked questions
 
+### Upgrading
+*I have an existing RaspAP installation. How do I upgrade to Insiders?*
+
+Upgrading is easy. Simply invoke the Quick Installer with the `--upgrade` switch, specifying the private Insiders repo, like so:
+
+```
+curl -sL https://install.raspap.com | bash -s -- --upgrade --repo raspap/raspap-insiders
+```
+
+If you haven't [added SSH keys to your GitHub account](https://docs.github.com/en/github/authenticating-to-github/connecting-to-github-with-ssh) you will be prompted to authenticate. If so, just enter your GitHub credentials during the install:
+
+```
+RaspAP Install: Cloning latest files from github
+Cloning into '/tmp/raspap-webgui'...
+Username for 'https://github.com': octocat
+Password for 'https://octocat@github.com':
+```
+
+> ℹ️  Note: your password is sent securely via SSH to GitHub. The above prompt is actually from GitHub, so the installer does not know your credentials.
+
 ### Terms
 *We're using RaspAP for a commercial project. Can we use Insiders under the same terms and conditions?*
 
diff --git a/includes/defaults.php b/includes/defaults.php
index 093f66ac..93aa2df3 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.6',
+  'RASPI_VERSION' => '2.7',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
diff --git a/index.php b/index.php
index 4d907676..805ef863 100755
--- a/index.php
+++ b/index.php
@@ -14,8 +14,8 @@
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.6
- * @link    https://github.com/raspap/raspap-webgui/
+ * @version 2.7
+ * @link    https://github.com/raspap/raspap-insiders/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/
  *
diff --git a/installers/common.sh b/installers/common.sh
index 7edad9c6..fc7fea58 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -573,9 +573,8 @@ function _optimize_php() {
 
 function _install_complete() {
     _install_log "Installation completed"
-    echo "This project needs your help! Please consider supporting RaspAP on Open Collective or GitHub:"
+    echo "Join RaspAP Insiders for access to exclusive features:"
     echo -e "${ANSI_RASPBERRY}"
-    echo "> https://opencollective.com/RaspAP"
     echo "> https://github.com/sponsors/RaspAP"
     echo -e "${ANSI_RESET}"
     if [ "$assume_yes" == 0 ]; then

From 334e6f0b503995f7253a79ea1045b43fc2f3a08b Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Wed, 10 Feb 2021 22:37:54 +0100
Subject: [PATCH 053/300] Update README.md

---
 README.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index c3b0fa5c..1eb70778 100644
--- a/README.md
+++ b/README.md
@@ -27,9 +27,9 @@ As part of the initial rollout of Insiders, all previous one-time backers of Ras
 ## Exclusive features
 When backers were asked which feature they'd most like to see added to RaspAP, the ability to manage multiple OpenVPN client configurations topped the list of requests. Therefore, we're adding this as the first feature exclusive to insiders. 
 
-✅ Manage OpenVPN client configs
-✅ OpenVPN service logging
-⚙️ Traffic shaping (in progress)
+✅ Manage OpenVPN client configs  
+✅ OpenVPN service logging  
+⚙️ Traffic shaping (in progress)  
 
 Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/orgs/RaspAP/teams/insiders/discussions) and let us know!
 
@@ -37,9 +37,9 @@ Look for the list above to grow as we add more exlcusive features. Have an idea
 Following is a list of funding targets. When a funding target is reached, the features that are tied to it are merged back into RaspAP and released to the public for general availability.
 
 ### $500 
-✅ Manage OpenVPN client configs
-✅ OpenVPN service logging
-⚙️ Traffic shaping (in progress)
+✅ Manage OpenVPN client configs  
+✅ OpenVPN service logging  
+⚙️ Traffic shaping (in progress)  
 
 ## Frequently asked questions
 

From 4378ff7add666a36a5762b2220e9fbe9b9f9e599 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 15 Feb 2021 19:02:13 +0000
Subject: [PATCH 054/300] Implement night mode toggle in top navbar

---
 app/js/custom.js       | 11 +++++++++++
 includes/functions.php | 10 ++++++++++
 index.php              |  7 ++++++-
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index dcb05797..28609abe 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -397,6 +397,17 @@ function set_theme(theme) {
     setCookie('theme',theme,90);
 }
 
+$(function() {
+    $('#night-mode').change(function() {
+        var state = $(this).is(':checked');
+        if (state == true && getCookie('theme') != 'lightsout.css') {
+            set_theme('lightsout.css');
+        } else {
+            set_theme('custom.php');
+        }
+   });
+});
+
 function setCookie(cname, cvalue, exdays) {
     var d = new Date();
     d.setTime(d.getTime() + (exdays*24*60*60*1000));
diff --git a/includes/functions.php b/includes/functions.php
index 7593df18..1ca27d7d 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -720,3 +720,13 @@ function validate_host($host) {
   return preg_match('/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i', $host);
 }
 
+// Gets night mode toggle value
+// @return boolean
+function getNightmode(){
+    if ($_COOKIE['theme'] == 'lightsout.css') {
+        return true;
+    } else {
+        return false;
+    }
+}
+
diff --git a/index.php b/index.php
index 805ef863..b7552c14 100755
--- a/index.php
+++ b/index.php
@@ -214,8 +214,13 @@ $bridgedEnabled = getBridgedState();
           <i class="fa fa-bars"></i>
         </button>
         <!-- Topbar Navbar -->
-        <p class="text-left brand-title mt-3 ml-2"><?php //echo _("WiFi Configuration Portal"); ?></p>
+        <p class="text-left brand-title mt-3 ml-2"></p>
         <ul class="navbar-nav ml-auto">
+          <!-- Nav Item - Night mode -->
+          <div class="custom-control custom-switch mt-4">
+          <input type="checkbox" class="custom-control-input" id="night-mode" <?php echo getNightmode() ? 'checked' : null ; ?> >
+            <label class="custom-control-label" for="night-mode"></label>
+          </div>
           <div class="topbar-divider d-none d-sm-block"></div>
           <!-- Nav Item - User -->
           <li class="nav-item dropdown no-arrow">

From c16d48d2fe9b50233f46f0e89e5ef70fad5c2a34 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 15 Feb 2021 22:07:34 +0000
Subject: [PATCH 055/300] Update DisplayThemeConfig()

---
 includes/themes.php | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/includes/themes.php b/includes/themes.php
index 58afe68a..ab4cf43c 100755
--- a/includes/themes.php
+++ b/includes/themes.php
@@ -7,13 +7,11 @@ function DisplayThemeConfig(&$extraFooterScripts)
 {
     $themes = [
         "default"    => "RaspAP (default)",
-        "hackernews" => "HackerNews",
-        "lightsout"  => "Lights Out"
+        "hackernews" => "HackerNews"
     ];
     $themeFiles = [
         "default"    => "custom.php",
-        "hackernews" => "hackernews.css",
-        "lightsout"  => "lightsout.css"
+        "hackernews" => "hackernews.css"
     ];
     $selectedTheme = array_search($_COOKIE['theme'], $themeFiles);
 

From f7d689145703b338e089d217a9ac982241c123f7 Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Tue, 16 Feb 2021 07:35:57 +0100
Subject: [PATCH 056/300] Update README.md

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 1eb70778..42266b4b 100644
--- a/README.md
+++ b/README.md
@@ -29,6 +29,7 @@ When backers were asked which feature they'd most like to see added to RaspAP, t
 
 ✅ Manage OpenVPN client configs  
 ✅ OpenVPN service logging  
+✅ Night mode toggle  
 ⚙️ Traffic shaping (in progress)  
 
 Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/orgs/RaspAP/teams/insiders/discussions) and let us know!
@@ -39,6 +40,7 @@ Following is a list of funding targets. When a funding target is reached, the fe
 ### $500 
 ✅ Manage OpenVPN client configs  
 ✅ OpenVPN service logging  
+✅ Night mode toggle  
 ⚙️ Traffic shaping (in progress)  
 
 ## Frequently asked questions

From a6caea05f24d7f7bd585b1eaf87898c1ad3a0dae Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 18 Feb 2021 07:03:58 +0000
Subject: [PATCH 057/300] Night mode tweaks

---
 app/css/lightsout.css | 11 +++--------
 index.php             |  4 ++--
 2 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/app/css/lightsout.css b/app/css/lightsout.css
index c6fb580b..ce44a4cd 100644
--- a/app/css/lightsout.css
+++ b/app/css/lightsout.css
@@ -8,7 +8,6 @@ License: GNU General Public License v3.0
 
 html * {
   font-family: Helvetica,Arial,sans-serif;
-  font-size: 1.0rem;
   color: #afafaf;
 }
 
@@ -369,13 +368,9 @@ tspan, rect {
   fill: #d2d2d2;
 }
 
-span.text.service-status {
-  font-size: 0.75rem;
-  margin-top: 0.2rem;
-}
-
-.text-muted {
-  font-size: 0.8rem;
+small {
+    font-size: 80%;
+    font-weight: 400;
 }
 
 .fas.fa-circle {
diff --git a/index.php b/index.php
index b7552c14..026fde00 100755
--- a/index.php
+++ b/index.php
@@ -218,8 +218,8 @@ $bridgedEnabled = getBridgedState();
         <ul class="navbar-nav ml-auto">
           <!-- Nav Item - Night mode -->
           <div class="custom-control custom-switch mt-4">
-          <input type="checkbox" class="custom-control-input" id="night-mode" <?php echo getNightmode() ? 'checked' : null ; ?> >
-            <label class="custom-control-label" for="night-mode"></label>
+            <input type="checkbox" class="custom-control-input" id="night-mode" <?php echo getNightmode() ? 'checked' : null ; ?> >
+            <label class="custom-control-label" for="night-mode"><i class="far fa-moon mr-1 text-muted"></i></label>
           </div>
           <div class="topbar-divider d-none d-sm-block"></div>
           <!-- Nav Item - User -->

From 16eace63e7cb2cc5ef21e0e6e956d4871ac4ff51 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 21 Feb 2021 23:51:20 +0000
Subject: [PATCH 058/300] Add dhcp-ignore handling

---
 includes/dhcp.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/includes/dhcp.php b/includes/dhcp.php
index 0ebf641b..14c0cf34 100755
--- a/includes/dhcp.php
+++ b/includes/dhcp.php
@@ -45,12 +45,15 @@ function DisplayDHCPConfig()
         }
     }
     getWifiInterface();
+    $ap_iface = $_SESSION['ap_interface'];
     $serviceStatus = $dnsmasq_state ? "up" : "down";
     exec('cat '. RASPI_DNSMASQ_PREFIX.'raspap.conf', $return);
     $conf = ParseConfig($return);
+    exec('cat '. RASPI_DNSMASQ_PREFIX.$ap_iface.'.conf', $return);
+    $conf = array_merge(ParseConfig($return));
+    $hosts = (array)$conf['dhcp-host'];
     exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
     exec('cat ' . RASPI_DNSMASQ_LEASES, $leases);
-    $ap_iface = $_SESSION['ap_interface'];
 
     echo renderTemplate(
         "dhcp", compact(
@@ -59,7 +62,7 @@ function DisplayDHCPConfig()
             "dnsmasq_state",
             "ap_iface",
             "conf",
-            "dhcpHost",
+            "hosts",
             "interfaces",
             "leases"
         )
@@ -188,6 +191,9 @@ function updateDnsmasqConfig($iface,$status)
         }
         $config .= PHP_EOL;
     }
+    if ($_POST['dhcp-ignore'] == "1") {
+        $config .= 'dhcp-ignore=tag:!known'.PHP_EOL;
+    }
     file_put_contents("/tmp/dnsmasqdata", $config);
     $msg = file_exists(RASPI_DNSMASQ_PREFIX.$iface.'.conf') ? 'updated' : 'added';
     system('sudo cp /tmp/dnsmasqdata '.RASPI_DNSMASQ_PREFIX.$iface.'.conf', $result);

From 9466e4fa70bbba629fd20679f0d1d04fac3c8e9d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 21 Feb 2021 23:53:14 +0000
Subject: [PATCH 059/300] Rework static leases tab

---
 templates/dhcp/static_leases.php | 34 ++++++++++++++++++++++++++++----
 1 file changed, 30 insertions(+), 4 deletions(-)

diff --git a/templates/dhcp/static_leases.php b/templates/dhcp/static_leases.php
index 3b804270..bec40ca0 100644
--- a/templates/dhcp/static_leases.php
+++ b/templates/dhcp/static_leases.php
@@ -3,7 +3,7 @@
   <h4 class="mt-3 mb-3"><?php echo _("Static leases") ?></h4>
 
   <div class="dhcp-static-leases js-dhcp-static-lease-container">
-    <?php foreach ($dhcpHost as $host) : ?>
+    <?php foreach ($hosts as $host) : ?>
       <?php list($mac, $ip) = array_map("trim", explode(",", $host)); ?>
       <div class="row dhcp-static-lease-row js-dhcp-static-lease-row">
         <div class="col-md-5 col-xs-5">
@@ -13,13 +13,21 @@
           <input type="text" name="static_leases[ip][]" value="<?php echo htmlspecialchars($ip, ENT_QUOTES) ?>" placeholder="<?php echo _("IP address") ?>" class="form-control">
         </div>
         <div class="col-md-2 col-xs-3">
-          <button type="button" class="btn btn-danger js-remove-dhcp-static-lease"><?php echo _("Remove") ?></button>
+          <button type="button" class="btn btn-outline-danger js-remove-dhcp-static-lease"><i class="far fa-trash-alt"></i></button>
         </div>
       </div>
     <?php endforeach ?>
   </div>
 
   <h5 class="mt-3 mb-3"><?php echo _("Add static DHCP lease") ?></h5>
+   <div class="row">
+    <div class="col-md-6">
+      <p id="static-lease-description">
+        <small><?php echo _("Clients with a particular hardware MAC address can always be allocated the same IP address.") ?></small>
+        <small class="text-muted"><?php echo _("This option adds <code>dhcp-host</code> entries to the dnsmasq configuration.") ?></small>
+      </p>
+    </div>
+  </div>
   <div class="row dhcp-static-lease-row js-new-dhcp-static-lease">
     <div class="col-md-5 col-xs-5">
       <input type="text" name="mac" value="" placeholder="<?php echo _("MAC address") ?>" class="form-control" autofocus="autofocus">
@@ -28,10 +36,27 @@
       <input type="text" name="ip" value="" placeholder="<?php echo _("IP address") ?>" class="form-control">
     </div>
     <div class="col-md-2 col-xs-3">
-      <button type="button" class="btn btn-success js-add-dhcp-static-lease"><?php echo _("Add") ?></button>
+      <button type="button" class="btn btn-outline-success js-add-dhcp-static-lease"><i class="far fa-plus-square"></i></button>
     </div>
   </div>
 
+  <h5 class="mt-3 mb-3"><?php echo _("Restrict access") ?></h5>
+    <div class="row">
+      <div class="col-md-6">
+        <div class="input-group">
+         <input type="hidden" name="dhcp-ignore" value="0">
+            <div class="custom-control custom-switch">
+              <input class="custom-control-input" id="dhcp-ignore" type="checkbox" name="dhcp-ignore" value="1" <?php echo $conf['dhcp-ignore'] ? ' checked="checked"' : "" ?> aria-describedby="dhcp-ignore-description">
+              <label class="custom-control-label" for="dhcp-ignore"><?php echo _("Limit network access to static clients") ?></label>
+            </div>
+            <p id="dhcp-ignore-description">
+              <small><?php echo _("Enable this option if you want RaspAP to <b>ignore any clients</b> which are not specified in the static leases list.") ?></small>
+              <small class="text-muted"><?php echo _("This option adds <code>dhcp-ignore</code> to the dnsmasq configuration.") ?></small>
+            </p>
+          </div>
+        </div>
+      </div>
+
   <template id="js-dhcp-static-lease-row">
     <div class="row dhcp-static-lease-row js-dhcp-static-lease-row">
       <div class="col-md-5 col-xs-5">
@@ -41,8 +66,9 @@
         <input type="text" name="static_leases[ip][]" value="{{ ip }}" placeholder="<?php echo _("IP address") ?>" class="form-control">
       </div>
       <div class="col-md-2 col-xs-3">
-        <button type="button" class="btn btn-warning js-remove-dhcp-static-lease"><?php echo _("Remove") ?></button>
+        <button type="button" class="btn btn-outline-danger js-remove-dhcp-static-lease"><i class="far fa-trash-alt"></i></button>
       </div>
     </div>
   </template>
 </div><!-- /.tab-pane -->
+

From a33512953dc691e10aec58aa27242fbb191ca951 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 21 Feb 2021 23:53:58 +0000
Subject: [PATCH 060/300] Update en_US dhcp msgs

---
 locale/en_US/LC_MESSAGES/messages.po | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index dcd715ae..26677ce7 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -362,6 +362,24 @@ msgstr "Log DHCP requests"
 msgid "Log DNS queries"
 msgstr "Log DNS queries"
 
+msgid "Restrict access"
+msgstr "Restrict access"
+
+msgid "Limit network access to static clients"
+msgstr "Limit network access to static clients"
+
+msgid "Enable this option if you want RaspAP to <b>ignore any clients</b> which are not specified in the static leases list."
+msgstr "Enable this option if you want RaspAP to <b>ignore any clients</b> which are not specified in the static leases list."
+
+msgid "This option adds <code>dhcp-ignore</code> to the dnsmasq configuration."
+msgstr "This option adds <code>dhcp-ignore</code> to the dnsmasq configuration."
+
+msgid "Clients with a particular hardware MAC address can always be allocated the same IP address."
+msgstr "Clients with a particular hardware MAC address can always be allocated the same IP address."
+
+msgid "This option adds <code>dhcp-host</code> entries to the dnsmasq configuration."
+msgstr "This option adds <code>dhcp-host</code> entries to the dnsmasq configuration."
+
 #: includes/hostapd.php
 msgid "Basic"
 msgstr "Basic"

From f156fbceae9b5117de45f0fa8505a548225a0db0 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 22 Feb 2021 08:00:50 +0000
Subject: [PATCH 061/300] Add tag set:known to dhcp-host

---
 includes/dhcp.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/dhcp.php b/includes/dhcp.php
index 14c0cf34..d4f981ed 100755
--- a/includes/dhcp.php
+++ b/includes/dhcp.php
@@ -175,7 +175,7 @@ function updateDnsmasqConfig($iface,$status)
         $mac = trim($_POST["static_leases"]["mac"][$i]);
         $ip  = trim($_POST["static_leases"]["ip"][$i]);
         if ($mac != "" && $ip != "") {
-            $config .= "dhcp-host=$mac,$ip".PHP_EOL;
+            $config .= "dhcp-host=$mac,$ip".",set:known".PHP_EOL;
         }
     }
     if ($_POST['no-resolv'] == "1") {

From f7a441566e3ca8f586a283fec320f8593ac3f52d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 22 Feb 2021 08:01:41 +0000
Subject: [PATCH 062/300] Optimize template layout

---
 templates/dhcp/static_leases.php | 97 +++++++++++++++-----------------
 1 file changed, 46 insertions(+), 51 deletions(-)

diff --git a/templates/dhcp/static_leases.php b/templates/dhcp/static_leases.php
index bec40ca0..aaa8cb12 100644
--- a/templates/dhcp/static_leases.php
+++ b/templates/dhcp/static_leases.php
@@ -1,50 +1,44 @@
 <!-- static leases tab -->
 <div class="tab-pane fade" id="static-leases">
-  <h4 class="mt-3 mb-3"><?php echo _("Static leases") ?></h4>
-
-  <div class="dhcp-static-leases js-dhcp-static-lease-container">
-    <?php foreach ($hosts as $host) : ?>
-      <?php list($mac, $ip) = array_map("trim", explode(",", $host)); ?>
-      <div class="row dhcp-static-lease-row js-dhcp-static-lease-row">
-        <div class="col-md-5 col-xs-5">
-          <input type="text" name="static_leases[mac][]" value="<?php echo htmlspecialchars($mac, ENT_QUOTES) ?>" placeholder="<?php echo _("MAC address") ?>" class="form-control">
-        </div>
-        <div class="col-md-5 col-xs-4">
-          <input type="text" name="static_leases[ip][]" value="<?php echo htmlspecialchars($ip, ENT_QUOTES) ?>" placeholder="<?php echo _("IP address") ?>" class="form-control">
-        </div>
-        <div class="col-md-2 col-xs-3">
-          <button type="button" class="btn btn-outline-danger js-remove-dhcp-static-lease"><i class="far fa-trash-alt"></i></button>
-        </div>
-      </div>
-    <?php endforeach ?>
-  </div>
-
-  <h5 class="mt-3 mb-3"><?php echo _("Add static DHCP lease") ?></h5>
-   <div class="row">
-    <div class="col-md-6">
+  <div class="row">
+    <div class="col-md-12">
+      <h4 class="mt-3 mb-3"><?php echo _("Static leases") ?></h4>
       <p id="static-lease-description">
         <small><?php echo _("Clients with a particular hardware MAC address can always be allocated the same IP address.") ?></small>
         <small class="text-muted"><?php echo _("This option adds <code>dhcp-host</code> entries to the dnsmasq configuration.") ?></small>
       </p>
-    </div>
-  </div>
-  <div class="row dhcp-static-lease-row js-new-dhcp-static-lease">
-    <div class="col-md-5 col-xs-5">
-      <input type="text" name="mac" value="" placeholder="<?php echo _("MAC address") ?>" class="form-control" autofocus="autofocus">
-    </div>
-    <div class="col-md-5 col-xs-4">
-      <input type="text" name="ip" value="" placeholder="<?php echo _("IP address") ?>" class="form-control">
-    </div>
-    <div class="col-md-2 col-xs-3">
-      <button type="button" class="btn btn-outline-success js-add-dhcp-static-lease"><i class="far fa-plus-square"></i></button>
-    </div>
-  </div>
+      <div class="dhcp-static-leases js-dhcp-static-lease-container">
+        <?php foreach ($hosts as $host) : ?>
+          <?php list($mac, $ip) = array_map("trim", explode(",", $host)); ?>
+          <div class="row dhcp-static-lease-row js-dhcp-static-lease-row">
+            <div class="col-md-5 col-xs-5">
+              <input type="text" name="static_leases[mac][]" value="<?php echo htmlspecialchars($mac, ENT_QUOTES) ?>" placeholder="<?php echo _("MAC address") ?>" class="form-control">
+            </div>
+            <div class="col-md-5 col-xs-4">
+              <input type="text" name="static_leases[ip][]" value="<?php echo htmlspecialchars($ip, ENT_QUOTES) ?>" placeholder="<?php echo _("IP address") ?>" class="form-control">
+            </div>
+            <div class="col-md-2 col-xs-3">
+              <button type="button" class="btn btn-outline-danger js-remove-dhcp-static-lease"><i class="far fa-trash-alt"></i></button>
+            </div>
+          </div>
+        <?php endforeach ?>
+      </div>
 
-  <h5 class="mt-3 mb-3"><?php echo _("Restrict access") ?></h5>
-    <div class="row">
-      <div class="col-md-6">
+      <div class="row dhcp-static-lease-row js-new-dhcp-static-lease">
+        <div class="col-md-5 col-xs-5">
+          <input type="text" name="mac" value="" placeholder="<?php echo _("MAC address") ?>" class="form-control" autofocus="autofocus">
+        </div>
+        <div class="col-md-5 col-xs-4">
+          <input type="text" name="ip" value="" placeholder="<?php echo _("IP address") ?>" class="form-control">
+        </div>
+        <div class="col-md-2 col-xs-3">
+          <button type="button" class="btn btn-outline-success js-add-dhcp-static-lease"><i class="far fa-plus-square"></i></button>
+        </div>
+      </div>
+
+      <h5 class="mt-3 mb-3"><?php echo _("Restrict access") ?></h5>
         <div class="input-group">
-         <input type="hidden" name="dhcp-ignore" value="0">
+          <input type="hidden" name="dhcp-ignore" value="0">
             <div class="custom-control custom-switch">
               <input class="custom-control-input" id="dhcp-ignore" type="checkbox" name="dhcp-ignore" value="1" <?php echo $conf['dhcp-ignore'] ? ' checked="checked"' : "" ?> aria-describedby="dhcp-ignore-description">
               <label class="custom-control-label" for="dhcp-ignore"><?php echo _("Limit network access to static clients") ?></label>
@@ -57,18 +51,19 @@
         </div>
       </div>
 
-  <template id="js-dhcp-static-lease-row">
-    <div class="row dhcp-static-lease-row js-dhcp-static-lease-row">
-      <div class="col-md-5 col-xs-5">
-        <input type="text" name="static_leases[mac][]" value="{{ mac }}" placeholder="<?php echo _("MAC address") ?>" class="form-control">
+    <template id="js-dhcp-static-lease-row">
+      <div class="row dhcp-static-lease-row js-dhcp-static-lease-row">
+        <div class="col-md-5 col-xs-5">
+          <input type="text" name="static_leases[mac][]" value="{{ mac }}" placeholder="<?php echo _("MAC address") ?>" class="form-control">
+        </div>
+        <div class="col-md-5 col-xs-4">
+          <input type="text" name="static_leases[ip][]" value="{{ ip }}" placeholder="<?php echo _("IP address") ?>" class="form-control">
+        </div>
+        <div class="col-md-2 col-xs-3">
+          <button type="button" class="btn btn-outline-danger js-remove-dhcp-static-lease"><i class="far fa-trash-alt"></i></button>
+        </div>
       </div>
-      <div class="col-md-5 col-xs-4">
-        <input type="text" name="static_leases[ip][]" value="{{ ip }}" placeholder="<?php echo _("IP address") ?>" class="form-control">
-      </div>
-      <div class="col-md-2 col-xs-3">
-        <button type="button" class="btn btn-outline-danger js-remove-dhcp-static-lease"><i class="far fa-trash-alt"></i></button>
-      </div>
-    </div>
-  </template>
+    </template>
+
 </div><!-- /.tab-pane -->
 

From effed561699289fe8d66e8b96e17cb96f9463b3b Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 22 Feb 2021 09:41:37 +0000
Subject: [PATCH 063/300] Bugfix: update br0 dhcpcd sequence

---
 includes/hostapd.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/hostapd.php b/includes/hostapd.php
index 9aeb59e2..43e04bd1 100755
--- a/includes/hostapd.php
+++ b/includes/hostapd.php
@@ -306,8 +306,8 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
         if ($bridgedEnable == 1) {
             $config = array_keys(getDefaultNetOpts('dhcp'));
             $config[] = PHP_EOL.'# RaspAP br0 configuration';
-            $config[] = 'interface br0';
             $config[] = 'denyinterfaces eth0 wlan0';
+            $config[] = 'interface br0';
             $config[] = PHP_EOL;
         } elseif ($wifiAPEnable == 1) {
             $config = array_keys(getDefaultNetOpts('dhcp'));

From 1fddf4270bf7f8376c5c5c14f9c153a34b784f37 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 23 Feb 2021 23:19:33 +0000
Subject: [PATCH 064/300] Add wg default values

---
 config/defaults.json | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/config/defaults.json b/config/defaults.json
index 94f80da0..b02d4022 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -33,6 +33,13 @@
     "uap0": {
       "dhcp-range": [ "192.168.50.50,192.168.50.150,12h" ]
     }
+  },
+  "wireguard": {
+    "interface": {
+      "address": [ "10.3.141.1/24" ],
+      "listenport": [ "51820" ],
+      "dns": [ "10.3.141.1" ]
+    }
   }
 }
 

From cc1c8d594ad9512ce483708405bb1e22e014e33e Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 23 Feb 2021 23:21:02 +0000
Subject: [PATCH 065/300] Update w/ fallback default values

---
 includes/wireguard.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 84956b89..a7404495 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -50,6 +50,7 @@ function DisplayWireGuardConfig()
                 $config[] = '[Interface]';
                 $config[] = 'Address = '.$_POST['wg_ipaddress'];
                 $config[] = 'ListenPort = '.$_POST['wg_port'];
+
                 $config[] = '';
                 $config[] = 'PrivateKey = '.$_POST['wg_privkey'];
                 $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE';
@@ -102,8 +103,8 @@ function DisplayWireGuardConfig()
     // fetch wg config
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
-    $wg_port = $conf['ListenPort'];
-    $wg_ipaddress = $conf['Address'];
+    $wg_port = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','interface','listenport') : $conf['ListenPort'];
+    $wg_ipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','interface','address') : $conf['Address'];
     $wg_pubkey = $conf['PublicKey'];
     $wg_privkey = $conf['PrivateKey'];
     $wg_endpoint = $conf['Endpoint'];

From 369f303926a1db7f66f7a518f0f5240ea9defa5f Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 23 Feb 2021 23:21:38 +0000
Subject: [PATCH 066/300] Add _prompt_install_wireguard

---
 installers/common.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/installers/common.sh b/installers/common.sh
index 403187b5..70d52b56 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -50,6 +50,7 @@ function _install_raspap() {
     _configure_networking
     _prompt_install_adblock
     _prompt_install_openvpn
+    _prompt_install_wireguard
     _patch_system_files
     _install_complete
 }

From 2c99f9857dba12eef413e76d66b13c13eec850ba Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 23 Feb 2021 23:22:13 +0000
Subject: [PATCH 067/300] Update page routing for wg_conf

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 8f03521f..6d4fb478 100755
--- a/index.php
+++ b/index.php
@@ -169,7 +169,7 @@ $bridgedEnabled = getBridgedState();
           <?php endif; ?>
           <?php if (RASPI_WIREGUARD_ENABLED) : ?>
         <li class="nav-item">
-          <a class="nav-link" href="index.php?page=wg_conf"><span class="ra-wireguard mr-2"></span><span class="nav-label"><?php echo _("WireGuard"); ?></a>
+          <a class="nav-link" href="wg_conf"><span class="ra-wireguard mr-2"></span><span class="nav-label"><?php echo _("WireGuard"); ?></a>
         </li>
           <?php endif; ?>
           <?php if (RASPI_TORPROXY_ENABLED) : ?>

From d871e271effb1cafdb58952779a6829a145b2c7d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 08:45:26 +0000
Subject: [PATCH 068/300] Initial commit: wgkey gen

---
 ajax/networking/get_wgkey.php | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 ajax/networking/get_wgkey.php

diff --git a/ajax/networking/get_wgkey.php b/ajax/networking/get_wgkey.php
new file mode 100644
index 00000000..71f3af6e
--- /dev/null
+++ b/ajax/networking/get_wgkey.php
@@ -0,0 +1,22 @@
+<?php
+
+require '../../includes/csrf.php';
+require_once '../../includes/config.php';
+
+$entity = $_POST['entity'];
+    
+if (isset($entity)) {
+   
+    // generate public/private key pairs for entity
+    $pubkey = RASPI_WIREGUARD_PATH.$entity.'-public.key';
+    $privkey = RASPI_WIREGUARD_PATH.$entity.'-private.key';
+    $pubkey_tmp = '/tmp/'.$entity.'-public.key';
+    $privkey_tmp = '/tmp/'.$entity.'-private.key';
+     
+    exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
+    $entity_pubkey = str_replace("\n",'',file_get_contents($pubkey_tmp));
+    exec("sudo mv $privkey_tmp $privkey", $return);
+    exec("sudo mv $pubkey_tmp $pubkey", $return);
+
+    echo json_encode($entity_pubkey);
+}

From ad6a14fa50e4a482230c42a3b9c82904bd952842 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 08:45:53 +0000
Subject: [PATCH 069/300] Added generateWgKey()

---
 app/js/custom.js | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/app/js/custom.js b/app/js/custom.js
index 28609abe..817256a1 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -348,6 +348,19 @@ function updateBlocklist() {
 function clearBlocklistStatus() {
     $('#cbxblocklist-status').removeClass('check-updated').addClass('check-hidden');
 }
+
+// Handler for the wireguard generate key button
+function generateWgKey() {
+    var entity = $('#wg-srvpubkey').attr('name');
+    console.log(entity);
+    $.post('ajax/networking/get_wgkey.php',{'entity':entity },function(data){
+        var jsonData = JSON.parse(data);
+        console.log(jsonData);
+        $('#wg-srvpubkey').val(jsonData);
+        $('#wg-srvpubkey-status').removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
+    })
+}
+
 // Static Array method
 Array.range = (start, end) => Array.from({length: (end - start)}, (v, k) => k + start);
 

From c80ad85214bf63e1537472f57235529604ecd9d6 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 08:46:41 +0000
Subject: [PATCH 070/300] Update wireguard constants

---
 config/config.php     | 3 ++-
 includes/defaults.php | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/config/config.php b/config/config.php
index 0aeddbdb..5c906c38 100755
--- a/config/config.php
+++ b/config/config.php
@@ -21,7 +21,8 @@ define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant');
 define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
 define('RASPI_OPENVPN_SERVER_CONFIG', '/etc/openvpn/server/server.conf');
-define('RASPI_WIREGUARD_CONFIG', '/etc/wireguard/wg0.conf');
+define('RASPI_WIREGUARD_PATH', '/etc/wireguard/');
+define('RASPI_WIREGUARD_CONFIG', RASPI_WIREGUARD_PATH.'wg0.conf');
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
 define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
diff --git a/includes/defaults.php b/includes/defaults.php
index 17a4af39..d3261fca 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -26,7 +26,8 @@ $defaults = [
   'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf',
   'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf',
   'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf',
-  'RASPI_WIREGUARD_CONFIG' => '/etc/wireguard/wg0.conf',
+  'RASPI_WIREGUARD_PATH' => '/etc/wireguard/',
+  'RASPI_WIREGUARD_CONFIG' => RASPI_WIREGUARD_PATH.'wg0.conf',
   'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc',
   'RASPI_LIGHTTPD_CONFIG' => '/etc/lighttpd/lighttpd.conf',
   'RASPI_ACCESS_CHECK_IP' => '1.1.1.1',

From 6076e277c8f0a2004521702d8a0b4200e9cf8dae Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 08:48:07 +0000
Subject: [PATCH 071/300] Disambiguate var names

---
 includes/wireguard.php   | 16 ++++++++--------
 templates/wg/general.php | 12 ++++++------
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index a7404495..a3772ed9 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -103,10 +103,10 @@ function DisplayWireGuardConfig()
     // fetch wg config
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
-    $wg_port = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','interface','listenport') : $conf['ListenPort'];
-    $wg_ipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','interface','address') : $conf['Address'];
-    $wg_pubkey = $conf['PublicKey'];
-    $wg_privkey = $conf['PrivateKey'];
+    $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
+    $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
+    $wg_srvpubkey = $conf['PublicKey'];
+    $wg_srvprivkey = $conf['PrivateKey'];
     $wg_endpoint = $conf['Endpoint'];
     $wg_allowedips = $conf['AllowedIPs'];
     $wg_pkeepalive = $conf['PersistentKeepalive'];
@@ -124,10 +124,10 @@ function DisplayWireGuardConfig()
             "wg_log",
             "endpoint_enable",
             "peer_id",
-            "wg_port",
-            "wg_ipaddress",
-            "wg_pubkey",
-            "wg_privkey",
+            "wg_srvport",
+            "wg_srvipaddress",
+            "wg_srvpubkey",
+            "wg_srvprivkey",
             "wg_endpoint",
             "wg_allowedips",
             "wg_pkeepalive"
diff --git a/templates/wg/general.php b/templates/wg/general.php
index aa1de796..68edfa5e 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -16,7 +16,7 @@
         <div class="row">
           <div class="form-group col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wg_port" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
           </div>
         </div>
 
@@ -25,19 +25,19 @@
             <label for="code"><?php echo _("Local public key"); ?></label>
           </div>
           <div class="input-group col-md-12 mb-3">
-            <input type="text" class="form-control" name="wg_pubkey" value="<?php echo htmlspecialchars($wg_pubkey, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
-              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateWgKey()"><?php echo _("Generate key"); ?></button>
-              <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="generateWgKey()"><?php echo _("Generate key"); ?></button>
+              <span id="wg-srvpubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
           </div>
         </div>
-        <input type="hidden" name="wg_privkey" value="<?php echo htmlspecialchars($wg_privkey, ENT_QUOTES); ?>" />
+        <input type="hidden" name="wg_privkey" value="<?php echo htmlspecialchars($wg_srvprivkey, ENT_QUOTES); ?>" />
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("IP Address"); ?></label>
-            <input type="text" class="form-control" name="wg_ipaddress" value="<?php echo htmlspecialchars($wg_ipaddress, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_ipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
           </div>
         </div>
 

From 1431d44b52b78f45b550aaeab6f8da1405cff7ff Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 08:48:56 +0000
Subject: [PATCH 072/300] Added /bin/mv /tmp/wg-*.key

---
 installers/raspap.sudoers | 1 +
 1 file changed, 1 insertion(+)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 19b9a7a8..29266fa2 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -43,6 +43,7 @@ www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/wireguard.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasq_custom /etc/raspap/adblock/custom.txt
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/wg0.conf
+www-data ALL=(ALL) NOPASSWD:/bin/mv /tmp/wg-*.key /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl status wg-quick@wg0

From 796ed558f77ed7241b1687dff8e48f2300ca4d30 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 09:12:31 +0000
Subject: [PATCH 073/300] Handle peer defaults

---
 app/js/custom.js         |  2 +-
 config/defaults.json     | 13 +++++++++----
 includes/wireguard.php   | 10 +++++-----
 templates/wg/general.php |  2 +-
 templates/wg/peers.php   |  9 ++++-----
 5 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index 817256a1..e2c89ac6 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -357,7 +357,7 @@ function generateWgKey() {
         var jsonData = JSON.parse(data);
         console.log(jsonData);
         $('#wg-srvpubkey').val(jsonData);
-        $('#wg-srvpubkey-status').removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
+        $('#wg-server-pubkey-status').removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
     })
 }
 
diff --git a/config/defaults.json b/config/defaults.json
index b02d4022..46fce72c 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -35,10 +35,15 @@
     }
   },
   "wireguard": {
-    "interface": {
-      "address": [ "10.3.141.1/24" ],
-      "listenport": [ "51820" ],
-      "dns": [ "10.3.141.1" ]
+    "server": {
+      "Address": [ "10.3.141.1/24" ],
+      "ListenPort": [ "51820" ],
+      "DNS": [ "10.3.141.1" ]
+    },
+    "peer": {
+      "Endpoint": [ "server ip:53" ],
+      "AllowedIPs": ["0.0.0.0/0"],
+      "PersistentKeepalive": [ "15" ]
     }
   }
 }
diff --git a/includes/wireguard.php b/includes/wireguard.php
index a3772ed9..406172b7 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -107,9 +107,9 @@ function DisplayWireGuardConfig()
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
     $wg_srvpubkey = $conf['PublicKey'];
     $wg_srvprivkey = $conf['PrivateKey'];
-    $wg_endpoint = $conf['Endpoint'];
-    $wg_allowedips = $conf['AllowedIPs'];
-    $wg_pkeepalive = $conf['PersistentKeepalive'];
+    $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
+    $wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs'];
+    $wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive'];
 
     // fetch service status
     exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
@@ -128,8 +128,8 @@ function DisplayWireGuardConfig()
             "wg_srvipaddress",
             "wg_srvpubkey",
             "wg_srvprivkey",
-            "wg_endpoint",
-            "wg_allowedips",
+            "wg_pendpoint",
+            "wg_pallowedips",
             "wg_pkeepalive"
         )
     );
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 68edfa5e..3be32e45 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -28,7 +28,7 @@
             <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
               <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="generateWgKey()"><?php echo _("Generate key"); ?></button>
-              <span id="wg-srvpubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+              <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
           </div>
         </div>
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 16337a08..2b70680a 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -16,14 +16,14 @@
     <div class="row">
       <div class="form-group col-xs-3 col-sm-6 mt-3">
         <label for="code"><?php echo _("Endpoint address"); ?></label>
-        <input type="text" class="form-control" name="wg_endpoint" value="<?php echo htmlspecialchars($wg_endpoint, ENT_QUOTES); ?>" />
+        <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
       </div>
     </div>
 
     <div class="row">
       <div class="col-xs-3 col-sm-6">
         <label for="code"><?php echo _("Allowed IPs"); ?></label>
-        <input type="text" class="form-control mb-3" name="wg_allowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_allowedips, ENT_QUOTES); ?>" />
+        <input type="text" class="form-control mb-3" name="wg_pallowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" />
       </div>
     </div>
 
@@ -39,15 +39,14 @@
           <label for="code"><?php echo _("Peer public key"); ?></label>
       </div>
       <div class="input-group col-md-12 mb-3">
-        <input type="text" class="form-control" name="wg_peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
+        <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
         <div class="input-group-append">
-          <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateBlocklist()"><?php echo _("Generate key"); ?></button>
+          <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="generateWgKey()"><?php echo _("Generate key"); ?></button>
           <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
         </div>
       </div>
     </div>
 
-
     </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | peers tab -->

From b7ed2960c129b56e8f52d41d02d41011e69a93fc Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 10:32:07 +0000
Subject: [PATCH 074/300] Update wg-keygen for server + peer

---
 app/js/custom.js         | 15 +++++++--------
 templates/wg/general.php |  2 +-
 templates/wg/peers.php   |  4 ++--
 3 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index e2c89ac6..e0bb6134 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -350,16 +350,15 @@ function clearBlocklistStatus() {
 }
 
 // Handler for the wireguard generate key button
-function generateWgKey() {
-    var entity = $('#wg-srvpubkey').attr('name');
-    console.log(entity);
-    $.post('ajax/networking/get_wgkey.php',{'entity':entity },function(data){
+$('.wg-keygen').click(function(){
+    var entity = $(this).parent('div').prev('input[type="text"]');
+    var updated = entity.attr('name')+"-pubkey-status";
+    $.post('ajax/networking/get_wgkey.php',{'entity':entity.attr('name') },function(data){
         var jsonData = JSON.parse(data);
-        console.log(jsonData);
-        $('#wg-srvpubkey').val(jsonData);
-        $('#wg-server-pubkey-status').removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
+        entity.val(jsonData);
+        $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
     })
-}
+})
 
 // Static Array method
 Array.range = (start, end) => Array.from({length: (end - start)}, (v, k) => k + start);
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 3be32e45..5f5417b1 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -27,7 +27,7 @@
           <div class="input-group col-md-12 mb-3">
             <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
-              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="generateWgKey()"><?php echo _("Generate key"); ?></button>
+              <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
           </div>
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 2b70680a..e2ff5c6f 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -41,8 +41,8 @@
       <div class="input-group col-md-12 mb-3">
         <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
         <div class="input-group-append">
-          <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="generateWgKey()"><?php echo _("Generate key"); ?></button>
-          <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+          <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
+          <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
         </div>
       </div>
     </div>

From 9bbf698b6a637a20b6d5a260c0765c328c5e5842 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 18:06:18 +0000
Subject: [PATCH 075/300] Reorder template fields

---
 templates/wg/general.php | 17 +++++++++--------
 templates/wg/peers.php   | 29 +++++++++++++++--------------
 templates/wireguard.php  |  2 +-
 3 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index 5f5417b1..3d0cb952 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -13,12 +13,6 @@
           <small><?php echo _("Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers.") ?></small>
         </p>
         </div>
-        <div class="row">
-          <div class="form-group col-xs-3 col-sm-3">
-            <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
-          </div>
-        </div>
 
         <div class="row">
           <div class="col-xs-3 col-sm-6">
@@ -30,14 +24,21 @@
               <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
+            <input type="hidden" name="wg_srvprivkey" value="" />
+          </div>
+        </div>
+
+        <div class="row">
+          <div class="form-group col-xs-3 col-sm-3">
+            <label for="code"><?php echo _("Local Port"); ?></label>
+            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
           </div>
         </div>
-        <input type="hidden" name="wg_privkey" value="<?php echo htmlspecialchars($wg_srvprivkey, ENT_QUOTES); ?>" />
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("IP Address"); ?></label>
-            <input type="text" class="form-control" name="wg_ipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
           </div>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index e2ff5c6f..98298e37 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -13,6 +13,20 @@
         </div>
      </div>
 
+    <div class="row">
+      <div class="col-xs-3 col-sm-6 mt-3">
+          <label for="code"><?php echo _("Peer public key"); ?></label>
+      </div>
+      <div class="input-group col-md-12">
+        <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
+        <div class="input-group-append">
+          <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
+          <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+        </div>
+      </div>
+    </div>
+
+
     <div class="row">
       <div class="form-group col-xs-3 col-sm-6 mt-3">
         <label for="code"><?php echo _("Endpoint address"); ?></label>
@@ -34,20 +48,7 @@
       </div>
     </div>
 
-    <div class="row">
-      <div class="col-xs-3 col-sm-6">
-          <label for="code"><?php echo _("Peer public key"); ?></label>
-      </div>
-      <div class="input-group col-md-12 mb-3">
-        <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
-        <div class="input-group-append">
-          <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
-          <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
-        </div>
-      </div>
-    </div>
-
-    </div>
+  </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | peers tab -->
 
diff --git a/templates/wireguard.php b/templates/wireguard.php
index 3ead09c7..ee28dfa1 100644
--- a/templates/wireguard.php
+++ b/templates/wireguard.php
@@ -27,7 +27,7 @@
         </div><!-- /.card-header -->
         <div class="card-body">
         <?php $status->showMessages(); ?>
-          <form role="form" action="?page=wg_conf" enctype="multipart/form-data" method="POST">
+          <form role="form" action="/wg_conf" enctype="multipart/form-data" method="POST">
             <?php echo CSRFTokenFieldTag() ?>
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">

From 3ec81ba085726daba9e1a03e023ac96c4a48d5c7 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 18:07:19 +0000
Subject: [PATCH 076/300] Get/set pub+priv keys, create wg0.conf

---
 ajax/networking/get_wgkey.php |  7 +++---
 app/js/custom.js              | 10 +++++---
 includes/wireguard.php        | 46 +++++++++++++++++------------------
 installers/raspap.sudoers     |  1 +
 4 files changed, 33 insertions(+), 31 deletions(-)

diff --git a/ajax/networking/get_wgkey.php b/ajax/networking/get_wgkey.php
index 71f3af6e..d3f55aac 100644
--- a/ajax/networking/get_wgkey.php
+++ b/ajax/networking/get_wgkey.php
@@ -4,7 +4,7 @@ require '../../includes/csrf.php';
 require_once '../../includes/config.php';
 
 $entity = $_POST['entity'];
-    
+
 if (isset($entity)) {
    
     // generate public/private key pairs for entity
@@ -14,9 +14,10 @@ if (isset($entity)) {
     $privkey_tmp = '/tmp/'.$entity.'-private.key';
      
     exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
-    $entity_pubkey = str_replace("\n",'',file_get_contents($pubkey_tmp));
+    $wgdata['pubkey'] = str_replace("\n",'',file_get_contents($pubkey_tmp));
+    $wgdata['privkey'] = str_replace("\n",'',file_get_contents($privkey_tmp));
     exec("sudo mv $privkey_tmp $privkey", $return);
     exec("sudo mv $pubkey_tmp $pubkey", $return);
 
-    echo json_encode($entity_pubkey);
+    echo json_encode($wgdata);
 }
diff --git a/app/js/custom.js b/app/js/custom.js
index e0bb6134..89c500bc 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -351,11 +351,13 @@ function clearBlocklistStatus() {
 
 // Handler for the wireguard generate key button
 $('.wg-keygen').click(function(){
-    var entity = $(this).parent('div').prev('input[type="text"]');
-    var updated = entity.attr('name')+"-pubkey-status";
-    $.post('ajax/networking/get_wgkey.php',{'entity':entity.attr('name') },function(data){
+    var entity_pub = $(this).parent('div').prev('input[type="text"]');
+    var entity_priv = $(this).parent('div').next('input[type="hidden"]');
+    var updated = entity_pub.attr('name')+"-pubkey-status";
+    $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){
         var jsonData = JSON.parse(data);
-        entity.val(jsonData);
+        entity_pub.val(jsonData.pubkey);
+        entity_priv.val(jsonData.privkey);
         $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
     })
 })
diff --git a/includes/wireguard.php b/includes/wireguard.php
index 406172b7..787672d0 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -15,26 +15,26 @@ function DisplayWireGuardConfig()
             $good_input = true;
             $peer_id = 1;
             // Validate input
-            if (isset($_POST['wg_port'])) {
-                if (strlen($_POST['wg_port']) > 5 || !is_numeric($_POST['wg_port'])) {
+            if (isset($_POST['wg_srvport'])) {
+                if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
                     $status->addMessage('Invalid value for port number', 'danger');
                     $good_input = false;
                 }
             }
-            if (isset($_POST['wg_ipaddress'])) {
-                if (!validateCidr($_POST['wg_ipaddress'])) {
+            if (isset($_POST['wg_srvipaddress'])) {
+                if (!validateCidr($_POST['wg_srvipaddress'])) {
                     $status->addMessage('Invalid value for IP address', 'danger');
                     $good_input = false;
                 }
             }
-            if (isset($_POST['wg_endpoint']) && strlen(trim($_POST['wg_endpoint']) >0 )) {
-                if (!validateCidr($_POST['wg_endpoint'])) {
+            if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
+                if (!validateCidr($_POST['wg_pendpoint'])) {
                     $status->addMessage('Invalid value for endpoint address', 'danger');
                     $good_input = false;
                 }
             }
-            if (isset($_POST['wg_allowedips'])) {
-                if (!validateCidr($_POST['wg_allowedips'])) {
+            if (isset($_POST['wg_pallowedips'])) {
+                if (!validateCidr($_POST['wg_pallowedips'])) {
                     $status->addMessage('Invalid value for allowed IPs', 'danger');
                     $good_input = false;
                 }
@@ -48,20 +48,18 @@ function DisplayWireGuardConfig()
             // Save settings
             if ($good_input) {
                 $config[] = '[Interface]';
-                $config[] = 'Address = '.$_POST['wg_ipaddress'];
-                $config[] = 'ListenPort = '.$_POST['wg_port'];
-
-                $config[] = '';
-                $config[] = 'PrivateKey = '.$_POST['wg_privkey'];
-                $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE';
-                $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE';
+                $config[] = 'Address = '.$_POST['wg_srvipaddress'];
+                $config[] = 'ListenPort = '.$_POST['wg_srvport'];
+                $config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
+                $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
+                $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
                 $config[] = '';
                 $config[] = '[Peer]';
-                $config[] = 'PublicKey = '.$_POST['wg_pubkey'];
-                if ($_POST['wg_endpoint'] !== '') {
-                    $config[] = 'Endpoint = '.trim($_POST['wg_endpoint']);
+                $config[] = 'PublicKey = '.$_POST['wg-peer'];
+                if ($_POST['wg_pendpoint'] !== '') {
+                    $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
                 }
-                $config[] = 'AllowedIPs = '.$_POST['wg_allowedips'];
+                $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
                 if ($_POST['wg_pkeepalive'] !== '') {
                     $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
                 }
@@ -103,14 +101,14 @@ function DisplayWireGuardConfig()
     // fetch wg config
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
+    $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
     $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
-    $wg_srvpubkey = $conf['PublicKey'];
-    $wg_srvprivkey = $conf['PrivateKey'];
     $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
     $wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs'];
     $wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive'];
-
+    $wg_peerpubkey = $conf['PublicKey'];
+ 
     // fetch service status
     exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
     $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
@@ -124,10 +122,10 @@ function DisplayWireGuardConfig()
             "wg_log",
             "endpoint_enable",
             "peer_id",
+            "wg_srvpubkey",
             "wg_srvport",
             "wg_srvipaddress",
-            "wg_srvpubkey",
-            "wg_srvprivkey",
+            "wg_peerpubkey",
             "wg_pendpoint",
             "wg_pallowedips",
             "wg_pkeepalive"
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 29266fa2..4c0bf163 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -51,4 +51,5 @@ www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg0.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-server-public.key
 

From 9eadd28df1b90dda47c56f4e40b3d7b3df32d49d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 2 Mar 2021 14:16:43 +0000
Subject: [PATCH 077/300] Save client.conf

---
 includes/wireguard.php | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 787672d0..44b2bc74 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -47,6 +47,7 @@ function DisplayWireGuardConfig()
             }
             // Save settings
             if ($good_input) {
+                // server (wg0.conf)
                 $config[] = '[Interface]';
                 $config[] = 'Address = '.$_POST['wg_srvipaddress'];
                 $config[] = 'ListenPort = '.$_POST['wg_srvport'];
@@ -68,7 +69,23 @@ function DisplayWireGuardConfig()
 
                 file_put_contents("/tmp/wgdata", $config);
                 system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
-                
+
+                // client1 (client.conf)
+                $config = [];
+                $config[] = '[Interface]';
+                $config[] = 'Address = ';
+                $config[] = 'PrivateKey = ';
+                $config[] = '';
+                $config[] = '[Peer]';
+                $config[] = 'PublicKey = ';
+                $config[] = 'AllowedIPs = ';
+                $config[] = 'Endpoint = ';
+                $config[] = '';
+                $config = join(PHP_EOL, $config);
+
+                file_put_contents("/tmp/wgdata", $config);
+                system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
+
                 // handle log option
                 if ($_POST['wg_log'] == "1") {
                     exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");

From 0d2f02e3fbdc25d74d72618a4f149768d8ebc342 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 2 Mar 2021 14:17:13 +0000
Subject: [PATCH 078/300] Update sudoers wireguard/*.conf

---
 installers/raspap.sudoers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 4c0bf163..be9cc7dc 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -42,7 +42,7 @@ www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/wireguard.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasq_custom /etc/raspap/adblock/custom.txt
-www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/wg0.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/mv /tmp/wg-*.key /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log

From cd045a34b8d27c42309ddc4e0551d29ce414a6be Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 2 Mar 2021 14:18:32 +0000
Subject: [PATCH 079/300] Reorder inputs, QR client.conf WIP

---
 templates/wg/general.php |  2 +-
 templates/wg/peers.php   | 63 ++++++++++++++++++++++------------------
 2 files changed, 35 insertions(+), 30 deletions(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index 3d0cb952..5b3e4c17 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -21,7 +21,7 @@
           <div class="input-group col-md-12 mb-3">
             <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
-              <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
+              <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
             <input type="hidden" name="wg_srvprivkey" value="" />
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 98298e37..a155b920 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -1,6 +1,5 @@
 <!-- wireguard peers tab -->
 <div class="tab-pane fade" id="wgpeers">
-
   <div class="row">
     <div class="col-md-6">
       <h4 class="mt-3"><?php echo _("Peer"); ?></h4>
@@ -13,42 +12,48 @@
         </div>
      </div>
 
-    <div class="row">
-      <div class="col-xs-3 col-sm-6 mt-3">
+      <div class="row">
+        <div class="col-xs-3 col-sm-6 mt-3">
           <label for="code"><?php echo _("Peer public key"); ?></label>
+        </div>
+        <div class="input-group col-md-12">
+          <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
+          <div class="input-group-append">
+            <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
+            <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+          </div>
+        </div>
       </div>
-      <div class="input-group col-md-12">
-        <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
-        <div class="input-group-append">
-          <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
-          <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+
+      <div class="row">
+        <div class="form-group col-xs-3 col-sm-6 mt-3">
+          <label for="code"><?php echo _("Endpoint address"); ?></label>
+          <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="col-xs-3 col-sm-6">
+          <label for="code"><?php echo _("Allowed IPs"); ?></label>
+          <input type="text" class="form-control mb-3" name="wg_pallowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="col-xs-3 col-sm-6">
+          <label for="code"><?php echo _("Persistent keepalive"); ?></label>
+          <input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" placeholder="25" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
         </div>
       </div>
     </div>
 
-
-    <div class="row">
-      <div class="form-group col-xs-3 col-sm-6 mt-3">
-        <label for="code"><?php echo _("Endpoint address"); ?></label>
-        <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
-      </div>
+    <div class="col-md-6 mt-5">
+      <figure class="figure">
+        <img src="app/img/wifi-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
+        <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this RaspAP."); ?></figcaption>
+      </figure>
     </div>
 
-    <div class="row">
-      <div class="col-xs-3 col-sm-6">
-        <label for="code"><?php echo _("Allowed IPs"); ?></label>
-        <input type="text" class="form-control mb-3" name="wg_pallowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" />
-      </div>
-    </div>
-
-    <div class="row">
-      <div class="col-xs-3 col-sm-6">
-        <label for="code"><?php echo _("Persistent keepalive"); ?></label>
-        <input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" placeholder="25" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
-      </div>
-    </div>
-
-  </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | peers tab -->
 

From 6b484d383c48b0c86a0583fbd459c04dc22accdc Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 2 Mar 2021 23:15:47 +0000
Subject: [PATCH 080/300] Progress commit: wg-qr-code

---
 app/img/wg-qr-code.php    | 27 +++++++++++++++++++++++++++
 includes/functions.php    |  8 ++++++++
 installers/raspap.sudoers |  2 +-
 templates/wg/peers.php    |  2 +-
 4 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 app/img/wg-qr-code.php

diff --git a/app/img/wg-qr-code.php b/app/img/wg-qr-code.php
new file mode 100644
index 00000000..83cda725
--- /dev/null
+++ b/app/img/wg-qr-code.php
@@ -0,0 +1,27 @@
+<?php
+
+require_once '../../includes/config.php';
+require_once '../../includes/defaults.php';
+require_once '../../includes/functions.php';
+
+// prevent direct file access
+if (!isset($_SERVER['HTTP_REFERER'])) {
+    header('HTTP/1.0 403 Forbidden');
+    exit;
+}
+
+exec("sudo cat " .RASPI_WIREGUARD_PATH.'client.conf', $return);
+$peer_conf = qr_encode(implode($return));
+$command = "qrencode -t svg -m 0 -o - " . mb_escapeshellarg($peer_conf);
+$svg = shell_exec($command);
+$etag = hash('sha256', $peer_conf);
+$content_length = strlen($svg);
+$last_modified = date("Y-m-d H:i:s");
+
+header("Content-Type: image/svg+xml");
+header("Content-Length: $content_length");
+header("Last-Modified: $last_modified");
+header("ETag: \"$etag\"");
+header("X-QR-Code-Content: $peer_conf");
+echo shell_exec($command);
+
diff --git a/includes/functions.php b/includes/functions.php
index 183f1552..98c85bf5 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -757,3 +757,11 @@ function getNightmode(){
     }
 }
 
+// Sanitizes a string for QR encoding
+// @param string $str
+// @return string
+function qr_encode($str)
+{
+    return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);
+}
+
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index be9cc7dc..18fb9187 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -50,6 +50,6 @@ www-data ALL=(ALL) NOPASSWD:/bin/systemctl status wg-quick@wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
-www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg0.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-server-public.key
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index a155b920..cbdad128 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -49,7 +49,7 @@
 
     <div class="col-md-6 mt-5">
       <figure class="figure">
-        <img src="app/img/wifi-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
+        <img src="app/img/wg-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
         <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this RaspAP."); ?></figcaption>
       </figure>
     </div>

From 0dbfb5c44f17148ed8eb181ca55e0e1ac74ee4c2 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:06:27 +0000
Subject: [PATCH 081/300] Create SaveWireGuardConfig()

---
 includes/wireguard.php | 196 ++++++++++++++++++++++-------------------
 1 file changed, 106 insertions(+), 90 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 44b2bc74..a9ade3d0 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -4,102 +4,14 @@ require_once 'includes/status_messages.php';
 require_once 'config.php';
 
 /**
- * Manage WireGuard configuration
+ * Displays wireguard server & peer configuration
  */
 function DisplayWireGuardConfig()
 {
     $status = new StatusMessages();
     if (!RASPI_MONITOR_ENABLED) {
         if (isset($_POST['savewgsettings'])) {
-            // Set defaults
-            $good_input = true;
-            $peer_id = 1;
-            // Validate input
-            if (isset($_POST['wg_srvport'])) {
-                if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
-                    $status->addMessage('Invalid value for port number', 'danger');
-                    $good_input = false;
-                }
-            }
-            if (isset($_POST['wg_srvipaddress'])) {
-                if (!validateCidr($_POST['wg_srvipaddress'])) {
-                    $status->addMessage('Invalid value for IP address', 'danger');
-                    $good_input = false;
-                }
-            }
-            if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
-                if (!validateCidr($_POST['wg_pendpoint'])) {
-                    $status->addMessage('Invalid value for endpoint address', 'danger');
-                    $good_input = false;
-                }
-            }
-            if (isset($_POST['wg_pallowedips'])) {
-                if (!validateCidr($_POST['wg_pallowedips'])) {
-                    $status->addMessage('Invalid value for allowed IPs', 'danger');
-                    $good_input = false;
-                }
-            }
-            if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
-                if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
-                    $status->addMessage('Invalid value for persistent keepalive', 'danger');
-                    $good_input = false;
-                }
-            }
-            // Save settings
-            if ($good_input) {
-                // server (wg0.conf)
-                $config[] = '[Interface]';
-                $config[] = 'Address = '.$_POST['wg_srvipaddress'];
-                $config[] = 'ListenPort = '.$_POST['wg_srvport'];
-                $config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
-                $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
-                $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
-                $config[] = '';
-                $config[] = '[Peer]';
-                $config[] = 'PublicKey = '.$_POST['wg-peer'];
-                if ($_POST['wg_pendpoint'] !== '') {
-                    $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
-                }
-                $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
-                if ($_POST['wg_pkeepalive'] !== '') {
-                    $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
-                }
-                $config[] = '';
-                $config = join(PHP_EOL, $config);
-
-                file_put_contents("/tmp/wgdata", $config);
-                system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
-
-                // client1 (client.conf)
-                $config = [];
-                $config[] = '[Interface]';
-                $config[] = 'Address = ';
-                $config[] = 'PrivateKey = ';
-                $config[] = '';
-                $config[] = '[Peer]';
-                $config[] = 'PublicKey = ';
-                $config[] = 'AllowedIPs = ';
-                $config[] = 'Endpoint = ';
-                $config[] = '';
-                $config = join(PHP_EOL, $config);
-
-                file_put_contents("/tmp/wgdata", $config);
-                system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
-
-                // handle log option
-                if ($_POST['wg_log'] == "1") {
-                    exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
-                }
-                foreach ($return as $line) {
-                    $status->addMessage($line, 'info');
-                }
-                if ($return == 0) {
-                    $status->addMessage('Wireguard configuration updated successfully', 'success');
-                } else {
-                    $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
-                }
-            }
-
+            SaveWireGuardConfig($status);
         } elseif (isset($_POST['startwg'])) {
             $status->addMessage('Attempting to start WireGuard', 'info');
             exec('sudo /usr/bin/wg-quick up wg0', $return);
@@ -119,6 +31,8 @@ function DisplayWireGuardConfig()
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
     $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
+    $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
+    $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
     $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
     $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
@@ -140,6 +54,8 @@ function DisplayWireGuardConfig()
             "endpoint_enable",
             "peer_id",
             "wg_srvpubkey",
+            "wg_srvprivkey",
+            "wg_peerprivkey",
             "wg_srvport",
             "wg_srvipaddress",
             "wg_peerpubkey",
@@ -150,3 +66,103 @@ function DisplayWireGuardConfig()
     );
 }
 
+/**
+ * Validate user input, save wireguard configuration
+ *
+ * @param object $status
+ * @return boolean
+ */
+function SaveWireGuardConfig($status)
+{
+    // Set defaults
+    $good_input = true;
+    $peer_id = 1;
+    // Validate input
+    if (isset($_POST['wg_srvport'])) {
+        if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
+            $status->addMessage('Invalid value for port number', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_srvipaddress'])) {
+        if (!validateCidr($_POST['wg_srvipaddress'])) {
+            $status->addMessage('Invalid value for IP address', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
+        if (!validateCidr($_POST['wg_pendpoint'])) {
+            $status->addMessage('Invalid value for endpoint address', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_pallowedips'])) {
+        if (!validateCidr($_POST['wg_pallowedips'])) {
+            $status->addMessage('Invalid value for allowed IPs', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
+        if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
+            $status->addMessage('Invalid value for persistent keepalive', 'danger');
+            $good_input = false;
+        }
+    }
+    // Save settings
+    if ($good_input) {
+        // server (wg0.conf)
+        $config[] = '[Interface]';
+        $config[] = 'Address = '.$_POST['wg_srvipaddress'];
+        $config[] = 'ListenPort = '.$_POST['wg_srvport'];
+        $config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
+        $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
+        $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
+        $config[] = '';
+        $config[] = '[Peer]';
+        $config[] = 'PublicKey = '.$_POST['wg-peer'];
+        if ($_POST['wg_pendpoint'] !== '') {
+            $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
+        }
+        $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
+        if ($_POST['wg_pkeepalive'] !== '') {
+            $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+        }
+        $config[] = '';
+        $config = join(PHP_EOL, $config);
+
+        file_put_contents("/tmp/wgdata", $config);
+        system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
+
+        // client1 (client.conf)
+        $config = [];
+        $config[] = '[Interface]';
+        if ($_POST['wg_pendpoint'] !== '') {
+            $config[] = 'Address = '.trim($_POST['wg_pendpoint']);
+        }
+        $config[] = 'PrivateKey = '.$_POST['wg_peerprivkey'];
+        $config[] = '';
+        $config[] = '[Peer]';
+        $config[] = 'PublicKey = '.$_POST['wg-server'];
+        $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
+        $config[] = 'Endpoint = '.$_POST['wg_srvipaddress'];
+        $config[] = '';
+        $config = join(PHP_EOL, $config);
+
+        file_put_contents("/tmp/wgdata", $config);
+        system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
+
+        // handle log option
+        if ($_POST['wg_log'] == "1") {
+            exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
+        }
+        foreach ($return as $line) {
+            $status->addMessage($line, 'info');
+        }
+        if ($return == 0) {
+            $status->addMessage('Wireguard configuration updated successfully', 'success');
+        } else {
+            $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
+        }
+    }
+}
+

From 858edb065b0e718f17483585daa945b7a003c6f2 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:07:04 +0000
Subject: [PATCH 082/300] Update sudoers wg-*.key

---
 installers/raspap.sudoers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 18fb9187..b05be96a 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -51,5 +51,5 @@ www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
-www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-server-public.key
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key
 

From 9beab1d2e768bd7313128c74495ae06421fc7dce Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:08:23 +0000
Subject: [PATCH 083/300] Update server + peer hidden fields

---
 templates/wg/general.php | 2 +-
 templates/wg/peers.php   | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index 5b3e4c17..9ff217d2 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -24,7 +24,7 @@
               <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
-            <input type="hidden" name="wg_srvprivkey" value="" />
+            <input type="hidden" name="wg_srvprivkey" value="<?php echo htmlspecialchars($wg_srvprivkey, ENT_QUOTES); ?>" />
           </div>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index cbdad128..ae60a973 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -22,6 +22,7 @@
             <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
             <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
           </div>
+          <input type="hidden" name="wg_peerprivkey" value="<?php echo htmlspecialchars($wg_peerprivkey, ENT_QUOTES); ?>" />
         </div>
       </div>
 

From 6b002e3d4cef1b4cb2eafe3047a2f77186cf3e4a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:23:05 +0000
Subject: [PATCH 084/300] Update wg placeholder values

---
 config/defaults.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/defaults.json b/config/defaults.json
index 46fce72c..f87223cf 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -36,12 +36,12 @@
   },
   "wireguard": {
     "server": {
-      "Address": [ "10.3.141.1/24" ],
+      "Address": [ "10.253.3.1/24" ],
       "ListenPort": [ "51820" ],
       "DNS": [ "10.3.141.1" ]
     },
     "peer": {
-      "Endpoint": [ "server ip:53" ],
+      "Endpoint": [ "10.253.3.1/24:51820" ],
       "AllowedIPs": ["0.0.0.0/0"],
       "PersistentKeepalive": [ "15" ]
     }

From 4515ac95fb4f9ace712fc99410054ff455f7a180 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:44:45 +0000
Subject: [PATCH 085/300] Improved private key handling (security)

---
 ajax/networking/get_wgkey.php | 1 -
 app/js/custom.js              | 1 -
 includes/wireguard.php        | 8 ++++++--
 templates/wg/general.php      | 1 -
 templates/wg/peers.php        | 1 -
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/ajax/networking/get_wgkey.php b/ajax/networking/get_wgkey.php
index d3f55aac..840d59f0 100644
--- a/ajax/networking/get_wgkey.php
+++ b/ajax/networking/get_wgkey.php
@@ -15,7 +15,6 @@ if (isset($entity)) {
      
     exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
     $wgdata['pubkey'] = str_replace("\n",'',file_get_contents($pubkey_tmp));
-    $wgdata['privkey'] = str_replace("\n",'',file_get_contents($privkey_tmp));
     exec("sudo mv $privkey_tmp $privkey", $return);
     exec("sudo mv $pubkey_tmp $pubkey", $return);
 
diff --git a/app/js/custom.js b/app/js/custom.js
index 89c500bc..25260e81 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -357,7 +357,6 @@ $('.wg-keygen').click(function(){
     $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){
         var jsonData = JSON.parse(data);
         entity_pub.val(jsonData.pubkey);
-        entity_priv.val(jsonData.privkey);
         $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
     })
 })
diff --git a/includes/wireguard.php b/includes/wireguard.php
index a9ade3d0..41b67c7f 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -110,11 +110,15 @@ function SaveWireGuardConfig($status)
     }
     // Save settings
     if ($good_input) {
+        // fetch private keys from filesytem
+        $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
+        $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
+
         // server (wg0.conf)
         $config[] = '[Interface]';
         $config[] = 'Address = '.$_POST['wg_srvipaddress'];
         $config[] = 'ListenPort = '.$_POST['wg_srvport'];
-        $config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
+        $config[] = 'PrivateKey = '.$wg_srvprivkey;
         $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
         $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
         $config[] = '';
@@ -139,7 +143,7 @@ function SaveWireGuardConfig($status)
         if ($_POST['wg_pendpoint'] !== '') {
             $config[] = 'Address = '.trim($_POST['wg_pendpoint']);
         }
-        $config[] = 'PrivateKey = '.$_POST['wg_peerprivkey'];
+        $config[] = 'PrivateKey = '.$wg_peerprivkey;
         $config[] = '';
         $config[] = '[Peer]';
         $config[] = 'PublicKey = '.$_POST['wg-server'];
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 9ff217d2..db00ab21 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -24,7 +24,6 @@
               <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
-            <input type="hidden" name="wg_srvprivkey" value="<?php echo htmlspecialchars($wg_srvprivkey, ENT_QUOTES); ?>" />
           </div>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index ae60a973..cbdad128 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -22,7 +22,6 @@
             <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
             <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
           </div>
-          <input type="hidden" name="wg_peerprivkey" value="<?php echo htmlspecialchars($wg_peerprivkey, ENT_QUOTES); ?>" />
         </div>
       </div>
 

From 0e89de206659ae66f5c60b9a568fb296f159f205 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:50:16 +0000
Subject: [PATCH 086/300] Remove private keys from payload

---
 includes/wireguard.php | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 41b67c7f..0707efbb 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -31,8 +31,6 @@ function DisplayWireGuardConfig()
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
     $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
-    $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
-    $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
     $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
     $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
@@ -54,8 +52,6 @@ function DisplayWireGuardConfig()
             "endpoint_enable",
             "peer_id",
             "wg_srvpubkey",
-            "wg_srvprivkey",
-            "wg_peerprivkey",
             "wg_srvport",
             "wg_srvipaddress",
             "wg_peerpubkey",

From 18729edd1e750f078e64878e7d2d5b8d41d1d9cb Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:54:21 +0000
Subject: [PATCH 087/300] Update wg endpoint default value

---
 config/defaults.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/defaults.json b/config/defaults.json
index f87223cf..3c584ed0 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -41,7 +41,7 @@
       "DNS": [ "10.3.141.1" ]
     },
     "peer": {
-      "Endpoint": [ "10.253.3.1/24:51820" ],
+      "Endpoint": [ "10.253.3.1:51820" ],
       "AllowedIPs": ["0.0.0.0/0"],
       "PersistentKeepalive": [ "15" ]
     }

From 333d447c6bfbe9b8767fa6ce3729e75ea6abefd0 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 5 Mar 2021 08:32:00 +0000
Subject: [PATCH 088/300] Add defaults for wg server PostUp/Down

---
 config/defaults.json   |  6 ++++--
 includes/wireguard.php | 10 +++++-----
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/config/defaults.json b/config/defaults.json
index 3c584ed0..55dd0938 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -38,10 +38,12 @@
     "server": {
       "Address": [ "10.253.3.1/24" ],
       "ListenPort": [ "51820" ],
-      "DNS": [ "10.3.141.1" ]
+      "DNS": [ "10.3.141.1" ],
+      "PostUp": [ "iptables -A FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -A  POSTROUTING -o wg0 -j MASQUERADE" ],
+      "PostDown": [ "iptables -D FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D  POSTROUTING -o wg0 -j MASQUERADE" ]
     },
     "peer": {
-      "Endpoint": [ "10.253.3.1:51820" ],
+      "Endpoint": [ "10.253.3.1" ],
       "AllowedIPs": ["0.0.0.0/0"],
       "PersistentKeepalive": [ "15" ]
     }
diff --git a/includes/wireguard.php b/includes/wireguard.php
index 0707efbb..63b26827 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -87,12 +87,12 @@ function SaveWireGuardConfig($status)
         }
     }
     if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
-        if (!validateCidr($_POST['wg_pendpoint'])) {
+        if (!filter_var($_POST['wg_pendpoint'],FILTER_VALIDATE_IP)) {
             $status->addMessage('Invalid value for endpoint address', 'danger');
             $good_input = false;
         }
     }
-    if (isset($_POST['wg_pallowedips'])) {
+    if (isset($_POST['wg_pallowedips']) && strlen(trim($_POST['wg_pallowedips']) >0)) {
         if (!validateCidr($_POST['wg_pallowedips'])) {
             $status->addMessage('Invalid value for allowed IPs', 'danger');
             $good_input = false;
@@ -115,13 +115,13 @@ function SaveWireGuardConfig($status)
         $config[] = 'Address = '.$_POST['wg_srvipaddress'];
         $config[] = 'ListenPort = '.$_POST['wg_srvport'];
         $config[] = 'PrivateKey = '.$wg_srvprivkey;
-        $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
-        $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
+        $config[] = 'PostUp = '.getDefaultNetValue('wireguard','server','PostUp');
+        $config[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
         $config[] = '';
         $config[] = '[Peer]';
         $config[] = 'PublicKey = '.$_POST['wg-peer'];
         if ($_POST['wg_pendpoint'] !== '') {
-            $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
+            $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']).':'.$_POST['wg_srvport'];
         }
         $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
         if ($_POST['wg_pkeepalive'] !== '') {

From 406ff39ef8c8cf16baa8a42c4221eb69a46413ce Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 5 Mar 2021 19:24:18 +0000
Subject: [PATCH 089/300] Update release version

---
 BACKERS.md            | 2 ++
 README.md             | 2 +-
 includes/defaults.php | 2 +-
 index.php             | 2 +-
 4 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/BACKERS.md b/BACKERS.md
index 8ea2c184..cabd988b 100644
--- a/BACKERS.md
+++ b/BACKERS.md
@@ -21,6 +21,7 @@ When backers were asked which feature they'd most like to see added to RaspAP, t
 ✅ OpenVPN service logging  
 ✅ Night mode toggle  
 ✅ Restrict network to static clients  
+⚙️  WireGuard support (in progress)  
 ⚙️  Traffic shaping (in progress)  
 
 Look for the list above to grow as we add more exclusive features. 
@@ -33,6 +34,7 @@ Below is a list of funding targets. When a funding target is reached, the featur
 ✅ OpenVPN service logging  
 ✅ Night mode toggle  
 ✅ Restrict network to static clients  
+⚙️  WireGuard support (in progress)  
 ⚙️  Traffic shaping (in progress)  
 
 ### Frequently asked questions
diff --git a/README.md b/README.md
index 42266b4b..ce80cb0b 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/DpgvLIO.png)
-[![Release 2.7](https://img.shields.io/badge/release-v2.7-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.7.1](https://img.shields.io/badge/release-v2.7.1-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.
 
diff --git a/includes/defaults.php b/includes/defaults.php
index 93aa2df3..3cde7d64 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.7',
+  'RASPI_VERSION' => '2.7.1',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
diff --git a/index.php b/index.php
index a132db68..7e157bfe 100755
--- a/index.php
+++ b/index.php
@@ -14,7 +14,7 @@
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.7
+ * @version 2.7.1
  * @link    https://github.com/raspap/raspap-insiders/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/

From c10d13c45e786d275da73eb68d4aea55d357ca5d Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Fri, 5 Mar 2021 20:30:03 +0100
Subject: [PATCH 090/300] Update README.md

---
 README.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index ce80cb0b..901dd74d 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,9 @@ When backers were asked which feature they'd most like to see added to RaspAP, t
 ✅ Manage OpenVPN client configs  
 ✅ OpenVPN service logging  
 ✅ Night mode toggle  
-⚙️ Traffic shaping (in progress)  
+✅ Restrict network to static clients
+⚙️ WireGuard support (in progress)
+⚙️ Traffic shaping (in progress) 
 
 Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/orgs/RaspAP/teams/insiders/discussions) and let us know!
 
@@ -41,7 +43,9 @@ Following is a list of funding targets. When a funding target is reached, the fe
 ✅ Manage OpenVPN client configs  
 ✅ OpenVPN service logging  
 ✅ Night mode toggle  
-⚙️ Traffic shaping (in progress)  
+✅ Restrict network to static clients
+⚙️ WireGuard support (in progress)
+⚙️ Traffic shaping (in progress) 
 
 ## Frequently asked questions
 

From 5d13d75ce7a927fdb3799d1d3ce9c089ce28026a Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Fri, 5 Mar 2021 20:30:47 +0100
Subject: [PATCH 091/300] Update README.md

---
 README.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 901dd74d..1f137ad1 100644
--- a/README.md
+++ b/README.md
@@ -30,9 +30,9 @@ When backers were asked which feature they'd most like to see added to RaspAP, t
 ✅ Manage OpenVPN client configs  
 ✅ OpenVPN service logging  
 ✅ Night mode toggle  
-✅ Restrict network to static clients
-⚙️ WireGuard support (in progress)
-⚙️ Traffic shaping (in progress) 
+✅ Restrict network to static clients  
+⚙️ WireGuard support (in progress)  
+⚙️ Traffic shaping (in progress)  
 
 Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/orgs/RaspAP/teams/insiders/discussions) and let us know!
 
@@ -43,8 +43,8 @@ Following is a list of funding targets. When a funding target is reached, the fe
 ✅ Manage OpenVPN client configs  
 ✅ OpenVPN service logging  
 ✅ Night mode toggle  
-✅ Restrict network to static clients
-⚙️ WireGuard support (in progress)
+✅ Restrict network to static clients  
+⚙️ WireGuard support (in progress)  
 ⚙️ Traffic shaping (in progress) 
 
 ## Frequently asked questions

From 6d635a96d52ec7eae2de184a6b382c459293e3e0 Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Sat, 6 Mar 2021 08:44:52 +0100
Subject: [PATCH 092/300] Update README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 1f137ad1..8a4fd06f 100644
--- a/README.md
+++ b/README.md
@@ -52,10 +52,10 @@ Following is a list of funding targets. When a funding target is reached, the fe
 ### Upgrading
 *I have an existing RaspAP installation. How do I upgrade to Insiders?*
 
-Upgrading is easy. Simply invoke the Quick Installer with the `--upgrade` switch, specifying the private Insiders repo, like so:
+Upgrading is easy. Simply invoke the Quick Installer with the --upgrade switch, specifying the private Insiders Edition, like so:
 
 ```
-curl -sL https://install.raspap.com | bash -s -- --upgrade --repo raspap/raspap-insiders
+curl -sL https://install.raspap.com | bash -s -- --upgrade --insiders
 ```
 
 If you haven't [added SSH keys to your GitHub account](https://docs.github.com/en/github/authenticating-to-github/connecting-to-github-with-ssh) you will be prompted to authenticate. If so, just enter your GitHub credentials during the install:

From 4a50687e7963bca546b420f91a529d2fceaa1a93 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 10:24:34 +0000
Subject: [PATCH 093/300] Add wg peer default values

---
 config/defaults.json | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/config/defaults.json b/config/defaults.json
index 55dd0938..69993673 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -36,15 +36,17 @@
   },
   "wireguard": {
     "server": {
-      "Address": [ "10.253.3.1/24" ],
+      "Address": [ "10.8.2.1/24" ],
       "ListenPort": [ "51820" ],
-      "DNS": [ "10.3.141.1" ],
+      "DNS": [ "9.9.9.9" ],
       "PostUp": [ "iptables -A FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -A  POSTROUTING -o wg0 -j MASQUERADE" ],
       "PostDown": [ "iptables -D FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D  POSTROUTING -o wg0 -j MASQUERADE" ]
     },
     "peer": {
-      "Endpoint": [ "10.253.3.1" ],
-      "AllowedIPs": ["0.0.0.0/0"],
+      "Address": [ "10.8.1.2/24" ],
+      "Endpoint": [ "10.8.2.1" ],
+      "ListenPort": [ "21841" ],
+      "AllowedIPs": ["10.8.2.0/24"],
       "PersistentKeepalive": [ "15" ]
     }
   }

From ddc8c427462ef7c6860fa1f625406f30c22ee7fa Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 10:25:21 +0000
Subject: [PATCH 094/300] Update peer template w/ additional fields

---
 templates/wg/general.php |  7 +++++++
 templates/wg/peers.php   | 16 +++++++++++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index db00ab21..de5555f0 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -41,6 +41,13 @@
           </div>
         </div>
 
+        <div class="row">
+          <div class="form-group col-md-6">
+            <label for="code"><?php echo _("DNS"); ?></label>
+            <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" />
+          </div>
+        </div>
+
     </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | settings tab -->
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index cbdad128..91e0500a 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -26,7 +26,21 @@
       </div>
 
       <div class="row">
-        <div class="form-group col-xs-3 col-sm-6 mt-3">
+        <div class="form-group col-xs-3 col-sm-3 mt-3">
+          <label for="code"><?php echo _("Local Port"); ?></label>
+          <input type="text" class="form-control" name="wg_plistenport" value="<?php echo htmlspecialchars($wg_plistenport, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="form-group col-md-6">
+          <label for="code"><?php echo _("IP Address"); ?></label>
+          <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="form-group col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Endpoint address"); ?></label>
           <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
         </div>

From cbab3f2825c1711f3303b34a70e5ff00478f2e3d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 10:27:08 +0000
Subject: [PATCH 095/300] Update peer input handling, write wg configs

---
 includes/wireguard.php | 53 ++++++++++++++++++++++++++++++++----------
 1 file changed, 41 insertions(+), 12 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 63b26827..4c4d838d 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -33,11 +33,18 @@ function DisplayWireGuardConfig()
     $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
     $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
+    $wg_srvdns = ($conf['DNS'] == '') ? getDefaultNetValue('wireguard','server','DNS') : $conf['DNS'];
+    $wg_peerpubkey = $conf['PublicKey'];
+
+    // todo: iterate multiple peer configs
+    exec('sudo cat '. RASPI_WIREGUARD_PATH.'client.conf', $preturn);
+    $conf = ParseConfig($preturn);
+    $wg_pipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','peer','Address') : $conf['Address'];
+    $wg_plistenport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','peer','ListenPort') : $conf['ListenPort'];
     $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
     $wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs'];
     $wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive'];
-    $wg_peerpubkey = $conf['PublicKey'];
- 
+
     // fetch service status
     exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
     $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
@@ -54,6 +61,9 @@ function DisplayWireGuardConfig()
             "wg_srvpubkey",
             "wg_srvport",
             "wg_srvipaddress",
+            "wg_srvdns",
+            "wg_pipaddress",
+            "wg_plistenport",
             "wg_peerpubkey",
             "wg_pendpoint",
             "wg_pallowedips",
@@ -76,18 +86,37 @@ function SaveWireGuardConfig($status)
     // Validate input
     if (isset($_POST['wg_srvport'])) {
         if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
-            $status->addMessage('Invalid value for port number', 'danger');
+            $status->addMessage('Invalid value for server local port', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_plistenport'])) {
+        if (strlen($_POST['wg_plistenport']) > 5 || !is_numeric($_POST['wg_plistenport'])) {
+            $status->addMessage('Invalid value for peer local port', 'danger');
             $good_input = false;
         }
     }
     if (isset($_POST['wg_srvipaddress'])) {
         if (!validateCidr($_POST['wg_srvipaddress'])) {
-            $status->addMessage('Invalid value for IP address', 'danger');
+            $status->addMessage('Invalid value for server IP address', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_pipaddress'])) {
+        if (!validateCidr($_POST['wg_pipaddress'])) {
+            $status->addMessage('Invalid value for peer IP address', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_srvdns'])) {
+        if (!filter_var($_POST['wg_srvdns'],FILTER_VALIDATE_IP)) {
+            $status->addMessage('Invalid value for DNS', 'danger');
             $good_input = false;
         }
     }
     if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
-        if (!filter_var($_POST['wg_pendpoint'],FILTER_VALIDATE_IP)) {
+        $wg_pendpoint_seg = substr($_POST['wg_pendpoint'],0,strpos($_POST['wg_pendpoint'],':'));
+        if (!filter_var($wg_pendpoint_seg,FILTER_VALIDATE_IP)) {
             $status->addMessage('Invalid value for endpoint address', 'danger');
             $good_input = false;
         }
@@ -114,15 +143,13 @@ function SaveWireGuardConfig($status)
         $config[] = '[Interface]';
         $config[] = 'Address = '.$_POST['wg_srvipaddress'];
         $config[] = 'ListenPort = '.$_POST['wg_srvport'];
+        $config[] = 'DNS = '.$_POST['wg_srvdns'];
         $config[] = 'PrivateKey = '.$wg_srvprivkey;
         $config[] = 'PostUp = '.getDefaultNetValue('wireguard','server','PostUp');
         $config[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
         $config[] = '';
         $config[] = '[Peer]';
         $config[] = 'PublicKey = '.$_POST['wg-peer'];
-        if ($_POST['wg_pendpoint'] !== '') {
-            $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']).':'.$_POST['wg_srvport'];
-        }
         $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
         if ($_POST['wg_pkeepalive'] !== '') {
             $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
@@ -136,15 +163,17 @@ function SaveWireGuardConfig($status)
         // client1 (client.conf)
         $config = [];
         $config[] = '[Interface]';
-        if ($_POST['wg_pendpoint'] !== '') {
-            $config[] = 'Address = '.trim($_POST['wg_pendpoint']);
-        }
+        $config[] = 'Address = '.trim($_POST['wg_pipaddress']);
         $config[] = 'PrivateKey = '.$wg_peerprivkey;
+        $config[] = 'ListenPort = '.$_POST['wg_plistenport'];
         $config[] = '';
         $config[] = '[Peer]';
         $config[] = 'PublicKey = '.$_POST['wg-server'];
         $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
-        $config[] = 'Endpoint = '.$_POST['wg_srvipaddress'];
+        $config[] = 'Endpoint = '.$_POST['wg_pendpoint'];
+        if ($_POST['wg_pkeepalive'] !== '') {
+            $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+        }
         $config[] = '';
         $config = join(PHP_EOL, $config);
 

From 3ac70a3a3cb7d13349aa36d7639012dbf19d3520 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 10:28:14 +0000
Subject: [PATCH 096/300] Move qr_encode() to inc/functions

---
 app/img/wifi-qr-code.php | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/app/img/wifi-qr-code.php b/app/img/wifi-qr-code.php
index 21092f82..e23e1bed 100644
--- a/app/img/wifi-qr-code.php
+++ b/app/img/wifi-qr-code.php
@@ -10,11 +10,6 @@ if (!isset($_SERVER['HTTP_REFERER'])) {
     exit;
 }
 
-function qr_encode($str)
-{
-    return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);
-}
-
 $hostapd = parse_ini_file(RASPI_HOSTAPD_CONFIG, false, INI_SCANNER_RAW);
 
 // assume wpa encryption and get the passphrase

From 55e94adb2b6afd099349fc1f71f60adfd9ebb55a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 10:39:33 +0000
Subject: [PATCH 097/300] Add PHP_EOLs to parsed client.conf

---
 app/img/wg-qr-code.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/img/wg-qr-code.php b/app/img/wg-qr-code.php
index 83cda725..7a66e6fc 100644
--- a/app/img/wg-qr-code.php
+++ b/app/img/wg-qr-code.php
@@ -11,7 +11,8 @@ if (!isset($_SERVER['HTTP_REFERER'])) {
 }
 
 exec("sudo cat " .RASPI_WIREGUARD_PATH.'client.conf', $return);
-$peer_conf = qr_encode(implode($return));
+$peer_conf = implode(PHP_EOL,$return);
+$peer_conf.= PHP_EOL;
 $command = "qrencode -t svg -m 0 -o - " . mb_escapeshellarg($peer_conf);
 $svg = shell_exec($command);
 $etag = hash('sha256', $peer_conf);

From 96bd34f07fe5dcc3b4107f4dd7834bc23591f160 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 13:19:56 +0000
Subject: [PATCH 098/300] Add event listener for Bootstrap form validation

---
 app/js/custom.js | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/app/js/custom.js b/app/js/custom.js
index 25260e81..7ad6b166 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -361,6 +361,22 @@ $('.wg-keygen').click(function(){
     })
 })
 
+// Event listener for Bootstrap's form validation
+window.addEventListener('load', function() {
+    // Fetch all the forms we want to apply custom Bootstrap validation styles to
+    var forms = document.getElementsByClassName('needs-validation');
+    // Loop over them and prevent submission
+    var validation = Array.prototype.filter.call(forms, function(form) {
+        form.addEventListener('submit', function(event) {
+          if (form.checkValidity() === false) {
+            event.preventDefault();
+            event.stopPropagation();
+          }
+          form.classList.add('was-validated');
+        }, false);
+    });
+}, false);
+
 // Static Array method
 Array.range = (start, end) => Array.from({length: (end - start)}, (v, k) => k + start);
 

From 0b3307ce1f3bbd0d5bc06daa757de3014206257c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 13:20:52 +0000
Subject: [PATCH 099/300] Add required fields for validation

---
 templates/wg/general.php |  9 +++++----
 templates/wg/peers.php   | 12 ++++++------
 templates/wireguard.php  |  2 +-
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index de5555f0..51eb5309 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -19,7 +19,7 @@
             <label for="code"><?php echo _("Local public key"); ?></label>
           </div>
           <div class="input-group col-md-12 mb-3">
-            <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" required />
             <div class="input-group-append">
               <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
@@ -30,21 +30,21 @@
         <div class="row">
           <div class="form-group col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" required />
           </div>
         </div>
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("IP Address"); ?></label>
-            <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" required />
           </div>
         </div>
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("DNS"); ?></label>
-            <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" required />
           </div>
         </div>
 
@@ -52,3 +52,4 @@
   </div><!-- /.row -->
 </div><!-- /.tab-pane | settings tab -->
 
+
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 91e0500a..c259e541 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -17,7 +17,7 @@
           <label for="code"><?php echo _("Peer public key"); ?></label>
         </div>
         <div class="input-group col-md-12">
-          <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" required />
           <div class="input-group-append">
             <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
             <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
@@ -28,35 +28,35 @@
       <div class="row">
         <div class="form-group col-xs-3 col-sm-3 mt-3">
           <label for="code"><?php echo _("Local Port"); ?></label>
-          <input type="text" class="form-control" name="wg_plistenport" value="<?php echo htmlspecialchars($wg_plistenport, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control" name="wg_plistenport" value="<?php echo htmlspecialchars($wg_plistenport, ENT_QUOTES); ?>" required />
         </div>
       </div>
 
       <div class="row">
         <div class="form-group col-md-6">
           <label for="code"><?php echo _("IP Address"); ?></label>
-          <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" required />
         </div>
       </div>
 
       <div class="row">
         <div class="form-group col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Endpoint address"); ?></label>
-          <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" required />
         </div>
       </div>
 
       <div class="row">
         <div class="col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Allowed IPs"); ?></label>
-          <input type="text" class="form-control mb-3" name="wg_pallowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control mb-3" name="wg_pallowedips" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" required />
         </div>
       </div>
 
       <div class="row">
         <div class="col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Persistent keepalive"); ?></label>
-          <input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" placeholder="25" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
         </div>
       </div>
     </div>
diff --git a/templates/wireguard.php b/templates/wireguard.php
index ee28dfa1..45554655 100644
--- a/templates/wireguard.php
+++ b/templates/wireguard.php
@@ -27,7 +27,7 @@
         </div><!-- /.card-header -->
         <div class="card-body">
         <?php $status->showMessages(); ?>
-          <form role="form" action="/wg_conf" enctype="multipart/form-data" method="POST">
+          <form class="needs-validation" role="form" action="/wg_conf" enctype="multipart/form-data" method="POST" novalidate>
             <?php echo CSRFTokenFieldTag() ?>
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">

From 7c1ef85bb821c9e69ac2e51b85d3748ff13503d9 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 13:22:26 +0000
Subject: [PATCH 100/300] Update wg-quick w/ systemd start/stop

---
 includes/wireguard.php    | 4 ++--
 installers/raspap.sudoers | 4 +---
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 4c4d838d..86665a48 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -14,13 +14,13 @@ function DisplayWireGuardConfig()
             SaveWireGuardConfig($status);
         } elseif (isset($_POST['startwg'])) {
             $status->addMessage('Attempting to start WireGuard', 'info');
-            exec('sudo /usr/bin/wg-quick up wg0', $return);
+            exec('sudo /bin/systemctl start wg-quick@wg0', $return);
             foreach ($return as $line) {
                 $status->addMessage($line, 'info');
             }
         } elseif (isset($_POST['stopwg'])) {
             $status->addMessage('Attempting to stop WireGuard', 'info');
-            exec('sudo /usr/bin/wg-quick down wg0', $return);
+            exec('sudo /bin/systemctl stop wg-quick@wg0', $return);
             foreach ($return as $line) {
                 $status->addMessage($line, 'info');
             }
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index b05be96a..9aded5a3 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -46,9 +46,7 @@ www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/mv /tmp/wg-*.key /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log
-www-data ALL=(ALL) NOPASSWD:/bin/systemctl status wg-quick@wg0
-www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
-www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl * wg-quick@wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key

From 8b0383dd201462f595e4f040dfc6ba8a382ef253 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sun, 7 Mar 2021 18:36:48 +0100
Subject: [PATCH 101/300] Implement Client configuration - add mobile date
 network devices and configuration - add client configuration via udev - add
 GUI under networking tab - add scripts to handle mobile data devices

---
 ajax/networking/save_net_dev_config.php       |  100 +
 app/js/custom.js                              |   19 +
 .../client_config/70-mobile-data-sticks.rules |    4 +
 .../client_config/80-raspap-net-devices.rules |    3 +
 config/client_config/info_huawei.sh           |  106 ++
 config/client_config/info_huawei_hilink.sh    |   49 +
 config/client_config/info_huawei_modem.sh     |   52 +
 config/client_config/interfaces               |   13 +
 config/client_config/mcc-mnc-table.csv        | 1691 +++++++++++++++++
 config/client_config/onoff_huawei_hilink.sh   |  138 ++
 config/client_config/ppp0_route.sh            |   21 +
 config/client_config/ppp0_setpin.sh           |   21 +
 .../client_config/start_huawei_hilink.service |   13 +
 .../client_config/start_ppp0_device.service   |   16 +
 config/client_config/switchClientState.sh     |   49 +
 config/client_config/wvdial.conf              |   21 +
 includes/dashboard.php                        |  134 +-
 includes/functions.php                        |   10 +
 includes/get_clients.php                      |  170 ++
 includes/networking.php                       |   12 +-
 installers/configauth.sh                      |    2 +-
 installers/raspap.sudoers                     |    7 +
 templates/dashboard.php                       |   90 +-
 templates/networking.php                      |  139 +-
 24 files changed, 2766 insertions(+), 114 deletions(-)
 create mode 100644 ajax/networking/save_net_dev_config.php
 create mode 100644 config/client_config/70-mobile-data-sticks.rules
 create mode 100644 config/client_config/80-raspap-net-devices.rules
 create mode 100644 config/client_config/info_huawei.sh
 create mode 100644 config/client_config/info_huawei_hilink.sh
 create mode 100644 config/client_config/info_huawei_modem.sh
 create mode 100644 config/client_config/interfaces
 create mode 100644 config/client_config/mcc-mnc-table.csv
 create mode 100644 config/client_config/onoff_huawei_hilink.sh
 create mode 100644 config/client_config/ppp0_route.sh
 create mode 100644 config/client_config/ppp0_setpin.sh
 create mode 100644 config/client_config/start_huawei_hilink.service
 create mode 100644 config/client_config/start_ppp0_device.service
 create mode 100644 config/client_config/switchClientState.sh
 create mode 100644 config/client_config/wvdial.conf
 create mode 100644 includes/get_clients.php

diff --git a/ajax/networking/save_net_dev_config.php b/ajax/networking/save_net_dev_config.php
new file mode 100644
index 00000000..6c34e053
--- /dev/null
+++ b/ajax/networking/save_net_dev_config.php
@@ -0,0 +1,100 @@
+<?php
+/*
+ Save settings of network devices (type, name, PW, APN ...)
+  
+ Called by js saveNetDeviceSettings (App/js/custom.js)
+*/
+
+
+require '../../includes/csrf.php';
+
+require_once '../../includes/config.php';
+require_once '../../includes/functions.php';
+
+if (isset($_POST['interface'])) {
+    $int = $_POST['interface'];
+    $cfg = [];
+    $file = $int.".ini";
+    $cfgfile="/etc/wvdial.conf";
+    if ( $int == "mobiledata") {
+      $cfg['pin'] = $_POST["pin-mobile"];
+      $cfg['apn'] = $_POST["apn-mobile"];
+      $cfg['apn_user'] = $_POST["apn-user-mobile"];
+      $cfg['apn_pw'] = $_POST["apn-pw-mobile"];
+      if (file_exists($cfgfile)) {
+        if($cfg["pin"] !== "") exec('sudo /bin/sed -i  "s/CPIN=\".*\"/CPIN=\"'.$cfg["pin"].'\"/gi" '.$cfgfile);
+        if($cfg["apn"] !== "") exec('sudo /bin/sed -i "s/\"IP\"\,\".*\"/\"IP\"\,\"'.$cfg["apn"].'\"/gi" '.$cfgfile);
+        if($cfg["apn_user"] !== "") exec('sudo /bin/sed -i "s/^username = .*$/Username = '.$cfg["apn_user"].'/gi" '.$cfgfile);
+        if($cfg["apn_pw"] !== "") exec('sudo /bin/sed -i "s/^password = .*$/Password = '.$cfg["apn_pw"].'/gi" '.$cfgfile);
+      }
+    } else if ( preg_match("/netdevices/",$int)) {
+        if(!isset($_POST['opts']) ) {
+          $jsonData = ['return'=>0,'output'=>['No valid data to add/delete udev rule ']];
+          echo json_encode($jsonData);
+          return;
+        } else {
+          $opts=explode(" ",$_POST['opts'] );
+          $dev=$opts[0];
+          $vid=$_POST["int-vid-".$dev];
+          $pid=$_POST["int-pid-".$dev];
+          $mac=$_POST["int-mac-".$dev];
+          $name=trim($_POST["int-name-".$dev]);
+          $type=$_POST["int-type-".$dev];
+          $newtype=$_POST["int-new-type-".$dev];
+          $udevfile=$_SESSION["udevrules"]["udev_rules_file"];
+          // $udevfile="/etc/udev/rules.d/80-net-devices.rules";
+
+          // find the rule prototype and prefix
+          $rule = "";
+          foreach($_SESSION["udevrules"]["network_devices"] as $devt) {
+             if($devt["type"]==$newtype) {
+                $rule = $devt["udev_rule"];
+                $prefix = $devt["name_prefix"];
+             }
+          }
+          if(!empty($mac)) $rule = preg_replace("/\\\$MAC\\\$/i",$mac,$rule);
+          if(!empty($vid)) $rule = preg_replace("/\\\$IDVENDOR\\\$/i",$vid,$rule);
+          if(!empty($pid)) $rule = preg_replace("/\\\$IDPRODUCT\\\$/i",$pid,$rule);
+          // check for existing rule
+          $pre="";
+          if(preg_match("/^(\w+)[0-9]$/",$dev,$match)=== 1) $pre=$match[1];
+          $ruleold = preg_replace("/\\\$DEVNAME\\\$/i",$pre.".",$rule);
+          exec("grep -oP '".$ruleold."' $udevfile",$ret);
+          $newRule = empty($ret) || !empty($name);
+          // delete current entry
+          if(!empty($ret)) exec("sudo sed -i '/^".$ruleold."$/d' ".$udevfile);
+          exec('sudo sed -i "/^.*'.$mac.'.*$/d" '.$udevfile);
+          if($newRule) {
+            // create new entry
+            if(empty($name)) $name = $prefix."0";
+            if(!empty($name)) $rule = preg_replace("/\\\$DEVNAME\\\$/i",$name,$rule);
+            if (!empty($rule) ) exec('echo \''.$rule.'\' | sudo /usr/bin/tee -a '.$udevfile);
+          }
+          $ret=print_r($ret,true);
+          $jsonData = ['return'=>0,'output'=>['Udev rules changed for device '.$dev ] ];
+          echo json_encode($jsonData);
+          return;
+        }
+    } else {
+      $ip = $_POST[$int.'-ipaddress'];
+      $netmask = mask2cidr($_POST[$int.'-netmask']);
+      $dns1 = $_POST[$int.'-dnssvr'];
+      $dns2 = $_POST[$int.'-dnssvralt'];
+
+      $cfg['interface'] = $int;
+      $cfg['routers'] = $_POST[$int.'-gateway'];
+      $cfg['ip_address'] = $ip."/".$netmask;
+      $cfg['domain_name_server'] = $dns1." ".$dns2;
+      $cfg['static'] = $_POST[$int.'-static'];
+      $cfg['failover'] = $_POST[$int.'-failover'];
+    }
+    if (write_php_ini($cfg, RASPI_CONFIG_NETWORKING.'/'.$file)) {
+        $jsonData = ['return'=>0,'output'=>['Successfully Updated Network Configuration']];
+    } else {
+        $jsonData = ['return'=>1,'output'=>['Error saving network configuration to file']];
+    }
+} else {
+    $jsonData = ['return'=>2,'output'=>'Unable to detect interface'];
+}
+
+echo json_encode($jsonData);
diff --git a/app/js/custom.js b/app/js/custom.js
index 28609abe..f298a77e 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -130,6 +130,7 @@ function setupBtns() {
     $('#btnSummaryRefresh').click(function(){getAllInterfaces();});
     $('.intsave').click(function(){
         var int = $(this).data('int');
+        saveNetDeviceSettings(int);
         saveNetworkSettings(int);
     });
     $('.intapply').click(function(){
@@ -173,6 +174,24 @@ function loadWifiStations(refresh) {
 }
 $(".js-reload-wifi-stations").on("click", loadWifiStations(true));
 
+function saveNetDeviceSettings(int,opts="") {
+    var frmInt = $('#frm-'+int).find(':input');
+    var arrFormData = {};
+    $.each(frmInt,function(i3,v3){
+        if($(v3).attr('type') == 'radio') {
+		arrFormData[$(v3).attr('id')] = $(v3).prop('checked');
+    } else {
+	    arrFormData[$(v3).attr('id')] = $(v3).val();
+    }
+    });
+    arrFormData['interface'] = int;
+    arrFormData['opts'] = opts;
+    $.post('ajax/networking/save_net_dev_config.php',arrFormData,function(data){
+        var jsonData = JSON.parse(data);
+        $('#msgNetworking').html(msgShow(jsonData['return'],jsonData['output']));
+    });
+}
+
 /*
 Populates the DHCP server form fields
 Option toggles are set dynamically depending on the loaded configuration
diff --git a/config/client_config/70-mobile-data-sticks.rules b/config/client_config/70-mobile-data-sticks.rules
new file mode 100644
index 00000000..5ba62000
--- /dev/null
+++ b/config/client_config/70-mobile-data-sticks.rules
@@ -0,0 +1,4 @@
+# mobile data modem - ttyUSB0 device appears 
+SUBSYSTEM=="tty", KERNEL=="ttyUSB0", TAG+="systemd", ENV{SYSTEMD_WANTS}="start start_ppp0_device.service"
+
+
diff --git a/config/client_config/80-raspap-net-devices.rules b/config/client_config/80-raspap-net-devices.rules
new file mode 100644
index 00000000..0ccb49a1
--- /dev/null
+++ b/config/client_config/80-raspap-net-devices.rules
@@ -0,0 +1,3 @@
+SUBSYSTEM=="net", ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="12d1", ATTRS{idProduct}=="14db", NAME="hilink0",  TAG+="systemd", ENV{SYSTEMD_WANTS}="start start_huawei_hilink.service"
+
+
diff --git a/config/client_config/info_huawei.sh b/config/client_config/info_huawei.sh
new file mode 100644
index 00000000..bcdf8e37
--- /dev/null
+++ b/config/client_config/info_huawei.sh
@@ -0,0 +1,106 @@
+#!/bin/bash
+# get info about device and signal of Huawei mobile USB devices
+# parm:
+# $1 : requested information (manufacturer, device, imei, imsi, telnumber, ipaddress, mode, signal, operator)
+# $2 : (optional) type - hilink or modem (default: hilink)
+# $3 : (optional) for hilink: ip address of the device (default: 192.168.8.1)
+#                 for modem: tty interface for communication (default: /dev/ttypUSB2)
+#
+# requires: bc
+# calls the scripts info_huawei_hilink.sh and info_huawei_modem.sh (same path as this script)
+#
+# zbchristian 2020
+#
+opt="device"
+if [ ! -z $1 ]; then opt=${1,,}; fi
+type="hilink"
+if [ ! -z $2 ]; then type=${2,,}; fi
+
+path=`dirname $0`
+if [[ $type == "hilink" ]]; then
+  connect="192.168.8.1"
+  if [ ! -z $3 ]; then connect=$3; fi
+  script="$path/info_huawei_hilink.sh"
+else
+  connect="/dev/ttyUSB2"
+  if [ ! -z $3 ]; then connect=$3; fi
+  script="$path/info_huawei_modem.sh"
+fi
+res=`$script $opt $connect`
+
+# some results require special treatment
+case $opt in
+
+#  manufacturer)
+#    if [[ $res == "none" ]]; then res="Huawei"; fi
+#    ;;
+
+#  device)
+#    if [[ ! $res == "none" ]]; then res="Huawei $res"; 
+#    else res="Huawei"; fi
+#    ;;
+
+  mode)
+    if [[ ! $res == "none" ]]; then
+      if [[ $type == "hilink" ]]; then
+        if [[ $res == "LTE" ]]; then res="4G"
+        elif [[ $res == "WCDMA" ]]; then  res="3G";
+        else res="2G"; fi
+      else
+        if [[ $res == 7 ]]; then res="4G"
+        elif [[ $res < 7 ]] && [[ $res > 2 ]] ; then  res="3G";
+        else res="2G"; fi
+      fi
+    fi
+    ;;
+
+  signal)
+  # return signal strength/quality in %
+    if [[ $type == "hilink" ]]; then
+     # signal request tries to get RSRQ value
+     # try to get RSRQ (4G), EC/IO (3G) or RSSI (2G) value
+     if [[ $res == "none" ]]; then res=`$script "ecio"`; fi
+     if [[ ! $res == "none" ]]; then 
+       # for rsrq and ecio assume: -3dB (100%) downto -20dB (0%)
+       qual=${res//dB/}
+       if [[ ! "$qual" =~ [-0-9\.]* ]]; then qual=-100; fi
+       qual=$(bc <<< "scale=0;res=$qual-0.5;res/1") # just round to next integer 
+       if [[ $qual -le -20 ]]; then qual=0; 
+       elif [[ $qual -ge -3 ]]; then qual=100; 
+       else  qual=$(bc <<< "scale=0;res=100.0/17.0*$qual+2000.0/17.0;res/1"); fi
+     else
+      # try rssi: >-70dBm (100%) downto -100dBm (0%)
+      res=`$script "rssi"`;
+      if [[ ! $res == "none" ]]; then
+        if [[ $res =~ [-0-9\.]* ]]; then res="-120 dBm"; fi
+        qual=${res//dBm/}
+        qual=$(bc <<< "scale=0;res=$qual+0.5;res/1") # just round to next integer 
+        if [[ $qual -le -110 ]]; then qual=0;
+        elif [[ $qual -ge -70 ]]; then qual=100; 
+        else  qual=$(bc <<< "scale=0;res=2.5*$qual+275;res/1"); fi
+      fi
+     fi
+    else
+     # modem returns RSSI as number 0-31 - 0 = -113dB (0%), 1 = -111dB, 31 = >=51dB (100%)
+     qual=$(bc <<< "scale=0;res=$res*3.5+0.5;res/1")
+     if [[ $qual -gt 100 ]]; then res=100; fi
+    fi
+    if [[ ! "$res" == "none" ]]; then res="$res (${qual}%)"; fi
+    ;;
+    
+  operator)
+    # check if operator/network is just a 5 digit number -> extract network name from table
+    if [[ $res =~ ^[0-9]{5}$ ]]; then
+      mcc=${res:0:3}
+      mnc=${res:3:2}
+      op=$(cat $path/mcc-mnc-table.csv | sed -rn 's/^'$mcc'\,[0-9]*\,'$mnc'\,(.*\,){4}(.*)$/\2/p')
+      if [[ ! -z $op ]]; then res="$op ($res)"; fi
+    fi
+   ;;
+
+  *)
+    ;;
+esac
+
+echo $res
+
diff --git a/config/client_config/info_huawei_hilink.sh b/config/client_config/info_huawei_hilink.sh
new file mode 100644
index 00000000..0bae3ecf
--- /dev/null
+++ b/config/client_config/info_huawei_hilink.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+# Infosramtion about HUAWEI hilink (router) modem
+# -----------------------------------------------
+# get info about the device and signal
+# parameter: $1 - see opts list below
+#            $2 - host ip address for API calls (optional)
+# returns the value of the parameter, or "none" if not found or empty
+#
+# zbchristian 2020
+
+opts=("device"     "imei" "imsi" "telnumber" "ipaddress"    "mode"     "signal" "rssi" "rsrq" "rsrp" "sinr" "ecio" "operator")
+
+# xml tags to extract information from
+tags=("devicename" "imei" "imsi" "msisdn"    "wanipaddress" "workmode" "rsrq"   "rssi" "rsrq" "rsrp" "sinr" "ecio" "fullname")
+iurl=( 0            0      0      0          0              0          1        1      1      1      1      1      2)
+# api urls
+urls=("api/device/information" "api/device/signal" "api/net/current-plmn") 
+
+host="192.168.8.1"
+if [ ! -z $2 ]; then host=$2; fi
+
+avail=`timeout 0.5 ping -c 1 $host | sed -rn 's/.*time=.*/1/p'`
+if [[ -z $avail ]]; then echo "none"; exit; fi
+
+idx=-1
+opt=${opts[0]}
+if [ ! -z $1 ]; then opt=$1; fi
+
+for i in "${!opts[@]}"; do
+  if [[ ${opts[$i]} == $opt ]]; then idx=$i; fi
+done
+if [[ $idx == -1 ]];then echo "none"; exit; fi 
+
+par=${tags[$idx]}
+iu=${iurl[$idx]}
+
+url="http://$host/${urls[$iu]}"
+# echo "Found option $opt at index $idx - tag $par url $url "
+
+
+info=""
+if [ ! -z $url ]; then info=`curl -s $url`; fi
+
+result=`echo $info | sed  -rn 's/.*<'"$par"'>(.*)<\/'"$par"'>.*/\1/pi'`
+
+if [ -z "$result" ]; then result="none"; fi
+
+echo $result
+
diff --git a/config/client_config/info_huawei_modem.sh b/config/client_config/info_huawei_modem.sh
new file mode 100644
index 00000000..33c78b7d
--- /dev/null
+++ b/config/client_config/info_huawei_modem.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+# Information about HUAWEI modem - via AT commands
+# ------------------------------------------------
+# get info about the device and signal
+# parameter: $1 - see opts list below
+#            $2 - tty device name for the communicaton (optional)
+# returns the value of the parameter, or "none" if not found or empty
+#
+# requires: socat
+#
+# zbchristian 2020
+
+opts=("manufacturer" "device"     "imei"    "imsi"    "telnumber"            "mode"         "signal"         "operator")
+
+# at command to extract information
+atcmds=("AT+CGMI"    "AT+CGMM"    "AT+CGSN" "AT+CIMI" "AT+CNUM"              "AT+COPS?"     "AT+CSQ"         "AT+COPS?")
+# regexp pattern to extract wanted information from result string
+pats=(  " "          " "          " "       " "       ".*\,\"([0-9\+]*)\".*" '.*\,([0-9])$' ".*: ([0-9]*).*" '.*\,\"([^ ]*)\".*$')
+
+# tty device for communication - usually 3 tty devices are created and the 3rd ttyUSB2 is available, even, when the device is connected
+dev="/dev/ttyUSB2"
+
+atsilent="AT^CURC=0"
+
+if [ ! -z $2 ]; then dev=$2; fi
+
+idx=-1
+opt=${opts[0]}
+if [ ! -z $1 ]; then opt=$1; fi
+
+for i in "${!opts[@]}"; do
+  if [[ ${opts[$i]} == $opt ]]; then idx=$i; fi
+done
+if [[ $idx == -1 ]];then echo "none"; exit; fi 
+
+atcmd=${atcmds[$idx]}
+pat=${pats[$idx]}
+
+
+result=`(echo $atsilent; echo $atcmd) | sudo /usr/bin/socat - $dev`
+# escape the AT command to be used in the regexp
+atesc=${atcmd//[\+]/\\+}
+atesc=${atesc//[\?]/\\?}
+result=`echo $result | sed -rn 's/.*'"$atesc"'\s([^ ]+|[^ ]+ [^ ]+)\sOK.*$/\1/pg'`
+if [[ $pat != " " ]]; then
+  result=`echo $result | sed -rn 's/'"$pat"'/\1/pg'`
+fi
+
+if [ -z "$result" ]; then result="none"; fi
+
+echo $result
+
diff --git a/config/client_config/interfaces b/config/client_config/interfaces
new file mode 100644
index 00000000..157aa22b
--- /dev/null
+++ b/config/client_config/interfaces
@@ -0,0 +1,13 @@
+# interfaces(5) file used by ifup(8) and ifdown(8)
+
+# Please note that this file is written to be used with dhcpcd
+# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
+
+# Include files from /etc/network/interfaces.d:
+source-directory /etc/network/interfaces.d
+
+auto ppp0
+iface ppp0 inet wvdial
+provider connect
+pre-up /usr/local/sbin/ppp0_setpin.sh
+up /usr/local/sbin/ppp0_route.sh
diff --git a/config/client_config/mcc-mnc-table.csv b/config/client_config/mcc-mnc-table.csv
new file mode 100644
index 00000000..34510563
--- /dev/null
+++ b/config/client_config/mcc-mnc-table.csv
@@ -0,0 +1,1691 @@
+MCC,MCC (int),MNC,MNC (int),ISO,Country,Country Code,Network
+289,649,88,2191,ge,Abkhazia,7,A-Mobile
+289,649,68,1679,ge,Abkhazia,7,A-Mobile
+289,649,67,1663,ge,Abkhazia,7,Aquafon
+412,1042,80,2063,af,Afghanistan,93,Afghan Telecom Corp. (AT)
+412,1042,88,2191,af,Afghanistan,93,Afghan Telecom Corp. (AT)
+412,1042,01,31,af,Afghanistan,93,Afghan Wireless/AWCC
+412,1042,40,1039,af,Afghanistan,93,Areeba/MTN
+412,1042,50,1295,af,Afghanistan,93,Etisalat
+412,1042,30,783,af,Afghanistan,93,Etisalat
+412,1042,20,527,af,Afghanistan,93,Roshan/TDCA
+412,1042,03,63,af,Afghanistan,93,WaselTelecom (WT)
+276,630,01,31,al,Albania,355,AMC/Cosmote
+276,630,03,63,al,Albania,355,Eagle Mobile
+276,630,04,79,al,Albania,355,PLUS Communication Sh.a
+276,630,02,47,al,Albania,355,Vodafone
+603,1539,01,31,dz,Algeria,213,ATM Mobils
+603,1539,02,47,dz,Algeria,213,Orascom / DJEZZY
+603,1539,03,63,dz,Algeria,213,Oreedo/Wataniya / Nedjma
+544,1348,11,287,as,American Samoa,684,Blue Sky Communications
+213,531,03,63,ad,Andorra,376,Mobiland
+631,1585,04,79,ao,Angola,244,MoviCel
+631,1585,02,47,ao,Angola,244,Unitel
+365,869,840,2112,ai,Anguilla,1264,Cable and Wireless
+365,869,010,16,ai,Anguilla,1264,Digicell / Wireless Vent. Ltd
+344,836,030,48,ag,Antigua and Barbuda,1268,APUA PCS
+344,836,920,2336,ag,Antigua and Barbuda,1268,C & W
+344,836,930,2352,ag,Antigua and Barbuda,1268,DigiCel/Cing. Wireless
+722,1826,310,784,ar,Argentina Republic,54,Claro/ CTI/AMX
+722,1826,330,816,ar,Argentina Republic,54,Claro/ CTI/AMX
+722,1826,320,800,ar,Argentina Republic,54,Claro/ CTI/AMX
+722,1826,010,16,ar,Argentina Republic,54,Compania De Radiocomunicaciones Moviles SA
+722,1826,070,112,ar,Argentina Republic,54,Movistar/Telefonica
+722,1826,020,32,ar,Argentina Republic,54,Nextel
+722,1826,340,832,ar,Argentina Republic,54,Telecom Personal S.A.
+722,1826,341,833,ar,Argentina Republic,54,Telecom Personal S.A.
+283,643,01,31,am,Armenia,374,ArmenTel/Beeline
+283,643,04,79,am,Armenia,374,Karabakh Telecom
+283,643,10,271,am,Armenia,374,Orange
+283,643,05,95,am,Armenia,374,Vivacell
+363,867,02,47,aw,Aruba,297,Digicel
+363,867,20,527,aw,Aruba,297,Digicel
+363,867,01,31,aw,Aruba,297,Setar GSM
+505,1285,14,335,au,Australia,61,AAPT Ltd.
+505,1285,24,591,au,Australia,61,Advanced Comm Tech Pty.
+505,1285,09,159,au,Australia,61,Airnet Commercial Australia Ltd..
+505,1285,04,79,au,Australia,61,Department of Defense
+505,1285,26,623,au,Australia,61,Dialogue Communications Pty Ltd
+505,1285,12,303,au,Australia,61,H3G Ltd.
+505,1285,06,111,au,Australia,61,H3G Ltd.
+505,1285,88,2191,au,Australia,61,Localstar Holding Pty. Ltd
+505,1285,19,415,au,Australia,61,Lycamobile Pty Ltd
+505,1285,08,143,au,Australia,61,Railcorp/Vodafone
+505,1285,99,2463,au,Australia,61,Railcorp/Vodafone
+505,1285,13,319,au,Australia,61,Railcorp/Vodafone
+505,1285,02,47,au,Australia,61,Singtel Optus
+505,1285,90,2319,au,Australia,61,Singtel Optus
+505,1285,01,31,au,Australia,61,Telstra Corp. Ltd.
+505,1285,11,287,au,Australia,61,Telstra Corp. Ltd.
+505,1285,71,1823,au,Australia,61,Telstra Corp. Ltd.
+505,1285,72,1839,au,Australia,61,Telstra Corp. Ltd.
+505,1285,05,95,au,Australia,61,The Ozitel Network Pty.
+505,1285,16,367,au,Australia,61,Victorian Rail Track Corp. (VicTrack)
+505,1285,07,127,au,Australia,61,Vodafone
+505,1285,03,63,au,Australia,61,Vodafone
+232,562,09,159,at,Austria,43,A1 MobilKom
+232,562,02,47,at,Austria,43,A1 MobilKom
+232,562,01,31,at,Austria,43,A1 MobilKom
+232,562,11,287,at,Austria,43,A1 MobilKom
+232,562,15,351,at,Austria,43,T-Mobile/Telering
+232,562,10,271,at,Austria,43,H3G
+232,562,14,335,at,Austria,43,H3G
+232,562,05,95,at,Austria,43,3/Orange/One Connect
+232,562,12,303,at,Austria,43,3/Orange/One Connect
+232,562,06,111,at,Austria,43,3/Orange/One Connect
+232,562,17,383,at,Austria,43,Spusu/Mass Response
+232,562,04,79,at,Austria,43,T-Mobile/Telering
+232,562,03,63,at,Austria,43,T-Mobile/Telering
+232,562,07,127,at,Austria,43,T-Mobile/Telering
+232,562,19,415,at,Austria,43,Tele2
+232,562,08,143,at,Austria,43,A1 MobilKom
+232,562,13,319,at,Austria,43,UPC Austria
+400,1024,01,31,az,Azerbaijan,994,Azercell Telekom B.M.
+400,1024,04,79,az,Azerbaijan,994,Azerfon.
+400,1024,03,63,az,Azerbaijan,994,Caspian American Telecommunications LLC (CATEL)
+400,1024,02,47,az,Azerbaijan,994,J.V. Bakcell GSM 2000
+364,868,390,912,bs,Bahamas,1242,Bahamas Telco. Comp.
+364,868,39,927,bs,Bahamas,1242,Bahamas Telco. Comp.
+364,868,30,783,bs,Bahamas,1242,Bahamas Telco. Comp.
+364,868,03,63,bs,Bahamas,1242,Smart Communications
+426,1062,01,31,bh,Bahrain,973,Batelco
+426,1062,02,47,bh,Bahrain,973,ZAIN/Vodafone
+426,1062,04,79,bh,Bahrain,973,VIVA
+470,1136,02,47,bd,Bangladesh,880,Robi/Aktel
+470,1136,05,95,bd,Bangladesh,880,Citycell
+470,1136,06,111,bd,Bangladesh,880,Citycell
+470,1136,01,31,bd,Bangladesh,880,GrameenPhone
+470,1136,03,63,bd,Bangladesh,880,Orascom/Banglalink
+470,1136,04,79,bd,Bangladesh,880,TeleTalk
+470,1136,07,127,bd,Bangladesh,880,Airtel/Warid
+342,834,600,1536,bb,Barbados,1246,LIME
+342,834,810,2064,bb,Barbados,1246,Cingular Wireless
+342,834,750,1872,bb,Barbados,1246,Digicel
+342,834,050,80,bb,Barbados,1246,Digicel
+342,834,820,2080,bb,Barbados,1246,Sunbeach
+257,599,03,63,by,Belarus,375,BelCel JV
+257,599,04,79,by,Belarus,375,BeST
+257,599,01,31,by,Belarus,375,Mobile Digital Communications
+257,599,02,47,by,Belarus,375,MTS
+206,518,20,527,be,Belgium,32,Base/KPN
+206,518,01,31,be,Belgium,32,Belgacom/Proximus
+206,518,06,111,be,Belgium,32,Lycamobile Belgium
+206,518,10,271,be,Belgium,32,Mobistar/Orange
+206,518,02,47,be,Belgium,32,SNCT/NMBS
+206,518,05,95,be,Belgium,32,Telenet BidCo NV
+702,1794,67,1663,bz,Belize,501,DigiCell
+702,1794,68,1679,bz,Belize,501,International Telco (INTELCO)
+616,1558,04,79,bj,Benin,229,Bell Benin/BBCOM
+616,1558,02,47,bj,Benin,229,Etisalat/MOOV
+616,1558,05,95,bj,Benin,229,GloMobile
+616,1558,01,31,bj,Benin,229,Libercom
+616,1558,03,63,bj,Benin,229,MTN/Spacetel
+350,848,000,0,bm,Bermuda,1441,Bermuda Digital Communications Ltd (BDC)
+350,848,99,2463,bm,Bermuda,1441,CellOne Ltd
+350,848,10,271,bm,Bermuda,1441,DigiCel / Cingular
+350,848,02,47,bm,Bermuda,1441,M3 Wireless Ltd
+350,848,01,31,bm,Bermuda,1441,Telecommunications (Bermuda & West Indies) Ltd (Digicel Bermuda)
+402,1026,11,287,bt,Bhutan,975,B-Mobile
+402,1026,17,383,bt,Bhutan,975,Bhutan Telecom Ltd (BTL)
+402,1026,77,1919,bt,Bhutan,975,TashiCell
+736,1846,02,47,bo,Bolivia,591,Entel Pcs
+736,1846,01,31,bo,Bolivia,591,Viva/Nuevatel
+736,1846,03,63,bo,Bolivia,591,Tigo
+218,536,90,2319,ba,Bosnia & Herzegov.,387,BH Mobile
+218,536,03,63,ba,Bosnia & Herzegov.,387,Eronet Mobile
+218,536,05,95,ba,Bosnia & Herzegov.,387,M-Tel
+652,1618,04,79,bw,Botswana,267,BeMOBILE
+652,1618,01,31,bw,Botswana,267,Mascom Wireless (Pty) Ltd.
+652,1618,02,47,bw,Botswana,267,Orange
+724,1828,12,303,br,Brazil,55,Claro/Albra/America Movil
+724,1828,38,911,br,Brazil,55,Claro/Albra/America Movil
+724,1828,05,95,br,Brazil,55,Claro/Albra/America Movil
+724,1828,01,31,br,Brazil,55,Vivo S.A./Telemig
+724,1828,32,815,br,Brazil,55,CTBC Celular SA (CTBC)
+724,1828,34,847,br,Brazil,55,CTBC Celular SA (CTBC)
+724,1828,33,831,br,Brazil,55,CTBC Celular SA (CTBC)
+724,1828,08,143,br,Brazil,55,TIM
+724,1828,00,15,br,Brazil,55,Nextel (Telet)
+724,1828,39,927,br,Brazil,55,Nextel (Telet)
+724,1828,30,783,br,Brazil,55,Oi (TNL PCS / Oi)
+724,1828,16,367,br,Brazil,55,Brazil Telcom
+724,1828,31,799,br,Brazil,55,Oi (TNL PCS / Oi)
+724,1828,24,591,br,Brazil,55,Amazonia Celular S/A
+724,1828,54,1359,br,Brazil,55,PORTO SEGURO TELECOMUNICACOES
+724,1828,15,351,br,Brazil,55,Sercontel Cel
+724,1828,07,127,br,Brazil,55,CTBC/Triangulo
+724,1828,19,415,br,Brazil,55,Vivo S.A./Telemig
+724,1828,03,63,br,Brazil,55,TIM
+724,1828,02,47,br,Brazil,55,TIM
+724,1828,04,79,br,Brazil,55,TIM
+724,1828,37,895,br,Brazil,55,Unicel do Brasil Telecomunicacoes Ltda
+724,1828,23,575,br,Brazil,55,Vivo S.A./Telemig
+724,1828,11,287,br,Brazil,55,Vivo S.A./Telemig
+724,1828,10,271,br,Brazil,55,Vivo S.A./Telemig
+724,1828,06,111,br,Brazil,55,Vivo S.A./Telemig
+348,840,570,1392,vg,British Virgin Islands,284,Caribbean Cellular
+348,840,770,1904,vg,British Virgin Islands,284,Digicel
+348,840,170,368,vg,British Virgin Islands,284,LIME
+528,1320,02,47,bn,Brunei Darussalam,673,b-mobile
+528,1320,11,287,bn,Brunei Darussalam,673,Datastream (DTSCom)
+528,1320,01,31,bn,Brunei Darussalam,673,Telekom Brunei Bhd (TelBru)
+284,644,06,111,bg,Bulgaria,359,BTC Mobile EOOD (vivatel)
+284,644,03,63,bg,Bulgaria,359,BTC Mobile EOOD (vivatel)
+284,644,05,95,bg,Bulgaria,359,Telenor/Cosmo/Globul
+284,644,01,31,bg,Bulgaria,359,MobilTel AD
+613,1555,03,63,bf,Burkina Faso,226,TeleCel
+613,1555,01,31,bf,Burkina Faso,226,TeleMob-OnaTel
+613,1555,02,47,bf,Burkina Faso,226,Airtel/ZAIN/CelTel
+642,1602,02,47,bi,Burundi,257,Africel / Safaris
+642,1602,08,143,bi,Burundi,257,Lumitel/Viettel
+642,1602,03,63,bi,Burundi,257,Onatel / Telecel
+642,1602,07,127,bi,Burundi,257,Smart Mobile / LACELL
+642,1602,01,31,bi,Burundi,257,Spacetel / Econet / Leo
+642,1602,82,2095,bi,Burundi,257,Spacetel / Econet / Leo
+456,1110,04,79,kh,Cambodia,855,Cambodia Advance Communications Co. Ltd (CADCOMMS)
+456,1110,02,47,kh,Cambodia,855,Smart Mobile
+456,1110,08,143,kh,Cambodia,855,Metfone
+456,1110,18,399,kh,Cambodia,855,MFone/Camshin/Cellcard
+456,1110,01,31,kh,Cambodia,855,Mobitel/Cam GSM
+456,1110,03,63,kh,Cambodia,855,QB/Cambodia Adv. Comms.
+456,1110,05,95,kh,Cambodia,855,Smart Mobile
+456,1110,06,111,kh,Cambodia,855,Smart Mobile
+456,1110,09,159,kh,Cambodia,855,Sotelco/Beeline
+624,1572,01,31,cm,Cameroon,237,MTN
+624,1572,04,79,cm,Cameroon,237,Nextel
+624,1572,02,47,cm,Cameroon,237,Orange
+302,770,652,1618,ca,Canada,1,BC Tel Mobility
+302,770,630,1584,ca,Canada,1,Bell Aliant
+302,770,651,1617,ca,Canada,1,Bell Mobility
+302,770,610,1552,ca,Canada,1,Bell Mobility
+302,770,670,1648,ca,Canada,1,CityWest Mobility
+302,770,360,864,ca,Canada,1,Clearnet
+302,770,361,865,ca,Canada,1,Clearnet
+302,770,380,896,ca,Canada,1,DMTS Mobility
+302,770,710,1808,ca,Canada,1,Globalstar Canada
+302,770,640,1600,ca,Canada,1,Latitude Wireless
+302,770,370,880,ca,Canada,1,FIDO (Rogers AT&T/ Microcell)
+302,770,320,800,ca,Canada,1,mobilicity
+302,770,702,1794,ca,Canada,1,MT&T Mobility
+302,770,655,1621,ca,Canada,1,MTS Mobility
+302,770,660,1632,ca,Canada,1,MTS Mobility
+302,770,701,1793,ca,Canada,1,NB Tel Mobility
+302,770,703,1795,ca,Canada,1,New Tel Mobility
+302,770,760,1888,ca,Canada,1,Public Mobile
+302,770,657,1623,ca,Canada,1,Quebectel Mobility
+302,770,720,1824,ca,Canada,1,Rogers AT&T Wireless
+302,770,654,1620,ca,Canada,1,Sask Tel Mobility
+302,770,680,1664,ca,Canada,1,Sask Tel Mobility
+302,770,780,1920,ca,Canada,1,Sask Tel Mobility
+302,770,656,1622,ca,Canada,1,Tbay Mobility
+302,770,220,544,ca,Canada,1,Telus Mobility
+302,770,653,1619,ca,Canada,1,Telus Mobility
+302,770,500,1280,ca,Canada,1,Videotron
+302,770,490,1168,ca,Canada,1,WIND
+625,1573,01,31,cv,Cape Verde,238,CV Movel
+625,1573,02,47,cv,Cape Verde,238,T+ Telecom
+346,838,050,80,ky,Cayman Islands,1345,Digicel Cayman Ltd
+346,838,006,6,ky,Cayman Islands,1345,Digicel Ltd.
+346,838,140,320,ky,Cayman Islands,1345,LIME / Cable & Wirel.
+623,1571,01,31,cf,Central African Rep.,236,Centrafr. Telecom+
+623,1571,04,79,cf,Central African Rep.,236,Nationlink
+623,1571,03,63,cf,Central African Rep.,236,Orange/Celca
+623,1571,02,47,cf,Central African Rep.,236,Telecel Centraf.
+622,1570,04,79,td,Chad,235,Salam/Sotel
+622,1570,02,47,td,Chad,235,Tchad Mobile
+622,1570,03,63,td,Chad,235,Tigo/Milicom/Tchad Mobile
+622,1570,01,31,td,Chad,235,Airtel/ZAIN/Celtel
+730,1840,06,111,cl,Chile,56,Blue Two Chile SA
+730,1840,11,287,cl,Chile,56,Celupago SA
+730,1840,15,351,cl,Chile,56,Cibeles Telecom SA
+730,1840,03,63,cl,Chile,56,Claro
+730,1840,10,271,cl,Chile,56,Entel Telefonia
+730,1840,01,31,cl,Chile,56,Entel Telefonia Mov
+730,1840,14,335,cl,Chile,56,Netline Telefonica Movil Ltda
+730,1840,04,79,cl,Chile,56,Nextel SA
+730,1840,09,159,cl,Chile,56,Nextel SA
+730,1840,05,95,cl,Chile,56,Nextel SA
+730,1840,19,415,cl,Chile,56,Sociedad Falabella Movil SPA
+730,1840,02,47,cl,Chile,56,TELEFONICA
+730,1840,07,127,cl,Chile,56,TELEFONICA
+730,1840,12,303,cl,Chile,56,Telestar Movil SA
+730,1840,00,15,cl,Chile,56,TESAM SA
+730,1840,13,319,cl,Chile,56,Tribe Mobile SPA
+730,1840,08,143,cl,Chile,56,VTR Banda Ancha SA
+460,1120,07,127,cn,China,86,China Mobile GSM
+460,1120,02,47,cn,China,86,China Mobile GSM
+460,1120,00,15,cn,China,86,China Mobile GSM
+460,1120,04,79,cn,China,86,China Space Mobile Satellite Telecommunications Co. Ltd (China Spacecom)
+460,1120,05,95,cn,China,86,China Telecom
+460,1120,03,63,cn,China,86,China Telecom
+460,1120,06,111,cn,China,86,China Unicom
+460,1120,01,31,cn,China,86,China Unicom
+732,1842,130,304,co,Colombia,57,Avantel SAS
+732,1842,102,258,co,Colombia,57,Movistar
+732,1842,103,259,co,Colombia,57,TIGO/Colombia Movil
+732,1842,001,1,co,Colombia,57,TIGO/Colombia Movil
+732,1842,101,257,co,Colombia,57,Comcel S.A. Occel S.A./Celcaribe
+732,1842,002,2,co,Colombia,57,Edatel S.A.
+732,1842,187,391,co,Colombia,57,eTb
+732,1842,123,291,co,Colombia,57,Movistar
+732,1842,111,273,co,Colombia,57,TIGO/Colombia Movil
+732,1842,142,322,co,Colombia,57,UNE EPM Telecomunicaciones SA ESP
+732,1842,020,32,co,Colombia,57,UNE EPM Telecomunicaciones SA ESP
+732,1842,154,340,co,Colombia,57,Virgin Mobile Colombia SAS
+654,1620,01,31,km,Comoros,269,HURI - SNPT
+630,1584,90,2319,cd,Congo Dem. Rep.,243,Africell
+630,1584,86,2159,cd,Congo Dem. Rep.,243,Orange RDC sarl
+630,1584,05,95,cd,Congo Dem. Rep.,243,SuperCell
+630,1584,89,2207,cd,Congo Dem. Rep.,243,TIGO/Oasis
+630,1584,01,31,cd,Congo Dem. Rep.,243,Vodacom
+630,1584,88,2191,cd,Congo Dem. Rep.,243,Yozma Timeturns sprl (YTT)
+630,1584,02,47,cd,Congo Dem. Rep.,243,Airtel/ZAIN
+629,1577,01,31,cg,Congo Republic,242,Airtel SA
+629,1577,02,47,cg,Congo Republic,242,Azur SA (ETC)
+629,1577,10,271,cg,Congo Republic,242,MTN/Libertis
+629,1577,07,127,cg,Congo Republic,242,Warid
+548,1352,01,31,ck,Cook Islands,682,Telecom Cook Islands
+712,1810,03,63,cr,Costa Rica,506,Claro
+712,1810,02,47,cr,Costa Rica,506,ICE
+712,1810,01,31,cr,Costa Rica,506,ICE
+712,1810,04,79,cr,Costa Rica,506,Movistar
+712,1810,20,527,cr,Costa Rica,506,Virtualis
+219,537,01,31,hr,Croatia,385,T-Mobile/Cronet
+219,537,02,47,hr,Croatia,385,Tele2
+219,537,10,271,hr,Croatia,385,VIPnet d.o.o.
+368,872,01,31,cu,Cuba,53,C-COM
+362,866,95,2399,cw,Curacao,599,EOCG Wireless NV
+362,866,69,1695,cw,Curacao,599,Polycom N.V./ Digicel
+280,640,10,271,cy,Cyprus,357,MTN/Areeba
+280,640,20,527,cy,Cyprus,357,PrimeTel PLC
+280,640,01,31,cy,Cyprus,357,Vodafone/CyTa
+230,560,08,143,cz,Czech Rep.,420,Compatel s.r.o.
+230,560,02,47,cz,Czech Rep.,420,O2
+230,560,01,31,cz,Czech Rep.,420,T-Mobile / RadioMobil
+230,560,05,95,cz,Czech Rep.,420,Travel Telekommunikation s.r.o.
+230,560,04,79,cz,Czech Rep.,420,Ufone
+230,560,99,2463,cz,Czech Rep.,420,Vodafone
+230,560,03,63,cz,Czech Rep.,420,Vodafone
+238,568,05,95,dk,Denmark,45,ApS KBUS
+238,568,23,575,dk,Denmark,45,Banedanmark
+238,568,28,655,dk,Denmark,45,CoolTEL ApS
+238,568,06,111,dk,Denmark,45,H3G
+238,568,12,303,dk,Denmark,45,Lycamobile Ltd
+238,568,03,63,dk,Denmark,45,Mach Connectivity ApS
+238,568,07,127,dk,Denmark,45,Mundio Mobile
+238,568,04,79,dk,Denmark,45,NextGen Mobile Ltd (CardBoardFish)
+238,568,10,271,dk,Denmark,45,TDC Denmark
+238,568,01,31,dk,Denmark,45,TDC Denmark
+238,568,02,47,dk,Denmark,45,Telenor/Sonofon
+238,568,77,1919,dk,Denmark,45,Telenor/Sonofon
+238,568,20,527,dk,Denmark,45,Telia
+238,568,30,783,dk,Denmark,45,Telia
+638,1592,01,31,dj,Djibouti,253,Djibouti Telecom SA (Evatis)
+366,870,110,272,dm,Dominica,1767,C & W
+366,870,020,32,dm,Dominica,1767,Cingular Wireless/Digicel
+366,870,050,80,dm,Dominica,1767,Wireless Ventures (Dominica) Ltd (Digicel Dominica)
+370,880,02,47,do,Dominican Republic,1809,Claro
+370,880,01,31,do,Dominican Republic,1809,Orange
+370,880,03,63,do,Dominican Republic,1809,TRIcom
+370,880,04,79,do,Dominican Republic,1809,Trilogy Dominicana S. A.
+740,1856,02,47,ec,Ecuador,593,Alegro/Telcsa
+740,1856,00,15,ec,Ecuador,593,MOVISTAR/OteCel
+740,1856,01,31,ec,Ecuador,593,Claro/Porta
+602,1538,01,31,eg,Egypt,20,Orange/Mobinil
+602,1538,03,63,eg,Egypt,20,ETISALAT
+602,1538,02,47,eg,Egypt,20,Vodafone/Mirsfone
+706,1798,01,31,sv,El Salvador,503,CLARO/CTE
+706,1798,02,47,sv,El Salvador,503,Digicel
+706,1798,05,95,sv,El Salvador,503,INTELFON SA de CV
+706,1798,04,79,sv,El Salvador,503,Telefonica
+706,1798,03,63,sv,El Salvador,503,Telemovil
+627,1575,03,63,gq,Equatorial Guinea,240,HiTs-GE
+627,1575,01,31,gq,Equatorial Guinea,240,ORANGE/GETESA
+657,1623,01,31,er,Eritrea,291,Eritel
+248,584,01,31,ee,Estonia,372,EMT GSM
+248,584,02,47,ee,Estonia,372,Radiolinja Eesti
+248,584,03,63,ee,Estonia,372,Tele2 Eesti AS
+248,584,04,79,ee,Estonia,372,Top Connect OU
+636,1590,01,31,et,Ethiopia,251,ETH/MTN
+750,1872,001,1,fk,Falkland Islands (Malvinas),500,Cable and Wireless South Atlantic Ltd (Falkland Islands
+288,648,03,63,fo,Faroe Islands,298,Edge Mobile Sp/F
+288,648,01,31,fo,Faroe Islands,298,Faroese Telecom
+288,648,02,47,fo,Faroe Islands,298,Kall GSM
+542,1346,02,47,fj,Fiji,679,DigiCell
+542,1346,01,31,fj,Fiji,679,Vodafone
+244,580,14,335,fi,Finland,358,Alands
+244,580,26,623,fi,Finland,358,Compatel Ltd
+244,580,03,63,fi,Finland,358,DNA/Finnet
+244,580,12,303,fi,Finland,358,DNA/Finnet
+244,580,13,319,fi,Finland,358,DNA/Finnet
+244,580,04,79,fi,Finland,358,DNA/Finnet
+244,580,21,543,fi,Finland,358,Elisa/Saunalahti
+244,580,05,95,fi,Finland,358,Elisa/Saunalahti
+244,580,82,2095,fi,Finland,358,ID-Mobile
+244,580,11,287,fi,Finland,358,Mundio Mobile (Finland) Ltd
+244,580,09,159,fi,Finland,358,Nokia Oyj
+244,580,10,271,fi,Finland,358,TDC Oy Finland
+244,580,91,2335,fi,Finland,358,TeliaSonera
+208,520,27,639,fr,France,33,AFONE SA
+208,520,92,2351,fr,France,33,Association Plate-forme Telecom
+208,520,28,655,fr,France,33,Astrium
+208,520,88,2191,fr,France,33,Bouygues Telecom
+208,520,21,543,fr,France,33,Bouygues Telecom
+208,520,20,527,fr,France,33,Bouygues Telecom
+208,520,14,335,fr,France,33,Lliad/FREE Mobile
+208,520,07,127,fr,France,33,GlobalStar
+208,520,06,111,fr,France,33,GlobalStar
+208,520,05,95,fr,France,33,GlobalStar
+208,520,29,671,fr,France,33,Orange
+208,520,17,383,fr,France,33,Legos - Local Exchange Global Operation Services SA
+208,520,16,367,fr,France,33,Lliad/FREE Mobile
+208,520,15,351,fr,France,33,Lliad/FREE Mobile
+208,520,25,607,fr,France,33,Lycamobile SARL
+208,520,24,591,fr,France,33,MobiquiThings
+208,520,03,63,fr,France,33,MobiquiThings
+208,520,31,799,fr,France,33,Mundio Mobile (France) Ltd
+208,520,26,623,fr,France,33,NRJ
+208,520,23,575,fr,France,33,Virgin Mobile/Omer
+208,520,89,2207,fr,France,33,Virgin Mobile/Omer
+208,520,91,2335,fr,France,33,Orange
+208,520,02,47,fr,France,33,Orange
+208,520,01,31,fr,France,33,Orange
+208,520,13,319,fr,France,33,S.F.R.
+208,520,11,287,fr,France,33,S.F.R.
+208,520,10,271,fr,France,33,S.F.R.
+208,520,09,159,fr,France,33,S.F.R.
+208,520,04,79,fr,France,33,SISTEER
+208,520,00,15,fr,France,33,Tel/Tel
+208,520,22,559,fr,France,33,Transatel SA
+340,832,20,527,fg,French Guiana,594,Bouygues/DigiCel
+340,832,01,31,fg,French Guiana,594,Orange Caribe
+340,832,02,47,fg,French Guiana,594,Outremer Telecom
+340,832,11,287,fg,French Guiana,594,TelCell GSM
+340,832,03,63,fg,French Guiana,594,TelCell GSM
+547,1351,15,351,pf,French Polynesia,689,Pacific Mobile Telecom (PMT)
+547,1351,20,527,pf,French Polynesia,689,Vini/Tikiphone
+628,1576,04,79,ga,Gabon,241,Azur/Usan S.A.
+628,1576,01,31,ga,Gabon,241,Libertis S.A.
+628,1576,02,47,ga,Gabon,241,MOOV/Telecel
+628,1576,03,63,ga,Gabon,241,Airtel/ZAIN/Celtel Gabon S.A.
+607,1543,02,47,gm,Gambia,220,Africel
+607,1543,03,63,gm,Gambia,220,Comium
+607,1543,01,31,gm,Gambia,220,Gamcel
+607,1543,04,79,gm,Gambia,220,Q-Cell
+282,642,01,31,ge,Georgia,995,Geocell Ltd.
+282,642,03,63,ge,Georgia,995,Iberiatel Ltd.
+282,642,02,47,ge,Georgia,995,Magti GSM Ltd.
+282,642,04,79,ge,Georgia,995,MobiTel/Beeline
+282,642,05,95,ge,Georgia,995,Silknet
+262,610,17,383,de,Germany,49,E-Plus
+262,610,10,271,de,Germany,49,DB Netz AG
+262,610,n/a,271,de,Germany,49,Debitel
+262,610,77,1919,de,Germany,49,E-Plus
+262,610,03,63,de,Germany,49,E-Plus
+262,610,05,95,de,Germany,49,E-Plus
+262,610,12,303,de,Germany,49,E-Plus
+262,610,20,527,de,Germany,49,E-Plus
+262,610,14,335,de,Germany,49,Group 3G UMTS
+262,610,43,1087,de,Germany,49,Lycamobile
+262,610,13,319,de,Germany,49,Mobilcom
+262,610,08,143,de,Germany,49,O2
+262,610,07,127,de,Germany,49,O2
+262,610,11,287,de,Germany,49,O2
+262,610,n/a,287,de,Germany,49,Talkline
+262,610,06,111,de,Germany,49,T-mobile/Telekom
+262,610,01,31,de,Germany,49,T-mobile/Telekom
+262,610,16,367,de,Germany,49,Telogic/ViStream
+262,610,42,1071,de,Germany,49,Vodafone D2
+262,610,04,79,de,Germany,49,Vodafone D2
+262,610,02,47,de,Germany,49,Vodafone D2
+262,610,09,159,de,Germany,49,Vodafone D2
+620,1568,04,79,gh,Ghana,233,Expresso Ghana Ltd
+620,1568,07,127,gh,Ghana,233,GloMobile
+620,1568,03,63,gh,Ghana,233,Milicom/Tigo
+620,1568,01,31,gh,Ghana,233,MTN
+620,1568,02,47,gh,Ghana,233,Vodafone
+620,1568,06,111,gh,Ghana,233,Airtel/ZAIN
+266,614,06,111,gi,Gibraltar,350,CTS Mobile
+266,614,09,159,gi,Gibraltar,350,eazi telecom
+266,614,01,31,gi,Gibraltar,350,Gibtel GSM
+202,514,07,127,gr,Greece,30,AMD Telecom SA
+202,514,02,47,gr,Greece,30,Cosmote
+202,514,01,31,gr,Greece,30,Cosmote
+202,514,14,335,gr,Greece,30,CyTa Mobile
+202,514,04,79,gr,Greece,30,Organismos Sidirodromon Ellados (OSE)
+202,514,03,63,gr,Greece,30,OTE Hellenic Telecommunications Organization SA
+202,514,10,271,gr,Greece,30,Tim/Wind
+202,514,09,159,gr,Greece,30,Tim/Wind
+202,514,05,95,gr,Greece,30,Vodafone
+290,656,01,31,gl,Greenland,299,Tele Greenland
+352,850,110,272,gd,Grenada,1473,Cable & Wireless
+352,850,030,48,gd,Grenada,1473,Digicel
+352,850,050,80,gd,Grenada,1473,Digicel
+340,832,08,143,gp,Guadeloupe,590,Dauphin Telecom SU (Guadeloupe Telecom)
+340,832,10,271,gp,Guadeloupe,590,
+310,784,370,880,gu,Guam,1671,Docomo
+310,784,470,1136,gu,Guam,1671,Docomo
+310,784,140,320,gu,Guam,1671,GTA Wireless
+310,784,033,51,gu,Guam,1671,Guam Teleph. Auth.
+310,784,032,50,gu,Guam,1671,IT&E OverSeas
+311,785,250,592,gu,Guam,1671,Wave Runner LLC
+704,1796,01,31,gt,Guatemala,502,Claro
+704,1796,03,63,gt,Guatemala,502,Telefonica
+704,1796,02,47,gt,Guatemala,502,TIGO/COMCEL
+611,1553,04,79,gn,Guinea,224,MTN/Areeba
+611,1553,05,95,gn,Guinea,224,Celcom
+611,1553,03,63,gn,Guinea,224,Intercel
+611,1553,01,31,gn,Guinea,224,Orange/Sonatel/Spacetel
+611,1553,02,47,gn,Guinea,224,SotelGui
+632,1586,01,31,gw,Guinea-Bissau,245,GuineTel
+632,1586,03,63,gw,Guinea-Bissau,245,Orange
+632,1586,02,47,gw,Guinea-Bissau,245,SpaceTel
+738,1848,02,47,gy,Guyana,592,Cellink Plus
+738,1848,01,31,gy,Guyana,592,DigiCel
+372,882,01,31,ht,Haiti,509,Comcel
+372,882,02,47,ht,Haiti,509,Digicel
+372,882,03,63,ht,Haiti,509,National Telecom SA (NatCom)
+708,1800,040,64,hn,Honduras,504,Digicel
+708,1800,030,48,hn,Honduras,504,HonduTel
+708,1800,001,1,hn,Honduras,504,SERCOM/CLARO
+708,1800,002,2,hn,Honduras,504,Telefonica/CELTEL
+454,1108,28,655,hk,Hongkong China,852,China Mobile/Peoples
+454,1108,13,319,hk,Hongkong China,852,China Mobile/Peoples
+454,1108,12,303,hk,Hongkong China,852,China Mobile/Peoples
+454,1108,09,159,hk,Hongkong China,852,China Motion
+454,1108,07,127,hk,Hongkong China,852,China Unicom Ltd
+454,1108,11,287,hk,Hongkong China,852,China-HongKong Telecom Ltd (CHKTL)
+454,1108,01,31,hk,Hongkong China,852,Citic Telecom Ltd.
+454,1108,02,47,hk,Hongkong China,852,CSL Ltd.
+454,1108,00,15,hk,Hongkong China,852,CSL Ltd.
+454,1108,18,399,hk,Hongkong China,852,CSL Ltd.
+454,1108,10,271,hk,Hongkong China,852,CSL/New World PCS Ltd.
+454,1108,04,79,hk,Hongkong China,852,H3G/Hutchinson
+454,1108,03,63,hk,Hongkong China,852,H3G/Hutchinson
+454,1108,14,335,hk,Hongkong China,852,H3G/Hutchinson
+454,1108,05,95,hk,Hongkong China,852,H3G/Hutchinson
+454,1108,20,527,hk,Hongkong China,852,HKT/PCCW
+454,1108,29,671,hk,Hongkong China,852,HKT/PCCW
+454,1108,16,367,hk,Hongkong China,852,HKT/PCCW
+454,1108,19,415,hk,Hongkong China,852,HKT/PCCW
+454,1108,47,1151,hk,Hongkong China,852,shared by private TETRA systems
+454,1108,40,1039,hk,Hongkong China,852,shared by private TETRA systems
+454,1108,08,143,hk,Hongkong China,852,Truephone
+454,1108,17,383,hk,Hongkong China,852,Vodafone/SmarTone
+454,1108,15,351,hk,Hongkong China,852,Vodafone/SmarTone
+454,1108,06,111,hk,Hongkong China,852,Vodafone/SmarTone
+216,534,01,31,hu,Hungary,36,Pannon/Telenor
+216,534,30,783,hu,Hungary,36,T-mobile/Magyar
+216,534,71,1823,hu,Hungary,36,UPC Magyarorszag Kft.
+216,534,70,1807,hu,Hungary,36,Vodafone
+274,628,09,159,is,Iceland,354,Amitelo
+274,628,07,127,is,Iceland,354,IceCell
+274,628,08,143,is,Iceland,354,Siminn
+274,628,01,31,is,Iceland,354,Siminn
+274,628,11,287,is,Iceland,354,NOVA
+274,628,04,79,is,Iceland,354,VIKING/IMC
+274,628,02,47,is,Iceland,354,Vodafone/Tal hf
+274,628,05,95,is,Iceland,354,Vodafone/Tal hf
+274,628,03,63,is,Iceland,354,Vodafone/Tal hf
+404,1028,42,1071,in,India,91,Aircel
+404,1028,33,831,in,India,91,Aircel
+404,1028,29,671,in,India,91,Aircel
+404,1028,28,655,in,India,91,Aircel
+404,1028,25,607,in,India,91,Aircel
+404,1028,17,383,in,India,91,Aircel
+404,1028,01,31,in,India,91,Aircel Digilink India
+404,1028,15,351,in,India,91,Aircel Digilink India
+404,1028,60,1551,in,India,91,Aircel Digilink India
+405,1029,53,1343,in,India,91,AirTel
+404,1028,86,2159,in,India,91,Barakhamba Sales & Serv.
+404,1028,13,319,in,India,91,Barakhamba Sales & Serv.
+404,1028,74,1871,in,India,91,BSNL
+404,1028,38,911,in,India,91,BSNL
+404,1028,57,1407,in,India,91,BSNL
+404,1028,80,2063,in,India,91,BSNL
+404,1028,73,1855,in,India,91,BSNL
+404,1028,34,847,in,India,91,BSNL
+404,1028,66,1647,in,India,91,BSNL
+404,1028,55,1375,in,India,91,BSNL
+404,1028,72,1839,in,India,91,BSNL
+404,1028,77,1919,in,India,91,BSNL
+404,1028,64,1615,in,India,91,BSNL
+404,1028,54,1359,in,India,91,BSNL
+404,1028,71,1823,in,India,91,BSNL
+404,1028,76,1903,in,India,91,BSNL
+404,1028,62,1583,in,India,91,BSNL
+404,1028,53,1343,in,India,91,BSNL
+404,1028,59,1439,in,India,91,BSNL
+404,1028,75,1887,in,India,91,BSNL
+404,1028,51,1311,in,India,91,BSNL
+404,1028,58,1423,in,India,91,BSNL
+404,1028,81,2079,in,India,91,BSNL
+404,1028,10,271,in,India,91,Bharti Airtel Limited (Delhi)
+404,1028,045,69,in,India,91,Bharti Airtel Limited (Karnataka) (India)
+404,1028,79,1951,in,India,91,CellOne A&N
+404,1028,89,2207,in,India,91,Escorts Telecom Ltd.
+404,1028,88,2191,in,India,91,Escorts Telecom Ltd.
+404,1028,87,2175,in,India,91,Escorts Telecom Ltd.
+404,1028,82,2095,in,India,91,Escorts Telecom Ltd.
+404,1028,12,303,in,India,91,Escotel Mobile Communications
+404,1028,19,415,in,India,91,Escotel Mobile Communications
+404,1028,56,1391,in,India,91,Escotel Mobile Communications
+405,1029,05,95,in,India,91,Fascel Limited
+404,1028,05,95,in,India,91,Fascel
+404,1028,70,1807,in,India,91,Hexacom India
+404,1028,16,367,in,India,91,Hexcom India
+404,1028,04,79,in,India,91,Idea Cellular Ltd.
+404,1028,24,591,in,India,91,Idea Cellular Ltd.
+404,1028,22,559,in,India,91,Idea Cellular Ltd.
+404,1028,78,1935,in,India,91,Idea Cellular Ltd.
+404,1028,07,127,in,India,91,Idea Cellular Ltd.
+404,1028,69,1695,in,India,91,Mahanagar Telephone Nigam
+404,1028,68,1679,in,India,91,Mahanagar Telephone Nigam
+404,1028,83,2111,in,India,91,Reliable Internet Services
+404,1028,36,879,in,India,91,Reliance Telecom Private
+404,1028,52,1327,in,India,91,Reliance Telecom Private
+404,1028,50,1295,in,India,91,Reliance Telecom Private
+404,1028,67,1663,in,India,91,Reliance Telecom Private
+404,1028,18,399,in,India,91,Reliance Telecom Private
+404,1028,85,2143,in,India,91,Reliance Telecom Private
+404,1028,09,159,in,India,91,Reliance Telecom Private
+404,1028,41,1055,in,India,91,RPG Cellular
+404,1028,14,335,in,India,91,Spice
+404,1028,44,1103,in,India,91,Spice
+404,1028,11,287,in,India,91,Sterling Cellular Ltd.
+405,1029,034,52,in,India,91,TATA / Karnataka
+404,1028,30,783,in,India,91,Usha Martin Telecom
+510,1296,08,143,id,Indonesia,62,Axis/Natrindo
+510,1296,99,2463,id,Indonesia,62,Esia (PT Bakrie Telecom) (CDMA)
+510,1296,07,127,id,Indonesia,62,Flexi (PT Telkom) (CDMA)
+510,1296,89,2207,id,Indonesia,62,H3G CP
+510,1296,21,543,id,Indonesia,62,Indosat/Satelindo/M3
+510,1296,01,31,id,Indonesia,62,Indosat/Satelindo/M3
+510,1296,00,15,id,Indonesia,62,PT Pasifik Satelit Nusantara (PSN)
+510,1296,27,639,id,Indonesia,62,PT Sampoerna Telekomunikasi Indonesia (STI)
+510,1296,28,655,id,Indonesia,62,PT Smartfren Telecom Tbk
+510,1296,09,159,id,Indonesia,62,PT Smartfren Telecom Tbk
+510,1296,11,287,id,Indonesia,62,PT. Excelcom
+510,1296,10,271,id,Indonesia,62,Telkomsel
+901,2305,13,319,n/a,International Networks,882,Antarctica
+432,1074,19,415,ir,Iran,98,Mobile Telecommunications Company of Esfahan JV-PJS (MTCE)
+432,1074,70,1807,ir,Iran,98,MTCE
+432,1074,35,863,ir,Iran,98,MTN/IranCell
+432,1074,20,527,ir,Iran,98,Rightel
+432,1074,32,815,ir,Iran,98,Taliya
+432,1074,11,287,ir,Iran,98,MCI/TCI
+432,1074,14,335,ir,Iran,98,TKC/KFZO
+418,1048,05,95,iq,Iraq,964,Asia Cell
+418,1048,92,2351,iq,Iraq,964,Itisaluna and Kalemat
+418,1048,82,2095,iq,Iraq,964,Korek
+418,1048,40,1039,iq,Iraq,964,Korek
+418,1048,45,1119,iq,Iraq,964,Mobitel (Iraq-Kurdistan) and Moutiny
+418,1048,30,783,iq,Iraq,964,Orascom Telecom
+418,1048,20,527,iq,Iraq,964,ZAIN/Atheer/Orascom
+418,1048,08,143,iq,Iraq,964,Sanatel
+272,626,04,79,ie,Ireland,353,Access Telecom Ltd.
+272,626,09,159,ie,Ireland,353,Clever Communications Ltd
+272,626,07,127,ie,Ireland,353,eircom Ltd
+272,626,05,95,ie,Ireland,353,Three/H3G
+272,626,11,287,ie,Ireland,353,Tesco Mobile/Liffey Telecom
+272,626,13,319,ie,Ireland,353,Lycamobile
+272,626,03,63,ie,Ireland,353,Meteor Mobile Ltd.
+272,626,02,47,ie,Ireland,353,Three/O2/Digifone
+272,626,01,31,ie,Ireland,353,Vodafone Eircell
+425,1061,14,335,il,Israel,972,Alon Cellular Ltd
+425,1061,02,47,il,Israel,972,Cellcom ltd.
+425,1061,08,143,il,Israel,972,Golan Telekom
+425,1061,15,351,il,Israel,972,Home Cellular Ltd
+425,1061,77,1919,il,Israel,972,Hot Mobile/Mirs
+425,1061,07,127,il,Israel,972,Hot Mobile/Mirs
+425,1061,01,31,il,Israel,972,Orange/Partner Co. Ltd.
+425,1061,03,63,il,Israel,972,Pelephone
+425,1061,12,303,il,Israel,972,Pelephone
+425,1061,16,367,il,Israel,972,Rami Levy Hashikma Marketing Communications Ltd
+425,1061,19,415,il,Israel,972,Telzar/AZI
+222,546,34,847,it,Italy,39,BT Italia SpA
+222,546,02,47,it,Italy,39,Elsacom
+222,546,08,143,it,Italy,39,Fastweb SpA
+222,546,00,15,it,Italy,39,Fix Line
+222,546,99,2463,it,Italy,39,Hi3G
+222,546,77,1919,it,Italy,39,IPSE 2000
+222,546,35,863,it,Italy,39,Lycamobile Srl
+222,546,07,127,it,Italy,39,Noverca Italia Srl
+222,546,33,831,it,Italy,39,PosteMobile SpA
+222,546,00,15,it,Italy,39,Premium Number(s)
+222,546,30,783,it,Italy,39,RFI Rete Ferroviaria Italiana SpA
+222,546,48,1167,it,Italy,39,Telecom Italia Mobile SpA
+222,546,43,1087,it,Italy,39,Telecom Italia Mobile SpA
+222,546,01,31,it,Italy,39,TIM
+222,546,10,271,it,Italy,39,Vodafone
+222,546,06,111,it,Italy,39,Vodafone
+222,546,00,15,it,Italy,39,VOIP Line
+222,546,44,1103,it,Italy,39,WIND (Blu) -
+222,546,88,2191,it,Italy,39,WIND (Blu) -
+612,1554,07,127,ci,Ivory Coast,225,Aircomm SA
+612,1554,02,47,ci,Ivory Coast,225,Atlantik Tel./Moov
+612,1554,04,79,ci,Ivory Coast,225,Comium
+612,1554,01,31,ci,Ivory Coast,225,Comstar
+612,1554,05,95,ci,Ivory Coast,225,MTN
+612,1554,03,63,ci,Ivory Coast,225,Orange
+612,1554,06,111,ci,Ivory Coast,225,OriCell
+338,824,110,272,jm,Jamaica,1876,Cable & Wireless
+338,824,020,32,jm,Jamaica,1876,Cable & Wireless
+338,824,180,384,jm,Jamaica,1876,Cable & Wireless
+338,824,050,80,jm,Jamaica,1876,DIGICEL/Mossel
+440,1088,00,15,jp,Japan,81,Y-Mobile
+440,1088,75,1887,jp,Japan,81,KDDI Corporation
+440,1088,56,1391,jp,Japan,81,KDDI Corporation
+441,1089,70,1807,jp,Japan,81,KDDI Corporation
+440,1088,52,1327,jp,Japan,81,KDDI Corporation
+440,1088,76,1903,jp,Japan,81,KDDI Corporation
+440,1088,71,1823,jp,Japan,81,KDDI Corporation
+440,1088,53,1343,jp,Japan,81,KDDI Corporation
+440,1088,77,1919,jp,Japan,81,KDDI Corporation
+440,1088,08,143,jp,Japan,81,KDDI Corporation
+440,1088,72,1839,jp,Japan,81,KDDI Corporation
+440,1088,54,1359,jp,Japan,81,KDDI Corporation
+440,1088,79,1951,jp,Japan,81,KDDI Corporation
+440,1088,07,127,jp,Japan,81,KDDI Corporation
+440,1088,73,1855,jp,Japan,81,KDDI Corporation
+440,1088,55,1375,jp,Japan,81,KDDI Corporation
+440,1088,88,2191,jp,Japan,81,KDDI Corporation
+440,1088,50,1295,jp,Japan,81,KDDI Corporation
+440,1088,74,1871,jp,Japan,81,KDDI Corporation
+440,1088,70,1807,jp,Japan,81,KDDI Corporation
+440,1088,89,2207,jp,Japan,81,KDDI Corporation
+440,1088,51,1311,jp,Japan,81,KDDI Corporation
+440,1088,67,1663,jp,Japan,81,NTT Docomo
+440,1088,01,31,jp,Japan,81,NTT Docomo
+440,1088,14,335,jp,Japan,81,NTT Docomo
+441,1089,94,2383,jp,Japan,81,NTT Docomo
+441,1089,41,1055,jp,Japan,81,NTT Docomo
+440,1088,62,1583,jp,Japan,81,NTT Docomo
+440,1088,39,927,jp,Japan,81,NTT Docomo
+440,1088,30,783,jp,Japan,81,NTT Docomo
+440,1088,10,271,jp,Japan,81,NTT Docomo
+441,1089,45,1119,jp,Japan,81,NTT Docomo
+440,1088,24,591,jp,Japan,81,NTT Docomo
+440,1088,68,1679,jp,Japan,81,NTT Docomo
+440,1088,15,351,jp,Japan,81,NTT Docomo
+441,1089,98,2447,jp,Japan,81,NTT Docomo
+441,1089,42,1071,jp,Japan,81,NTT Docomo
+440,1088,63,1599,jp,Japan,81,NTT Docomo
+440,1088,38,911,jp,Japan,81,NTT Docomo
+440,1088,26,623,jp,Japan,81,NTT Docomo
+440,1088,11,287,jp,Japan,81,NTT Docomo
+440,1088,21,543,jp,Japan,81,NTT Docomo
+441,1089,44,1103,jp,Japan,81,NTT Docomo
+440,1088,13,319,jp,Japan,81,NTT Docomo
+440,1088,23,575,jp,Japan,81,NTT Docomo
+440,1088,69,1695,jp,Japan,81,NTT Docomo
+440,1088,16,367,jp,Japan,81,NTT Docomo
+441,1089,99,2463,jp,Japan,81,NTT Docomo
+440,1088,34,847,jp,Japan,81,NTT Docomo
+440,1088,64,1615,jp,Japan,81,NTT Docomo
+440,1088,37,895,jp,Japan,81,NTT Docomo
+440,1088,25,607,jp,Japan,81,NTT Docomo
+440,1088,22,559,jp,Japan,81,NTT Docomo
+441,1089,43,1087,jp,Japan,81,NTT Docomo
+440,1088,27,639,jp,Japan,81,NTT Docomo
+440,1088,02,47,jp,Japan,81,NTT Docomo
+440,1088,17,383,jp,Japan,81,NTT Docomo
+440,1088,31,799,jp,Japan,81,NTT Docomo
+440,1088,87,2175,jp,Japan,81,NTT Docomo
+440,1088,65,1631,jp,Japan,81,NTT Docomo
+440,1088,36,879,jp,Japan,81,NTT Docomo
+441,1089,92,2351,jp,Japan,81,NTT Docomo
+440,1088,12,303,jp,Japan,81,NTT Docomo
+440,1088,58,1423,jp,Japan,81,NTT Docomo
+440,1088,28,655,jp,Japan,81,NTT Docomo
+440,1088,03,63,jp,Japan,81,NTT Docomo
+440,1088,18,399,jp,Japan,81,NTT Docomo
+441,1089,91,2335,jp,Japan,81,NTT Docomo
+440,1088,32,815,jp,Japan,81,NTT Docomo
+440,1088,61,1567,jp,Japan,81,NTT Docomo
+440,1088,66,1647,jp,Japan,81,NTT Docomo
+440,1088,35,863,jp,Japan,81,NTT Docomo
+441,1089,93,2367,jp,Japan,81,NTT Docomo
+441,1089,40,1039,jp,Japan,81,NTT Docomo
+440,1088,49,1183,jp,Japan,81,NTT Docomo
+440,1088,29,671,jp,Japan,81,NTT Docomo
+440,1088,09,159,jp,Japan,81,NTT Docomo
+440,1088,19,415,jp,Japan,81,NTT Docomo
+441,1089,90,2319,jp,Japan,81,NTT Docomo
+440,1088,33,831,jp,Japan,81,NTT Docomo
+440,1088,60,1551,jp,Japan,81,NTT Docomo
+440,1088,99,2463,jp,Japan,81,NTT Docomo
+440,1088,78,1935,jp,Japan,81,Okinawa Cellular Telephone
+440,1088,04,79,jp,Japan,81,SoftBank Mobile Corp
+441,1089,62,1583,jp,Japan,81,SoftBank Mobile Corp
+440,1088,45,1119,jp,Japan,81,SoftBank Mobile Corp
+440,1088,20,527,jp,Japan,81,SoftBank Mobile Corp
+440,1088,96,2415,jp,Japan,81,SoftBank Mobile Corp
+440,1088,40,1039,jp,Japan,81,SoftBank Mobile Corp
+441,1089,63,1599,jp,Japan,81,SoftBank Mobile Corp
+440,1088,47,1151,jp,Japan,81,SoftBank Mobile Corp
+440,1088,95,2399,jp,Japan,81,SoftBank Mobile Corp
+440,1088,41,1055,jp,Japan,81,SoftBank Mobile Corp
+441,1089,64,1615,jp,Japan,81,SoftBank Mobile Corp
+440,1088,46,1135,jp,Japan,81,SoftBank Mobile Corp
+440,1088,97,2431,jp,Japan,81,SoftBank Mobile Corp
+440,1088,42,1071,jp,Japan,81,SoftBank Mobile Corp
+441,1089,65,1631,jp,Japan,81,SoftBank Mobile Corp
+440,1088,90,2319,jp,Japan,81,SoftBank Mobile Corp
+440,1088,92,2351,jp,Japan,81,SoftBank Mobile Corp
+440,1088,98,2447,jp,Japan,81,SoftBank Mobile Corp
+440,1088,43,1087,jp,Japan,81,SoftBank Mobile Corp
+440,1088,93,2367,jp,Japan,81,SoftBank Mobile Corp
+440,1088,48,1167,jp,Japan,81,SoftBank Mobile Corp
+440,1088,06,111,jp,Japan,81,SoftBank Mobile Corp
+441,1089,61,1567,jp,Japan,81,SoftBank Mobile Corp
+440,1088,44,1103,jp,Japan,81,SoftBank Mobile Corp
+440,1088,94,2383,jp,Japan,81,SoftBank Mobile Corp
+440,1088,85,2143,jp,Japan,81,KDDI Corporation
+440,1088,83,2111,jp,Japan,81,KDDI Corporation
+440,1088,80,2063,jp,Japan,81,KDDI Corporation
+440,1088,86,2159,jp,Japan,81,KDDI Corporation
+440,1088,81,2079,jp,Japan,81,KDDI Corporation
+440,1088,84,2127,jp,Japan,81,KDDI Corporation
+440,1088,82,2095,jp,Japan,81,KDDI Corporation
+416,1046,77,1919,jo,Jordan,962,Orange/Petra
+416,1046,03,63,jo,Jordan,962,Umniah Mobile Co.
+416,1046,02,47,jo,Jordan,962,Xpress
+416,1046,01,31,jo,Jordan,962,ZAIN /J.M.T.S
+401,1025,01,31,kz,Kazakhstan,7,Beeline/KaR-Tel LLP
+401,1025,07,127,kz,Kazakhstan,7,Dalacom/Altel
+401,1025,02,47,kz,Kazakhstan,7,K-Cell
+401,1025,77,1919,kz,Kazakhstan,7,Tele2/NEO/MTS
+639,1593,05,95,ke,Kenya,254,Econet Wireless
+639,1593,07,127,ke,Kenya,254,Orange
+639,1593,02,47,ke,Kenya,254,Safaricom Ltd.
+639,1593,03,63,ke,Kenya,254,Airtel/Zain/Celtel Ltd.
+545,1349,09,159,ki,Kiribati,686,Kiribati Frigate
+467,1127,193,403,kp,Korea N. Dem. People's Rep.,850,Sun Net
+450,1104,02,47,kr,Korea S Republic of,82,KT Freetel Co. Ltd.
+450,1104,04,79,kr,Korea S Republic of,82,KT Freetel Co. Ltd.
+450,1104,08,143,kr,Korea S Republic of,82,KT Freetel Co. Ltd.
+450,1104,06,111,kr,Korea S Republic of,82,LG Telecom
+450,1104,03,63,kr,Korea S Republic of,82,SK Telecom
+450,1104,05,95,kr,Korea S Republic of,82,SK Telecom Co. Ltd
+419,1049,04,79,kw,Kuwait,965,Viva
+419,1049,03,63,kw,Kuwait,965,Wataniya
+419,1049,02,47,kw,Kuwait,965,Zain
+437,1079,03,63,kg,Kyrgyzstan,996,AkTel LLC
+437,1079,01,31,kg,Kyrgyzstan,996,Beeline/Bitel
+437,1079,05,95,kg,Kyrgyzstan,996,MEGACOM
+437,1079,09,159,kg,Kyrgyzstan,996,O!/NUR Telecom
+457,1111,02,47,la,Laos P.D.R.,856,ETL Mobile
+457,1111,01,31,la,Laos P.D.R.,856,Lao Tel
+457,1111,08,143,la,Laos P.D.R.,856,Beeline/Tigo/Millicom
+457,1111,03,63,la,Laos P.D.R.,856,UNITEL/LAT
+247,583,05,95,lv,Latvia,371,Bite
+247,583,01,31,lv,Latvia,371,Latvian Mobile Phone
+247,583,09,159,lv,Latvia,371,SIA Camel Mobile
+247,583,08,143,lv,Latvia,371,SIA IZZI
+247,583,07,127,lv,Latvia,371,SIA Master Telecom
+247,583,06,111,lv,Latvia,371,SIA Rigatta
+247,583,02,47,lv,Latvia,371,Tele2
+247,583,03,63,lv,Latvia,371,TRIATEL/Telekom Baltija
+415,1045,33,831,lb,Lebanon,961,Cellis
+415,1045,32,815,lb,Lebanon,961,Cellis
+415,1045,35,863,lb,Lebanon,961,Cellis
+415,1045,34,847,lb,Lebanon,961,FTML Cellis
+415,1045,39,927,lb,Lebanon,961,MIC2/LibanCell/MTC
+415,1045,38,911,lb,Lebanon,961,MIC2/LibanCell/MTC
+415,1045,37,895,lb,Lebanon,961,MIC2/LibanCell/MTC
+415,1045,01,31,lb,Lebanon,961,MIC1 (Alfa)
+415,1045,03,63,lb,Lebanon,961,MIC2/LibanCell/MTC
+415,1045,36,879,lb,Lebanon,961,MIC2/LibanCell/MTC
+651,1617,02,47,ls,Lesotho,266,Econet/Ezi-cel
+651,1617,01,31,ls,Lesotho,266,Vodacom Lesotho
+618,1560,07,127,lr,Liberia,231,CELLCOM
+618,1560,04,79,lr,Liberia,231,Comium BVI
+618,1560,02,47,lr,Liberia,231,Libercell
+618,1560,20,527,lr,Liberia,231,LibTelco
+618,1560,01,31,lr,Liberia,231,Lonestar
+606,1542,02,47,ly,Libya,218,Al-Madar
+606,1542,01,31,ly,Libya,218,Al-Madar
+606,1542,06,111,ly,Libya,218,Hatef
+606,1542,00,15,ly,Libya,218,Libyana
+606,1542,03,63,ly,Libya,218,Libyana
+295,661,06,111,li,Liechtenstein,423,CUBIC (Liechtenstein
+295,661,07,127,li,Liechtenstein,423,First Mobile AG
+295,661,02,47,li,Liechtenstein,423,Orange
+295,661,01,31,li,Liechtenstein,423,Swisscom FL AG
+295,661,77,1919,li,Liechtenstein,423,Alpmobile/Tele2
+295,661,05,95,li,Liechtenstein,423,Telecom FL1 AG
+246,582,02,47,lt,Lithuania,370,Bite
+246,582,01,31,lt,Lithuania,370,Omnitel
+246,582,03,63,lt,Lithuania,370,Tele2
+270,624,77,1919,lu,Luxembourg,352,Millicom Tango GSM
+270,624,01,31,lu,Luxembourg,352,P+T/Post LUXGSM
+270,624,99,2463,lu,Luxembourg,352,Orange/VOXmobile S.A.
+455,1109,01,31,mo,Macao China,853,C.T.M. TELEMOVEL+
+455,1109,04,79,mo,Macao China,853,C.T.M. TELEMOVEL+
+455,1109,02,47,mo,Macao China,853,China Telecom
+455,1109,05,95,mo,Macao China,853,Hutchison Telephone Co. Ltd
+455,1109,03,63,mo,Macao China,853,Hutchison Telephone Co. Ltd
+455,1109,06,111,mo,Macao China,853,Smartone Mobile
+455,1109,00,15,mo,Macao China,853,Smartone Mobile
+294,660,75,1887,mk,Macedonia,389,ONE/Cosmofone
+294,660,02,47,mk,Macedonia,389,ONE/Cosmofone
+294,660,01,31,mk,Macedonia,389,T-Mobile/Mobimak
+294,660,03,63,mk,Macedonia,389,VIP Mobile
+646,1606,01,31,mg,Madagascar,261,Airtel/MADACOM
+646,1606,02,47,mg,Madagascar,261,Orange/Soci
+646,1606,03,63,mg,Madagascar,261,Sacel
+646,1606,04,79,mg,Madagascar,261,Telma
+650,1616,01,31,mw,Malawi,265,TNM/Telekom Network Ltd.
+650,1616,10,271,mw,Malawi,265,Airtel/Zain/Celtel ltd.
+502,1282,01,31,my,Malaysia,60,Art900
+502,1282,151,337,my,Malaysia,60,Baraka Telecom Sdn Bhd
+502,1282,19,415,my,Malaysia,60,CelCom
+502,1282,13,319,my,Malaysia,60,CelCom
+502,1282,198,408,my,Malaysia,60,CelCom
+502,1282,16,367,my,Malaysia,60,Digi Telecommunications
+502,1282,10,271,my,Malaysia,60,Digi Telecommunications
+502,1282,20,527,my,Malaysia,60,Electcoms Wireless Sdn Bhd
+502,1282,17,383,my,Malaysia,60,Maxis
+502,1282,12,303,my,Malaysia,60,Maxis
+502,1282,11,287,my,Malaysia,60,MTX Utara
+502,1282,153,339,my,Malaysia,60,Webe/Packet One Networks (Malaysia) Sdn Bhd
+502,1282,155,341,my,Malaysia,60,Samata Communications Sdn Bhd
+502,1282,154,340,my,Malaysia,60,Tron/Talk Focus Sdn Bhd
+502,1282,18,399,my,Malaysia,60,U Mobile
+502,1282,195,405,my,Malaysia,60,XOX Com Sdn Bhd
+502,1282,152,338,my,Malaysia,60,YES
+472,1138,01,31,mv,Maldives,960,Dhiraagu/C&W
+472,1138,02,47,mv,Maldives,960,Ooredo/Wataniya
+610,1552,01,31,ml,Mali,223,Malitel
+610,1552,02,47,ml,Mali,223,Orange/IKATEL
+278,632,21,543,mt,Malta,356,GO Mobile
+278,632,77,1919,mt,Malta,356,Melita
+278,632,01,31,mt,Malta,356,Vodafone
+340,832,12,303,mq,Martinique (French Department of),596,UTS Caraibe
+609,1545,02,47,mr,Mauritania,222,Chinguitel SA
+609,1545,01,31,mr,Mauritania,222,Mattel
+609,1545,10,271,mr,Mauritania,222,Mauritel
+617,1559,10,271,mu,Mauritius,230,Emtel Ltd
+617,1559,03,63,mu,Mauritius,230,Mahanagar Telephone
+617,1559,02,47,mu,Mauritius,230,Mahanagar Telephone
+617,1559,01,31,mu,Mauritius,230,Orange/Cellplus
+334,820,50,1295,mx,Mexico,52,AT&T/IUSACell
+334,820,050,80,mx,Mexico,52,AT&T/IUSACell
+334,820,040,64,mx,Mexico,52,AT&T/IUSACell
+334,820,04,79,mx,Mexico,52,AT&T/IUSACell
+334,820,030,48,mx,Mexico,52,Movistar/Pegaso
+334,820,03,63,mx,Mexico,52,Movistar/Pegaso
+334,820,01,31,mx,Mexico,52,NEXTEL
+334,820,09,159,mx,Mexico,52,NEXTEL
+334,820,090,144,mx,Mexico,52,NEXTEL
+334,820,010,16,mx,Mexico,52,NEXTEL
+334,820,080,128,mx,Mexico,52,Operadora Unefon SA de CV
+334,820,070,112,mx,Mexico,52,Operadora Unefon SA de CV
+334,820,060,96,mx,Mexico,52,SAI PCS
+334,820,020,32,mx,Mexico,52,TelCel/America Movil
+334,820,02,47,mx,Mexico,52,TelCel/America Movil
+550,1360,01,31,fm,Micronesia,691,FSM Telecom
+259,601,04,79,md,Moldova,373,Eventis Mobile
+259,601,05,95,md,Moldova,373,IDC/Unite
+259,601,99,2463,md,Moldova,373,IDC/Unite
+259,601,03,63,md,Moldova,373,IDC/Unite
+259,601,02,47,md,Moldova,373,Moldcell
+259,601,01,31,md,Moldova,373,Orange/Voxtel
+212,530,10,271,mc,Monaco,377,Monaco Telecom
+212,530,01,31,mc,Monaco,377,Monaco Telecom
+428,1064,98,2447,mn,Mongolia,976,G-Mobile Corporation Ltd
+428,1064,99,2463,mn,Mongolia,976,Mobicom
+428,1064,91,2335,mn,Mongolia,976,Skytel Co. Ltd
+428,1064,00,15,mn,Mongolia,976,Skytel Co. Ltd
+428,1064,88,2191,mn,Mongolia,976,Unitel
+297,663,02,47,me,Montenegro,382,Monet/T-mobile
+297,663,03,63,me,Montenegro,382,Mtel
+297,663,01,31,me,Montenegro,382,Telenor/Promonte GSM
+354,852,860,2144,ms,Montserrat,1664,Cable & Wireless
+604,1540,01,31,ma,Morocco,212,IAM/Itissallat
+604,1540,02,47,ma,Morocco,212,INWI/WANA
+604,1540,00,15,ma,Morocco,212,Medi Telecom
+643,1603,01,31,mz,Mozambique,258,mCel
+643,1603,03,63,mz,Mozambique,258,Movitel
+643,1603,04,79,mz,Mozambique,258,Vodacom
+414,1044,01,31,mm,Myanmar (Burma),95,Myanmar Post & Teleco.
+414,1044,05,95,mm,Myanmar (Burma),95,Oreedoo
+414,1044,06,111,mm,Myanmar (Burma),95,Telenor
+649,1609,03,63,na,Namibia,264,Leo / Orascom
+649,1609,01,31,na,Namibia,264,MTC
+649,1609,02,47,na,Namibia,264,Switch/Nam. Telec.
+429,1065,02,47,np,Nepal,977,Ncell
+429,1065,01,31,np,Nepal,977,NT Mobile / Namaste
+429,1065,04,79,np,Nepal,977,Smart Cell
+204,516,14,335,nl,Netherlands,31,6GMOBILE BV
+204,516,23,575,nl,Netherlands,31,Aspider Solutions
+204,516,05,95,nl,Netherlands,31,Elephant Talk Communications Premium Rate Services Netherlands BV
+204,516,17,383,nl,Netherlands,31,Intercity Mobile Communications BV
+204,516,08,143,nl,Netherlands,31,KPN Telecom B.V.
+204,516,69,1695,nl,Netherlands,31,KPN Telecom B.V.
+204,516,10,271,nl,Netherlands,31,KPN Telecom B.V.
+204,516,12,303,nl,Netherlands,31,KPN/Telfort
+204,516,28,655,nl,Netherlands,31,Lancelot BV
+204,516,09,159,nl,Netherlands,31,Lycamobile Ltd
+204,516,06,111,nl,Netherlands,31,Mundio/Vectone Mobile
+204,516,21,543,nl,Netherlands,31,NS Railinfrabeheer B.V.
+204,516,24,591,nl,Netherlands,31,Private Mobility Nederland BV
+204,516,98,2447,nl,Netherlands,31,T-Mobile B.V.
+204,516,16,367,nl,Netherlands,31,T-Mobile B.V.
+204,516,20,527,nl,Netherlands,31,T-mobile/former Orange
+204,516,02,47,nl,Netherlands,31,Tele2
+204,516,07,127,nl,Netherlands,31,Teleena Holding BV
+204,516,68,1679,nl,Netherlands,31,Unify Mobile
+204,516,18,399,nl,Netherlands,31,UPC Nederland BV
+204,516,04,79,nl,Netherlands,31,Vodafone Libertel
+204,516,03,63,nl,Netherlands,31,Voiceworks Mobile BV
+204,516,15,351,nl,Netherlands,31,Ziggo BV
+362,866,630,1584,an,Netherlands Antilles,599,Cingular Wireless
+362,866,51,1311,an,Netherlands Antilles,599,TELCELL GSM
+362,866,91,2335,an,Netherlands Antilles,599,SETEL GSM
+362,866,951,2385,an,Netherlands Antilles,599,UTS Wireless
+546,1350,01,31,nc,New Caledonia,687,OPT Mobilis
+530,1328,28,655,nz,New Zealand,64,2degrees
+530,1328,05,95,nz,New Zealand,64,Spark/NZ Telecom
+530,1328,02,47,nz,New Zealand,64,Spark/NZ Telecom
+530,1328,04,79,nz,New Zealand,64,Telstra
+530,1328,24,591,nz,New Zealand,64,Two Degrees Mobile Ltd
+530,1328,01,31,nz,New Zealand,64,Vodafone
+530,1328,03,63,nz,New Zealand,64,Walker Wireless Ltd.
+710,1808,21,543,ni,Nicaragua,505,Empresa Nicaraguense de Telecomunicaciones SA (ENITEL)
+710,1808,30,783,ni,Nicaragua,505,Movistar
+710,1808,73,1855,ni,Nicaragua,505,Claro
+614,1556,03,63,ne,Niger,227,MOOV/TeleCel
+614,1556,04,79,ne,Niger,227,Orange/Sahelc.
+614,1556,01,31,ne,Niger,227,Orange/Sahelc.
+614,1556,02,47,ne,Niger,227,Airtel/Zain/CelTel
+621,1569,20,527,ng,Nigeria,234,Airtel/ZAIN/Econet
+621,1569,60,1551,ng,Nigeria,234,ETISALAT
+621,1569,50,1295,ng,Nigeria,234,Glo Mobile
+621,1569,40,1039,ng,Nigeria,234,M-Tel/Nigeria Telecom. Ltd.
+621,1569,30,783,ng,Nigeria,234,MTN
+621,1569,99,2463,ng,Nigeria,234,Starcomms
+621,1569,25,607,ng,Nigeria,234,Visafone
+621,1569,01,31,ng,Nigeria,234,Visafone
+555,1365,01,31,nu,Niue,683,Niue Telecom
+242,578,09,159,no,Norway,47,Com4 AS
+242,578,14,335,no,Norway,47,ICE Nordisk Mobiltelefon AS
+242,578,21,543,no,Norway,47,Jernbaneverket (GSM-R)
+242,578,20,527,no,Norway,47,Jernbaneverket (GSM-R)
+242,578,23,575,no,Norway,47,Lycamobile Ltd
+242,578,02,47,no,Norway,47,Netcom
+242,578,22,559,no,Norway,47,Network Norway AS
+242,578,05,95,no,Norway,47,Network Norway AS
+242,578,06,111,no,Norway,47,ICE Nordisk Mobiltelefon AS
+242,578,08,143,no,Norway,47,TDC Mobil A/S
+242,578,04,79,no,Norway,47,Tele2
+242,578,01,31,no,Norway,47,Telenor
+242,578,12,303,no,Norway,47,Telenor
+242,578,03,63,no,Norway,47,Teletopia
+242,578,07,127,no,Norway,47,Ventelo AS
+242,578,017,23,no,Norway,47,Ventelo AS
+422,1058,03,63,om,Oman,968,Nawras
+422,1058,02,47,om,Oman,968,Oman Mobile/GTO
+410,1040,08,143,pk,Pakistan,92,Instaphone
+410,1040,01,31,pk,Pakistan,92,Mobilink
+410,1040,06,111,pk,Pakistan,92,Telenor
+410,1040,03,63,pk,Pakistan,92,UFONE/PAKTel
+410,1040,07,127,pk,Pakistan,92,Warid Telecom
+410,1040,04,79,pk,Pakistan,92,ZONG/CMPak
+552,1362,80,2063,pw,Palau (Republic of),680,Palau Mobile Corp. (PMC) (Palau
+552,1362,01,31,pw,Palau (Republic of),680,Palau National Communications Corp. (PNCC) (Palau
+425,1061,05,95,ps,Palestinian Territory,970,Jawwal
+425,1061,06,111,ps,Palestinian Territory,970,Wataniya Mobile
+714,1812,01,31,pa,Panama,507,Cable & W./Mas Movil
+714,1812,03,63,pa,Panama,507,Claro
+714,1812,04,79,pa,Panama,507,Digicel
+714,1812,02,47,pa,Panama,507,Movistar
+714,1812,020,32,pa,Panama,507,Movistar
+537,1335,03,63,pg,Papua New Guinea,675,Digicel
+537,1335,02,47,pg,Papua New Guinea,675,GreenCom PNG Ltd
+537,1335,01,31,pg,Papua New Guinea,675,Pacific Mobile
+744,1860,02,47,py,Paraguay,595,Claro/Hutchison
+744,1860,03,63,py,Paraguay,595,Compa
+744,1860,01,31,py,Paraguay,595,Hola/VOX
+744,1860,05,95,py,Paraguay,595,TIM/Nucleo/Personal
+744,1860,04,79,py,Paraguay,595,Tigo/Telecel
+716,1814,20,527,pe,Peru,51,Claro /Amer.Mov./TIM
+716,1814,10,271,pe,Peru,51,Claro /Amer.Mov./TIM
+716,1814,02,47,pe,Peru,51,GlobalStar
+716,1814,01,31,pe,Peru,51,GlobalStar
+716,1814,06,111,pe,Peru,51,Movistar
+716,1814,17,383,pe,Peru,51,Nextel
+716,1814,07,127,pe,Peru,51,Nextel
+716,1814,15,351,pe,Peru,51,Viettel Mobile
+515,1301,00,15,ph,Philippines,63,Fix Line
+515,1301,01,31,ph,Philippines,63,Globe Telecom
+515,1301,02,47,ph,Philippines,63,Globe Telecom
+515,1301,88,2191,ph,Philippines,63,Next Mobile
+515,1301,18,399,ph,Philippines,63,RED Mobile/Cure
+515,1301,03,63,ph,Philippines,63,Smart
+515,1301,05,95,ph,Philippines,63,SUN/Digitel
+260,608,17,383,pl,Poland,48,Aero2 SP.
+260,608,18,399,pl,Poland,48,AMD Telecom.
+260,608,38,911,pl,Poland,48,CallFreedom Sp. z o.o.
+260,608,12,303,pl,Poland,48,Cyfrowy POLSAT S.A.
+260,608,08,143,pl,Poland,48,e-Telko
+260,608,09,159,pl,Poland,48,Lycamobile
+260,608,16,367,pl,Poland,48,Mobyland
+260,608,36,879,pl,Poland,48,Mundio Mobile Sp. z o.o.
+260,608,07,127,pl,Poland,48,Play/P4
+260,608,11,287,pl,Poland,48,NORDISK Polska
+260,608,05,95,pl,Poland,48,Orange/IDEA/Centertel
+260,608,03,63,pl,Poland,48,Orange/IDEA/Centertel
+260,608,35,863,pl,Poland,48,PKP Polskie Linie Kolejowe S.A.
+260,608,98,2447,pl,Poland,48,Play/P4
+260,608,06,111,pl,Poland,48,Play/P4
+260,608,01,31,pl,Poland,48,Polkomtel/Plus
+260,608,14,335,pl,Poland,48,Sferia
+260,608,13,319,pl,Poland,48,Sferia
+260,608,10,271,pl,Poland,48,Sferia
+260,608,34,847,pl,Poland,48,T-Mobile/ERA
+260,608,02,47,pl,Poland,48,T-Mobile/ERA
+260,608,15,351,pl,Poland,48,Tele2
+260,608,04,79,pl,Poland,48,Tele2
+268,616,04,79,pt,Portugal,351,Lycamobile
+268,616,07,127,pt,Portugal,351,NOS/Optimus
+268,616,03,63,pt,Portugal,351,NOS/Optimus
+268,616,06,111,pt,Portugal,351,MEO/TMN
+268,616,01,31,pt,Portugal,351,Vodafone
+330,816,110,272,pr,Puerto Rico,,Puerto Rico Telephone Company Inc. (PRTC)
+330,816,11,287,pr,Puerto Rico,,Puerto Rico Telephone Company Inc. (PRTC)
+427,1063,01,31,qa,Qatar,974,Ooredoo/Qtel
+427,1063,02,47,qa,Qatar,974,Vodafone
+647,1607,00,15,re,Reunion,262,Orange
+647,1607,02,47,re,Reunion,262,Outremer Telecom
+647,1607,10,271,re,Reunion,262,SFR
+226,550,03,63,ro,Romania,40,Cosmote
+226,550,11,287,ro,Romania,40,Enigma Systems
+226,550,16,367,ro,Romania,40,Lycamobile
+226,550,10,271,ro,Romania,40,Orange
+226,550,05,95,ro,Romania,40,RCS&RDS Digi Mobile
+226,550,02,47,ro,Romania,40,Romtelecom SA
+226,550,06,111,ro,Romania,40,Telemobil/Zapp
+226,550,01,31,ro,Romania,40,Vodafone
+226,550,04,79,ro,Romania,40,Telemobil/Zapp
+250,592,12,303,ru,Russian Federation,79,Baykal Westcom
+250,592,28,655,ru,Russian Federation,79,BeeLine/VimpelCom
+250,592,10,271,ru,Russian Federation,79,DTC/Don Telecom
+250,592,13,319,ru,Russian Federation,79,Kuban GSM
+250,592,35,863,ru,Russian Federation,79,MOTIV/LLC Ekaterinburg-2000
+250,592,02,47,ru,Russian Federation,79,Megafon
+250,592,01,31,ru,Russian Federation,79,MTS
+250,592,03,63,ru,Russian Federation,79,NCC
+250,592,16,367,ru,Russian Federation,79,NTC
+250,592,19,415,ru,Russian Federation,79,OJSC Altaysvyaz
+250,592,11,287,ru,Russian Federation,79,Orensot
+250,592,92,2351,ru,Russian Federation,79,Printelefone
+250,592,04,79,ru,Russian Federation,79,Sibchallenge
+250,592,44,1103,ru,Russian Federation,79,StavTelesot
+250,592,20,527,ru,Russian Federation,79,Tele2/ECC/Volgogr.
+250,592,93,2367,ru,Russian Federation,79,Telecom XXL
+250,592,39,927,ru,Russian Federation,79,UralTel
+250,592,17,383,ru,Russian Federation,79,UralTel
+250,592,99,2463,ru,Russian Federation,79,BeeLine/VimpelCom
+250,592,05,95,ru,Russian Federation,79,Yenisey Telecom
+250,592,15,351,ru,Russian Federation,79,ZAO SMARTS
+250,592,07,127,ru,Russian Federation,79,ZAO SMARTS
+635,1589,14,335,rw,Rwanda,250,Airtel
+635,1589,10,271,rw,Rwanda,250,MTN/Rwandacell
+635,1589,13,319,rw,Rwanda,250,TIGO
+356,854,110,272,kn,Saint Kitts and Nevis,1869,Cable & Wireless
+356,854,50,1295,kn,Saint Kitts and Nevis,1869,Digicel
+356,854,70,1807,kn,Saint Kitts and Nevis,1869,UTS Cariglobe
+358,856,110,272,lc,Saint Lucia,1758,Cable & Wireless
+358,856,30,783,lc,Saint Lucia,1758,Cingular Wireless
+358,856,50,1295,lc,Saint Lucia,1758,Digicel (St Lucia) Limited
+549,1353,27,639,ws,Samoa,685,Samoatel Mobile
+549,1353,01,31,ws,Samoa,685,Telecom Samoa Cellular Ltd.
+292,658,01,31,sm,San Marino,378,Prima Telecom
+626,1574,01,31,st,Sao Tome & Principe,239,CSTmovel
+901,2305,14,335,n/a,Satellite Networks,870,AeroMobile
+901,2305,11,287,n/a,Satellite Networks,870,InMarSAT
+901,2305,12,303,n/a,Satellite Networks,870,Maritime Communications Partner AS
+901,2305,05,95,n/a,Satellite Networks,870,Thuraya Satellite
+420,1056,07,127,sa,Saudi Arabia,966,Zain
+420,1056,03,63,sa,Saudi Arabia,966,Etihad/Etisalat/Mobily
+420,1056,06,111,sa,Saudi Arabia,966,Lebara Mobile
+420,1056,01,31,sa,Saudi Arabia,966,STC/Al Jawal
+420,1056,05,95,sa,Saudi Arabia,966,Virgin Mobile
+420,1056,04,79,sa,Saudi Arabia,966,Zain
+608,1544,03,63,sn,Senegal,221,Expresso/Sudatel
+608,1544,01,31,sn,Senegal,221,Orange/Sonatel
+608,1544,02,47,sn,Senegal,221,TIGO/Sentel GSM
+220,544,03,63,rs,Serbia,381,MTS/Telekom Srbija
+220,544,01,31,rs,Serbia,381,Telenor/Mobtel
+220,544,02,47,rs,Serbia,381,Telenor/Mobtel
+220,544,05,95,rs,Serbia,381,VIP Mobile
+633,1587,10,271,sc,Seychelles,248,Airtel
+633,1587,01,31,sc,Seychelles,248,C&W
+633,1587,02,47,sc,Seychelles,248,Smartcom
+619,1561,03,63,sl,Sierra Leone,232,Africel
+619,1561,01,31,sl,Sierra Leone,232,Airtel/Zain/Celtel
+619,1561,04,79,sl,Sierra Leone,232,Comium
+619,1561,05,95,sl,Sierra Leone,232,Africel
+619,1561,02,47,sl,Sierra Leone,232,Tigo/Millicom
+619,1561,25,607,sl,Sierra Leone,232,Mobitel
+525,1317,12,303,sg,Singapore,65,GRID Communications Pte Ltd
+525,1317,03,63,sg,Singapore,65,MobileOne Ltd
+525,1317,02,47,sg,Singapore,65,Singtel
+525,1317,01,31,sg,Singapore,65,Singtel
+525,1317,07,127,sg,Singapore,65,Singtel
+525,1317,06,111,sg,Singapore,65,Starhub
+525,1317,05,95,sg,Singapore,65,Starhub
+231,561,03,63,sk,Slovakia,421,4Ka
+231,561,06,111,sk,Slovakia,421,O2
+231,561,01,31,sk,Slovakia,421,Orange
+231,561,05,95,sk,Slovakia,421,Orange
+231,561,15,351,sk,Slovakia,421,Orange
+231,561,04,79,sk,Slovakia,421,T-Mobile
+231,561,02,47,sk,Slovakia,421,T-Mobile
+231,561,99,2463,sk,Slovakia,421,Zeleznice Slovenskej republiky (ZSR)
+293,659,41,1055,si,Slovenia,386,Mobitel
+293,659,40,1039,si,Slovenia,386,SI.Mobil
+293,659,10,271,si,Slovenia,386,Slovenske zeleznice d.o.o.
+293,659,64,1615,si,Slovenia,386,T-2 d.o.o.
+293,659,70,1807,si,Slovenia,386,Telemach/TusMobil/VEGA
+540,1344,02,47,sb,Solomon Islands,677,bemobile
+540,1344,10,271,sb,Solomon Islands,677,BREEZE
+540,1344,01,31,sb,Solomon Islands,677,BREEZE
+637,1591,30,783,so,Somalia,252,Golis
+637,1591,19,415,so,Somalia,252,HorTel
+637,1591,60,1551,so,Somalia,252,Nationlink
+637,1591,10,271,so,Somalia,252,Nationlink
+637,1591,04,79,so,Somalia,252,Somafone
+637,1591,71,1823,so,Somalia,252,Somtel
+637,1591,82,2095,so,Somalia,252,Somtel
+637,1591,01,31,so,Somalia,252,Telesom
+655,1621,02,47,za,South Africa,27,8.ta
+655,1621,21,543,za,South Africa,27,Cape Town Metropolitan
+655,1621,07,127,za,South Africa,27,Cell C
+655,1621,10,271,za,South Africa,27,MTN
+655,1621,12,303,za,South Africa,27,MTN
+655,1621,06,111,za,South Africa,27,Sentech
+655,1621,01,31,za,South Africa,27,Vodacom
+655,1621,19,415,za,South Africa,27,Wireless Business Solutions (Pty) Ltd
+659,1625,03,63,ss,South Sudan (Republic of),,Gemtel Ltd (South Sudan
+659,1625,02,47,ss,South Sudan (Republic of),,MTN South Sudan (South Sudan
+659,1625,04,79,ss,South Sudan (Republic of),,Network of The World Ltd (NOW) (South Sudan
+659,1625,06,111,ss,South Sudan (Republic of),,Zain South Sudan (South Sudan
+214,532,23,575,es,Spain,34,Lycamobile SL
+214,532,22,559,es,Spain,34,Digi Spain Telecom SL
+214,532,15,351,es,Spain,34,BT Espana  SAU
+214,532,18,399,es,Spain,34,Cableuropa SAU (ONO)
+214,532,08,143,es,Spain,34,Euskaltel SA
+214,532,20,527,es,Spain,34,fonYou Wireless SL
+214,532,32,815,es,Spain,34,ION Mobile
+214,532,21,543,es,Spain,34,Jazz Telecom SAU
+214,532,26,623,es,Spain,34,Lleida
+214,532,25,607,es,Spain,34,Lycamobile SL
+214,532,07,127,es,Spain,34,Movistar
+214,532,05,95,es,Spain,34,Movistar
+214,532,09,159,es,Spain,34,Orange
+214,532,03,63,es,Spain,34,Orange
+214,532,11,287,es,Spain,34,Orange
+214,532,17,383,es,Spain,34,R Cable y Telec. Galicia SA
+214,532,19,415,es,Spain,34,Simyo/KPN
+214,532,16,367,es,Spain,34,Telecable de Asturias SA
+214,532,27,639,es,Spain,34,Truphone
+214,532,01,31,es,Spain,34,Vodafone
+214,532,06,111,es,Spain,34,Vodafone Enabler Espana SL
+214,532,04,79,es,Spain,34,Yoigo
+413,1043,05,95,lk,Sri Lanka,94,Airtel
+413,1043,03,63,lk,Sri Lanka,94,Etisalat/Tigo
+413,1043,08,143,lk,Sri Lanka,94,H3G Hutchison
+413,1043,01,31,lk,Sri Lanka,94,Mobitel Ltd.
+413,1043,02,47,lk,Sri Lanka,94,MTN/Dialog
+308,776,01,31,pm,St. Pierre & Miquelon,508,Ameris
+360,864,110,272,vc,St. Vincent & Gren.,1784,C & W
+360,864,100,256,vc,St. Vincent & Gren.,1784,Cingular
+360,864,10,271,vc,St. Vincent & Gren.,1784,Cingular
+360,864,050,80,vc,St. Vincent & Gren.,1784,Digicel
+360,864,70,1807,vc,St. Vincent & Gren.,1784,Digicel
+634,1588,00,15,sd,Sudan,249,Canar Telecom
+634,1588,02,47,sd,Sudan,249,MTN
+634,1588,22,559,sd,Sudan,249,MTN
+634,1588,15,351,sd,Sudan,249,Sudani One
+634,1588,07,127,sd,Sudan,249,Sudani One
+634,1588,08,143,sd,Sudan,249,Vivacell
+634,1588,05,95,sd,Sudan,249,Vivacell
+634,1588,01,31,sd,Sudan,249,ZAIN/Mobitel
+634,1588,06,111,sd,Sudan,249,ZAIN/Mobitel
+746,1862,03,63,sr,Suriname,597,Digicel
+746,1862,01,31,sr,Suriname,597,Telesur
+746,1862,02,47,sr,Suriname,597,Telecommunicatiebedrijf Suriname (TELESUR)
+746,1862,04,79,sr,Suriname,597,UNIQA
+653,1619,10,271,sz,Swaziland,268,Swazi MTN
+653,1619,01,31,sz,Swaziland,268,SwaziTelecom
+240,576,35,863,se,Sweden,46,42 Telecom AB
+240,576,16,367,se,Sweden,46,42 Telecom AB
+240,576,26,623,se,Sweden,46,Beepsend
+240,576,30,783,se,Sweden,46,NextGen Mobile Ltd (CardBoardFish)
+240,576,28,655,se,Sweden,46,CoolTEL Aps
+240,576,25,607,se,Sweden,46,Digitel Mobile Srl
+240,576,22,559,se,Sweden,46,Eu Tel AB
+240,576,27,639,se,Sweden,46,Fogg Mobile AB
+240,576,18,399,se,Sweden,46,Generic Mobile Systems Sweden AB
+240,576,17,383,se,Sweden,46,Gotalandsnatet AB
+240,576,02,47,se,Sweden,46,H3G Access AB
+240,576,04,79,se,Sweden,46,H3G Access AB
+240,576,36,879,se,Sweden,46,ID Mobile
+240,576,23,575,se,Sweden,46,Infobip Ltd.
+240,576,11,287,se,Sweden,46,Lindholmen Science Park AB
+240,576,12,303,se,Sweden,46,Lycamobile Ltd
+240,576,29,671,se,Sweden,46,Mercury International Carrier Services
+240,576,19,415,se,Sweden,46,Mundio Mobile (Sweden) Ltd
+240,576,10,271,se,Sweden,46,Spring Mobil AB
+240,576,05,95,se,Sweden,46,Svenska UMTS-N
+240,576,14,335,se,Sweden,46,TDC Sverige AB
+240,576,07,127,se,Sweden,46,Tele2 Sverige AB
+240,576,06,111,se,Sweden,46,Telenor (Vodafone)
+240,576,24,591,se,Sweden,46,Telenor (Vodafone)
+240,576,08,143,se,Sweden,46,Telenor (Vodafone)
+240,576,01,31,se,Sweden,46,Telia Mobile
+240,576,13,319,se,Sweden,46,Ventelo Sverige AB
+240,576,20,527,se,Sweden,46,Wireless Maingate AB
+240,576,15,351,se,Sweden,46,Wireless Maingate Nordic AB
+228,552,51,1311,ch,Switzerland,41,BebbiCell AG
+228,552,09,159,ch,Switzerland,41,Comfone AG
+228,552,05,95,ch,Switzerland,41,Comfone AG
+228,552,07,127,ch,Switzerland,41,TDC Sunrise
+228,552,54,1359,ch,Switzerland,41,Lycamobile AG
+228,552,52,1327,ch,Switzerland,41,Mundio Mobile AG
+228,552,03,63,ch,Switzerland,41,Salt/Orange
+228,552,01,31,ch,Switzerland,41,Swisscom
+228,552,12,303,ch,Switzerland,41,TDC Sunrise
+228,552,02,47,ch,Switzerland,41,TDC Sunrise
+228,552,08,143,ch,Switzerland,41,TDC Sunrise
+228,552,53,1343,ch,Switzerland,41,upc cablecom GmbH
+417,1047,02,47,sy,Syrian Arab Republic,963,MTN/Spacetel
+417,1047,09,159,sy,Syrian Arab Republic,963,Syriatel Holdings
+417,1047,01,31,sy,Syrian Arab Republic,963,Syriatel Holdings
+466,1126,68,1679,tw,Taiwan,886,ACeS Taiwan - ACeS Taiwan Telecommunications Co Ltd
+466,1126,05,95,tw,Taiwan,886,Asia Pacific Telecom Co. Ltd (APT)
+466,1126,11,287,tw,Taiwan,886,Chunghwa Telecom LDM
+466,1126,92,2351,tw,Taiwan,886,Chunghwa Telecom LDM
+466,1126,01,31,tw,Taiwan,886,Far EasTone
+466,1126,07,127,tw,Taiwan,886,Far EasTone
+466,1126,06,111,tw,Taiwan,886,Far EasTone
+466,1126,02,47,tw,Taiwan,886,Far EasTone
+466,1126,03,63,tw,Taiwan,886,Far EasTone
+466,1126,10,271,tw,Taiwan,886,Global Mobile Corp.
+466,1126,56,1391,tw,Taiwan,886,International Telecom Co. Ltd (FITEL)
+466,1126,88,2191,tw,Taiwan,886,KG Telecom
+466,1126,99,2463,tw,Taiwan,886,TransAsia
+466,1126,97,2431,tw,Taiwan,886,Taiwan Cellular
+466,1126,93,2367,tw,Taiwan,886,Mobitai
+466,1126,89,2207,tw,Taiwan,886,T-Star/VIBO
+466,1126,09,159,tw,Taiwan,886,VMAX Telecom Co. Ltd
+436,1078,04,79,tk,Tajikistan,992,Babilon-M
+436,1078,05,95,tk,Tajikistan,992,Bee Line
+436,1078,02,47,tk,Tajikistan,992,CJSC Indigo Tajikistan
+436,1078,12,303,tk,Tajikistan,992,Tcell/JC Somoncom
+436,1078,03,63,tk,Tajikistan,992,MLT/TT mobile
+436,1078,01,31,tk,Tajikistan,992,Tcell/JC Somoncom
+640,1600,08,143,tz,Tanzania,255,Benson Informatics Ltd
+640,1600,06,111,tz,Tanzania,255,Dovetel (T) Ltd
+640,1600,09,159,tz,Tanzania,255,Halotel/Viettel Ltd
+640,1600,11,287,tz,Tanzania,255,Smile Communications Tanzania Ltd
+640,1600,07,127,tz,Tanzania,255,Tanzania Telecommunications Company Ltd (TTCL)
+640,1600,02,47,tz,Tanzania,255,TIGO/MIC
+640,1600,01,31,tz,Tanzania,255,Tri Telecomm. Ltd.
+640,1600,04,79,tz,Tanzania,255,Vodacom Ltd
+640,1600,05,95,tz,Tanzania,255,Airtel/ZAIN/Celtel
+640,1600,03,63,tz,Tanzania,255,Zantel/Zanzibar Telecom
+520,1312,20,527,th,Thailand,66,ACeS Thailand - ACeS Regional Services Co Ltd
+520,1312,15,351,th,Thailand,66,ACT Mobile
+520,1312,03,63,th,Thailand,66,Advanced Wireless Networks/AWN
+520,1312,01,31,th,Thailand,66,AIS/Advanced Info Service
+520,1312,23,575,th,Thailand,66,Digital Phone Co.
+520,1312,00,15,th,Thailand,66,Hutch/CAT CDMA
+520,1312,05,95,th,Thailand,66,Total Access (DTAC)
+520,1312,18,399,th,Thailand,66,Total Access (DTAC)
+520,1312,99,2463,th,Thailand,66,True Move/Orange
+520,1312,04,79,th,Thailand,66,True Move/Orange
+514,1300,01,31,tp,Timor-Leste,670,Telin/ Telkomcel
+514,1300,02,47,tp,Timor-Leste,670,Timor Telecom
+615,1557,02,47,tg,Togo,228,Telecel/MOOV
+615,1557,03,63,tg,Togo,228,Telecel/MOOV
+615,1557,01,31,tg,Togo,228,Togo Telecom/TogoCELL
+539,1337,43,1087,to,Tonga,676,Shoreline Communication
+539,1337,01,31,to,Tonga,676,Tonga Communications
+374,884,120,288,tt,Trinidad and Tobago,1868,Bmobile/TSTT
+374,884,12,303,tt,Trinidad and Tobago,1868,Bmobile/TSTT
+374,884,130,304,tt,Trinidad and Tobago,1868,Digicel
+374,884,140,320,tt,Trinidad and Tobago,1868,LaqTel Ltd.
+605,1541,01,31,tn,Tunisia,216,Orange
+605,1541,03,63,tn,Tunisia,216,Oreedo/Orascom
+605,1541,02,47,tn,Tunisia,216,TuniCell/Tunisia Telecom
+605,1541,06,111,tn,Tunisia,216,TuniCell/Tunisia Telecom
+286,646,04,79,tr,Turkey,90,AVEA/Aria
+286,646,03,63,tr,Turkey,90,AVEA/Aria
+286,646,01,31,tr,Turkey,90,Turkcell
+286,646,02,47,tr,Turkey,90,Vodafone-Telsim
+438,1080,01,31,tm,Turkmenistan,993,MTS/Barash Communication
+438,1080,02,47,tm,Turkmenistan,993,Altyn Asyr/TM-Cell
+376,886,350,848,tc,Turks and Caicos Islands,,Cable & Wireless (TCI) Ltd
+376,886,050,80,tc,Turks and Caicos Islands,,Digicel TCI Ltd
+376,886,352,850,tc,Turks and Caicos Islands,,IslandCom Communications Ltd.
+553,1363,01,31,tv,Tuvalu,,Tuvalu Telecommunication Corporation (TTC)
+641,1601,01,31,ug,Uganda,256,Airtel/Celtel
+641,1601,66,1647,ug,Uganda,256,i-Tel Ltd
+641,1601,30,783,ug,Uganda,256,K2 Telecom Ltd
+641,1601,10,271,ug,Uganda,256,MTN Ltd.
+641,1601,14,335,ug,Uganda,256,Orange
+641,1601,33,831,ug,Uganda,256,Smile Communications Uganda Ltd
+641,1601,18,399,ug,Uganda,256,Suretelecom Uganda Ltd
+641,1601,11,287,ug,Uganda,256,Uganda Telecom Ltd.
+641,1601,22,559,ug,Uganda,256,Airtel/Warid
+255,597,06,111,ua,Ukraine,380,Astelit/LIFE
+255,597,05,95,ua,Ukraine,380,Golden Telecom
+255,597,39,927,ua,Ukraine,380,Golden Telecom
+255,597,04,79,ua,Ukraine,380,Intertelecom Ltd (IT)
+255,597,67,1663,ua,Ukraine,380,KyivStar
+255,597,03,63,ua,Ukraine,380,KyivStar
+255,597,21,543,ua,Ukraine,380,Telesystems Of Ukraine CJSC (TSU)
+255,597,07,127,ua,Ukraine,380,TriMob LLC
+255,597,50,1295,ua,Ukraine,380,UMC/MTS
+255,597,02,47,ua,Ukraine,380,Beeline
+255,597,01,31,ua,Ukraine,380,UMC/MTS
+255,597,68,1679,ua,Ukraine,380,Beeline
+424,1060,03,63,ae,United Arab Emirates,971,DU
+431,1073,02,47,ae,United Arab Emirates,971,Etisalat
+424,1060,02,47,ae,United Arab Emirates,971,Etisalat
+430,1072,02,47,ae,United Arab Emirates,971,Etisalat
+234,564,03,63,gb,United Kingdom,44,Airtel/Vodafone
+234,564,77,1919,gb,United Kingdom,44,BT Group
+234,564,76,1903,gb,United Kingdom,44,BT Group
+234,564,92,2351,gb,United Kingdom,44,Cable and Wireless
+234,564,07,127,gb,United Kingdom,44,Cable and Wireless
+234,564,36,879,gb,United Kingdom,44,Cable and Wireless Isle of Man
+234,564,18,399,gb,United Kingdom,44,Cloud9/wire9 Tel.
+235,565,02,47,gb,United Kingdom,44,Everyth. Ev.wh.
+234,564,17,383,gb,United Kingdom,44,FlexTel
+234,564,55,1375,gb,United Kingdom,44,Guernsey Telecoms
+234,564,14,335,gb,United Kingdom,44,HaySystems
+234,564,94,2383,gb,United Kingdom,44,H3G Hutchinson
+234,564,20,527,gb,United Kingdom,44,H3G Hutchinson
+234,564,75,1887,gb,United Kingdom,44,Inquam Telecom Ltd
+234,564,50,1295,gb,United Kingdom,44,Jersey Telecom
+234,564,35,863,gb,United Kingdom,44,JSC Ingenicum
+234,564,26,623,gb,United Kingdom,44,Lycamobile
+234,564,58,1423,gb,United Kingdom,44,Manx Telecom
+234,564,01,31,gb,United Kingdom,44,Mapesbury C. Ltd
+234,564,28,655,gb,United Kingdom,44,Marthon Telecom
+234,564,10,271,gb,United Kingdom,44,O2 Ltd.
+234,564,02,47,gb,United Kingdom,44,O2 Ltd.
+234,564,11,287,gb,United Kingdom,44,O2 Ltd.
+234,564,08,143,gb,United Kingdom,44,OnePhone
+234,564,16,367,gb,United Kingdom,44,Opal Telecom
+234,564,34,847,gb,United Kingdom,44,Everyth. Ev.wh./Orange
+234,564,33,831,gb,United Kingdom,44,Everyth. Ev.wh./Orange
+234,564,19,415,gb,United Kingdom,44,PMN/Teleware
+234,564,12,303,gb,United Kingdom,44,Railtrack Plc
+234,564,22,559,gb,United Kingdom,44,Routotelecom
+234,564,57,1407,gb,United Kingdom,44,Sky UK Limited
+234,564,24,591,gb,United Kingdom,44,Stour Marine
+234,564,37,895,gb,United Kingdom,44,Synectiv Ltd.
+234,564,30,783,gb,United Kingdom,44,Everyth. Ev.wh./T-Mobile
+234,564,31,799,gb,United Kingdom,44,Everyth. Ev.wh./T-Mobile
+234,564,32,815,gb,United Kingdom,44,Everyth. Ev.wh./T-Mobile
+234,564,27,639,gb,United Kingdom,44,Vodafone
+234,564,09,159,gb,United Kingdom,44,Tismi
+234,564,25,607,gb,United Kingdom,44,Truphone
+234,564,51,1311,gb,United Kingdom,44,Jersey Telecom
+234,564,23,575,gb,United Kingdom,44,Vectofone Mobile Wifi
+234,564,91,2335,gb,United Kingdom,44,Vodafone
+234,564,15,351,gb,United Kingdom,44,Vodafone
+234,564,78,1935,gb,United Kingdom,44,Wave Telecom Ltd
+310,784,050,80,us,United States,1,
+310,784,880,2176,us,United States,1,
+310,784,850,2128,us,United States,1,Aeris Comm. Inc.
+310,784,640,1600,us,United States,1,
+310,784,510,1296,us,United States,1,Airtel Wireless LLC
+310,784,190,400,us,United States,1,Unknown
+312,786,090,144,us,United States,1,Allied Wireless Communications Corporation
+311,785,130,304,us,United States,1,
+310,784,710,1808,us,United States,1,Arctic Slope Telephone Association Cooperative Inc.
+310,784,680,1664,us,United States,1,AT&T Wireless Inc.
+310,784,070,112,us,United States,1,AT&T Wireless Inc.
+310,784,560,1376,us,United States,1,AT&T Wireless Inc.
+310,784,410,1040,us,United States,1,AT&T Wireless Inc.
+310,784,380,896,us,United States,1,AT&T Wireless Inc.
+310,784,170,368,us,United States,1,AT&T Wireless Inc.
+310,784,150,336,us,United States,1,AT&T Wireless Inc.
+310,784,980,2432,us,United States,1,AT&T Wireless Inc.
+311,785,810,2064,us,United States,1,Bluegrass Wireless LLC
+311,785,800,2048,us,United States,1,Bluegrass Wireless LLC
+311,785,440,1088,us,United States,1,Bluegrass Wireless LLC
+310,784,900,2304,us,United States,1,Cable & Communications Corp.
+311,785,590,1424,us,United States,1,California RSA No. 3 Limited Partnership
+311,785,500,1280,us,United States,1,Cambridge Telephone Company Inc.
+310,784,830,2096,us,United States,1,Caprock Cellular Ltd.
+310,784,013,19,us,United States,1,Verizon Wireless
+311,785,281,641,us,United States,1,Verizon Wireless
+311,785,486,1158,us,United States,1,Verizon Wireless
+311,785,270,624,us,United States,1,Verizon Wireless
+311,785,286,646,us,United States,1,Verizon Wireless
+311,785,275,629,us,United States,1,Verizon Wireless
+311,785,480,1152,us,United States,1,Verizon Wireless
+310,784,012,18,us,United States,1,Verizon Wireless
+311,785,280,640,us,United States,1,Verizon Wireless
+311,785,485,1157,us,United States,1,Verizon Wireless
+311,785,110,272,us,United States,1,Verizon Wireless
+311,785,285,645,us,United States,1,Verizon Wireless
+311,785,274,628,us,United States,1,Verizon Wireless
+311,785,390,912,us,United States,1,Verizon Wireless
+310,784,010,16,us,United States,1,Verizon Wireless
+311,785,279,633,us,United States,1,Verizon Wireless
+311,785,484,1156,us,United States,1,Verizon Wireless
+310,784,910,2320,us,United States,1,Verizon Wireless
+311,785,284,644,us,United States,1,Verizon Wireless
+311,785,489,1161,us,United States,1,Verizon Wireless
+311,785,273,627,us,United States,1,Verizon Wireless
+311,785,289,649,us,United States,1,Verizon Wireless
+310,784,004,4,us,United States,1,Verizon Wireless
+311,785,278,632,us,United States,1,Verizon Wireless
+311,785,483,1155,us,United States,1,Verizon Wireless
+310,784,890,2192,us,United States,1,Verizon Wireless
+311,785,283,643,us,United States,1,Verizon Wireless
+311,785,488,1160,us,United States,1,Verizon Wireless
+311,785,272,626,us,United States,1,Verizon Wireless
+311,785,288,648,us,United States,1,Verizon Wireless
+311,785,277,631,us,United States,1,Verizon Wireless
+311,785,482,1154,us,United States,1,Verizon Wireless
+310,784,590,1424,us,United States,1,Verizon Wireless
+311,785,282,642,us,United States,1,Verizon Wireless
+311,785,487,1159,us,United States,1,Verizon Wireless
+311,785,271,625,us,United States,1,Verizon Wireless
+311,785,287,647,us,United States,1,Verizon Wireless
+311,785,276,630,us,United States,1,Verizon Wireless
+311,785,481,1153,us,United States,1,Verizon Wireless
+312,786,270,624,us,United States,1,Cellular Network Partnership LLC
+310,784,360,864,us,United States,1,Cellular Network Partnership LLC
+312,786,280,640,us,United States,1,Cellular Network Partnership LLC
+311,785,190,400,us,United States,1,
+310,784,030,48,us,United States,1,
+310,784,480,1152,us,United States,1,Choice Phone LLC
+311,785,120,288,us,United States,1,Choice Phone LLC
+310,784,630,1584,us,United States,1,
+310,784,420,1056,us,United States,1,Cincinnati Bell Wireless LLC
+310,784,180,384,us,United States,1,Cingular Wireless
+310,784,620,1568,us,United States,1,Coleman County Telco /Trans TX
+311,785,040,64,us,United States,1,
+310,784,06,111,us,United States,1,Consolidated Telcom
+310,784,60,1551,us,United States,1,Consolidated Telcom
+310,784,26,623,us,United States,1,
+312,786,380,896,us,United States,1,
+310,784,930,2352,us,United States,1,
+311,785,240,576,us,United States,1,
+310,784,080,128,us,United States,1,
+310,784,700,1792,us,United States,1,Cross Valliant Cellular Partnership
+312,786,030,48,us,United States,1,Cross Wireless Telephone Co.
+311,785,140,320,us,United States,1,Cross Wireless Telephone Co.
+311,785,520,1312,us,United States,1,
+312,786,040,64,us,United States,1,Custer Telephone Cooperative Inc.
+310,784,440,1088,us,United States,1,Dobson Cellular Systems
+310,784,990,2448,us,United States,1,E.N.M.R. Telephone Coop.
+310,784,750,1872,us,United States,1,East Kentucky Network LLC
+312,786,130,304,us,United States,1,East Kentucky Network LLC
+312,786,120,288,us,United States,1,East Kentucky Network LLC
+310,784,090,144,us,United States,1,Edge Wireless LLC
+310,784,610,1552,us,United States,1,Elkhart TelCo. / Epic Touch Co.
+311,785,210,528,us,United States,1,
+311,785,311,785,us,United States,1,Farmers
+311,785,460,1120,us,United States,1,Fisher Wireless Services Inc.
+310,784,430,1072,us,United States,1,GCI Communication Corp.
+311,785,370,880,us,United States,1,GCI Communication Corp.
+310,784,920,2336,us,United States,1,Get Mobile Inc.
+310,784,970,2416,us,United States,1,
+311,785,340,832,us,United States,1,Illinois Valley Cellular RSA 2 Partnership
+311,785,030,48,us,United States,1,
+311,785,410,1040,us,United States,1,Iowa RSA No. 2 Limited Partnership
+312,786,170,368,us,United States,1,Iowa RSA No. 2 Limited Partnership
+310,784,770,1904,us,United States,1,Iowa Wireless Services LLC
+310,784,650,1616,us,United States,1,Jasper
+310,784,870,2160,us,United States,1,Kaplan Telephone Company Inc.
+312,786,180,384,us,United States,1,Keystone Wireless LLC
+310,784,690,1680,us,United States,1,Keystone Wireless LLC
+311,785,310,784,us,United States,1,Lamar County Cellular
+310,784,016,22,us,United States,1,Leap Wireless International Inc.
+311,785,090,144,us,United States,1,
+310,784,040,64,us,United States,1,Matanuska Tel. Assn. Inc.
+310,784,780,1920,us,United States,1,Message Express Co. / Airlink PCS
+311,785,660,1632,us,United States,1,
+311,785,330,816,us,United States,1,Michigan Wireless LLC
+311,785,000,0,us,United States,1,
+310,784,400,1024,us,United States,1,Minnesota South. Wirel. Co. / Hickory
+312,786,010,16,us,United States,1,Missouri RSA No 5 Partnership
+311,785,920,2336,us,United States,1,Missouri RSA No 5 Partnership
+311,785,020,32,us,United States,1,Missouri RSA No 5 Partnership
+311,785,010,16,us,United States,1,Missouri RSA No 5 Partnership
+312,786,220,544,us,United States,1,Missouri RSA No 5 Partnership
+310,784,350,848,us,United States,1,Mohave Cellular LP
+310,784,570,1392,us,United States,1,MTPCS LLC
+310,784,290,656,us,United States,1,NEP Cellcorp Inc.
+310,784,34,847,us,United States,1,Nevada Wireless LLC
+311,785,380,896,us,United States,1,
+310,784,600,1536,us,United States,1,New-Cell Inc.
+311,785,100,256,us,United States,1,
+311,785,300,768,us,United States,1,Nexus Communications Inc.
+310,784,130,304,us,United States,1,North Carolina RSA 3 Cellular Tel. Co.
+311,785,610,1552,us,United States,1,North Dakota Network Company
+312,786,230,560,us,United States,1,North Dakota Network Company
+310,784,450,1104,us,United States,1,Northeast Colorado Cellular Inc.
+311,785,710,1808,us,United States,1,Northeast Wireless Networks LLC
+310,784,670,1648,us,United States,1,Northstar
+310,784,011,17,us,United States,1,Northstar
+311,785,420,1056,us,United States,1,Northwest Missouri Cellular Limited Partnership
+310,784,540,1344,us,United States,1,
+310,784,760,1888,us,United States,1,Panhandle Telephone Cooperative Inc.
+310,784,580,1408,us,United States,1,PCS ONE
+311,785,170,368,us,United States,1,PetroCom
+311,785,670,1648,us,United States,1,Pine Belt Cellular Inc.
+311,785,080,128,us,United States,1,
+310,784,790,1936,us,United States,1,
+310,784,100,256,us,United States,1,Plateau Telecommunications Inc.
+310,784,940,2368,us,United States,1,Poka Lambro Telco Ltd.
+311,785,540,1344,us,United States,1,
+311,785,730,1840,us,United States,1,
+310,784,500,1280,us,United States,1,Public Service Cellular Inc.
+312,786,160,352,us,United States,1,RSA 1 Limited Partnership
+311,785,430,1072,us,United States,1,RSA 1 Limited Partnership
+311,785,350,848,us,United States,1,Sagebrush Cellular Inc.
+311,785,910,2320,us,United States,1,
+310,784,46,1135,us,United States,1,SIMMETRY
+311,785,260,608,us,United States,1,SLO Cellular Inc / Cellular One of San Luis
+310,784,320,800,us,United States,1,Smith Bagley Inc.
+310,784,15,351,us,United States,1,Unknown
+316,790,011,17,us,United States,1,Southern Communications Services Inc.
+312,786,530,1328,us,United States,1,Sprint Spectrum
+311,785,490,1168,us,United States,1,Sprint Spectrum
+310,784,120,288,us,United States,1,Sprint Spectrum
+316,790,010,16,us,United States,1,Sprint Spectrum
+312,786,190,400,us,United States,1,Sprint Spectrum
+311,785,880,2176,us,United States,1,Sprint Spectrum
+311,785,870,2160,us,United States,1,Sprint Spectrum
+310,784,200,512,us,United States,1,T-Mobile
+310,784,250,592,us,United States,1,T-Mobile
+310,784,160,352,us,United States,1,T-Mobile
+310,784,240,576,us,United States,1,T-Mobile
+310,784,660,1632,us,United States,1,T-Mobile
+310,784,230,560,us,United States,1,T-Mobile
+310,784,31,799,us,United States,1,T-Mobile
+310,784,220,544,us,United States,1,T-Mobile
+310,784,270,624,us,United States,1,T-Mobile
+310,784,210,528,us,United States,1,T-Mobile
+310,784,260,608,us,United States,1,T-Mobile
+310,784,330,816,us,United States,1,T-Mobile
+310,784,800,2048,us,United States,1,T-Mobile
+310,784,300,768,us,United States,1,T-Mobile
+310,784,280,640,us,United States,1,T-Mobile
+310,784,310,784,us,United States,1,T-Mobile
+311,785,740,1856,us,United States,1,
+310,784,740,1856,us,United States,1,Telemetrix Inc.
+310,784,14,335,us,United States,1,Testing
+310,784,950,2384,us,United States,1,Unknown
+310,784,860,2144,us,United States,1,Texas RSA 15B2 Limited Partnership
+311,785,830,2096,us,United States,1,Thumb Cellular Limited Partnership
+311,785,050,80,us,United States,1,Thumb Cellular Limited Partnership
+310,784,460,1120,us,United States,1,TMP Corporation
+310,784,490,1168,us,United States,1,Triton PCS
+312,786,290,656,us,United States,1,Uintah Basin Electronics Telecommunications Inc.
+311,785,860,2144,us,United States,1,Uintah Basin Electronics Telecommunications Inc.
+310,784,960,2400,us,United States,1,Uintah Basin Electronics Telecommunications Inc.
+310,784,020,32,us,United States,1,Union Telephone Co.
+311,785,220,544,us,United States,1,United States Cellular Corp.
+310,784,730,1840,us,United States,1,United States Cellular Corp.
+311,785,650,1616,us,United States,1,United Wireless Communications Inc.
+310,784,38,911,us,United States,1,USA 3650 AT&T
+310,784,520,1312,us,United States,1,VeriSign
+310,784,003,3,us,United States,1,Unknown
+310,784,23,575,us,United States,1,Unknown
+310,784,24,591,us,United States,1,Unknown
+310,784,25,607,us,United States,1,Unknown
+310,784,530,1328,us,United States,1,West Virginia Wireless
+310,784,26,623,us,United States,1,Unknown
+310,784,340,832,us,United States,1,Westlink Communications LLC
+311,785,150,336,us,United States,1,
+311,785,070,112,us,United States,1,Wisconsin RSA #7 Limited Partnership
+310,784,390,912,us,United States,1,Yorkville Telephone Cooperative
+748,1864,01,31,uy,Uruguay,598,Ancel/Antel
+748,1864,03,63,uy,Uruguay,598,Ancel/Antel
+748,1864,10,271,uy,Uruguay,598,Claro/AM Wireless
+748,1864,07,127,uy,Uruguay,598,MOVISTAR
+434,1076,04,79,uz,Uzbekistan,998,Bee Line/Unitel
+434,1076,01,31,uz,Uzbekistan,998,Buztel
+434,1076,07,127,uz,Uzbekistan,998,MTS/Uzdunrobita
+434,1076,05,95,uz,Uzbekistan,998,Ucell/Coscom
+434,1076,02,47,uz,Uzbekistan,998,Uzmacom
+541,1345,05,95,vu,Vanuatu,678,DigiCel
+541,1345,01,31,vu,Vanuatu,678,SMILE
+734,1844,03,63,ve,Venezuela,58,DigiTel C.A.
+734,1844,02,47,ve,Venezuela,58,DigiTel C.A.
+734,1844,01,31,ve,Venezuela,58,DigiTel C.A.
+734,1844,06,111,ve,Venezuela,58,Movilnet C.A.
+734,1844,04,79,ve,Venezuela,58,Movistar/TelCel
+452,1106,07,127,vn,Viet Nam,84,Beeline
+452,1106,01,31,vn,Viet Nam,84,Mobifone
+452,1106,03,63,vn,Viet Nam,84,S-Fone/Telecom
+452,1106,05,95,vn,Viet Nam,84,VietnaMobile
+452,1106,08,143,vn,Viet Nam,84,Viettel Mobile
+452,1106,06,111,vn,Viet Nam,84,Viettel Mobile
+452,1106,04,79,vn,Viet Nam,84,Viettel Mobile
+452,1106,02,47,vn,Viet Nam,84,Vinaphone
+376,886,50,1295,vi,Virgin Islands U.S.,1340,Digicel
+421,1057,04,79,ye,Yemen,967,HITS/Y Unitel
+421,1057,02,47,ye,Yemen,967,MTN/Spacetel
+421,1057,01,31,ye,Yemen,967,Sabaphone
+421,1057,03,63,ye,Yemen,967,Yemen Mob. CDMA
+645,1605,03,63,zm,Zambia,260,Zamtel/Cell Z/MTS
+645,1605,02,47,zm,Zambia,260,MTN/Telecel
+645,1605,01,31,zm,Zambia,260,Airtel/Zain/Celtel
+648,1608,04,79,zw,Zimbabwe,263,Econet
+648,1608,01,31,zw,Zimbabwe,263,Net One
+648,1608,03,63,zw,Zimbabwe,263,Telecel
diff --git a/config/client_config/onoff_huawei_hilink.sh b/config/client_config/onoff_huawei_hilink.sh
new file mode 100644
index 00000000..18b1a016
--- /dev/null
+++ b/config/client_config/onoff_huawei_hilink.sh
@@ -0,0 +1,138 @@
+#!/bin/bash
+# connect/disconnect Huawei mobile data stick in Hilink mode (e.g. E3372h)
+# ========================================================================
+# - send xml formatted string via HTTP API to stick
+# - Requires session and verification token, which is obtained by an API call
+#
+# options: -l "user":"password" - login data - DOES NOT WORK YET 
+#          -h 192.168.8.1       - host ip address
+#          -p 1234              - PIN of SIM card
+#          -c 0/1               - connect - set datamode off/on
+# required software: curl, base64
+#
+# TODO: implement login into API - currently the login has to be disabled!
+#
+# zbchristian 2020
+
+# obtain session and verification token
+function _SessToken() {
+  SesTok=`sudo curl -s http://$host/api/webserver/SesTokInfo -m 5 2> /dev/null`
+  if [ -z "$SesTok" ]; then exit; fi
+
+  token=`echo $SesTok | sed  -r 's/.*<TokInfo>(.*)<\/TokInfo>.*/\1/'`
+  sesinfo=`echo $SesTok | sed  -r 's/.*<SesInfo>(.*)<\/SesInfo>.*/\1/'`
+}
+
+function _login() {
+# ----------------------- THIS DOES NOT WORK ------------------------------------------
+# login to web api
+  _SessToken
+
+  if [[ ! -z $user ]] && [[ ! -z $pw ]]; then
+    # password encoding
+    # type 3 : base64(pw) encoded
+    # type 4 : base64(sha256sum(user + base64(sha256sum(pw)) + token))
+    pwtype3=$(echo $pw | base64 --wrap=0)
+    hashedpw=$(echo -n "$pw" | sha256sum -b | cut -d " " -f1 | base64 --wrap=0)
+    pwtype4=$(echo -n "$user$hashedpw$token" | sha256sum -b | cut -d " " -f1 | base64 --wrap=0)
+    apiurl="api/user/login"
+    xmldata="<?xml version='1.0' encoding='UTF-8'?><request><Username>$user</Username><Password>$pwtype4</Password><password_type>4</password_type></request>"
+#    xmldata="<?xml version='1.0' encoding='UTF-8'?><request><Username>$user</Username><Password>$pwtype3</Password><password_type>3</password_type></request>"
+    xtraopts="--dump-header /tmp/hilink_login_hdr.txt"
+    _sendRequest
+    # get updated session cookie
+    sesinfo=$(grep "SessionID=" /tmp/hilink_login_hdr.txt | cut -d ':' -f2 | cut -d ';' -f1)
+    token=$(grep "__RequestVerificationTokenone" /tmp/hilink_login_hdr.txt | cut -d ':' -f2)
+echo "Login Cookie $sesinfo"
+echo "Login Token $token"
+  fi
+# ------------------------------ DO NOT USE THE LOGIN CODE ----------------------------------
+}
+
+function _switchMobileData() {
+# switch mobile data on/off
+  if [[ $datamode -ge 0 ]]; then
+    xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><dataswitch>$datamode</dataswitch></request>"
+    apiurl="api/dialup/mobile-dataswitch"
+    _sendRequest
+  fi
+}
+
+function _enableSIM() {
+#SimState:
+#255 - no SIM,
+#256 - error CPIN,
+#257 - ready,
+#258 - PIN disabled,
+#259 - check PIN,
+#260 - PIN required,
+#261 - PUK required
+   status=`curl -s http://$host/api/pin/status -m 10`
+   state=`echo $status | sed  -rn 's/.*<simstate>(.*)<\/simstate>.*/\1/pi'`
+   if [[ $state -eq 257  ]]; then echo "Hilink: SIM ready"|systemd-cat; return; fi
+   if [[ $state -eq 260  ]]; then echo "Hilink: Set PIN"|systemd-cat; _setPIN; fi
+}
+
+function _setPIN() {
+  if [[ ! -z $pin ]]; then
+    xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><OperateType>0</OperateType><CurrentPin>$pin</CurrentPin><NewPin></NewPin><PukCode></PukCode></request>"
+    apiurl="api/pin/operate"
+    _sendRequest
+  fi
+}
+
+function _sendRequest() {
+  result=""
+  if [[ -z $xmldata ]]; then return; fi 
+  result=`curl -s http://$host/$apiurl -m 10 \
+           -H "Content-Type: application/xml"  \
+           -H "Cookie: $sesinfo" \
+           -H "__RequestVerificationToken: $token" \
+           -d "$xmldata" $xtraopts 2> /dev/null`
+  xtraopts=""
+}
+
+# handle options
+
+host="192.168.8.1"
+pin=""
+user=""
+pw=""
+datamode=-1
+connect=-1
+while getopts ":c:h:l:m:p:" opt; do
+  case $opt in
+    h) if [[ $OPTARG =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then host="$OPTARG"; fi
+    ;;
+    p) if [[ $OPTARG =~ ^[0-9]{4,8} ]]; then pin="$OPTARG"; fi
+    ;;
+    l) if [[ $OPTARG =~ ^[0-9a-zA-Z]*:.*$ ]]; then
+         user=$(echo "$OPTARG" | cut -d':' -f1);
+         pw=$(echo "$OPTARG" | cut -d':' -f2);
+	   fi
+    ;;
+    c) if [[ $OPTARG == "1" ]]; then datamode=1; else datamode=0; fi
+    ;;
+  esac
+done
+
+echo  "Hilink: switch device at $host to mode $datamode" | systemd-cat
+
+# check if device is reachable
+avail=`timeout 0.5 ping -c 1 $host | sed -rn 's/.*time=.*/1/p'`
+if [[ -z $avail ]]; then 
+  echo "Hilink: no link to host" | systemd-cat
+  exit 
+fi
+
+token=""
+Sesinfo=""
+xmldata=""
+xtraopts=""
+result=""
+
+_SessToken
+_enableSIM
+_switchMobileData	# check and perform enable/disable mobile data connection
+
+
diff --git a/config/client_config/ppp0_route.sh b/config/client_config/ppp0_route.sh
new file mode 100644
index 00000000..f1d6bc3d
--- /dev/null
+++ b/config/client_config/ppp0_route.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# get gateway and ip address of UTMS modem connected to ppp0
+# add a default route 
+# called by /etc/network/interfaces.d/ppp0, when device is coming up
+#
+ppp0rt=""
+let i=1
+while [ -z "$ppp0rt" ] ; do
+  let i+=1
+  if [ $i -gt 20 ]; then
+    exit 1
+  fi
+  sleep 1
+  ppp0rt=`ip route list | grep -m 1 ppp0`
+done
+gate=`echo $ppp0rt |  sed -rn 's/(([0-9]{1,3}\.){3}[0-9]{1,3}).*ppp0.*src (([0-9]{1,3}\.){3}[0-9]{1,3})/\1/p'`
+src=`echo $ppp0rt |  sed -rn 's/(([0-9]{1,3}\.){3}[0-9]{1,3}).*ppp0.*src (([0-9]{1,3}\.){3}[0-9]{1,3})/\3/p'`
+
+ip route add default via $gate proto dhcp src $src metric 10
+exit 0
diff --git a/config/client_config/ppp0_setpin.sh b/config/client_config/ppp0_setpin.sh
new file mode 100644
index 00000000..74c1b415
--- /dev/null
+++ b/config/client_config/ppp0_setpin.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+# in case /dev/ttyUSB0 does not exist, wait for it at most 30 seconds
+let i=1
+while ! test -c /dev/ttyUSB0; do
+  let i+=1
+  if [ $i -gt 2 ]; then
+    logger -s -t setpin "/dev/ttyUSB0 does not exist"
+    exit 3
+  fi
+  logger -s -t setpin "waiting 3 seconds for /dev/ttyUSB0"
+  sleep 3
+done
+# check for pin and set it if necessary
+wvdial pinstatus 2>&1 | grep -q '^+CPIN: READY'
+if [ $? -eq 0 ]; then
+  logger -s -t setpin "SIM card is ready to use :-)"
+else
+  logger -s -t setpin "setting PIN"
+  wvdial pin 2>/dev/null
+fi
+exit 0
diff --git a/config/client_config/start_huawei_hilink.service b/config/client_config/start_huawei_hilink.service
new file mode 100644
index 00000000..19d775d0
--- /dev/null
+++ b/config/client_config/start_huawei_hilink.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Bring up HUAWEI mobile hilink device
+			
+[Service]
+Type=oneshot
+RemainAfterExit=no
+ExecStart=/bin/sleep 15
+ExecStart=/usr/local/sbin/switchClientState.sh up
+
+[Install]
+Alias=start_ltemodem.service
+WantedBy=multi-user.target
+
diff --git a/config/client_config/start_ppp0_device.service b/config/client_config/start_ppp0_device.service
new file mode 100644
index 00000000..2fc88e5c
--- /dev/null
+++ b/config/client_config/start_ppp0_device.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Start ppp0 interface
+BindsTo=dev-ttyUSB0.device
+After=dev-ttyUSB0.device
+
+[Service]
+Type=forking
+RemainAfterExit=yes
+ExecStart=/sbin/ifup ppp0
+ExecStop=/sbin/ifdown ppp0
+
+[Install]
+Alias=startppp0.service
+WantedBy=multi-user.target
+
+
diff --git a/config/client_config/switchClientState.sh b/config/client_config/switchClientState.sh
new file mode 100644
index 00000000..e6e4635f
--- /dev/null
+++ b/config/client_config/switchClientState.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+#
+# parameters: up or down
+# current client from getClients.sh
+#
+# requires: getClients.sh, onoff_huawei_hilink.sh in same path
+#           ifconfig, ifup, ifdown, systemd-cat
+#
+#
+# zbchristian 2020
+
+path=`dirname $0`
+clients=$($path/getClients.sh simple)
+
+if [[ -z $clients ]] || [[ $(echo $clients| grep -oP '(?<="clients": )\d') == 0  ]]; then echo "$0 : No client found"|systemd-cat; exit; fi
+
+devs=( $(echo $clients | grep -oP '(?<="name": ")\w*(?=")') )
+types=( $(echo $clients | grep -oP '(?<="type": )\d') )
+
+# find the device with the max type number
+imax=0
+type=0
+for i in "${!devs[@]}"; do
+  if [[ ${types[$i]} > $type ]]; then  imax=$i; type=${types[$i]}; fi
+done
+device=${devs[$imax]}
+
+echo "$0: try to set $device $1" | systemd-cat
+
+connected=`ifconfig -a | grep -i $device -A 1 | grep -oP "(?<=inet )([0-9]{1,3}\.){3}[0-9]{1,3}"`
+
+if [ -z "$connected" ] && [[ $1 == "up" ]]; then
+   if [[ $type == 3 ]]; then  ip link set $device up; fi
+   if [[ $type == 5 ]]; then  ifup $device; fi
+fi
+if [[ ! -z "$connected" ]] &&  [[ $1 == "down" ]]; then
+   if [[ $type == 3 ]]; then  ip link set $device down; fi
+   if [[ $type == 5 ]]; then  ifdown $device; fi
+fi
+if [[ $type == 4 ]]; then
+   ipadd=$(echo $connected | grep -oP "([0-9]{1,3}\.){2}[0-9]{1,3}")".1"  # get ip address of the Hilink API
+   mode=0
+   if [[ $1 == "up" ]]; then mode=1; fi
+   if [[ -f /etc/raspap/networking/mobiledata.ini ]]; then
+      pin=$(cat /etc/raspap/networking/mobiledata.ini | sed -rn 's/pin = ([0-9]*)$/\1/p' )
+   fi
+   $path/onoff_huawei_hilink.sh -c $mode -h $ipadd -p $pin
+fi
+
diff --git a/config/client_config/wvdial.conf b/config/client_config/wvdial.conf
new file mode 100644
index 00000000..8de5b3c6
--- /dev/null
+++ b/config/client_config/wvdial.conf
@@ -0,0 +1,21 @@
+[Dialer Defaults]
+Modem Type = Analog Modem
+ISDN = 0
+Baud = 9600
+Modem = /dev/ttyUSB0
+
+[Dialer pin]
+Init1 = AT+CPIN="XXXX"
+
+[Dialer connect]
+Init1 = ATZ
+Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
+Init3 = AT+CGDCONT=1,"IP","web.vodafone.de"
+New PPPD = yes
+Phone = *99#
+Password = me
+Username = vodafone
+Stupid Mode = 1
+
+[Dialer pinstatus]
+Init1 = AT+CPIN?
diff --git a/includes/dashboard.php b/includes/dashboard.php
index 00809655..6d74581c 100755
--- a/includes/dashboard.php
+++ b/includes/dashboard.php
@@ -3,6 +3,7 @@
 require_once 'includes/config.php';
 require_once 'includes/wifi_functions.php';
 require_once 'includes/functions.php';
+require_once 'includes/get_clients.php';
 
 /**
  * Show dashboard page.
@@ -23,6 +24,9 @@ function DisplayDashboard(&$extraFooterScripts)
         $status->showMessages();
         return;
     }
+    
+    // ----------------------------- INFOS ABOUT THE ACCESS POINT -------------------------------------------------------------
+    
     exec('ip a show '.$_SESSION['ap_interface'], $stdoutIp);
     $stdoutIpAllLinesGlued = implode(" ", $stdoutIp);
     $stdoutIpWRepeatedSpaces = preg_replace('/\s\s+/', ' ', $stdoutIpAllLinesGlued);
@@ -88,73 +92,42 @@ function DisplayDashboard(&$extraFooterScripts)
         $strTxBytes .= getHumanReadableDatasize($strTxBytes);
     }
 
-    define('SSIDMAXLEN', 32);
-    // Warning iw comes with: "Do NOT screenscrape this tool, we don't consider its output stable."
-    exec('iw dev ' .$_SESSION['wifi_client_interface']. ' link ', $stdoutIw);
-    $stdoutIwAllLinesGlued = implode('+', $stdoutIw); // Break lines with character illegal in SSID and MAC addr
-    $stdoutIwWRepSpaces = preg_replace('/\s\s+/', ' ', $stdoutIwAllLinesGlued);
-
-    preg_match('/Connected to (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2}))/', $stdoutIwWRepSpaces, $matchesBSSID) || $matchesBSSID[1] = '';
-    $connectedBSSID = $matchesBSSID[1];
-    $connectedBSSID = empty($connectedBSSID) ? "-" : $connectedBSSID;
-
-    $wlanHasLink = false;
-    if ($interfaceState === 'UP') {
-        $wlanHasLink = true;
-    }
-
-    if (!preg_match('/SSID: ([^+]{1,'.SSIDMAXLEN.'})/', $stdoutIwWRepSpaces, $matchesSSID)) {
-        $wlanHasLink = false;
-        $matchesSSID[1] = 'None';
-    }
-
-    $connectedSSID = $matchesSSID[1];
-
-    preg_match('/freq: (\d+)/i', $stdoutIwWRepSpaces, $matchesFrequency) || $matchesFrequency[1] = '';
-    $frequency = $matchesFrequency[1].' MHz';
-
-    preg_match('/signal: (-?[0-9]+ dBm)/i', $stdoutIwWRepSpaces, $matchesSignal) || $matchesSignal[1] = '';
-    $signalLevel = $matchesSignal[1];
-    $signalLevel = empty($signalLevel) ? "-" : $signalLevel;
-
-    preg_match('/tx bitrate: ([0-9\.]+ [KMGT]?Bit\/s)/', $stdoutIwWRepSpaces, $matchesBitrate) || $matchesBitrate[1] = '';
-    $bitrate = $matchesBitrate[1];
-    $bitrate = empty($bitrate) ? "-" : $bitrate;
-
-    // txpower is now displayed on iw dev(..) info command, not on link command.
-    exec('iw dev '.$_SESSION['wifi_client_interface'].' info ', $stdoutIwInfo);
-    $stdoutIwInfoAllLinesGlued = implode(' ', $stdoutIwInfo);
-    $stdoutIpInfoWRepSpaces = preg_replace('/\s\s+/', ' ', $stdoutIwInfoAllLinesGlued);
-
-    preg_match('/txpower ([0-9\.]+ dBm)/i', $stdoutIpInfoWRepSpaces, $matchesTxPower) || $matchesTxPower[1] = '';
-    $txPower = $matchesTxPower[1];
-
-    // iw does not have the "Link Quality". This is a is an aggregate value,
-    // and depends on the driver and hardware.
-    // Display link quality as signal quality for now.
-    $strLinkQuality = 0;
-    if ($signalLevel > -100 && $wlanHasLink) {
-        if ($signalLevel >= 0) {
-            $strLinkQuality = 100;
-        } else {
-            $strLinkQuality = 100 + intval($signalLevel);
+	// ------------------------ INFOS ABOUT THE CLIENT---------------------------------------------------------------
+    $clientinfo=array("name"=>"none","type"=>-1,"connected"=>"n");
+    $raspi_client=$_SESSION['wifi_client_interface'];
+    load_client_config();
+    $clients = getClients(false);
+    if(!empty($clients)) {
+        $ncl=$clients["clients"];
+        if($ncl > 0) {
+            $ty=-1;
+            foreach($clients["device"] as $dev) {
+               if(($id=array_search($dev["type"],$_SESSION["net-device-types"])) > $ty && !$dev["isAP"]) {
+                 $ty=$id;
+                 $clientinfo=$dev;
+               }
+            }
         }
     }
-
-    $wlan0up = false;
+    if ($clientinfo["name"] != "none") $raspi_client = $clientinfo["name"];
+    $interfaceState = $clientinfo["connected"] == "y" ? 'UP' : 'DOWN';
+    $txPower="";
+    if ($clientinfo["type"] == "wlan") {
+        // txpower is now displayed on iw dev(..) info command, not on link command.
+        exec('iw dev '.$clientinfo["name"].' info |  sed -rn "s/.*txpower ([0-9]*)[0-9\.]*( dBm).*/\1\2/p"', $stdoutIwInfo);
+        if (!empty($stdoutIwInfo)) $txPower=$stdoutIwInfo[0];
+    }
+	
     $classMsgDevicestatus = 'warning';
     if ($interfaceState === 'UP') {
-        $wlan0up = true;
         $classMsgDevicestatus = 'success';
     }
-
     if (!RASPI_MONITOR_ENABLED) {
         if (isset($_POST['ifdown_wlan0'])) {
             // Pressed stop button
             if ($interfaceState === 'UP') {
                 $status->addMessage(sprintf(_('Interface is going %s.'), _('down')), 'warning');
-                exec('sudo ip link set '.$_SESSION['wifi_client_interface'].' down');
-                $wlan0up = false;
+                exec('sudo /usr/local/sbin/switchClientState.sh down');
                 $status->addMessage(sprintf(_('Interface is now %s.'), _('down')), 'success');
             } elseif ($interfaceState === 'unknown') {
                 $status->addMessage(_('Interface state unknown.'), 'danger');
@@ -165,9 +138,8 @@ function DisplayDashboard(&$extraFooterScripts)
             // Pressed start button
             if ($interfaceState === 'DOWN') {
                 $status->addMessage(sprintf(_('Interface is going %s.'), _('up')), 'warning');
-                exec('sudo ip link set ' .$_SESSION['wifi_client_interface']. ' up');
-                exec('sudo ip -s a f label ' . $_SESSION['wifi_client_interface']);
-                $wlan0up = true;
+                exec('sudo /usr/local/sbin/switchClientState.sh up');
+                exec('sudo ip -s a f label ' . $raspi_client);
                 $status->addMessage(sprintf(_('Interface is now %s.'), _('up')), 'success');
             } elseif ($interfaceState === 'unknown') {
                 $status->addMessage(_('Interface state unknown.'), 'danger');
@@ -178,13 +150,19 @@ function DisplayDashboard(&$extraFooterScripts)
             $status->addMessage(sprintf(_('Interface is %s.'), strtolower($interfaceState)), $classMsgDevicestatus);
         }
     }
+
+
+
     // brought in from template
     $arrHostapdConf = parse_ini_file(RASPI_CONFIG.'/hostapd.ini');
     $bridgedEnable = $arrHostapdConf['BridgedEnable'];
-    $clientInterface = $_SESSION['wifi_client_interface'];
+    if ($arrHostapdConf['WifiAPEnable'] == 1) {
+        $client_interface = 'uap0';
+    } else {
+        $client_interface = $clientinfo["name"];
+    }
     $apInterface = $_SESSION['ap_interface'];
     $MACPattern = '"([[:xdigit:]]{2}:){5}[[:xdigit:]]{2}"';
-
     if (getBridgedState()) {
         $moreLink = "hostapd_conf";
         exec('iw dev ' . $apInterface . ' station dump | grep -oE ' . $MACPattern, $clients);
@@ -192,11 +170,35 @@ function DisplayDashboard(&$extraFooterScripts)
         $moreLink = "dhcpd_conf";
         exec('cat ' . RASPI_DNSMASQ_LEASES . '| grep -E $(iw dev ' . $apInterface . ' station dump | grep -oE ' . $MACPattern . ' | paste -sd "|")', $clients);
     }
-    $ifaceStatus = $wlan0up ? "up" : "down";
+    $ifaceStatus = $clientinfo["connected"]=="y" ? "up" : "down";
+    switch($clientinfo["type"]) {
+        case "eth":
+	        $client_title = "Client: Ethernet cable";
+            $type_name = "Ethernet";
+            break;
+        case "phone":
+            $client_title = "Client: Smartphone (USB tethering)";
+            $type_name = "Smartphone";
+            break;
+        case "wlan":
+            $client_title = "Wireless Client";
+            $type_name = "Wifi";
+            break;
+        case "ppp":
+        case "hilink":
+            $client_title = "Mobile Data Client";
+            $type_name = "Mobile Data";
+            break;
+        default: 
+            $client_title = "No information for client available";
+            $type_name = "No Client";
+    }
 
     echo renderTemplate(
         "dashboard", compact(
             "clients",
+			"client_title",
+			"type_name",
             "moreLink",
             "apInterface",
             "clientInterface",
@@ -211,14 +213,8 @@ function DisplayDashboard(&$extraFooterScripts)
             "strRxBytes",
             "strTxPackets",
             "strTxBytes",
-            "connectedSSID",
-            "connectedBSSID",
-            "bitrate",
-            "signalLevel",
             "txPower",
-            "frequency",
-            "strLinkQuality",
-            "wlan0up"
+			"clientinfo"
         )
     );
     $extraFooterScripts[] = array('src'=>'app/js/dashboardchart.js', 'defer'=>false);
diff --git a/includes/functions.php b/includes/functions.php
index 1ca27d7d..10699190 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -728,5 +728,15 @@ function getNightmode(){
     } else {
         return false;
     }
+// search array for matching string and return only first matching group
+function preg_only_match($pat,$haystack) {
+  $match = "";
+  if(!empty($haystack) && !empty($pat)) {
+    if(!is_array($haystack)) $haystack = array($haystack);
+    $str = preg_grep($pat,$haystack);
+    if (!empty($str) && preg_match($pat,array_shift($str),$match) === 1 ) $match = $match[1];
+  }
+  return $match;
+}
 }
 
diff --git a/includes/get_clients.php b/includes/get_clients.php
new file mode 100644
index 00000000..999b5bfa
--- /dev/null
+++ b/includes/get_clients.php
@@ -0,0 +1,170 @@
+<?php
+
+require_once 'includes/functions.php';
+
+function getClients($simple=true) {
+    exec ('ifconfig -a | grep -oP "^(?!lo)(\w*)"',$rawdevs); // all devices except loopback
+    $path=RASPI_CLIENT_SCRIPT_PATH;
+    $cl=array();
+    if(!empty($rawdevs) && is_array($rawdevs)) {
+      $cl["clients"]=count($rawdevs);
+      // search for possibly not connected modem 
+      exec("find /sys/bus/usb/devices/usb*/ -name dev ",$devtty); // search for ttyUSB
+      $devtty = preg_only_match("/(ttyUSB0)/",$devtty);
+      if( empty(preg_only_match("/(ppp)[0-9]/",$rawdevs))) {
+        if(!empty($devtty)) {
+          $rawdevs[]="ppp0";
+          exec("udevadm info --name='$devtty' 2> /dev/null");
+        }
+      }
+      foreach ($rawdevs as $i => $dev) {
+        $cl["device"][$i]["name"]=$dev;
+        if (preg_match("/^(\w+)[0-9]$/",$dev,$nam) === 1) $nam=$nam[1];
+        else $nam="none";
+        if (($n = array_search($nam,$_SESSION["net-device-name-prefix"])) === false) $n = count($_SESSION["net-device-types"])-1;
+        $ty = $_SESSION["net-device-types"][$n];
+        $cl["device"][$i]["type"]=$ty;
+        unset($udevinfo);
+        exec("udevadm info /sys/class/net/$dev 2> /dev/null",$udevinfo);
+        if ( $nam == "ppp" && isset($devtty))  exec("udevadm info --name='$devtty' 2> /dev/null", $udevinfo);
+        if(!empty($udevinfo) && is_array($udevinfo)) {
+          $model = preg_only_match("/ID_MODEL_ENC=(.*)$/",$udevinfo);
+          if(empty($model) || preg_match("/^[0-9a-f]{4}$/",$model) === 1) {
+             $model = preg_only_match("/ID_MODEL_FROM_DATABASE=(.*)$/",$udevinfo);
+          }
+          $vendor = preg_only_match("/ID_VENDOR_ENC=(.*)$/",$udevinfo);
+          if(empty($vendor) || preg_match("/^[0-9a-f]{4}$/",$vendor) === 1) {
+             $vendor = preg_only_match("/ID_VENDOR_FROM_DATABASE=(.*)$/",$udevinfo);
+          }
+          $driver = preg_only_match("/ID_NET_DRIVER=(.*)$/",$udevinfo);
+          $vendorid = preg_only_match("/ID_VENDOR_ID=(.*)$/",$udevinfo);
+          $productid = preg_only_match("/ID_MODEL_ID=(.*)$/",$udevinfo);
+        }
+        $cl["device"][$i]["model"] = preg_replace("/\\\\x20/"," ",$model);
+        $cl["device"][$i]["vendor"] = preg_replace("/\\\\x20/"," ",$vendor);
+        $cl["device"][$i]["vid"] = $vendorid;
+        $cl["device"][$i]["pid"] = $productid;
+        unset($mac);
+        exec("cat /sys/class/net/$dev/address 2> /dev/null",$mac);
+        $cl["device"][$i]["mac"] = empty($mac) ? "":$mac[0];
+        unset($ip);
+        exec("ifconfig $dev 2> /dev/null",$ip);
+        $cl["device"][$i]["ipaddress"] =  preg_only_match("/.*inet ([0-9\.]+) .*/",$ip);
+
+        switch($ty) {
+           case "eth":
+              unset($res);
+              exec("ip link show $dev 2> /dev/null | grep -oP ' UP '",$res);
+              if(empty($res) && empty($ipadd)) $cl["device"][$i]["connected"] = "n";
+              else $cl["device"][$i]["connected"] = "y";
+              break;
+           case "wlan":
+              unset($retiw);
+              exec("iwconfig $dev 2> /dev/null | sed -rn 's/.*(mode:master).*/1/ip'",$retiw);
+              $cl["device"][$i]["isAP"] = !empty($retiw);
+              unset($retiw);
+              exec("iw dev $dev link 2> /dev/null",$retiw);
+              if(!$simple && !empty($ssid=preg_only_match("/.*SSID: (\w*).*/",$retiw)) ) {
+                 $cl["device"][$i]["connected"] = "y";
+                 $cl["device"][$i]["ssid"] = $ssid;
+                 $cl["device"][$i]["ap-mac"] = preg_only_match("/^Connected to ([0-9a-f\:]*).*$/",$retiw);
+                 $sig = preg_only_match("/.*signal: (.*)$/",$retiw);
+                 $val = preg_only_match("/^([0-9\.-]*).*$/",$sig);
+                 if (!is_numeric($val)) $val = -100;
+                 if( $val >= -50 ) $qual=100;
+                 else if( $val < -100) $qual=0;
+                 else $qual=round($val*2+200);
+                 $cl["device"][$i]["signal"] = "$sig (".$qual."%)";
+                 $cl["device"][$i]["bitrate"] = preg_only_match("/.*bitrate: ([0-9\.]* \w*\/s).*$/",$retiw);
+                 $cl["device"][$i]["freq"] = preg_only_match("/.*freq: (.*)$/",$retiw);
+                 $cl["device"][$i]["ap-mac"] = preg_only_match("/^Connected to ([0-9a-f\:]*).*$/",$retiw);
+              } else $cl["device"][$i]["connected"] = "n";
+              break;
+           case "ppp":
+              unset($res);
+              exec("ip link show $dev 2> /dev/null | grep -oP '( UP | UNKNOWN)'",$res);
+              if($simple) {
+                if(empty($res)) {
+                  $cl["device"][$i]["connected"] = "n";
+                  $cl["device"][$i]["signal"] =  "-100 dB (0%)";
+                } else {
+                  $cl["device"][$i]["connected"] = "y";
+                  $cl["device"][$i]["signal"] =  "-0 dB (0%)";
+                }
+                break;
+              }
+              if(empty($res) && empty($ipadd)) $cl["device"][$i]["connected"] = "n";
+              else $cl["device"][$i]["connected"] = "y";
+              unset($res);
+              exec("$path/info_huawei.sh mode modem",$res);
+              $cl["device"][$i]["mode"] = $res[0];
+              unset($res);
+              exec("$path/info_huawei.sh device modem",$res);
+              if( $res[0] != "none" ) $cl["device"][$i]["model"] = $res[0];
+              unset($res);
+              exec("$path/info_huawei.sh signal modem",$res);
+              $cl["device"][$i]["signal"] = $res[0];
+              unset($res);
+              exec("$path/info_huawei.sh operator modem",$res);
+              $cl["device"][$i]["operator"] = $res[0];
+              break;
+           case "hilink":
+              unset($res);
+//              exec("ip link show $dev 2> /dev/null | grep -oP ' UP '",$res);
+              exec("ifconfig -a | grep -i $dev -A 1 | grep -oP '(?<=inet )([0-9]{1,3}\.){3}'",$apiadd);
+              $apiadd = !empty($apiadd) ? $apiadd[0]."1" : "";
+              unset($res);
+              exec("$path/info_huawei.sh mode hilink $apiadd",$res);
+              $cl["device"][$i]["mode"] = $res[0];
+              unset($res);
+              exec("$path/info_huawei.sh device hilink $apiadd",$res);
+              if( $res[0] != "none" ) $cl["device"][$i]["model"] = $res[0];
+              unset($res);
+              exec("$path/info_huawei.sh signal hilink $apiadd",$res);
+              $cl["device"][$i]["signal"] = $res[0];
+              unset($ipadd);
+              exec("$path/info_huawei.sh ipaddress hilink $apiadd",$ipadd);
+              if(!empty($ipadd) && $ipadd[0] !== "none" ) {
+                $cl["device"][$i]["connected"] = "y";
+                $cl["device"][$i]["wan_ip"] = $ipadd[0];
+              }
+              else  $cl["device"][$i]["connected"] = "n";
+              unset($res);
+              exec("$path/info_huawei.sh operator hilink $apiadd",$res);
+              $cl["device"][$i]["operator"] = $res[0];
+              break;
+           case "phone":
+              break;
+           default:
+        }
+      }
+    }
+    return $cl;
+}
+
+function load_client_config() {
+// load network device config file for UDEV rules into $_SESSION
+    if(true) {
+//    if(!isset($_SESSION["udevrules"])) {
+      $_SESSION["net-device-types"]=array();
+      $_SESSION["net-device-name-prefix"]=array();
+      try {
+          $udevrules = file_get_contents(RASPI_CLIENT_CONFIG_PATH);
+          $_SESSION["udevrules"] = json_decode($udevrules, true);
+          // get device types
+          foreach ($_SESSION["udevrules"]["network_devices"] as $dev) {
+             $_SESSION["net-device-name-prefix"][]=$dev["name_prefix"];
+             $_SESSION["net-device-types"][]=$dev["type"];
+             $_SESSION["net-device-types-info"][]=$dev["type_info"];
+          }
+      } catch (Exception $e) {
+          $_SESSION["udevrules"]= NULL;
+      }
+      $_SESSION["net-device-types"][]="none";
+      $_SESSION["net-device-types-info"][]="unknown";
+      $_SESSION["net-device-name-prefix"][]="none";
+    }
+}
+
+?>
+
diff --git a/includes/networking.php b/includes/networking.php
index ac5d39bc..a2874f22 100755
--- a/includes/networking.php
+++ b/includes/networking.php
@@ -2,6 +2,8 @@
 
 require_once 'includes/status_messages.php';
 require_once 'includes/internetRoute.php';
+require_once 'includes/functions.php';
+require_once 'includes/get_clients.php';
 
 /**
  *
@@ -17,10 +19,18 @@ function DisplayNetworkingConfig()
     $arrHostapdConf = parse_ini_file(RASPI_CONFIG.'/hostapd.ini');
     $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
 
+    foreach ($interfaces as $interface) {
+        exec("ip a show $interface", $$interface);
+    }
+    load_client_config();
+    $clients=getClients();
     echo renderTemplate("networking", compact(
         "status",
         "interfaces",
         "routeInfo",
-        "bridgedEnabled")
+        "bridgedEnabled",
+		"clients")
     );
 }
+
+?>
\ No newline at end of file
diff --git a/installers/configauth.sh b/installers/configauth.sh
index 166c657b..e3cb8ccf 100755
--- a/installers/configauth.sh
+++ b/installers/configauth.sh
@@ -35,7 +35,7 @@ echo "Checking iptables rules"
 rules=(
 "-A POSTROUTING -o tun0 -j MASQUERADE"
 "-A FORWARD -i tun0 -o ${interface} -m state --state RELATED,ESTABLISHED -j ACCEPT"
-"-A FORWARD -i wlan0 -o tun0 -j ACCEPT"
+"-A FORWARD -i ${interface} -o tun0 -j ACCEPT"
 )
 
 for rule in "${rules[@]}"; do
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 49d4032b..0d5e00a1 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -42,4 +42,11 @@ www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasq_custom /etc/raspap/adblock/custom.txt
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
+www-data ALL=(ALL) NOPASSWD:/usr/bin/socat - /dev/ttyUSB[0-9]
+www-data ALL=(ALL) NOPASSWD:/usr/local/sbin/switchClientState.sh up
+www-data ALL=(ALL) NOPASSWD:/usr/local/sbin/switchClientState.sh down
+www-data ALL=(ALL) NOPASSWD:/bin/sed -i * /etc/wvdial.conf
+www-data ALL=(ALL) NOPASSWD:/bin/sed -i * /etc/udev/rules.d/80-raspap-net-devices.rules
+www-data ALL=(ALL) NOPASSWD:/usr/bin/tee -a /etc/udev/rules.d/80-raspap-net-devices.rules
+
 
diff --git a/templates/dashboard.php b/templates/dashboard.php
index ab1d3d8f..9c185ac6 100755
--- a/templates/dashboard.php
+++ b/templates/dashboard.php
@@ -3,18 +3,17 @@
     <div class="card">
       <div class="card-header">
         <div class="row">
-    <div class="col">
-      <i class="fas fa-tachometer-alt fa-fw mr-2"></i><?php echo _("Dashboard"); ?>
-    </div>
-    <div class="col">
-      <button class="btn btn-light btn-icon-split btn-sm service-status float-right">
-        <span class="icon"><i class="fas fa-circle service-status-<?php echo $ifaceStatus ?>"></i></span>
-        <span class="text service-status"><?php echo strtolower($apInterface) .' '. _($ifaceStatus) ?></span>
-      </button>
-    </div>
+          <div class="col">
+            <i class="fas fa-tachometer-alt fa-fw mr-2"></i><?php echo _("Dashboard"); ?>
+          </div>
+          <div class="col">
+            <button class="btn btn-light btn-icon-split btn-sm service-status float-right">
+              <span class="icon"><i class="fas fa-circle service-status-<?php echo $ifaceStatus ?>"></i></span>
+              <span class="text service-status"><?php echo $type_name .' '. _($ifaceStatus) ?></span>
+            </button>
+          </div>
         </div><!-- /.row -->
       </div><!-- /.card-header -->
-
       <div class="card-body">
         <div class="row">
 
@@ -33,25 +32,54 @@
           <div class="col-sm-6 align-items-stretch">
             <div class="card h-100">
               <div class="card-body wireless">
-                <h4><?php echo _("Wireless Client"); ?></h4>
+                <h4><?php echo _("$client_title"); ?></h4>
                 <div class="row justify-content-md-center">
-                <div class="col-md">
-                <div class="info-item"><?php echo _("Connected To"); ?></div><div><?php echo htmlspecialchars($connectedSSID, ENT_QUOTES); ?></div>
-                <div class="info-item"><?php echo _("Interface"); ?></div><div><?php echo htmlspecialchars($clientInterface); ?></div>
-                <div class="info-item"><?php echo _("AP Mac Address"); ?></div><div><?php echo htmlspecialchars($connectedBSSID, ENT_QUOTES); ?></div>
-                <div class="info-item"><?php echo _("Bitrate"); ?></div><div><?php echo htmlspecialchars($bitrate, ENT_QUOTES); ?></div>
-                <div class="info-item"><?php echo _("Signal Level"); ?></div><div><?php echo htmlspecialchars($signalLevel, ENT_QUOTES); ?></div>
-                <div class="info-item"><?php echo _("Transmit Power"); ?></div><div><?php echo htmlspecialchars($txPower, ENT_QUOTES); ?></div>
-                <div class="info-item"><?php echo _("Frequency"); ?></div><div><?php echo htmlspecialchars($frequency, ENT_QUOTES); ?></div>
-              </div>
-              <div class="col-md mt-2 d-flex justify-content-center">
-                <script>var linkQ = <?php echo json_encode($strLinkQuality); ?>;</script>
-                <div class="chart-container">
-                  <canvas id="divChartLinkQ"></canvas>
-                </div>
+                  <div class="col-md">
+                    <?php if ($clientinfo["type"] == "wlan") : // WIRELESS ?>
+                      <div class="info-item"><?php echo _("Connected To"); ?></div><div><?php echo htmlspecialchars($clientinfo["ssid"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("AP Mac Address"); ?></div><div><?php echo htmlspecialchars($clientinfo["ap-mac"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("Bitrate"); ?></div><div><?php echo htmlspecialchars($clientinfo["bitrate"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("Signal Level"); ?></div><div><?php echo htmlspecialchars($clientinfo["signal"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("Transmit Power"); ?></div><div><?php echo htmlspecialchars($txPower, ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("Frequency"); ?></div><div><?php echo htmlspecialchars($clientinfo["freq"]." MHz", ENT_QUOTES); ?></div>
+                    <?php elseif ($clientinfo["type"] == "phone" ) : // Smartphones (tethering over USB) ?>
+                      <div class="info-item"><?php echo _("Device"); ?></div><div><?php echo htmlspecialchars($clientinfo["vendor"]." ".$clientinfo["model"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("IP Address"); ?></div><div><?php echo htmlspecialchars($clientinfo["ipaddress"], ENT_QUOTES); ?></div>
+                    <?php elseif ($clientinfo["type"] == "hilink" ) : // MOBILE DATA - ROUTER MODE (HILINK) ?>
+                      <?php 
+                          exec('ip route list |  sed -rn "s/default via (([0-9]{1,3}\.){3}[0-9]{1,3}).*dev '.$clientinfo["name"].'.*/\1/p"',$gw); // get gateway
+                          $gw=empty($gw) ? "" : $gw[0]; 
+                      ?>
+                      <div class="info-item"><?php echo _("Device"); ?></div><div><?php echo htmlspecialchars($clientinfo["model"], ENT_QUOTES)." (Hilink)"; ?></div>
+                      <div class="info-item"><?php echo _("Connection mode"); ?></div><div><?php echo htmlspecialchars($clientinfo["mode"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("Signal quality"); ?></div><div><?php echo htmlspecialchars($clientinfo["signal"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("Network"); ?></div><div><?php echo htmlspecialchars($clientinfo["operator"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("WAN IP"); ?></div><div><?php echo htmlspecialchars($clientinfo["ipaddress"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("Web-GUI"); ?></div><div><?php if(!empty($gw)) echo '<a href="http://'.$gw.'" >'.$gw."</a>"; ?></div>
+                    <?php elseif ($clientinfo["type"] == "ppp" ) : // MOBILE DATA MODEM) ?>
+                      <div class="info-item"><?php echo _("Device"); ?></div><div><?php echo htmlspecialchars($clientinfo["model"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("Connection mode"); ?></div><div><?php echo htmlspecialchars($clientinfo["mode"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("Signal strength"); ?></div><div><?php echo htmlspecialchars($clientinfo["signal"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("Network"); ?></div><div><?php echo htmlspecialchars($clientinfo["operator"], ENT_QUOTES); ?></div>
+                    <?php elseif  ($clientinfo["type"] == "eth" ) : // ETHERNET ?>
+                      <div class="info-item"><?php echo _("Device"); ?></div><div><?php echo htmlspecialchars($clientinfo["vendor"]." ".$clientinfo["model"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("IP Address"); ?></div><div><?php echo htmlspecialchars($clientinfo["ipaddress"], ENT_QUOTES); ?></div>
+                    <?php else : // NO CLIENT ?>
+                      <div class="info-item"><?php echo _("No Client device found"); ?></div>
+                    <?php endif; ?>
+                  </div>
+                  <div class="col-md mt-2 d-flex justify-content-center">
+                    <?php 
+                      preg_match("/.*\((\s*\d*)\s*%\s*\)/",$clientinfo["signal"],$match);
+                      $strLinkQuality=array_key_exists(1,$match) ? $match[1] : 0;
+                    ?>
+                    <script>var linkQ = <?php echo json_encode($strLinkQuality); ?>;</script>
+                    <div class="chart-container">
+                      <canvas id="divChartLinkQ"></canvas>
+                    </div>
+                  </div>
                 </div><!--row-->
-              </div>
-             </div><!-- /.card-body -->
+              </div><!-- /.card-body -->
             </div><!-- /.card -->
           </div><!-- /.col-md-6 -->
           <div class="col-sm-6">
@@ -103,23 +131,21 @@
             </div><!-- /.card -->
           </div><!-- /.col-md-6 -->
         </div><!-- /.row -->
-
         <div class="col-lg-12 mt-3">
           <div class="row">
             <form action="wlan0_info" method="POST">
                 <?php echo CSRFTokenFieldTag() ?>
                 <?php if (!RASPI_MONITOR_ENABLED) : ?>
-                    <?php if (!$wlan0up) : ?>
-                    <input type="submit" class="btn btn-success" value="<?php echo _("Start").' '.$clientInterface ?>" name="ifup_wlan0" />
+                    <?php if ($ifaceStatus == "down") : ?>
+                    <input type="submit" class="btn btn-success" value="<?php echo _("Start").' '.$type_name ?>" name="ifup_wlan0" />
                     <?php else : ?>
-                    <input type="submit" class="btn btn-warning" value="<?php echo _("Stop").' '.$clientInterface ?>"  name="ifdown_wlan0" />
+                    <input type="submit" class="btn btn-warning" value="<?php echo _("Stop").' '.$type_name ?>"  name="ifdown_wlan0" />
                     <?php endif ?>
                 <?php endif ?>
               <button type="button" onClick="window.location.reload();" class="btn btn-outline btn-primary"><i class="fas fa-sync-alt"></i> <?php echo _("Refresh") ?></a>
             </form>
           </div>
         </div>
-
       </div><!-- /.card-body -->
       <div class="card-footer"><?php echo _("Information provided by ip and iw and from system"); ?></div>
     </div><!-- /.card -->
diff --git a/templates/networking.php b/templates/networking.php
index 0ab9152e..90a3ab00 100755
--- a/templates/networking.php
+++ b/templates/networking.php
@@ -1,23 +1,27 @@
 <div class="row">
   <div class="col-lg-12">
-   <div class="card">
-    <div class="card-header">
-      <div class="row">
-        <div class="col">
-          <i class="fas fa-network-wired mr-2"></i><?php echo _("Networking"); ?>
-        </div>
-      </div><!-- ./row -->
-     </div><!-- ./card-header -->
+    <div class="card">
+      <div class="card-header">
+        <div class="row">
+          <div class="col">
+            <i class="fas fa-network-wired mr-2"></i><?php echo _("Networking"); ?>
+          </div>
+        </div><!-- ./row -->
+      </div><!-- ./card-header -->
       <div class="card-body">
         <div id="msgNetworking"></div>
         <ul class="nav nav-tabs">
           <li role="presentation" class="nav-item"><a class="nav-link active" href="#summary" aria-controls="summary" role="tab" data-toggle="tab"><?php echo _("Summary"); ?></a></li>
+          <?php if (!$bridgedEnabled) : // no interface details when bridged ?>
+            <li role="presentation" class="nav-item"><a class="nav-link" href="#mobiledata" aria-controls="mobiledata" role="tab" data-toggle="tab">Mobile Data Settings</a></li>
+            <li role="presentation" class="nav-item"><a class="nav-link" href="#netdevices" aria-controls="netdevices" role="tab" data-toggle="tab">Network Devices</a></li>
+          <?php endif ?>
         </ul>
         <div class="tab-content">
           <div role="tabpanel" class="tab-pane active" id="summary">
             <h4 class="mt-3"><?php echo _("Internet connection"); ?></h4>
             <div class="row">
-             <div class="col-sm-12"">
+             <div class="col-sm-12">
               <div class="card ">
                 <div class="card-body">
                   <div class="table-responsive">
@@ -74,9 +78,122 @@
             <div class="col-lg-12">
               <div class="row">
                 <button type="button" onClick="window.location.reload();" class="btn btn-outline btn-primary"><i class="fas fa-sync-alt"></i> <?php echo _("Refresh") ?></a>
-              </div>
-            </div>
+			  </div>
+			</div>
           </div>
+          <?php $arrMD = parse_ini_file('/etc/raspap/networking/mobiledata.ini');
+                if ($arrMD==false) { $arrMD=[]; $arrMD["pin"]=$arrMD["apn"]=$arrMD["apn_user"]=$arrMD["apn_pw"]=$arrMD["router_user"]=$arrMD["router_pw"]=""; }
+          ?>
+          <div role="tabpanel" class="tab-pane fade in" id="mobiledata">
+            <div class="row">
+              <div class="col-lg-6">
+                <h4 class="mt-3"><?php echo _("Settings for Mobile Data Devices") ?></h4>
+                <hr />
+                <form id="frm-mobiledata">
+                  <?php echo CSRFTokenFieldTag() ?>
+                  <div class="form-group">
+                    <label for="pin-mobile"><?php echo _("PIN of SIM card") ?></label>
+                    <input type="number" class="form-control" id="pin-mobile" placeholder="1234" value="<?php echo $arrMD["pin"]?>" >
+                  </div>
+                  <h4 class="mt-3"><?php echo _("APN Settings (Modem device ppp0)") ?></h4>
+                  <div class="form-group">
+                    <label for="apn-mobile"><?php echo _("Access Point Name (APN)") ?></label>
+                    <input type="text" class="form-control" id="apn-mobile" placeholder="web.myprovider.com" value="<?php echo $arrMD["apn"]?>" >
+                    <label for="apn-user-mobile"><?php echo _("Username") ?></label>
+                    <input type="text" class="form-control" id="apn-user-mobile" value="<?php echo $arrMD["apn_user"]?>" >
+                    <label for="apn-pw-mobile"><?php echo _("Password") ?></label>
+                    <input type="text" class="form-control" id="apn-pw-mobile"  value="<?php echo $arrMD["apn_pw"]?>" >
+                  </div>
+                  <a href="#" class="btn btn-outline btn-primary intsave" data-int="mobiledata"><?php echo _("Save settings") ?></a>
+                </form>
+              </div>
+		    </div>
+          </div><!-- /.tab-panel -->
+          <div role="tabpanel" class="tab-pane fade in" id="netdevices">
+            <h4 class="mt-3"><?php echo _("Properties of network devices") ?></h4>
+            <div class="row">
+             <div class="col-sm-12">
+              <div class="card ">
+                <div class="card-body">
+                  <form id="frm-netdevices">
+                    <?php echo CSRFTokenFieldTag() ?>
+                    <div class="table-responsive">
+                      <table class="table table-hover">
+                        <thead>
+                          <tr>
+                            <th><?php echo _("Device"); ?></th>
+                            <th><?php echo _("Interface"); ?></th>
+                            <th></th>
+                            <th><?php echo _("MAC"); ?></th>
+                            <th><?php echo _("USB vid/pid"); ?></th>
+                            <th><?php echo _("Device type"); ?></th>
+                            <th style="min-width:6em"><?php echo _("Fixed name"); ?></th>
+                            <th></th>
+                          </tr>
+                        </thead>
+                        <tbody>
+                        <?php
+                           if(!empty($clients)) {
+                              $ncl=$clients["clients"];
+                              if($ncl > 0) {
+                                 foreach($clients["device"] as $id => $dev) {
+                                   echo "<tr>";
+                                   echo "<td>".$dev["vendor"]." ".$dev["model"]."</td>\n";
+                                   echo "<td>".$dev["name"]."</td>\n";
+                                   $ty="Client";
+                                   if(isset($dev["isAP"]) && $dev["isAP"]) $ty="Access Point";
+                                   echo "<td>".$ty."</td>\n";
+                                   echo "<td>".$dev["mac"]."</td>\n";
+                                   echo "<td>".$dev["vid"]."/".$dev["pid"]."</td>\n";
+                                   $udevfile=$_SESSION["udevrules"]["udev_rules_file"];
+                                   $isStatic=array();
+                                   exec('find /etc/udev/rules.d/  -type f \( -iname "*.rules" ! -iname "'.basename($udevfile).'" \) -exec grep -i '.$dev["mac"].' {} \; ',$isStatic);
+                                   if(empty($isStatic))
+                                     exec('find /etc/udev/rules.d/  -type f \( -iname "*.rules" ! -iname "'.basename($udevfile).'" \) -exec grep -i '.$dev["vid"].' {} \; | grep -i '.$dev["pid"].' ',$isStatic);
+                                   $isStatic = empty($isStatic) ? false : true;
+                                   $devname=array();
+                                   exec('grep -i '.$dev["vid"].' '.$udevfile.' | grep -i '.$dev["pid"].' | sed -rn \'s/.*name=\"(\w*)\".*/\1/ip\' ',$devname);
+                                   if(!empty($devname)) $devname=$devname[0];
+                                   else {
+                                      exec('grep -i '.$dev["mac"].' '.$udevfile.' | sed -rn \'s/.*name=\"(\w*)\".*/\1/ip\' ',$devname);
+                                      if(!empty($devname)) $devname=$devname[0];
+                                   }
+                                   if(empty($devname)) $devname="";
+                                   $isStatic = $isStatic || $dev["type"] === "ppp";
+                                   $txtdisabled=$isStatic ? "disabled":"";
+                                   echo '<td><select '.$txtdisabled.' class="selectpicker" id="int-new-type-'.$dev["name"].'">';
+                                   foreach($_SESSION["net-device-types"] as $i => $type) {
+                                     $txt=$_SESSION["net-device-types-info"][$i];
+                                     $txtdisabled =  $type == "ppp" ? "disabled":"";
+                                     if(preg_match("/^".$_SESSION["net-device-name-prefix"][$i]."[0-9]*$/",$dev["name"])===1) echo '<option '.$txtdisabled.' selected value="'.$type.'">'.$txt.'</option>';
+                                     else echo '<option '.$txtdisabled.' value="'.$type.'">'.$txt.'</option>';
+                                   }
+                                   echo "</select></td>";
+                                   echo '<td>';
+                                   if (! $isStatic ) echo '<input type="text" class="form-control" id="int-name-'.$dev["name"].'" value="'.$devname.'" >'."\n";
+                                   else echo $dev["name"];
+                                   echo '<input type="hidden" class="form-control" id="int-vid-'.$dev["name"].'" value="'.$dev["vid"].'" >'."\n";
+                                   echo '<input type="hidden" class="form-control" id="int-pid-'.$dev["name"].'" value="'.$dev["pid"].'" >'."\n";
+                                   echo '<input type="hidden" class="form-control" id="int-mac-'.$dev["name"].'" value="'.$dev["mac"].'" >'."\n";
+                                   echo '<input type="hidden" class="form-control" id="int-type-'.$dev["name"].'" value="'.$dev["type"].'" >'."\n";
+                                   echo '</td>'."\n";
+                                   echo '<td>';
+                                   if (! $isStatic) echo '<a href="#" class="btn btn-secondary intsave" data-opts="'.$dev["name"].'" data-int="netdevices">Change</a>';
+                                   echo "</td>\n";
+                                   echo "</tr>\n";
+                                 }
+                              }
+                           } else echo "<tr><td colspan=4>No network devices found</td></tr>";
+                        ?>
+                        </tbody>
+                     </table>
+                    </div>
+                  </form>
+                </div>
+               </div>
+             </div>
+            </div>
+          </div><!-- /.tab-panel -->
         </div>
       </div><!-- /.card-body -->
       <div class="card-footer"><?php echo _("Information provided by /sys/class/net"); ?></div>

From d920f739435b40165e2219151b169fda4d5fc6ad Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sun, 7 Mar 2021 18:48:53 +0100
Subject: [PATCH 102/300] Add client handling to installer

---
 installers/common.sh | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/installers/common.sh b/installers/common.sh
index 6acb021f..67f4dea0 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -26,6 +26,7 @@ readonly raspap_adblock="/etc/dnsmasq.d/090_adblock.conf"
 readonly raspap_sysctl="/etc/sysctl.d/90_raspap.conf"
 readonly raspap_network="$raspap_dir/networking/"
 readonly rulesv4="/etc/iptables/rules.v4"
+readonly raspap_client_scripts="/usr/local/sbin"
 readonly notracking_url="https://raw.githubusercontent.com/notracking/hosts-blocklists/master/"
 webroot_dir="/var/www/html"
 git_source_url="https://github.com/$repo"  # $repo from install.raspap.com
@@ -50,6 +51,7 @@ function _install_raspap() {
     _configure_networking
     _prompt_install_adblock
     _prompt_install_openvpn
+    _install_client_config
     _patch_system_files
     _install_complete
 }
@@ -145,6 +147,7 @@ function _install_dependencies() {
     echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
     echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
     sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || _install_status 1 "Unable to install dependencies"
+    sudo apt-get install wvdial socat bc || _install_status 1 "Unable to install dependencies"
     _install_status 0
 }
 
@@ -170,6 +173,11 @@ function _create_raspap_directories() {
     # Create a directory to store networking configs
     echo "Creating $raspap_dir/networking"
     sudo mkdir -p "$raspap_dir/networking"
+    # Copy existing dhcpcd.conf to use as base config
+    echo "Adding /etc/dhcpcd.conf as base configuration"
+    cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults > /dev/null
+    echo "Changing file ownership of $raspap_dir"
+    sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_status 1 "Unable to change file ownership for '$raspap_dir'"
 }
 
 # Generate hostapd logging and service control scripts
@@ -464,6 +472,23 @@ function _enable_raspap_daemon() {
     sudo systemctl enable raspapd.service || _install_status 1 "Failed to enable raspap.service"
 }
 
+function _install_client_config() {
+    _install_log "Install mobile client scripts and settings"
+    # Move scripts 
+    sudo cp "$webroot_dir/config/client_config/"*.sh "$raspap_client_scripts/" || _install_status 1 "Unable to move client scripts"
+    sudo chmod a+rx "$raspap_client_scripts/"*.sh  || _install_status 1 "Unable to chmod client scripts"
+    sudo cp "$webroot_dir/config/client_config/mcc-mnc-table.csv" "$raspap_client_scripts/" || _install_status 1 "Unable to move client data"
+    # wvdial settings
+    sudo cp "$webroot_dir/config/client_config/wvdial.conf" "/etc/" || _install_status 1 "Unable to install client configuration"
+    sudo cp "$webroot_dir/config/client_config/interfaces" "/etc/network/interfaces" || _install_status 1 "Unable to install interface settings"
+    # udev rules/services to auto start mobile data services
+    sudo cp "$webroot_dir/config/client_config/70-mobile-data-sticks.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules"
+    sudo cp "$webroot_dir/config/client_config/80-raspap-net-devices.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules"
+    sudo cp "$webroot_dir/config/client_config/"*.service "/etc/systemd/system/" || _install_status 1 "Unable to install client startup services"
+    # client configuration and udev rule templates
+    sudo cp "$webroot_dir/config/client_udev_prototypes.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration"
+}
+
 # Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon
 function _configure_networking() {
     _install_log "Configuring networking"

From 1e7438da23e079bda2172a5c88066783fcd5276b Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 19:06:53 +0000
Subject: [PATCH 103/300] Code cleanup, update Endpoint default value

---
 app/js/custom.js         |  1 +
 config/defaults.json     |  2 +-
 includes/wireguard.php   |  5 ++++-
 templates/wg/general.php |  8 ++++----
 templates/wg/peers.php   | 12 +++++++-----
 templates/wireguard.php  |  2 +-
 6 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index 7ad6b166..b2214c9c 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -368,6 +368,7 @@ window.addEventListener('load', function() {
     // Loop over them and prevent submission
     var validation = Array.prototype.filter.call(forms, function(form) {
         form.addEventListener('submit', function(event) {
+          //console.log(event.submitter);
           if (form.checkValidity() === false) {
             event.preventDefault();
             event.stopPropagation();
diff --git a/config/defaults.json b/config/defaults.json
index 69993673..faab15b6 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -44,7 +44,7 @@
     },
     "peer": {
       "Address": [ "10.8.1.2/24" ],
-      "Endpoint": [ "10.8.2.1" ],
+      "Endpoint": [ "10.8.2.1:51820" ],
       "ListenPort": [ "21841" ],
       "AllowedIPs": ["10.8.2.0/24"],
       "PersistentKeepalive": [ "15" ]
diff --git a/includes/wireguard.php b/includes/wireguard.php
index 86665a48..b0d0aacd 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -44,6 +44,9 @@ function DisplayWireGuardConfig()
     $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
     $wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs'];
     $wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive'];
+    if (sizeof($conf) >0) {
+        $wg_penabled = true;
+    }
 
     // fetch service status
     exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
@@ -56,12 +59,12 @@ function DisplayWireGuardConfig()
             "wg_state",
             "serviceStatus",
             "wg_log",
-            "endpoint_enable",
             "peer_id",
             "wg_srvpubkey",
             "wg_srvport",
             "wg_srvipaddress",
             "wg_srvdns",
+            "wg_penabled",
             "wg_pipaddress",
             "wg_plistenport",
             "wg_peerpubkey",
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 51eb5309..b3235e88 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -19,7 +19,7 @@
             <label for="code"><?php echo _("Local public key"); ?></label>
           </div>
           <div class="input-group col-md-12 mb-3">
-            <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" required />
+            <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
               <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
@@ -30,21 +30,21 @@
         <div class="row">
           <div class="form-group col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" required />
+            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
           </div>
         </div>
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("IP Address"); ?></label>
-            <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" required />
+            <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
           </div>
         </div>
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("DNS"); ?></label>
-            <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" required />
+            <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" />
           </div>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index c259e541..a4d80f5a 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -17,7 +17,7 @@
           <label for="code"><?php echo _("Peer public key"); ?></label>
         </div>
         <div class="input-group col-md-12">
-          <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" required />
+          <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
           <div class="input-group-append">
             <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
             <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
@@ -28,28 +28,28 @@
       <div class="row">
         <div class="form-group col-xs-3 col-sm-3 mt-3">
           <label for="code"><?php echo _("Local Port"); ?></label>
-          <input type="text" class="form-control" name="wg_plistenport" value="<?php echo htmlspecialchars($wg_plistenport, ENT_QUOTES); ?>" required />
+          <input type="text" class="form-control" name="wg_plistenport" value="<?php echo htmlspecialchars($wg_plistenport, ENT_QUOTES); ?>" />
         </div>
       </div>
 
       <div class="row">
         <div class="form-group col-md-6">
           <label for="code"><?php echo _("IP Address"); ?></label>
-          <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" required />
+          <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" />
         </div>
       </div>
 
       <div class="row">
         <div class="form-group col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Endpoint address"); ?></label>
-          <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" required />
+          <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
         </div>
       </div>
 
       <div class="row">
         <div class="col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Allowed IPs"); ?></label>
-          <input type="text" class="form-control mb-3" name="wg_pallowedips" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" required />
+          <input type="text" class="form-control mb-3" name="wg_pallowedips" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" />
         </div>
       </div>
 
@@ -63,8 +63,10 @@
 
     <div class="col-md-6 mt-5">
       <figure class="figure">
+        <?php if ($wg_penabled == true ) : ?>
         <img src="app/img/wg-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
         <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this RaspAP."); ?></figcaption>
+        <?php endif; ?>
       </figure>
     </div>
 
diff --git a/templates/wireguard.php b/templates/wireguard.php
index 45554655..ee28dfa1 100644
--- a/templates/wireguard.php
+++ b/templates/wireguard.php
@@ -27,7 +27,7 @@
         </div><!-- /.card-header -->
         <div class="card-body">
         <?php $status->showMessages(); ?>
-          <form class="needs-validation" role="form" action="/wg_conf" enctype="multipart/form-data" method="POST" novalidate>
+          <form role="form" action="/wg_conf" enctype="multipart/form-data" method="POST">
             <?php echo CSRFTokenFieldTag() ?>
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">

From b978a3d468ccc659a18b2384ce60dea802fb4f55 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sun, 7 Mar 2021 20:35:58 +0100
Subject: [PATCH 104/300] Add UDEV prototypes for network devices

---
 config/client_udev_prototypes.json | 49 ++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 config/client_udev_prototypes.json

diff --git a/config/client_udev_prototypes.json b/config/client_udev_prototypes.json
new file mode 100644
index 00000000..d0ec6e00
--- /dev/null
+++ b/config/client_udev_prototypes.json
@@ -0,0 +1,49 @@
+{
+  "info": "UDEV rules for different client types. $...$ expressions will be replaces automatically ($MAC$, $IDVENDOR$, $IDPRODUCT$, $DEVNAME$)",
+  "udev_rules_file": "/etc/udev/rules.d/80-raspap-net-devices.rules",
+  "script_path": "/usr/local/sbin",
+  "network_devices": [
+    {
+     "type": "eth", 
+     "type_info": "ethernet port", 
+     "clientid": 0,
+     "comment": "standard ethernet port",
+     "name_prefix": "eth",
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$MAC$\", NAME=\"$DEVNAME$\" "
+    },
+    {
+     "type": "wlan", 
+     "type_info": "wireless adapter", 
+     "clientid": 1,
+     "comment": "standard wireless interface",
+     "name_prefix": "wlan",
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$MAC$\", NAME=\"$DEVNAME$\" "
+    },
+    {
+     "type": "ppp", 
+     "type_info": "mobile data modem", 
+     "clientid": 2,
+     "name_prefix": "ppp",
+     "comment": "recognized mobile data modems are automatically named as ppp0-9. Renaming is not possible. Dialin service relies on the name",
+     "udev_rule": "SUBSYSTEM==\"tty\", KERNEL==\"ttyUSB0\", TAG+=\"systemd\", ENV{SYSTEMD_WANTS}=\"start start_ppp0_device.service\" "
+    },
+    {
+     "type": "hilink",
+     "type_info": "Huawei Hilink",
+     "clientid": 3,
+     "comment": "Huawei mobile data device in router mode. Control via HTTP",
+     "name_prefix": "hilink",
+     "default_ip": "192.168.8.1",
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\",  TAG+=\"systemd\", ENV{SYSTEMD_WANTS}=\"start start_huawei_hilink.service\" "
+    },
+    {
+     "type": "phone", 
+     "type_info": "USB tethered phone", 
+     "clientid": 4,
+     "comment": "ethernet access provided by tethering from phone via USB",
+     "name_prefix": "phone",
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$MAC$\", NAME=\"$DEVNAME$\" "
+    }
+  ]
+}
+

From 70989202d154647d4d0a539cabff8aa3763ffcaa Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Mon, 8 Mar 2021 09:10:05 +0100
Subject: [PATCH 105/300] Update README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 8a4fd06f..f754d941 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ When backers were asked which feature they'd most like to see added to RaspAP, t
 ✅ OpenVPN service logging  
 ✅ Night mode toggle  
 ✅ Restrict network to static clients  
-⚙️ WireGuard support (in progress)  
+✅ WireGuard support  
 ⚙️ Traffic shaping (in progress)  
 
 Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/orgs/RaspAP/teams/insiders/discussions) and let us know!
@@ -44,7 +44,7 @@ Following is a list of funding targets. When a funding target is reached, the fe
 ✅ OpenVPN service logging  
 ✅ Night mode toggle  
 ✅ Restrict network to static clients  
-⚙️ WireGuard support (in progress)  
+✅ WireGuard support  
 ⚙️ Traffic shaping (in progress) 
 
 ## Frequently asked questions

From 50901948e0a4bb8694fc80148cd0d0ca4197085a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 8 Mar 2021 08:44:17 +0000
Subject: [PATCH 106/300] Added wg strings to en_US locale

---
 includes/wireguard.php               |   4 +-
 locale/en_US/LC_MESSAGES/messages.mo | Bin 18271 -> 21077 bytes
 locale/en_US/LC_MESSAGES/messages.po |  77 ++++++++++++++++++++++++---
 templates/wg/peers.php               |   2 +-
 4 files changed, 74 insertions(+), 9 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index b0d0aacd..00b4e962 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -191,9 +191,9 @@ function SaveWireGuardConfig($status)
             $status->addMessage($line, 'info');
         }
         if ($return == 0) {
-            $status->addMessage('Wireguard configuration updated successfully', 'success');
+            $status->addMessage('WireGuard configuration updated successfully', 'success');
         } else {
-            $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
+            $status->addMessage('WireGuard configuration failed to be updated', 'danger');
         }
     }
 }
diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index 451dd153e80dabdc3f40fdae6f029c35256d88ea..23c18e522906eee2d279c4e0bd2565f0ffd271c1 100644
GIT binary patch
literal 21077
zcmeI3dw?88oyR+b1lR-!j{pG@npYl>-E0ybA;iFD^Mq`&WH&?-HTKN(?lzg39;Rn@
zvqU@&qQ{8}Du@b-3Kv09P!w{A3Mi;3C%zF-M8y{uUw}^@_xV;;&&+PJ-swO0&o=qZ
zr>m;F>Q}$|)w7o$9lZCo9@oq<o_92S&3>NuHtugYSh1e>=n<sBZ^9z{D?9*3Q#@}X
z+zR)FZ-R%zx5L$N2V4uEgUYJ?NY9%9&xc3B3>*vJ2q(kKpx%EE+y~wP4}&|Q^8W@r
z2tEdt&#&R3@Q+aXOdwOee<Yj==RuXz>6nMg?+U1T-UxZsyVvpiQ2G1;DxWbtG!9OI
zia!P(2wR}^TMSjN<u3jLxQ1{9rSDG1`{8)P4@24On^5on2vU^yb11#`LTOCzO@U4D
zc&K`|K$W`?Zi44P>9xc0HYoi*1<UY$C_9}p&6c+us=O{2-UMe8?t_!ywQxDy0a3-<
z1yyd-G1k6^LABG#P<qXQDu1C%KO0K#^)7ugRC`_srT3+9JG>go4wHSGel(m<cpk(>
zydHQWycEiQJ0Py+-40KJUxBjIb5M3~I@anv6{512bG#h#i1%SAJA4tUJ--X3&n_r?
zy#(jNiO2CXhW3P2ZqGU%Tf)!44Y2P7>I(0Jo8jN!0=Nlf#cSaH@DV6GKLJ(FPoc_x
z4$98srdvG^gR<|bP<pjN)$0O?iM$e2eXfS%;q6fNy$kLQ?}K{&K^Om|3;!I-E-yjZ
zZ_*5Fhbd5cErjFY5~%iB1=XILq5Sef#{ozd-gYQ`KIZr}$7iAJHesese-)G;zZOdG
zL5OL+_dw}=4^(+yg0lPLQ2q8-Q1y5j%1)DKS-Z`EhY&s;?hDU_JmPgjHPt0>KlnkY
z^p8U2b0<_j4@1@KNvL}K0;+xo;6&2%D5&()q1t5$)O%e}?G{4mS%qq+?T%MN`RNU?
z3Et)6?}xJMBXA%19VmUCgiY`{sPbQi8gC|?Z1tWF_52)Y>I-F;a~)p~jUG_`wH+#-
zcS6<UMmQUO7Al`#LY4bFC_mVTMD^Pvq4byr<v+8a>e&KS-eNcbcDeM;P<G8h9~PkU
zdplG;KLnNEEl~R131!Czp!E1Q90#9p=}$ww_dBS1{>g<WG~4jOQ2I=FJk7-~hthW=
zRQqp+`@<{XBKU47J--dreow;v;cp;K?!D;Zr?*%=7eMK^0;)c1q3V%=D!%|#-X&1}
zdl^*zH^YhW<51<?169t~;ePOOsP}*7;-7ciYmT++B&d2H4fT90R6Yx#@>va~$401f
zLa1`f@Bp~Y#lOYzI;iJwhHAIlp~mgcIz9$f&ljNV{t{Gu_inZQ@Ng(UZib3q0aeaM
zDE%TAPGCUzGS~rs23Np&b3Jbvycl-D`=IJ`=se5mQ1x8^mG5eJAlw8`fLoxRzZy!v
z4@1@GRw#e`w2S{LlpP+0>Nh`t{PUjYN8{#<`8MCPpzN>~s@zRb{Ue4NFRp}Z;U`@9
zWrz!U$DU%j21>teQ0;Lgl>Ocd<qsc%DsPA5=Ux2wpzQSo)br0c?t*&}egU33#`FFR
zXA*8X&90v|K-uLXsP_IYR6TzJRnD_;H5_}o)w>fOO!$LP^}G|ReqVs<-%mh|uTR0l
z;R{gu?9b$M7@Q21|7<9`p9+=F3V0~&g3_lC>iq%862iL*s+^BIeibUeXQ2G;MW}X}
za)#w8Q2DHd%I9@Z<3PWQe*=`AuY}U?dZ>Ec<l^swYY0CCrSD`WU2z(epUi-=R}0kp
zXF}=M4yD&-sP^cG@~2Co>Ukwpx!1u>@FP%qjXl$HKPbHqgk?Al%1-ZqD(@z!^6qfq
zop3hc2jL|62e=%LWl)k`&Veeo7s|c~R6AV(rPo`b%D>K~zaL8PPr3Aaq1yAyP<sCm
zZil;|>`;D{O&^4~vUe4n0>21Pgg=C`+t|f+{WKAtMEFD~J9R?Yy%$RFi{UhQzvGXg
zPxuumJNReW_M8W$&pA-`+6d>u2zvPW^{~qA4QJc+)4^?a{q!Kj<lfXJcK!5fi0gPe
z9e)qi?@nsBc3uEg&e>4qcS6}Y1E;|R%D(S}^0N;>)$1;J415IYxm{59nz+>3_YkQ5
zJQeEs<6Qh1F5C`fmyJ;ND?lIiL$&{PQ2E^m)jm6*+Vfs0Kl!rbci?owPebXm?=s7o
zjw_+;*5|_SgGUj*2TJen!DHbIP=0YZjimC9g|hqUP=2)>sveu5>{N!b+je*eyauWs
zx4@b3lkhnBI8?qbx%7Qj*nB2I<ue1SUT47Ra4A&%wm|8*)umqp)h;(ey>|yx`42$p
z`7Nk+dfIUpl%M_uD*r=P+Vp8~JmHhzK5#Bnz0QDot`n;KP4GzA2ls`SLp}diXzB}P
zms=b^2aO(3{`E9eKEH*k$BS?_JYtp2XBkwv9Z-IdgJa<UlpfpQ-tf&(^}G_Qyz8Or
zd525C7w${=e(1x8q4Ikcs-7=H<u~petKTFjJ01g7pH?^yE^z6Kq2B9&s%N(g_qlKk
zrO)M#?{e`sLFs!poC)uRvcofwp~QO*O3&7FZTp=8m3}Uq1ut;%mqXd{S}6T)hN{nP
zunB$vs{Dtc%6lBjf1iTNf6QuY_a-PmIUK5-S#UpiI@J4ZF8(~n&2R$o1*m!tLOuUB
zsC=%2%I8)nJ?@4R;R8_RegjJH$6Wj`9G{1JeoTkWe<D1Z@DYxuLe+B}l-)N%)i;3Z
zhZQJ4ev6C08LFJSq4aymg&&0h;in+~ytXxV{d5(iYkS{^U2y7JTc3*@FNdn{wNUxq
z3J-)k;R*07Q1#yhrQa)1^%>u3{qZ2E_~}q~Xol)Hr@?vfJg9MVJ3J8H0A=Ufpvv6|
z)jz%tHD3G@QiM0*JR9BwXA^#-<Hw-#c?|Ba=b`NPM<{=I8LGUo>nx9gik}Z<uLV%g
zFL68v?nQVV90T8sOwvumRp9=ONQf*)jvJOvly?g<6_L%ZLSBdDk^7JqMAOzR<o8G)
zl3pis^CZGFYV<zMCH&Y?7(gyT?oz;At?=u}n~)cga}e3{Ey#n&=aET>u4j;=(D?@@
z#2OghjogGB@9Odb_c^5T!ez`k-A+jNGM8+4kh@QzcG!e0aS=a<lgW2IJQ|KgF6I7y
zq=fj$&yX{bUm>?5XCpDvhUoeh@>O$Ze^$8r_rlAN8<2y@*GK-y{UPvbI1wHXb*Y_o
zX`DTf_@BZbDuPSCs_QGrrxE#-`pthL|BdX!^Q&Qc?M-+d0rinzyU2Gyjmh0E+=$Bw
z{0njtvKWbwe@B{-UC6b_?~s+q>yiD*e>*H9^N|w>>%yJA{kWgz!g~?E7x@748RUzI
zt|=~E_a8+*hI~%}t}i1?&7JL274E<9!he8QB8T$+1@Ix{)yTet-wN+UbX|db7dao9
zgZv4}A`c_F)aP$UIu&qNKRg||2Kfb&LEeU(f#{lP;T=m^J={Oy!ta6KNz>rBk+&mS
z-#msK$@5#Fu79)eZiXL3CXhA=PlUs-am2lg$iw0D@U_U+hKFVlKf{F&Zit`4{YDr5
z4V>PPrrY<WVcvg~`>!ESBkx2GCT<=42{IS?Eu!lP<Woo)nT$+C#v{{tei=-!2i(o$
zX$1TPau4zv7k483D{>w3uSgSlJPXGmpF{3I4j}G7;NHkzkc$vq*IRfWaTH#0_lNP$
z$GQJA@*`xnix(C(-0L<$o<m+zfa?p$c;0V^??z5V#t_!kj4VVxs{q&07G5u0fJ{Kv
zB0G>($jityr13h6z*O@4B)kyWhIApio<jbHd;_@=(e(s!49{<dA3`=D??<Z0e<4SZ
zHWsGWDcpP$36P7CUm{;ZbiD!Di|21sU{PlAs?PpX{BUbfDCNV2i{@k&`>ieJKR*-X
z`r@S0l8p=AqNGxei@l52#1%c|LjHzjoqmwbhDqX=;;2|j{Ge0{gR&na{*1MyusEZ|
zUl$~$woX46hlyW|D}J_GE{DZRe$Y><rBYlbCN37kY$Yo8`juFDdOY6|Wc{{Wu1wxu
zTPChnTt;3SPxc3uuy*6Cpz}M|_}P3!#`Sm`R`xwnZ?zm$qPTdL-`y7_{y>z^`{Z2-
zD8JGd`Z0O*mx|5qog^&xN7=9?%}lxl4LQZd-LqJfjdS7Rp&2cjV<P>b`Gx+{mF=B=
zJ`9qO+U5Ku`8d0UGPn;)m9Xru>P#!|cZC(1M$hFWK1x@jY(o|%wpyZ5!l2+UUDIWX
z3(JbP_RAHbqF)M<WFRi*{AwwO{ghdMP|P;m@LpP0J|7Q+IrO01JQ@{w!(`osWt4TP
zq!z3_U#WzJQrd*ptlewZd2M@$-w>6<71f}O0((g9iz`VfrWN;)=4`uLT3qt?R2b1C
zmqp@8MUhl1sfu$HF}HCZuWd-MUi~FO5@kK}+YlKBxSmh9z+^$*TM||9!O$~}osW`A
z!=vRW*NeIF`vOknEg2g2@z}5!Wb$FI#a|wm{gw2~Vo(VEpr|&QO-`Xd7+1@FnVu4s
zXV4K{oA=_x?VaoW)p3wBH{CRp*RF=od+mKeu{WekgoV%qiY79S6SDR*@=Bv<sT}u5
zIhwt_&!uT(Kw<f{qD{~9S1nENR>!^RtujdOYyM(iP(Q5nQBsL+7-g$@MvgulV<0Gp
zen(q7l`szMXM>_2<OhPm#Lu7^&Pjt%yn1dTJJ4U;v(z?^`d)jSk5R0#?<cijn3z`!
z!Pd>iYGE_}N{efF@Z%obf^Z2-V-`Ob_5{^@#Tc5$qe8Wy)|l7YdU}h$s>het5BfAo
z>ui%{?Rok~6eeh62RD>m8fr)}N@%zvraM-066d9EwOA<+`t54|G@!A=FI4dqYMsdk
z#VsnSG7$S&%oLDEne6O%T6ZQFLH7*$gD5Yz88$>V3}n<9U%}kDC@JNGLA1(*^nDbk
z+_=!-1RA`lUQ}enFyogS3e3HAgt`)pLY_vV^cfTx^p@(^rx*0}Fn|RG)tShoFB5Ax
zSQ^j{)g<T*8*b?k#i$aOH99VJjj@8p#~Bnx8)g)vsoITpjjge8UDaifj)R%Z_+7+J
znCvhiJS}w?zbAHs9S;Y^L4Tkxs)R`?$cFw*gTz=p$Rx9j8_4NYmaiVzf)e?VUTrbV
z&}r=7nTc?18I}gF7ISe?8Ag~V^jC)Yd;!0wZ%~eD>ZMU)TGP%nv=}3LoZU=wZ4R<q
z++4%^<|*uHo3uU%nyI6jcuR{(AxJJ7>IUhwz_e^;^qy*7P39iO=cQ)3S}dBDs7KeL
zV)I0*Rip{SOjYu*3^QHMr+<Z8wOWY!L%9K&L<ETL!85ANRn$H%1d-mT4L<n*Tc>l@
zGBXU?$*)J9L9@9TVtZ&X&m}Ksh{#|Pc|(_-F4vm=ojy>@JxODn6V(#Z_^_BWOPe&D
zk9&J%0ap^vz*uPq5955KTkTwrpqEDdQDv~D{stPm(I)EAsO=8~#dLWijaii$HGFlT
za(GddbxMMpvaHG_3^Vk6Ef$P3#wbws`=fHD8sz=npq!!mXc^byFG($EJ9uxPM`?wg
zGTpkspcb*@o6Y(S1w;C!>|Q~5Bw;F{olFTqm0>_D4s1G@w!>@|TVcSXvrSbB(Z#%_
z$w<?eW;xT?fuA!yp4N|O+M3D!4+e;Oi!q~;`lIbUiCLS{H?vF_q{thSQkaeCD>*#C
z&IPuu?ZV2}%=3?xn$X(D>e#%@@U7NRceibs)H)0$no&~joUh8A^MlUlgS9EcEqsG~
z5;LliSwt(=muXr7+I*R<&1CLM`3F>{|6{0z*^g4_O;+W+on&gAV~_b#L3*r4er%n#
z?rtN-NUw&)Y<aN63fc|njG$Q-p=KQz_!S0=Fps4w17TQ9Hv;k!)<tGXjvY%Olh{c4
zt25cb&P~ecdiwA7D(X~!(XHf0e$goDd@~14jWi~850*5b<kZ#b>v6@H0U@0~yk%R%
zY}HiRwYb`mnO>t`xk7S@1+QO;SYj=wJ5Xm7G--a$4x>ZjS$*yvZHGUKY+T4Uyynse
z=neHbn3W<O*IRCekYaYwTge*E{P<m6tCp(MWXdcHvkb7_%5+9EcWs>{4;}LLfQwFt
zd_~D~%`3VYaoAqzR`n|xSeR8TYHs6J0u4qs6Lq?MF|&0oP-Gy~cti`iWvQ9w=Oly4
zoGf!iGN%|;yj3GS=H{~z(}SEDdPhumemG)!R5HV0G+<zcS`=e*G~yfSR%0ZMS^JFm
zZhuiT?1;$&I9{*WX|2*C$jp$nJHMeoa&YPX8ntIVXlBoZ(LZU34DxjH93x#kP;7|C
zVRnzHmh2NWin_ho=*R9Y?TS_v`HdJ7>>{qdkY~bUMWo>@uSMSQ2h|Y6A2~M+OKo{Z
zV{bM4nyMC(=}p=z*e>+5ejOg2c&oJ;_q)|gS4V}2)g8lDT;7tNZ`eMIA=3GX$5@Y_
z$F$4r?rD3afnr<hB`kJ|xq&Fh&PL1h3Te!pekVsA?zU9T<jH7DsQ27*A)V)K3=_Yb
zf)wsy)bQEZm8um_+oH5DbTpiibhyn4`<V<Y0`@U(-t;=cLd?!$J)5HXZI1g&nN4d)
zT&(obB^`(N$u-srTJfw22Wn>sLjr1cGau6}vwhy0D7(ds3Tt9tOL`C1yEgk*npJTP
zHK|8-RWtIGjv(1mi!_eo<_lh|`4R27HqQ*=&NYSv>gP>XskKEGFClwXW7k2yeoC_Y
ztnRI~2TCc2kAyB+(dkIo*>$ehi5{iCGH&E`GO3v#zoDr+ndn%Nupgo2!xDajqjpCA
zI`)NH1bfCqI?Hh-&c=DqO(q*Oq_az`A7L3!qUSU|pjQ<YW@64x)`i)S%>9lf=`BZ0
zgKTQ*!A{nYVMP%=EW7(4O91<ub`>QSVsu;=a;B#a(a`?u!i1d*Np>P@Ji|)k(&H6{
z@ig|(W?$j0Lq)&6&CiBx`q>DwTJ$s@nV<T0*R2}nnt^owyv8kW7k#*{WtUC|%s$|}
zbqq0Vna!z!ISz3fFFLOqd+dsima~f!uZy|6tPY&sH00}&{E8L=U2OBHL)!M~3dT-E
zri0FGi8(=>l|C8xY}oA}<lbdPWDZ)ow92Gyy3FCpP&?QtmM>{)?Z~97FCOsplMXXf
zYTMjP)YG@kyF}Yutyp=YS}~(=7b`=Coz*yf-eVZ&ptG@+Y)tCuHl#x|dsja<v*C0_
zVnb=m+Ry;?Y_;zVTPl&R0drNSQtcfE)YOfhHpUFQE@Y>ft_mxlx?TjVTHG{h)v!!5
zZ`5@n#i>*uOT4azO|4ygu@0-%YG`828Fpi0p%9dD5Ic=q_>GgNi?W?hCRh^>9P6I<
z)gESXxRlA#rcj^ZLyC(^hZ6-^+-x26y5%u-pEQTpZu7{2SK?O3^2TO4VQra<huMWQ
zPZgUrS+aq$XVLhLHVCfrwY9kM<Q58~bL?J1t}k0M*`&ERe@k~r|3q$fi<jp2Pia+*
zo68~RXZ`<VE({zaSt-Zb$?S~(w;FOD!0cQM`XhGO8pgYIu+bCpl_MQ>8)MRe*TiX^
z(aAx3+3U7@rCM)aZ_hcfiWV%4Xv_l6#p~X%zPP0*uZq&uo44K^?K?0h4{*ENcY%aR
zvmIecz`;H%p7h3!zV1BA9Bq0VI@`<)YiG9IhUW!lcs^}@<M6y8%%GzVhW$*0BjSRz
zQsOnl>${J)AzB`}RZ8Q1?G)TheJkzGp;l?PfHP^SwaoF6-B;-x&3)b&`iP75Gki&M
zXKpBEhQ*mK9GZ<>=+77^1)G^UID1Kl`H(-g-*bLLPRnWo)X-ivl78+x$gqb~O?S&V
zukUQ__9K@{GT{y#7^k}yeb@2Qu9&XU(?Ml;Jcp(l=sYu9)LkfjJWXZ+&zj^yIz#iS
zT=V%_#Kgsg{@j*%EpwY#8qku>9Z7GLYhF_AO`5yoh5izKUE3HH3L!f+x>$zr#cA;D
zUJjb_`l`6NsdH^}y83BmsTeNgV0~U|bL;%(d1v^otqWUEJ-L;uX?2iPnoW<%2keLb
zffCY%esee9#uobIWas3COqiS3cQtja>R8rTsn(`;7Q_s0&D#Di^ef@k${dbIqT-px
z#c{b;t?ypmyrBM^>+a1Q9mLuLEc6#-qDs@~$JNn~tD_%R_w=ncw%^)^eN7z}tPS|~
zv+C%_RW?X=?DshlNN-0!uDVaDqaRmCKdv^Mk+?teaSOZAkE^2}SIr-xv7H+IxSCl!
z`f-)-aSi7jd;SbR`f-(So#yXN8f`@v;&jp-o4A!+dit{aSJ}~ztD_%R&7TgMZ?x$#
zMZ@9gkZ-u7A6NOSf%MpB_fM(2$Bcel<@4z1$JP2Di;sR>9sRgE`f+vi<Lc<g)rLP-
m9{spF`f*i%h?;&b^hQ6fhW2ab=*Ly_KRMJsrv86?T>T%#$L`+%

literal 18271
zcmeI2eViRtdB+C`<OKs5A&3DvgqI|c-E3Y65Fli;n~*iTn<cv;LX|Lk@9gf7duJ|p
z=I&;RKtT#9MZt=^R4cxKLTRwPC@mtsP@xg4qO?U6EiDvL3u>#Pg8lx^oVoWVVf(55
zv!9*KbH8)WoH^$?&w0){&&=eRSyOKCIA-kSd56Q&G|wC6{PPDX*Yn;!+w<nbb6^B7
zhX=r)!8btfP|xEQZzklQH=Cbs*a|nm?Qj<S8r&Z~1LwdO;XZJ`H+$Y8a0VpHGjJ+A
z8PbHe3ab9i@Qv_%crdI&>2Vd*eIJ6VcZcInsQaIXZ-K8mzWK21zNJw2t%m!;b6x)V
z@IcZrlpdEt>3@~WzXkS^z7tBXR~+}Ik^M;T4`r8GQ1>4RrPn+teLCQDcrKg)i%@on
zq1xRJrO!2v*F*L5Mp%WnL)qalDpfltKx;3TUIiDD-vc#-7s0jg8mRGo0;;{2pzQct
zC_N71qS~DUm46hJp39-GuYww<^-y~H@CtY#RKI`euD=SGl77<>=m^h*$3h><URS~6
z;dM~<co53IPeAGU9DFNW$d9<59|JFd>i0EJ<Mt6KyW9^K!$+Wp-~JNb!|AV%#Ao20
z248}EAC=kZR4DyBpz7;~x;22Z%N0=dUk9b%ry*5&4?~sv0aSlqgR;-Qb3JbgJP@k<
z!BF`pxb%ro{p*J6{}yQA2-LW}2dcj7q3nAT)VS_&d=MT-`Y|XyUUEF}=q$Yms{b2Y
z`ZCCndLM(*_aP{Kz6VwR^H6sC9n?7Qe@v#gfwIR*Q1<D9Z-VDQ>0O5N;V47}@1s!l
ze%W1r9IF3MLe=vVD8G3Psz1|l0_imy>iQC>b~>T-8Gy2X!7+yNpY2ff+~D$Wg|gRO
zQ1-hQT0ep+_XJdX--k>U??ov6_r-`Re*jd!W<&M=c*irK)dS8XzW`Owg;0850vEzt
zpz3)Ps@-oujqmetANUHC9<M_6XWG2XKMsb{<1lF8T&Vjx;C}FIsQcatrN;=={2hZ+
z;ni?ocpcRB4?*2`8&rSpa_KL+^rKMrecGje45yI(J=8c(;Ya;!fzs<#sB!6Z`Deog
zq>C>9eNgS*3a7%mq4fV8l-@g`+IteJo#!A^#Cs7=gKwZR+4B&ncIHC0zYI=?t6jR=
z@mwhTjX?D;h122HQ1^cT>i$ncwSNy({SQI4x6`G+?f65eazBNt_t%i6%A0b0#-pJ6
zwGzs%YoYqr12u2Xhw{f!mwz3UJw5@a!+Tu%^Ux>#HMj=0oWL3b6DYkOb$kk{Uq6Pb
z=l77Q;vImKsoYX1J=VY(up7!>H@o~2R6i3aKYtfo0&j#`zji{6$Fp#M_;aZCUW4-I
zSuNQ-ZiO32pXJgYgSzh#I1_#c$}Z1Bjq8h0^}pmewKdB>63Pz8K$UNGTn_gpy%L_d
zm*=%ZT*4b$l*JRb!UISj*p`joTcP@O0#rN8U^ncB((`7harqHczkUbRpJ|J;`F9M|
zc+H2pe<hSYXG6``^PuXl!8gK7pzL}blpeQ1-FF{Uy^lM-0CoQqj4XT4aa;~{-&s)i
zoewonx4HaFpzL`qlpY^}v*2wm{{h%b`Y|ZI4qckjK#l(b_y*Vpb^qy5daZ%d$A_}}
zHYh*29Lg@&LbZD{ls<Pj-VLSi{jdrjfp3H-Ez8>Jg4SLxeICSRyshvccoSR;?|_;=
zFGICA^Tf=Khe7Gl3f1l@F8>TDJqO(N^WY(*Lnu8jg;&7$L-qUM<=OQ)5EZ?}Q1dT<
z$HGgY>~$Mts(Cx$Z1@zM1z(2JbDxv4eei9LAvEM)4b|^E;GytAD7$<cGSuF)Q1QgU
z1P}LcddMkRJn<M*JYiO3b~*=2e;=y83!(PicSG6b<52bQfYR@)Q2Y4zp~}4q)!)NU
z&FphD)I4i}D!;_#ce!*wRR1o3>i@;iz$>A~?Nd<o-3?{m&qDdn<Bm_k<48XbrN_+E
zGPXGOK=r@u(jSF$NIwjv@6%A@_#3GDr<|VI?Je+N(hH#UUI}H7O;Gk3hHrvnP<mej
z=fe*|#S;%f)%!zt{Y9vHegRd_jFp*R9S+r>c~E*SgSy@a)y^Q)I98$Tf0^U8Q2ui>
zlz-mq^1lFOuboi#`xaEYPeGM?8LGYC!neR_XJq;x4OM<2RKJ!%^?#k?JE7GB&Lsab
zsCwQHrT2&7LihkwJ<mb4`%|d#ow6!h&klvsV-8e*j)U@#B~W%e2^zQx>OLQ;KPl9G
z+oANh5^Db50M*{@Q1f#K)b;zI?)wT<e|Ea`GcNrclzm@u>FMp69!Efp<6NkIu7}d=
z9H?;_bonV<K>Bi*e-~7{Ux3o*>rnbX38nW7Q0@H!s=xcJ&f<w_Q1u@VWzVHh?W}@o
ze<PG1o$t~YIBtWo-<44P`v6qA+oA6N4AlK!hHC$tQ1w3z)!qv({WHhcpvvvvk<~jJ
z9!`3$;~7x>dIywUi%|XB3N>#of%3->y8Inb_V^N%Uf*=-??RvSkKh`(zB7v_u7}e5
zImcf?^=mqXRL>Fc7`PCs+*we16rl9J0Lou$F8{qy{k$H^&u@WC;QdhR*9%bNp+!}8
zJP4}2!=e1S4bFw#a0858`eCU1o`tgS&!Oz%otcg6G^qM#Iv(rtPlvL@YB&{kI}X6T
zNxuW`1s5SdKy)x9cFZ)d-ifFm%?C@C_XzS+<Xq(E$O_~ikpS5bnW9QL{sQ@!J<EQ6
z4Ze=Zw(W@e@*BiQhLFET#*vN4zaaM`$08p={tMBe`KRN9`q_&y7CD|l?m)hQJdEfV
z%V2-M!fz{b4{{|Ud*#PGPX5v*UWMOv=MOmw|BPIM{0ezD@@?d!h>oR*{3Ab};6&q>
zA1p`SG<5wUT#tMec^~p=<d?`FBbOujv7D0-S%BP&ychW)qGJ<sy*+FE+{x)Gm)wtb
z?&iD)`4gnu<qMxdK7hOxVJg_;Kz=Vpev&1<|Aaq6zJTmYT{~U=2)q!Pi@b!$Z}&$2
z4VjK~A#X$e4mk?3^8%KUvykTFLnQtPITiU=<hRJ9$VJHSkUvBI9GQcxMc#qzgXnlX
zgZCZy_wHQyKC;cFx58_YsmRBXBatb{DDoO|A95VheB4Unh2{*-uS0G?wjetY9lgju
zA*Ucyv5$`DGI$rm1i1_Oyvut(Ji(p63_puJi2T^)3Fjc6Lxz=b$2IUv?tDA^o;z<w
zg~VmZzq`!6(dTH+7b6!Shahi8<|F$fM<7ol`%o^1KST24%kHEPeiGT&rQ6^y-1+hF
zCggVHbVTnvb-ai?g>)jvAO^VwnTA|}oQddIhrA2fjNFFYjOh4%2Jb)MCy*4m8hHSD
zJEG$%WYC_m{=(<o`Fk8&;1c9y<Xgz$$e$u-BRXaw=OcfM=r{~H5qSlffviN<AWtHH
zh3MGJ^-t$tL#oJmN^ty52Kzp@#Q8}`KXRkXUj{$r&L4AZ#y^mljSL{qx(h`(-L?5)
z<()RTva4@&nF+S}<w_}7aoVE6m8PxL{+U6)I1(pmYauRsrzL4Mj)qtE#;HoVl-azd
z&-jHxkR+xOhf$gszfuYOs__#uZ$l-B=CzuQeo|@gGsQSaOcbZ4P^(shC@qbfq*kfK
zRdV7e3JPf$4VyGpogU?T{DNsO7OT|lwGYO%)K%oQQ*zW#gZhb4LudE(nnEe0;zoX!
zR`o;SaINa6VH}-d21dffjD@9=q3+bD{d6QSF?Ebqq84{g5>!XSLeQF5Cf)p|n&N2B
zDo!iJ#bD*G6`i)oW}02=3ry#_jy_Wg{3M`vMYFmT7q-#{=YAy(s-~+i@4V>`Qkh2O
ziV}m;X;^5g!sga03`*daO=oYvZ7!%PKeJ!497d+%C&^e`Et*=Ti2YRAs2>%YPPi{`
ztArL2rEGQmSVPrSDjKzVnKTW`m3-JTQx0s{=(WF2{z#lAm6)-4oomiwdt8ev=Jl#0
zd!pL7RIjYYs7Bbyj=I;rOR~|2)qWBdJp0>}8Tj~&!Jp~3U-DLmDb5pkc9cqCk~S5s
zhQ;BaXmHpvqwlTWHEnRUAo2%GL9x}WjjLuI6Dsn{f$^gvgS?QM0y7@hs-}vI2i1AZ
zAU9aUcwa}~Cet1JMSC)UwY?6FSjp=c@uT4YUk=KFO++>`juWajgK{UUXr&sDhDFA%
zW5iw4lty7Wq_XXlF<qVcS$8~~pQ?iVyguk1C7SR$;!@1b%@ZrBCxgV!sItFpOH?aw
z!7&&W%{>zjF?6IWSOe8fF&Oe|rPLaO;$gW~mc^E|wVl*zx`vG0YusSAwuQFJdU+f%
z3=-^<tsL~HGthjsN@y)1XCT()BrZwaT9j7DO^1dkPiSJAa*fd(46v9VZB<L@SZoR-
ze$}UrD%E9+Rb#+i2J^rl^}~{ecDMDXX_cVQjAxaOhDoL5kE7LKP>RP;oOa`K(?Dru
zq<dk+bhL|un{)O&8?1&Bn&SC&lo<Cq^=t6bp&?cVzpVa}nT!m^ew7M+#-Nt?!$H$2
z4jYAOT-CDE=?3CV+<eTZKC1~!wbfE%#+b&Lp>QqrV;slEM0R0}aAkH8%m<g_!FJg(
zLve}DW`+G|+>DKcX^>R>LSW`wB-Y~oV6wovfYxEPWi&%tQKA$u>oV+S<UIF(SmFzQ
zB%?C8wWt_JsxZVnfms)nN@ZW`VU>35Fn5ND9m#A7XS7%<<H8oS-{Kdxx<#D(Z7J*-
zC1pRkaMzK}msPekyCV+ON*Wng6t|W()mju;gEzA4S+OmVHy&#7wM)I6Xpo(vXqZC5
zHtn|IXrR%il8^-1LpVT<wVqDKWk1v%^);a6W72%hUt?FJZ1WhBziT(NE8P&|;<?Lf
z{ZeU=o@>ziv+ZVsox*v6dhJP`<9wxlA<r+x!^7&atC=xoiOSXk>r-6Mv~f<(#0y8m
zbiB232O7EsBplLWX~z604+o?nQH*WYXkJu<3v2A_3EoE-QcPGmn9SN-t&hbhP&K1r
zHLdw2GwfFfnH36qTFvU*V%eM>_Ei+C4^^3|W!9;X5NRRt4hjZLH`zHwD3Y*(GcL9T
zzsAhg4vh`RbGt7jI0<};F0@@KhZk{|_5ke~+Fb15`le_nGNT<bly#H+FAR_bRHpvZ
z`zmXr?4tRUSv9G<Dh=5sNRCvh$&pIquKVNl_1J}MekqArHmEGbo{a!Qu}fAj+m+qT
zTq}Qo%1p3uSnEc<TF?r9oT*&OR`9x8zHYsAP`;B*S+}j^;nwa>RK%8r>Ug#b4UAXh
z=ta3iBhK>HYzqoC8_l@xt5fVLnuOJq%axFoJPp}!*D^{N5)JG%Q_N=bF8RbFduC^|
zu)f7-@mSMs?)q3b6gF0S;s*T5TWdW#DvW#U*wO8e>F@9AWcHfDDnUYldG4*t*H3%a
z-pA!#R~{8`+4;(&EDfW*MJE%k9_w5fw+?@2am%p#zGL@-JoL01LOl^NDK$43X&0H;
zon%omo-8V`P9=+?AoaQ?DCXAE39tJ_y9`Wt-8spG*TagPlHr(zo%Se3kUQZWd9*o^
z#%!+>-a8s;b>}iWkX?K0XQrvT#&y%HA!-z|>vF<6lQd=eC7uC_%;b11YRbk3_ROhO
zvJ#kF%Y%Ici``ucd%Gfj!(tu<G^Q#`D_g3jYl+p*>|Ri2-o42BAgHvLSZ%y+0@s=%
zk^Cfgbd&g_1V6iHCtkN6lgxl7UUx{8b`~o)8-%C8SaW!L+r{jUQE@CRrXx0ZOS$HD
zm3%wMavJNS(nHK*L)cxZrCv{ahsoWv`O&k-g{4HYgKQi`uvy5Fcs)TmCZ^m(INUfb
za-LRsr09vGbc8A5xceOG4G1)=_K~kQ7^^>;dCdupnGFe;F@+JYH!N(mv$Quh3g|r8
zSiX3=U`&+P)RRVLe{E31+~X%(>zQ`c?UONP@70re9!+~2O2vjw&56cie5TZfh&?Xg
zNy6?s<8}v{Xv^_7WY6h2cVC&@Wo73pQ(ymjua9M+GE&6{yuQ$EB+ggF<Mr|8!0W5V
zX<Ud)o?EgvYvCm7Z#?fCmBX2v3*=eBV9X=w#-I==p6XehpYl9DPN3RI_7Ok?sWOI$
zu|^=leD<4ruP&Bj{Ci`-3lKus=26`kBt)ZJ%C?K<2mU-Sf27@rN~WXT6oP6>XLx)K
zJgxHfr}4Og`vgH`7Tc9->5}G0mVTyDL#uu^wW?-IezNB!lWIfkC)zHgjWBx`BiflV
zzcuC!$%4G3Z+K?Prn0-&*Y?dU?N=;<Is5H1=B{1Ive>xutMw<#{*idh(@#F9*<QCV
zzF1Rk`;v?Gw4u0$61CK>W&OktgmB$>U&&)J<V8-iVY8gv<+7AsCuC>&)|{ns<7cTc
z`qh?|+bu-ky578W_33JMhQYL*p;wk;7b};_7U%wyP@tg)iA;^A0Kpb%D8Ut{Lu1x@
z{Y_65S=d1YQt!sD7h_(+HD4^3{VE=i?PVEE^B&`}HrffHKKI6BN4fGw2Df2RCwoeE
zg%0dKd0kdMag}6;-!|?I$R!$1XWzcLXrAZ9#KmtcJwq+>vU&uE3uU1lrJ@$?DM^0K
zg|@Eq_0ZPF6|FSb2$!2$h~gIJZd@AuKi0wn<3#!t2@LH+K^}BZq#2Jw>^PA>8uD<V
zMQlLNa6<tvMDsPLIVWFsY+gA`S<A+Ps<$b7gj4jXscwTs=R6HNZ;G}?8n1c`?QODe
z{T$d=#yH*Mm0?1r4RP7lc>l*_&QG$n$30Qo7c<`GzIMAyWUKQYi_^(=aaz8#d2!kt
z45Fi6J(<CfA!dLWmBeex*DGOfbGSCl-{&@+*Wa_*g??QYjn+HuA_#jeUsmjsaTcrV
zO@MpzxoZ)ZYX*7A?A{unlwDEgyL4b54gxc8tm1DW0^l)IF00qd!Mp{i+Z3?pt?c?D
zU^7lq(u?x!l^eIXbdO$2<)N!y%zC-|<iT7%sdmrj<%}k}XP3jqK<CBt%fxx?lNaEk
zEnUTyvw5wB>#Z=0TbHyhp22p7y<2*c;jq}Ux;C7&48$wUYP}vmH!PO}!gU;fkn}})
za@8<Tz9oGYSUIC_LrcCRw-A&BD|mUgq^+fGY0HvROk3NEwi8ci<CxLyCuxiI<C0HM
z{0Fp<$Ac{cyxd-4s43fYR<I*%+0;Lyr>kd8bEn#7u>Ys*7A<<tTVc{*Te^ssZ(($*
zbwnKF^i2b6TTX72bCa-zXT(?$<qC81V3^LB{5mrEb!77E$mG|N$*&`mUq|d`s>!b-
zgeoiZ4-}JMM-=Y6$G+?-khjYAGgAE{$mG|N$*&{zZ!oX>731~4Xia_{X}o@Hd~BKg
zIx_ingzs_9Z>}1jLngnDOnx2F`>M&WBa>f8Ccln&lV3-gKY%p;Ll&P-CclpC`Tb?`
U>&WESk^H;G1Ya}$|9&0$ZznK{ng9R*

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index 26677ce7..c10c8da2 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -725,12 +725,6 @@ msgstr "Cancel"
 msgid "Enable this option to log <code>openvpn</code> activity."
 msgstr "Enable this option to log <code>openvpn</code> activity."
 
-msgid "Cancel"
-msgstr "Cancel"
-
-msgid "Cancel"
-msgstr "Cancel"
-
 #: includes/torproxy.php
 msgid "TOR is not running"
 msgstr "TOR is not running"
@@ -856,3 +850,74 @@ msgstr "Invalid custom IP address found on line "
 msgid "Invalid custom host found on line "
 msgstr "Invalid custom host found on line "
 
+#: includes/wireguard.php
+
+msgid "Tunnel settings"
+msgstr "Tunnel settings"
+
+msgid "Enable tunnel"
+msgstr "Enable tunnel"
+
+msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
+msgstr "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
+
+msgid "Local public key"
+msgstr "Local public key"
+
+msgid "Local Port"
+msgstr "Local Port"
+
+msgid "IP Address"
+msgstr "IP Address"
+
+msgid "DNS"
+msgstr "DNS"
+
+msgid "Peer"
+msgstr "Peer"
+
+msgid "Enable endpoint"
+msgstr "Enable endpoint"
+
+msgid "Peer public key"
+msgstr "Peer public key"
+
+msgid "Endpoint address"
+msgstr "Endpoint address"
+
+msgid "Allowed IPs"
+msgstr "Allowed IPs"
+
+msgid "Persistent keepalive"
+msgstr "Persistent keepalive"
+
+msgid "Display WireGuard status"
+msgstr "Display WireGuard status"
+
+msgid "Enable this option to display an updated WireGuard status."
+msgstr "Enable this option to display an updated WireGuard status."
+
+msgid "Scan this QR code with your client to connect to this tunnel"
+msgstr "Scan this QR code with your client to connect to this tunnel"
+
+msgid "Start WireGuard"
+msgstr "Start WireGuard"
+
+msgid "Stop WireGuard"
+msgstr "Stop WireGuard"
+
+msgid "Information provided by wireguard"
+msgstr "Information provided by wireguard"
+
+msgid "Attempting to start WireGuard"
+msgstr "Attempting to start WireGuard"
+
+msgid "Attempting to stop WireGuard"
+msgstr "Attempting to stop WireGuard"
+
+msgid "WireGuard configuration updated successfully"
+msgstr "WireGuard configuration updated successfully"
+
+msgid "WireGuard configuration failed to be updated"
+msgstr "WireGuard configuration failed to be updated"
+
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index a4d80f5a..0d29b429 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -65,7 +65,7 @@
       <figure class="figure">
         <?php if ($wg_penabled == true ) : ?>
         <img src="app/img/wg-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
-        <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this RaspAP."); ?></figcaption>
+        <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this tunnel"); ?></figcaption>
         <?php endif; ?>
       </figure>
     </div>

From 03acf8f92c481d9e545769231525d267e0183409 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 8 Mar 2021 08:59:38 +0000
Subject: [PATCH 107/300] Minor: update timestamp

---
 locale/en_US/LC_MESSAGES/messages.mo | Bin 21077 -> 21077 bytes
 locale/en_US/LC_MESSAGES/messages.po |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index 23c18e522906eee2d279c4e0bd2565f0ffd271c1..fd81791e6c75dcabb201ea6f86cf88f95198c69e 100644
GIT binary patch
delta 28
kcmcb*gz@SU#tmtvyoS04#<~U;3I>)|1_qmpO&`es0FLMh9{>OV

delta 28
kcmcb*gz@SU#tmtvyau`k#=1t93I+yN2Bw>fO&`es0FKEC9RL6T

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index c10c8da2..3170fa4e 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -10,7 +10,7 @@ msgstr ""
 "Project-Id-Version: 1.2.1\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2020-03-29 00:05+0000\n"
+"PO-Revision-Date: 2021-03-08 09:00+0000\n"
 "Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "Language-Team: \n"
 "Language: en_US\n"

From dd7873fd41531e3fc4848ce027c95f878464b637 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Mon, 8 Mar 2021 14:35:17 +0100
Subject: [PATCH 108/300] Allow installation from a private repository via
 access token

---
 installers/raspbian.sh | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/installers/raspbian.sh b/installers/raspbian.sh
index 469fff7f..230f4887 100755
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@@ -17,6 +17,7 @@
 # -a, --adblock <flag>              Used with -y, --yes, sets Adblock install option (0=no install)
 # -r, --repo, --repository <name>   Overrides the default GitHub repo (raspap/raspap-webgui)
 # -b, --branch <name>               Overrides the default git branch (master)
+# -t, --token <accesstoken>         Token to access a private repository
 # -u, --upgrade                     Upgrades an existing installation to the latest release version
 # -i, --insiders                    Installs from the Insiders Edition (raspap/raspap-insiders)
 # -v, --version                     Outputs release info and exits
@@ -37,7 +38,6 @@ set -eo pipefail
 function _main() {
     # set defaults
     repo="raspap/raspap-webgui" # override with -r, --repo option
-
     _parse_params "$@"
     _setup_colors
     _log_output
@@ -50,6 +50,7 @@ function _parse_params() {
     upgrade=0
     ovpn_option=1
     adblock_option=1
+    acctoken=""
 
     while :; do
         case "${1-}" in
@@ -85,6 +86,9 @@ function _parse_params() {
             -i|--insiders)
             repo="raspap/raspap-insiders"
             ;;
+            -t|--token)
+            acctoken="$2"
+            ;;
             -v|--version)
             _version
             ;;
@@ -176,7 +180,9 @@ function _display_welcome() {
 function _get_release() {
     if [ "$repo" == "raspap/raspap-insiders" ]; then
         readonly RASPAP_LATEST="Insiders"
-        branch="master"
+        if [ -z ${branch} ]; then
+           branch="master"
+		fi
     else
         readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
     fi
@@ -214,6 +220,7 @@ function _update_system_packages() {
 
 # Fetch required installer functions
 function _load_installer() {
+
     # fetch latest release tag
     _get_release
 
@@ -223,14 +230,18 @@ function _load_installer() {
     fi
 
     UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/"
+    header=()
+    if [[ ! -z "$acctoken" ]]; then
+        header=(--header "Authorization: token $acctoken")
+    fi
     if [ "${install_cert:-}" = 1 ]; then
         source="mkcert"
-        wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
+        wget "${header[@]}" -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
         source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
         _install_certificate || _install_status 1 "Unable to install certificate"
     else
         source="common"
-        wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
+        wget "${header[@]}" -q ${UPDATE_URL}installers/${source}.sh  -O /tmp/raspap_${source}.sh
         source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
         _install_raspap || _install_status 1 "Unable to install RaspAP"
     fi

From e8d0fab4638248c41fcae50f1d3a6a96637c6adc Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Mon, 8 Mar 2021 16:44:20 +0100
Subject: [PATCH 109/300] Fix the sidebar logo path

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 7e157bfe..806d7241 100755
--- a/index.php
+++ b/index.php
@@ -115,7 +115,7 @@ $bridgedEnabled = getBridgedState();
         <hr class="sidebar-divider my-0">
         <div class="row">
           <div class="col-xs ml-3 sidebar-brand-icon">
-            <img src="app/img/raspAP-logo.php" class="navbar-logo" width="64" height="64">
+            <img src="app/img/raspAP-logo.png" class="navbar-logo" width="64" height="64">
           </div>
           <div class="col-xs ml-2">
             <div class="ml-1">Status</div>

From 445b0af4b56d7cda80efa5f1bc5f8cf38c149824 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 9 Mar 2021 09:51:15 +0000
Subject: [PATCH 110/300] Add @zbchristian's token option, fix private repo
 handling

---
 installers/common.sh   | 78 ++++++++++++++++++++++++++++++++++++++++--
 installers/raspbian.sh | 34 ++++++++++++------
 2 files changed, 99 insertions(+), 13 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index 6acb021f..d38c0b4f 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -26,9 +26,15 @@ readonly raspap_adblock="/etc/dnsmasq.d/090_adblock.conf"
 readonly raspap_sysctl="/etc/sysctl.d/90_raspap.conf"
 readonly raspap_network="$raspap_dir/networking/"
 readonly rulesv4="/etc/iptables/rules.v4"
+readonly raspap_client_scripts="/usr/local/sbin"
 readonly notracking_url="https://raw.githubusercontent.com/notracking/hosts-blocklists/master/"
 webroot_dir="/var/www/html"
-git_source_url="https://github.com/$repo"  # $repo from install.raspap.com
+
+if [ "$insiders" == 1 ]; then
+    repo="RaspAP/raspap-insiders"
+    branch=${RASPAP_INSIDERS_LATEST}
+fi
+git_source_url="https://github.com/$repo"
 
 # NOTE: all the below functions are overloadable for system-specific installs
 function _install_raspap() {
@@ -50,6 +56,8 @@ function _install_raspap() {
     _configure_networking
     _prompt_install_adblock
     _prompt_install_openvpn
+    _prompt_install_wireguard
+    _install_client_config
     _patch_system_files
     _install_complete
 }
@@ -77,7 +85,7 @@ function _config_installation() {
     fi
     echo "${opt[1]} lighttpd directory: ${webroot_dir}"
     if [ "$upgrade" == 1 ]; then
-        echo "This will upgrade your existing install to version ${RASPAP_LATEST}"
+        echo "This will upgrade your existing install to version ${RASPAP_RELEASE}"
         echo "Your configuration will NOT be changed"
     fi
     echo -n "Complete ${opt[2]} with these values? [Y/n]: "
@@ -145,6 +153,7 @@ function _install_dependencies() {
     echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
     echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
     sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || _install_status 1 "Unable to install dependencies"
+    sudo apt-get install wvdial socat bc || _install_status 1 "Unable to install dependencies"
     _install_status 0
 }
 
@@ -170,6 +179,11 @@ function _create_raspap_directories() {
     # Create a directory to store networking configs
     echo "Creating $raspap_dir/networking"
     sudo mkdir -p "$raspap_dir/networking"
+    # Copy existing dhcpcd.conf to use as base config
+    echo "Adding /etc/dhcpcd.conf as base configuration"
+    cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults > /dev/null
+    echo "Changing file ownership of $raspap_dir"
+    sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_status 1 "Unable to change file ownership for '$raspap_dir'"
 }
 
 # Generate hostapd logging and service control scripts
@@ -313,6 +327,49 @@ function _prompt_install_openvpn() {
     fi
 }
 
+# Prompt to install WireGuard
+function _prompt_install_wireguard() {
+    if [ "$insiders" == 1 ]; then
+        _install_log "Configure WireGuard support"
+        echo -n "Install WireGuard and enable VPN tunnel configuration? [Y/n]: "
+        if [ "$assume_yes" == 0 ]; then
+            read answer < /dev/tty
+            if [ "$answer" != "${answer#[Nn]}" ]; then
+                echo -e
+            else
+                _install_wireguard
+            fi
+        elif [ "$wg_option" == 1 ]; then
+            _install_wireguard
+        else
+            echo "(Skipped)"
+        fi
+    fi
+}
+
+# Install Wireguard from the Debian unstable distro
+function _install_wireguard() {
+    _install_log "Configure WireGuard support"
+    if [ "$OS" == "Raspbian" ]; then
+        echo "Installing raspberrypi-kernel-headers"
+        sudo apt-get install $apt_option raspberrypi-kernel-headers || _install_status 1 "Unable to install raspberrypi-kernel-headers"
+    fi
+    echo "Installing WireGuard from Debian unstable distro"
+    echo "Adding Debian distro"
+    echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"
+    sudo apt-get install dirmngr || _install_status 1 "Unable to install dirmngr"
+    echo "Adding Debian distro keys"
+    sudo wget -q -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add - || _install_status 1 "Unable to add keys"
+    printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
+    echo "Installing WireGuard"
+    sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
+    echo "Enabling wg-quick@wg0"
+    sudo systemctl enable wg-quick@wg0 || _install_status 1 "Failed to enable wg-quick service"
+    echo "Enabling WireGuard management option"
+    sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php"
+    _install_status 0
+}
+
 # Install openvpn and enable client configuration option
 function _install_openvpn() {
     _install_log "Installing OpenVPN and enabling client configuration"
@@ -464,6 +521,23 @@ function _enable_raspap_daemon() {
     sudo systemctl enable raspapd.service || _install_status 1 "Failed to enable raspap.service"
 }
 
+function _install_client_config() {
+    _install_log "Install mobile client scripts and settings"
+    # Move scripts 
+    sudo cp "$webroot_dir/config/client_config/"*.sh "$raspap_client_scripts/" || _install_status 1 "Unable to move client scripts"
+    sudo chmod a+rx "$raspap_client_scripts/"*.sh  || _install_status 1 "Unable to chmod client scripts"
+    sudo cp "$webroot_dir/config/client_config/mcc-mnc-table.csv" "$raspap_client_scripts/" || _install_status 1 "Unable to move client data"
+    # wvdial settings
+    sudo cp "$webroot_dir/config/client_config/wvdial.conf" "/etc/" || _install_status 1 "Unable to install client configuration"
+    sudo cp "$webroot_dir/config/client_config/interfaces" "/etc/network/interfaces" || _install_status 1 "Unable to install interface settings"
+    # udev rules/services to auto start mobile data services
+    sudo cp "$webroot_dir/config/client_config/70-mobile-data-sticks.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules"
+    sudo cp "$webroot_dir/config/client_config/80-raspap-net-devices.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules"
+    sudo cp "$webroot_dir/config/client_config/"*.service "/etc/systemd/system/" || _install_status 1 "Unable to install client startup services"
+    # client configuration and udev rule templates
+    sudo cp "$webroot_dir/config/client_udev_prototypes.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration"
+}
+
 # Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon
 function _configure_networking() {
     _install_log "Configuring networking"
diff --git a/installers/raspbian.sh b/installers/raspbian.sh
index 469fff7f..da84a728 100755
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@@ -17,6 +17,7 @@
 # -a, --adblock <flag>              Used with -y, --yes, sets Adblock install option (0=no install)
 # -r, --repo, --repository <name>   Overrides the default GitHub repo (raspap/raspap-webgui)
 # -b, --branch <name>               Overrides the default git branch (master)
+# -t, --token <accesstoken>         Token to access a private repository
 # -u, --upgrade                     Upgrades an existing installation to the latest release version
 # -i, --insiders                    Installs from the Insiders Edition (raspap/raspap-insiders)
 # -v, --version                     Outputs release info and exits
@@ -36,8 +37,7 @@ set -eo pipefail
 
 function _main() {
     # set defaults
-    repo="raspap/raspap-webgui" # override with -r, --repo option
-
+    repo="RaspAP/raspap-webgui" # override with -r, --repo option
     _parse_params "$@"
     _setup_colors
     _log_output
@@ -50,6 +50,8 @@ function _parse_params() {
     upgrade=0
     ovpn_option=1
     adblock_option=1
+    insiders=0
+    acctoken=""
 
     while :; do
         case "${1-}" in
@@ -83,7 +85,10 @@ function _parse_params() {
             upgrade=1
             ;;
             -i|--insiders)
-            repo="raspap/raspap-insiders"
+            insiders=1 
+            ;;
+            -t|--token)
+            acctoken="$2"
             ;;
             -v|--version)
             _version
@@ -129,6 +134,7 @@ OPTIONS:
 -a, --adblock <flag>                Used with -y, --yes, sets Adblock install option (0=no install)
 -r, --repo, --repository <name>     Overrides the default GitHub repo (raspap/raspap-webgui)
 -b, --branch <name>                 Overrides the default git branch (latest release)
+-t, --token <accesstoken>           Token to access a private repository
 -u, --upgrade                       Upgrades an existing installation to the latest release version
 -i, --insiders                      Installs from the Insiders Edition (raspap/raspap-insiders)
 -v, --version                       Outputs release info and exits
@@ -153,7 +159,7 @@ EOF
 
 function _version() {
     _get_release
-    echo -e "RaspAP v${RASPAP_LATEST} - Simple wireless AP setup & management for Debian-based devices"
+    echo -e "RaspAP v${RASPAP_RELEASE} - Simple wireless AP setup & management for Debian-based devices"
     exit
 }
 
@@ -167,18 +173,19 @@ function _display_welcome() {
     echo -e " 88     88 88.  .88       88 88.  .88 88     88   88"
     echo -e " dP     dP  88888P8  88888P  88Y888P  88     88   dP"
     echo -e "                             88"
-    echo -e "                             dP       version ${RASPAP_LATEST}"
+    echo -e "                             dP       version ${RASPAP_RELEASE}"
     echo -e "${ANSI_GREEN}"
     echo -e "The Quick Installer will guide you through a few easy steps${ANSI_RESET}\n\n"
 }
 
 # Fetch latest release from GitHub API
 function _get_release() {
-    if [ "$repo" == "raspap/raspap-insiders" ]; then
-        readonly RASPAP_LATEST="Insiders"
-        branch="master"
+    readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
+    if [ "$insiders" == 1 ]; then
+        RASPAP_INSIDERS_LATEST=$(curl -s "https://install.raspap.com/repos/RaspAP/raspap-insiders/releases/latest/" | grep -Po '"tag_name": "\K.*?(?=")' )
+        RASPAP_RELEASE="${RASPAP_INSIDERS_LATEST} Insiders"
     else
-        readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
+        RASPAP_RELEASE="${RASPAP_LATEST}"
     fi
 }
 
@@ -214,6 +221,7 @@ function _update_system_packages() {
 
 # Fetch required installer functions
 function _load_installer() {
+
     # fetch latest release tag
     _get_release
 
@@ -223,14 +231,18 @@ function _load_installer() {
     fi
 
     UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/"
+    header=()
+    if [[ ! -z "$acctoken" ]]; then
+        header=(--header "Authorization: token $acctoken")
+    fi
     if [ "${install_cert:-}" = 1 ]; then
         source="mkcert"
-        wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
+        wget "${header[@]}" -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
         source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
         _install_certificate || _install_status 1 "Unable to install certificate"
     else
         source="common"
-        wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
+        wget "${header[@]}" -q ${UPDATE_URL}installers/${source}.sh  -O /tmp/raspap_${source}.sh
         source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
         _install_raspap || _install_status 1 "Unable to install RaspAP"
     fi

From 76e87508bdc23cee5d10580cb2b0c00cb440269f Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 9 Mar 2021 09:58:05 +0000
Subject: [PATCH 111/300] Remove feature branch routines

---
 installers/common.sh | 23 -----------------------
 1 file changed, 23 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index d38c0b4f..8b532be3 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -26,7 +26,6 @@ readonly raspap_adblock="/etc/dnsmasq.d/090_adblock.conf"
 readonly raspap_sysctl="/etc/sysctl.d/90_raspap.conf"
 readonly raspap_network="$raspap_dir/networking/"
 readonly rulesv4="/etc/iptables/rules.v4"
-readonly raspap_client_scripts="/usr/local/sbin"
 readonly notracking_url="https://raw.githubusercontent.com/notracking/hosts-blocklists/master/"
 webroot_dir="/var/www/html"
 
@@ -57,7 +56,6 @@ function _install_raspap() {
     _prompt_install_adblock
     _prompt_install_openvpn
     _prompt_install_wireguard
-    _install_client_config
     _patch_system_files
     _install_complete
 }
@@ -153,7 +151,6 @@ function _install_dependencies() {
     echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
     echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
     sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || _install_status 1 "Unable to install dependencies"
-    sudo apt-get install wvdial socat bc || _install_status 1 "Unable to install dependencies"
     _install_status 0
 }
 
@@ -179,9 +176,6 @@ function _create_raspap_directories() {
     # Create a directory to store networking configs
     echo "Creating $raspap_dir/networking"
     sudo mkdir -p "$raspap_dir/networking"
-    # Copy existing dhcpcd.conf to use as base config
-    echo "Adding /etc/dhcpcd.conf as base configuration"
-    cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults > /dev/null
     echo "Changing file ownership of $raspap_dir"
     sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_status 1 "Unable to change file ownership for '$raspap_dir'"
 }
@@ -521,23 +515,6 @@ function _enable_raspap_daemon() {
     sudo systemctl enable raspapd.service || _install_status 1 "Failed to enable raspap.service"
 }
 
-function _install_client_config() {
-    _install_log "Install mobile client scripts and settings"
-    # Move scripts 
-    sudo cp "$webroot_dir/config/client_config/"*.sh "$raspap_client_scripts/" || _install_status 1 "Unable to move client scripts"
-    sudo chmod a+rx "$raspap_client_scripts/"*.sh  || _install_status 1 "Unable to chmod client scripts"
-    sudo cp "$webroot_dir/config/client_config/mcc-mnc-table.csv" "$raspap_client_scripts/" || _install_status 1 "Unable to move client data"
-    # wvdial settings
-    sudo cp "$webroot_dir/config/client_config/wvdial.conf" "/etc/" || _install_status 1 "Unable to install client configuration"
-    sudo cp "$webroot_dir/config/client_config/interfaces" "/etc/network/interfaces" || _install_status 1 "Unable to install interface settings"
-    # udev rules/services to auto start mobile data services
-    sudo cp "$webroot_dir/config/client_config/70-mobile-data-sticks.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules"
-    sudo cp "$webroot_dir/config/client_config/80-raspap-net-devices.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules"
-    sudo cp "$webroot_dir/config/client_config/"*.service "/etc/systemd/system/" || _install_status 1 "Unable to install client startup services"
-    # client configuration and udev rule templates
-    sudo cp "$webroot_dir/config/client_udev_prototypes.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration"
-}
-
 # Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon
 function _configure_networking() {
     _install_log "Configuring networking"

From 80c525c042a1e97f8eee00a754494010fd588ef7 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 9 Mar 2021 10:58:15 +0000
Subject: [PATCH 112/300] Minor: update comments

---
 installers/raspbian.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installers/raspbian.sh b/installers/raspbian.sh
index da84a728..fed9b619 100755
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@@ -178,7 +178,7 @@ function _display_welcome() {
     echo -e "The Quick Installer will guide you through a few easy steps${ANSI_RESET}\n\n"
 }
 
-# Fetch latest release from GitHub API
+# Fetch latest release from GitHub or RaspAP Installer API
 function _get_release() {
     readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
     if [ "$insiders" == 1 ]; then

From cb58e310895e45b26e592521a52050ac81632382 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 9 Mar 2021 15:35:48 +0000
Subject: [PATCH 113/300] Handle server/peer enable states

---
 includes/wireguard.php    | 190 +++++++++++++++++++++-----------------
 installers/raspap.sudoers |   2 +
 templates/wg/general.php  |   6 +-
 templates/wg/peers.php    |   9 +-
 4 files changed, 117 insertions(+), 90 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 00b4e962..c7f56cdd 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -34,7 +34,10 @@ function DisplayWireGuardConfig()
     $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
     $wg_srvdns = ($conf['DNS'] == '') ? getDefaultNetValue('wireguard','server','DNS') : $conf['DNS'];
-    $wg_peerpubkey = $conf['PublicKey'];
+    $wg_peerpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-public.key', $return);
+    if (sizeof($conf) >0) {
+        $wg_senabled = true;
+    }
 
     // todo: iterate multiple peer configs
     exec('sudo cat '. RASPI_WIREGUARD_PATH.'client.conf', $preturn);
@@ -64,6 +67,7 @@ function DisplayWireGuardConfig()
             "wg_srvport",
             "wg_srvipaddress",
             "wg_srvdns",
+            "wg_senabled",
             "wg_penabled",
             "wg_pipaddress",
             "wg_plistenport",
@@ -86,102 +90,120 @@ function SaveWireGuardConfig($status)
     // Set defaults
     $good_input = true;
     $peer_id = 1;
-    // Validate input
-    if (isset($_POST['wg_srvport'])) {
-        if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
-            $status->addMessage('Invalid value for server local port', 'danger');
-            $good_input = false;
+    // Validate server input
+    if ($_POST['wg_senabled'] == 1) {
+        if (isset($_POST['wg_srvport'])) {
+            if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
+                $status->addMessage('Invalid value for server local port', 'danger');
+                $good_input = false;
+            }
+        }
+        if (isset($_POST['wg_plistenport'])) {
+            if (strlen($_POST['wg_plistenport']) > 5 || !is_numeric($_POST['wg_plistenport'])) {
+                $status->addMessage('Invalid value for peer local port', 'danger');
+                $good_input = false;
+            }
+        }
+        if (isset($_POST['wg_srvipaddress'])) {
+            if (!validateCidr($_POST['wg_srvipaddress'])) {
+                $status->addMessage('Invalid value for server IP address', 'danger');
+                $good_input = false;
+            }
+        }
+        if (isset($_POST['wg_srvdns'])) {
+            if (!filter_var($_POST['wg_srvdns'],FILTER_VALIDATE_IP)) {
+                $status->addMessage('Invalid value for DNS', 'danger');
+                $good_input = false;
+            }
         }
     }
-    if (isset($_POST['wg_plistenport'])) {
-        if (strlen($_POST['wg_plistenport']) > 5 || !is_numeric($_POST['wg_plistenport'])) {
-            $status->addMessage('Invalid value for peer local port', 'danger');
-            $good_input = false;
+    // Validate peer input
+    if ($_POST['wg_penabled'] == 1) {
+        if (isset($_POST['wg_pipaddress'])) {
+            if (!validateCidr($_POST['wg_pipaddress'])) {
+                $status->addMessage('Invalid value for peer IP address', 'danger');
+                $good_input = false;
+            }
         }
-    }
-    if (isset($_POST['wg_srvipaddress'])) {
-        if (!validateCidr($_POST['wg_srvipaddress'])) {
-            $status->addMessage('Invalid value for server IP address', 'danger');
-            $good_input = false;
+        if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
+            $wg_pendpoint_seg = substr($_POST['wg_pendpoint'],0,strpos($_POST['wg_pendpoint'],':'));
+            if (!filter_var($wg_pendpoint_seg,FILTER_VALIDATE_IP)) {
+                $status->addMessage('Invalid value for endpoint address', 'danger');
+                $good_input = false;
+            }
         }
-    }
-    if (isset($_POST['wg_pipaddress'])) {
-        if (!validateCidr($_POST['wg_pipaddress'])) {
-            $status->addMessage('Invalid value for peer IP address', 'danger');
-            $good_input = false;
+        if (isset($_POST['wg_pallowedips']) && strlen(trim($_POST['wg_pallowedips']) >0)) {
+            if (!validateCidr($_POST['wg_pallowedips'])) {
+                $status->addMessage('Invalid value for allowed IPs', 'danger');
+                $good_input = false;
+            }
         }
-    }
-    if (isset($_POST['wg_srvdns'])) {
-        if (!filter_var($_POST['wg_srvdns'],FILTER_VALIDATE_IP)) {
-            $status->addMessage('Invalid value for DNS', 'danger');
-            $good_input = false;
-        }
-    }
-    if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
-        $wg_pendpoint_seg = substr($_POST['wg_pendpoint'],0,strpos($_POST['wg_pendpoint'],':'));
-        if (!filter_var($wg_pendpoint_seg,FILTER_VALIDATE_IP)) {
-            $status->addMessage('Invalid value for endpoint address', 'danger');
-            $good_input = false;
-        }
-    }
-    if (isset($_POST['wg_pallowedips']) && strlen(trim($_POST['wg_pallowedips']) >0)) {
-        if (!validateCidr($_POST['wg_pallowedips'])) {
-            $status->addMessage('Invalid value for allowed IPs', 'danger');
-            $good_input = false;
-        }
-    }
-    if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
-        if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
-            $status->addMessage('Invalid value for persistent keepalive', 'danger');
-            $good_input = false;
+        if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
+            if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
+                $status->addMessage('Invalid value for persistent keepalive', 'danger');
+                $good_input = false;
+            }
         }
     }
     // Save settings
     if ($good_input) {
-        // fetch private keys from filesytem
-        $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
-        $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
-
         // server (wg0.conf)
-        $config[] = '[Interface]';
-        $config[] = 'Address = '.$_POST['wg_srvipaddress'];
-        $config[] = 'ListenPort = '.$_POST['wg_srvport'];
-        $config[] = 'DNS = '.$_POST['wg_srvdns'];
-        $config[] = 'PrivateKey = '.$wg_srvprivkey;
-        $config[] = 'PostUp = '.getDefaultNetValue('wireguard','server','PostUp');
-        $config[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
-        $config[] = '';
-        $config[] = '[Peer]';
-        $config[] = 'PublicKey = '.$_POST['wg-peer'];
-        $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
-        if ($_POST['wg_pkeepalive'] !== '') {
-            $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+        if ($_POST['wg_senabled'] == 1) {
+            // fetch server private key from filesytem
+            $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
+            $config[] = '[Interface]';
+            $config[] = 'Address = '.$_POST['wg_srvipaddress'];
+            $config[] = 'ListenPort = '.$_POST['wg_srvport'];
+            $config[] = 'DNS = '.$_POST['wg_srvdns'];
+            $config[] = 'PrivateKey = '.$wg_srvprivkey;
+            $config[] = 'PostUp = '.getDefaultNetValue('wireguard','server','PostUp');
+            $config[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
+            $config[] = '';
+            $config[] = '[Peer]';
+            $config[] = 'PublicKey = '.$_POST['wg-peer'];
+            $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
+            if ($_POST['wg_pkeepalive'] !== '') {
+                $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+            }
+            $config[] = '';
+            $config = join(PHP_EOL, $config);
+
+            file_put_contents("/tmp/wgdata", $config);
+            system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
+        } else {
+            # remove selected conf + keys
+            system('sudo rm '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
+            system('sudo rm '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
+            system('sudo rm '. RASPI_WIREGUARD_CONFIG, $return);
         }
-        $config[] = '';
-        $config = join(PHP_EOL, $config);
-
-        file_put_contents("/tmp/wgdata", $config);
-        system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
-
         // client1 (client.conf)
-        $config = [];
-        $config[] = '[Interface]';
-        $config[] = 'Address = '.trim($_POST['wg_pipaddress']);
-        $config[] = 'PrivateKey = '.$wg_peerprivkey;
-        $config[] = 'ListenPort = '.$_POST['wg_plistenport'];
-        $config[] = '';
-        $config[] = '[Peer]';
-        $config[] = 'PublicKey = '.$_POST['wg-server'];
-        $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
-        $config[] = 'Endpoint = '.$_POST['wg_pendpoint'];
-        if ($_POST['wg_pkeepalive'] !== '') {
-            $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
-        }
-        $config[] = '';
-        $config = join(PHP_EOL, $config);
+        if ($_POST['wg_penabled'] == 1) {
+            // fetch peer private key from filesystem 
+            $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
+            $config = [];
+            $config[] = '[Interface]';
+            $config[] = 'Address = '.trim($_POST['wg_pipaddress']);
+            $config[] = 'PrivateKey = '.$wg_peerprivkey;
+            $config[] = 'ListenPort = '.$_POST['wg_plistenport'];
+            $config[] = '';
+            $config[] = '[Peer]';
+            $config[] = 'PublicKey = '.$_POST['wg-server'];
+            $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
+            $config[] = 'Endpoint = '.$_POST['wg_pendpoint'];
+            if ($_POST['wg_pkeepalive'] !== '') {
+                $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+            }
+            $config[] = '';
+            $config = join(PHP_EOL, $config);
 
-        file_put_contents("/tmp/wgdata", $config);
-        system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
+            file_put_contents("/tmp/wgdata", $config);
+            system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
+        } else {
+             # remove selected conf + keys
+            system('sudo rm '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
+            system('sudo rm '. RASPI_WIREGUARD_PATH .'wg-peer-public.key', $return);
+            system('sudo rm '. RASPI_WIREGUARD_PATH.'client.conf', $return);
+        }
 
         // handle log option
         if ($_POST['wg_log'] == "1") {
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 9aded5a3..18e4ddf8 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -50,4 +50,6 @@ www-data ALL=(ALL) NOPASSWD:/bin/systemctl * wg-quick@wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key
+www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/*.conf
+www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/wg-*.key
 
diff --git a/templates/wg/general.php b/templates/wg/general.php
index b3235e88..06d09811 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -4,13 +4,13 @@
     <div class="col-md-6">
       <h4 class="mt-3"><?php echo _("Tunnel settings"); ?></h4>
         <div class="input-group">
-          <input type="hidden" name="tunnel-enable" value="0">
           <div class="custom-control custom-switch">
-            <input class="custom-control-input" id="tunnel-enable" type="checkbox" name="tunnel-enable" value="1" <?php echo $enabled ? ' checked="checked"' : "" ?> aria-describedby="tunnel-description">
-          <label class="custom-control-label" for="tunnel-enable"><?php echo _("Enable tunnel") ?></label>
+            <input class="custom-control-input" id="server_enabled" type="checkbox" name="wg_senabled" value="1" <?php echo $wg_senabled ? ' checked="checked"' : "" ?> aria-describedby="server-description">
+          <label class="custom-control-label" for="server_enabled"><?php echo _("Enable server") ?></label>
         </div>
         <p id="wg-description">
           <small><?php echo _("Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers.") ?></small>
+          <small><?php echo _("This option adds <code>wg0.conf</code> to the WireGuard configuration.") ?></small>
         </p>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 0d29b429..319cc0f9 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -4,12 +4,15 @@
     <div class="col-md-6">
       <h4 class="mt-3"><?php echo _("Peer"); ?></h4>
         <div class="input-group">
-          <input type="hidden" name="endpoint-enable" value="0">
           <input type="hidden" name="peer_id" value="1">
           <div class="custom-control custom-switch">
-            <input class="custom-control-input" id="endpoint_enable" type="checkbox" name="endpoint-enable" value="1" <?php echo $enabled ? ' checked="checked"' : "" ?> aria-describedby="endpoint-description">
-          <label class="custom-control-label" for="endpoint_enable"><?php echo _("Enable endpoint") ?></label>
+            <input class="custom-control-input" id="peer_enabled" type="checkbox" name="wg_penabled" value="1" <?php echo $wg_penabled ? ' checked="checked"' : "" ?> aria-describedby="endpoint-description">
+          <label class="custom-control-label" for="peer_enabled"><?php echo _("Enable peer") ?></label>
         </div>
+        <p id="wg-description">
+          <small><?php echo _("Enable this option to encrypt traffic by creating a tunnel between RaspAP and this peer.") ?></small>
+          <small><?php echo _("This option adds <code>client.conf</code> to the WireGuard configuration.") ?></small>
+        </p>
      </div>
 
       <div class="row">

From 63267cd225fbb9863082a964454a70ab7a455513 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 9 Mar 2021 15:41:03 +0000
Subject: [PATCH 114/300] Update en_US locale

---
 locale/en_US/LC_MESSAGES/messages.po | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index 3170fa4e..dcd00a5c 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -855,12 +855,15 @@ msgstr "Invalid custom host found on line "
 msgid "Tunnel settings"
 msgstr "Tunnel settings"
 
-msgid "Enable tunnel"
-msgstr "Enable tunnel"
+msgid "Enable server"
+msgstr "Enable server"
 
 msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
 msgstr "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
 
+msgid "This option adds <code>wg0.conf</code> to the WireGuard configuration."
+msgstr "This option adds <code>wg0.conf</code> to the WireGuard configuration."
+
 msgid "Local public key"
 msgstr "Local public key"
 
@@ -876,8 +879,14 @@ msgstr "DNS"
 msgid "Peer"
 msgstr "Peer"
 
-msgid "Enable endpoint"
-msgstr "Enable endpoint"
+msgid "Enable peer"
+msgstr "Enable peer"
+
+msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and this peer."
+msgstr "Enable this option to encrypt traffic by creating a tunnel between RaspAP and this peer."
+
+msgid "This option adds <code>client.conf</code> to the WireGuard configuration."
+msgstr "This option adds <code>client.conf</code> to the WireGuard configuration."
 
 msgid "Peer public key"
 msgstr "Peer public key"

From 9a770329db894f53f6aa8b2e87cc890521f19c67 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 9 Mar 2021 17:54:30 +0000
Subject: [PATCH 115/300] Update release version

---
 README.md             | 2 +-
 includes/defaults.php | 2 +-
 index.php             | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index f754d941..3cdbbc68 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/DpgvLIO.png)
-[![Release 2.7.1](https://img.shields.io/badge/release-v2.7.1-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.7.2](https://img.shields.io/badge/release-v2.7.2-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.
 
diff --git a/includes/defaults.php b/includes/defaults.php
index f6009f17..34e08378 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.7.1',
+  'RASPI_VERSION' => '2.7.2',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
diff --git a/index.php b/index.php
index 59549062..60c6088b 100755
--- a/index.php
+++ b/index.php
@@ -14,7 +14,7 @@
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.7.1
+ * @version 2.7.2
  * @link    https://github.com/raspap/raspap-insiders/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/

From 76e2eecaec5817f07ee3f890988f29a0717afa43 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Wed, 10 Mar 2021 23:45:04 +0100
Subject: [PATCH 116/300] Correct internet device GUI and udev config

---
 ajax/networking/save_net_dev_config.php |  2 +-
 app/js/custom.js                        |  4 +-
 config/config.php                       |  2 +
 includes/dashboard.php                  |  9 +++--
 includes/functions.php                  |  5 ++-
 includes/get_clients.php                |  4 ++
 includes/wifi_functions.php             |  1 +
 templates/dashboard.php                 |  2 +-
 templates/networking.php                | 52 ++++++++++++-------------
 9 files changed, 46 insertions(+), 35 deletions(-)

diff --git a/ajax/networking/save_net_dev_config.php b/ajax/networking/save_net_dev_config.php
index 6c34e053..af79cfb4 100644
--- a/ajax/networking/save_net_dev_config.php
+++ b/ajax/networking/save_net_dev_config.php
@@ -88,7 +88,7 @@ if (isset($_POST['interface'])) {
       $cfg['static'] = $_POST[$int.'-static'];
       $cfg['failover'] = $_POST[$int.'-failover'];
     }
-    if (write_php_ini($cfg, RASPI_CONFIG_NETWORKING.'/'.$file)) {
+    if (write_php_ini($cfg, RASPI_CONFIG.'/networking/'.$file)) {
         $jsonData = ['return'=>0,'output'=>['Successfully Updated Network Configuration']];
     } else {
         $jsonData = ['return'=>1,'output'=>['Error saving network configuration to file']];
diff --git a/app/js/custom.js b/app/js/custom.js
index f298a77e..fff618af 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -130,8 +130,8 @@ function setupBtns() {
     $('#btnSummaryRefresh').click(function(){getAllInterfaces();});
     $('.intsave').click(function(){
         var int = $(this).data('int');
-        saveNetDeviceSettings(int);
-        saveNetworkSettings(int);
+        var opts = $(this).data('opts');
+        saveNetDeviceSettings(int,opts);
     });
     $('.intapply').click(function(){
         applyNetworkSettings();
diff --git a/config/config.php b/config/config.php
index 2c476b57..f0516cfc 100755
--- a/config/config.php
+++ b/config/config.php
@@ -25,6 +25,8 @@ define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
 define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
 define('RASPI_ACCESS_CHECK_DNS', 'one.one.one.one');
+define('RASPI_CLIENT_CONFIG_PATH', '/etc/raspap/networking/client_udev_prototypes.json');
+define('RASPI_CLIENT_SCRIPT_PATH', '/usr/local/sbin');
 
 // Constant for the 5GHz wireless regulatory domain
 define('RASPI_5GHZ_ISO_ALPHA2', array('NL','US'));
diff --git a/includes/dashboard.php b/includes/dashboard.php
index 6d74581c..93e640c0 100755
--- a/includes/dashboard.php
+++ b/includes/dashboard.php
@@ -96,12 +96,12 @@ function DisplayDashboard(&$extraFooterScripts)
     $clientinfo=array("name"=>"none","type"=>-1,"connected"=>"n");
     $raspi_client=$_SESSION['wifi_client_interface'];
     load_client_config();
-    $clients = getClients(false);
-    if(!empty($clients)) {
-        $ncl=$clients["clients"];
+    $client_devs = getClients(false);
+    if(!empty($client_devs)) {
+        $ncl=$client_devs["clients"];
         if($ncl > 0) {
             $ty=-1;
-            foreach($clients["device"] as $dev) {
+            foreach($client_devs["device"] as $dev) {
                if(($id=array_search($dev["type"],$_SESSION["net-device-types"])) > $ty && !$dev["isAP"]) {
                  $ty=$id;
                  $clientinfo=$dev;
@@ -162,6 +162,7 @@ function DisplayDashboard(&$extraFooterScripts)
         $client_interface = $clientinfo["name"];
     }
     $apInterface = $_SESSION['ap_interface'];
+	$clientInterface = $raspi_client;
     $MACPattern = '"([[:xdigit:]]{2}:){5}[[:xdigit:]]{2}"';
     if (getBridgedState()) {
         $moreLink = "hostapd_conf";
diff --git a/includes/functions.php b/includes/functions.php
index 10699190..2a70712b 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -728,6 +728,8 @@ function getNightmode(){
     } else {
         return false;
     }
+}	
+	
 // search array for matching string and return only first matching group
 function preg_only_match($pat,$haystack) {
   $match = "";
@@ -738,5 +740,6 @@ function preg_only_match($pat,$haystack) {
   }
   return $match;
 }
-}
+
+?>
 
diff --git a/includes/get_clients.php b/includes/get_clients.php
index 999b5bfa..b04610a4 100644
--- a/includes/get_clients.php
+++ b/includes/get_clients.php
@@ -137,6 +137,10 @@ function getClients($simple=true) {
               break;
            default:
         }
+        if (!isset($cl["device"][$i]["signal"])){
+           $cl["device"][$i]["signal"]= $cl["device"][$i]["connected"] == "n" ? "-100 dB (0%)": "0 dB (100%)";;
+        }
+        if (!isset($cl["device"][$i]["isAP"])) $cl["device"][$i]["isAP"]=false;
       }
     }
     return $cl;
diff --git a/includes/wifi_functions.php b/includes/wifi_functions.php
index 8296c57c..7aa4cece 100755
--- a/includes/wifi_functions.php
+++ b/includes/wifi_functions.php
@@ -157,3 +157,4 @@ function getWifiInterface()
         } 
 }
 
+?>
\ No newline at end of file
diff --git a/templates/dashboard.php b/templates/dashboard.php
index 9c185ac6..bf841b59 100755
--- a/templates/dashboard.php
+++ b/templates/dashboard.php
@@ -107,7 +107,7 @@
                         <?php endif; ?>
                         <?php foreach (array_slice($clients,0, 2) as $client) : ?>
                         <tr>
-                          <?php if ($arrHostapdConf['BridgedEnable'] == 1): ?>
+                          <?php if ($bridgedEnable == 1): ?>
                             <td><?php echo htmlspecialchars($client, ENT_QUOTES) ?></td>
                           <?php else : ?>
                             <?php $props = explode(' ', $client) ?>
diff --git a/templates/networking.php b/templates/networking.php
index 90a3ab00..6df5ba87 100755
--- a/templates/networking.php
+++ b/templates/networking.php
@@ -13,8 +13,8 @@
         <ul class="nav nav-tabs">
           <li role="presentation" class="nav-item"><a class="nav-link active" href="#summary" aria-controls="summary" role="tab" data-toggle="tab"><?php echo _("Summary"); ?></a></li>
           <?php if (!$bridgedEnabled) : // no interface details when bridged ?>
-            <li role="presentation" class="nav-item"><a class="nav-link" href="#mobiledata" aria-controls="mobiledata" role="tab" data-toggle="tab">Mobile Data Settings</a></li>
             <li role="presentation" class="nav-item"><a class="nav-link" href="#netdevices" aria-controls="netdevices" role="tab" data-toggle="tab">Network Devices</a></li>
+            <li role="presentation" class="nav-item"><a class="nav-link" href="#mobiledata" aria-controls="mobiledata" role="tab" data-toggle="tab">Mobile Data Settings</a></li>
           <?php endif ?>
         </ul>
         <div class="tab-content">
@@ -84,31 +84,6 @@
           <?php $arrMD = parse_ini_file('/etc/raspap/networking/mobiledata.ini');
                 if ($arrMD==false) { $arrMD=[]; $arrMD["pin"]=$arrMD["apn"]=$arrMD["apn_user"]=$arrMD["apn_pw"]=$arrMD["router_user"]=$arrMD["router_pw"]=""; }
           ?>
-          <div role="tabpanel" class="tab-pane fade in" id="mobiledata">
-            <div class="row">
-              <div class="col-lg-6">
-                <h4 class="mt-3"><?php echo _("Settings for Mobile Data Devices") ?></h4>
-                <hr />
-                <form id="frm-mobiledata">
-                  <?php echo CSRFTokenFieldTag() ?>
-                  <div class="form-group">
-                    <label for="pin-mobile"><?php echo _("PIN of SIM card") ?></label>
-                    <input type="number" class="form-control" id="pin-mobile" placeholder="1234" value="<?php echo $arrMD["pin"]?>" >
-                  </div>
-                  <h4 class="mt-3"><?php echo _("APN Settings (Modem device ppp0)") ?></h4>
-                  <div class="form-group">
-                    <label for="apn-mobile"><?php echo _("Access Point Name (APN)") ?></label>
-                    <input type="text" class="form-control" id="apn-mobile" placeholder="web.myprovider.com" value="<?php echo $arrMD["apn"]?>" >
-                    <label for="apn-user-mobile"><?php echo _("Username") ?></label>
-                    <input type="text" class="form-control" id="apn-user-mobile" value="<?php echo $arrMD["apn_user"]?>" >
-                    <label for="apn-pw-mobile"><?php echo _("Password") ?></label>
-                    <input type="text" class="form-control" id="apn-pw-mobile"  value="<?php echo $arrMD["apn_pw"]?>" >
-                  </div>
-                  <a href="#" class="btn btn-outline btn-primary intsave" data-int="mobiledata"><?php echo _("Save settings") ?></a>
-                </form>
-              </div>
-		    </div>
-          </div><!-- /.tab-panel -->
           <div role="tabpanel" class="tab-pane fade in" id="netdevices">
             <h4 class="mt-3"><?php echo _("Properties of network devices") ?></h4>
             <div class="row">
@@ -194,6 +169,31 @@
              </div>
             </div>
           </div><!-- /.tab-panel -->
+          <div role="tabpanel" class="tab-pane fade in" id="mobiledata">
+            <div class="row">
+              <div class="col-lg-6">
+                <h4 class="mt-3"><?php echo _("Settings for Mobile Data Devices") ?></h4>
+                <hr />
+                <form id="frm-mobiledata">
+                  <?php echo CSRFTokenFieldTag() ?>
+                  <div class="form-group">
+                    <label for="pin-mobile"><?php echo _("PIN of SIM card") ?></label>
+                    <input type="number" class="form-control" id="pin-mobile" placeholder="1234" value="<?php echo $arrMD["pin"]?>" >
+                  </div>
+                  <h4 class="mt-3"><?php echo _("APN Settings (Modem device ppp0)") ?></h4>
+                  <div class="form-group">
+                    <label for="apn-mobile"><?php echo _("Access Point Name (APN)") ?></label>
+                    <input type="text" class="form-control" id="apn-mobile" placeholder="web.myprovider.com" value="<?php echo $arrMD["apn"]?>" >
+                    <label for="apn-user-mobile"><?php echo _("Username") ?></label>
+                    <input type="text" class="form-control" id="apn-user-mobile" value="<?php echo $arrMD["apn_user"]?>" >
+                    <label for="apn-pw-mobile"><?php echo _("Password") ?></label>
+                    <input type="text" class="form-control" id="apn-pw-mobile"  value="<?php echo $arrMD["apn_pw"]?>" >
+                  </div>
+                  <a href="#" class="btn btn-outline btn-primary intsave" data-int="mobiledata"><?php echo _("Save settings") ?></a>
+                </form>
+              </div>
+		    </div>
+          </div><!-- /.tab-panel -->
         </div>
       </div><!-- /.card-body -->
       <div class="card-footer"><?php echo _("Information provided by /sys/class/net"); ?></div>

From 2b4c9472e6e4dc01605756d5f8bee6cb62cefb27 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Fri, 12 Mar 2021 12:20:34 +0100
Subject: [PATCH 117/300] Replace switchClientState.sh by php function in
 get_clients.php Cleanup display of client on dashboard

---
 config/client_config/switchClientState.sh | 49 --------------------
 includes/dashboard.php                    | 38 ++++++----------
 includes/get_clients.php                  | 54 ++++++++++++++++++++++-
 installers/raspap.sudoers                 |  5 ++-
 templates/dashboard.php                   | 41 ++++++++---------
 5 files changed, 90 insertions(+), 97 deletions(-)
 delete mode 100644 config/client_config/switchClientState.sh

diff --git a/config/client_config/switchClientState.sh b/config/client_config/switchClientState.sh
deleted file mode 100644
index e6e4635f..00000000
--- a/config/client_config/switchClientState.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/bash
-#
-# parameters: up or down
-# current client from getClients.sh
-#
-# requires: getClients.sh, onoff_huawei_hilink.sh in same path
-#           ifconfig, ifup, ifdown, systemd-cat
-#
-#
-# zbchristian 2020
-
-path=`dirname $0`
-clients=$($path/getClients.sh simple)
-
-if [[ -z $clients ]] || [[ $(echo $clients| grep -oP '(?<="clients": )\d') == 0  ]]; then echo "$0 : No client found"|systemd-cat; exit; fi
-
-devs=( $(echo $clients | grep -oP '(?<="name": ")\w*(?=")') )
-types=( $(echo $clients | grep -oP '(?<="type": )\d') )
-
-# find the device with the max type number
-imax=0
-type=0
-for i in "${!devs[@]}"; do
-  if [[ ${types[$i]} > $type ]]; then  imax=$i; type=${types[$i]}; fi
-done
-device=${devs[$imax]}
-
-echo "$0: try to set $device $1" | systemd-cat
-
-connected=`ifconfig -a | grep -i $device -A 1 | grep -oP "(?<=inet )([0-9]{1,3}\.){3}[0-9]{1,3}"`
-
-if [ -z "$connected" ] && [[ $1 == "up" ]]; then
-   if [[ $type == 3 ]]; then  ip link set $device up; fi
-   if [[ $type == 5 ]]; then  ifup $device; fi
-fi
-if [[ ! -z "$connected" ]] &&  [[ $1 == "down" ]]; then
-   if [[ $type == 3 ]]; then  ip link set $device down; fi
-   if [[ $type == 5 ]]; then  ifdown $device; fi
-fi
-if [[ $type == 4 ]]; then
-   ipadd=$(echo $connected | grep -oP "([0-9]{1,3}\.){2}[0-9]{1,3}")".1"  # get ip address of the Hilink API
-   mode=0
-   if [[ $1 == "up" ]]; then mode=1; fi
-   if [[ -f /etc/raspap/networking/mobiledata.ini ]]; then
-      pin=$(cat /etc/raspap/networking/mobiledata.ini | sed -rn 's/pin = ([0-9]*)$/\1/p' )
-   fi
-   $path/onoff_huawei_hilink.sh -c $mode -h $ipadd -p $pin
-fi
-
diff --git a/includes/dashboard.php b/includes/dashboard.php
index 93e640c0..aaae3188 100755
--- a/includes/dashboard.php
+++ b/includes/dashboard.php
@@ -92,23 +92,13 @@ function DisplayDashboard(&$extraFooterScripts)
         $strTxBytes .= getHumanReadableDatasize($strTxBytes);
     }
 
-	// ------------------------ INFOS ABOUT THE CLIENT---------------------------------------------------------------
+    // ------------------------ INFOS ABOUT THE CLIENT---------------------------------------------------------------
     $clientinfo=array("name"=>"none","type"=>-1,"connected"=>"n");
     $raspi_client=$_SESSION['wifi_client_interface'];
     load_client_config();
-    $client_devs = getClients(false);
-    if(!empty($client_devs)) {
-        $ncl=$client_devs["clients"];
-        if($ncl > 0) {
-            $ty=-1;
-            foreach($client_devs["device"] as $dev) {
-               if(($id=array_search($dev["type"],$_SESSION["net-device-types"])) > $ty && !$dev["isAP"]) {
-                 $ty=$id;
-                 $clientinfo=$dev;
-               }
-            }
-        }
-    }
+    $all_clients = getClients(false);
+    $clientinfo = array("name" => "none", "connected" => "n");
+    if ( ($idx = findCurrentClientIndex($all_clients)) >= 0) $clientinfo = $all_clients["device"][$idx];
     if ($clientinfo["name"] != "none") $raspi_client = $clientinfo["name"];
     $interfaceState = $clientinfo["connected"] == "y" ? 'UP' : 'DOWN';
     $txPower="";
@@ -117,7 +107,7 @@ function DisplayDashboard(&$extraFooterScripts)
         exec('iw dev '.$clientinfo["name"].' info |  sed -rn "s/.*txpower ([0-9]*)[0-9\.]*( dBm).*/\1\2/p"', $stdoutIwInfo);
         if (!empty($stdoutIwInfo)) $txPower=$stdoutIwInfo[0];
     }
-	
+    
     $classMsgDevicestatus = 'warning';
     if ($interfaceState === 'UP') {
         $classMsgDevicestatus = 'success';
@@ -127,7 +117,8 @@ function DisplayDashboard(&$extraFooterScripts)
             // Pressed stop button
             if ($interfaceState === 'UP') {
                 $status->addMessage(sprintf(_('Interface is going %s.'), _('down')), 'warning');
-                exec('sudo /usr/local/sbin/switchClientState.sh down');
+                setClientState("down");
+//                exec('sudo /usr/local/sbin/switchClientState.sh down');
                 $status->addMessage(sprintf(_('Interface is now %s.'), _('down')), 'success');
             } elseif ($interfaceState === 'unknown') {
                 $status->addMessage(_('Interface state unknown.'), 'danger');
@@ -138,7 +129,8 @@ function DisplayDashboard(&$extraFooterScripts)
             // Pressed start button
             if ($interfaceState === 'DOWN') {
                 $status->addMessage(sprintf(_('Interface is going %s.'), _('up')), 'warning');
-                exec('sudo /usr/local/sbin/switchClientState.sh up');
+                setClientState("up");
+//                exec('sudo /usr/local/sbin/switchClientState.sh up');
                 exec('sudo ip -s a f label ' . $raspi_client);
                 $status->addMessage(sprintf(_('Interface is now %s.'), _('up')), 'success');
             } elseif ($interfaceState === 'unknown') {
@@ -151,8 +143,6 @@ function DisplayDashboard(&$extraFooterScripts)
         }
     }
 
-
-
     // brought in from template
     $arrHostapdConf = parse_ini_file(RASPI_CONFIG.'/hostapd.ini');
     $bridgedEnable = $arrHostapdConf['BridgedEnable'];
@@ -162,7 +152,7 @@ function DisplayDashboard(&$extraFooterScripts)
         $client_interface = $clientinfo["name"];
     }
     $apInterface = $_SESSION['ap_interface'];
-	$clientInterface = $raspi_client;
+    $clientInterface = $raspi_client;
     $MACPattern = '"([[:xdigit:]]{2}:){5}[[:xdigit:]]{2}"';
     if (getBridgedState()) {
         $moreLink = "hostapd_conf";
@@ -174,7 +164,7 @@ function DisplayDashboard(&$extraFooterScripts)
     $ifaceStatus = $clientinfo["connected"]=="y" ? "up" : "down";
     switch($clientinfo["type"]) {
         case "eth":
-	        $client_title = "Client: Ethernet cable";
+            $client_title = "Client: Ethernet cable";
             $type_name = "Ethernet";
             break;
         case "phone":
@@ -198,8 +188,8 @@ function DisplayDashboard(&$extraFooterScripts)
     echo renderTemplate(
         "dashboard", compact(
             "clients",
-			"client_title",
-			"type_name",
+            "client_title",
+            "type_name",
             "moreLink",
             "apInterface",
             "clientInterface",
@@ -215,7 +205,7 @@ function DisplayDashboard(&$extraFooterScripts)
             "strTxPackets",
             "strTxBytes",
             "txPower",
-			"clientinfo"
+            "clientinfo"
         )
     );
     $extraFooterScripts[] = array('src'=>'app/js/dashboardchart.js', 'defer'=>false);
diff --git a/includes/get_clients.php b/includes/get_clients.php
index b04610a4..d75a4a0d 100644
--- a/includes/get_clients.php
+++ b/includes/get_clients.php
@@ -128,7 +128,10 @@ function getClients($simple=true) {
                 $cl["device"][$i]["connected"] = "y";
                 $cl["device"][$i]["wan_ip"] = $ipadd[0];
               }
-              else  $cl["device"][$i]["connected"] = "n";
+              else  {
+                $cl["device"][$i]["connected"] = "n";
+                $cl["device"][$i]["wan_ip"] = "-";
+              }
               unset($res);
               exec("$path/info_huawei.sh operator hilink $apiadd",$res);
               $cl["device"][$i]["operator"] = $res[0];
@@ -170,5 +173,52 @@ function load_client_config() {
     }
 }
 
-?>
+function findCurrentClientIndex($clients) {
+    $devid = -1;
+    if(!empty($clients)) {
+        $ncl=$clients["clients"];
+        if($ncl > 0) {
+            $ty=-1;
+            foreach($clients["device"] as $i => $dev) {
+               if(($id=array_search($dev["type"],$_SESSION["net-device-types"])) > $ty && !$dev["isAP"]) {
+                 $ty=$id;
+                 $devid=$i;
+               }
+            }
+        }
+    }
+    return $devid;
+}
 
+function setClientState($state) {
+    $clients=getClients();
+    if ( ($idx = findCurrentClientIndex($clients)) >= 0) {
+        $dev = $clients["device"][$idx];
+        exec('ifconfig -a | grep -i '.$dev["name"].' -A 1 | grep -oP "(?<=inet )([0-9]{1,3}\.){3}[0-9]{1,3}"',$res);
+        if ( !empty($res)) $connected=$res[0];
+        switch($dev["type"]) {
+            case "wlan":
+                if($state =="up") exec('sudo ip link set '.$dev["name"].' up');
+                if(!empty($connected) && $state =="down") exec('sudo ip link set '.$dev["name"].' down');
+                break;
+            case "hilink":
+                preg_match("/^([0-9]{1,3}\.){3}/",$connected,$ipadd);
+                $ipadd = $ipadd[0].'1'; // ip address of the Hilink api
+                $mode = ($state == "up") ? 1 : 0;
+                if (file_exists(RASPI_CONFIG."/networking/mobiledata.ini")) {
+                    $dat = parse_ini_file(RASPI_CONFIG."/networking/mobiledata.ini");
+                    $pin = (isset($dat["pin"]) && preg_match("/^[0-9]*$/",$dat["pin"])) ? $dat["pin"] : "";
+                    exec('sudo '.RASPI_CLIENT_SCRIPT_PATH.'/onoff_huawei_hilink.sh -c '.$mode.' -h '.$ipadd.' -p '.$pin);
+                }
+                break;
+            case "ppp":
+                if($state == "up") exec('ipup '.$dev["name"]);
+                if(!empty($connected) && $state == "down") exec('ipup '.$dev["name"]);
+                break;
+            default:
+                break;
+        }
+    }
+}
+
+?>
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 0d5e00a1..246deefa 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -30,6 +30,8 @@ www-data ALL=(ALL) NOPASSWD:/sbin/reboot
 www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] down
 www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] up
 www-data ALL=(ALL) NOPASSWD:/sbin/ip -s a f label wlan[0-9]
+www-data ALL=(ALL) NOPASSWD:/sbin/ifup *
+www-data ALL=(ALL) NOPASSWD:/sbin/ifdown *
 www-data ALL=(ALL) NOPASSWD:/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/enablelog.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/disablelog.sh
@@ -43,8 +45,7 @@ www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasq_custom /etc/raspap/adblock/custom.txt
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/socat - /dev/ttyUSB[0-9]
-www-data ALL=(ALL) NOPASSWD:/usr/local/sbin/switchClientState.sh up
-www-data ALL=(ALL) NOPASSWD:/usr/local/sbin/switchClientState.sh down
+www-data ALL=(ALL) NOPASSWD:/usr/local/sbin/onoff_huawei_hilink.sh *
 www-data ALL=(ALL) NOPASSWD:/bin/sed -i * /etc/wvdial.conf
 www-data ALL=(ALL) NOPASSWD:/bin/sed -i * /etc/udev/rules.d/80-raspap-net-devices.rules
 www-data ALL=(ALL) NOPASSWD:/usr/bin/tee -a /etc/udev/rules.d/80-raspap-net-devices.rules
diff --git a/templates/dashboard.php b/templates/dashboard.php
index bf841b59..77e462af 100755
--- a/templates/dashboard.php
+++ b/templates/dashboard.php
@@ -35,35 +35,36 @@
                 <h4><?php echo _("$client_title"); ?></h4>
                 <div class="row justify-content-md-center">
                   <div class="col-md">
+                    <?php $valEcho=function($cl,$id) {$val = isset($cl[$id])&& !empty($cl[$id]) ? $cl[$id] : "-"; echo  htmlspecialchars($val,ENT_QUOTES);} ?>
                     <?php if ($clientinfo["type"] == "wlan") : // WIRELESS ?>
-                      <div class="info-item"><?php echo _("Connected To"); ?></div><div><?php echo htmlspecialchars($clientinfo["ssid"], ENT_QUOTES); ?></div>
-                      <div class="info-item"><?php echo _("AP Mac Address"); ?></div><div><?php echo htmlspecialchars($clientinfo["ap-mac"], ENT_QUOTES); ?></div>
-                      <div class="info-item"><?php echo _("Bitrate"); ?></div><div><?php echo htmlspecialchars($clientinfo["bitrate"], ENT_QUOTES); ?></div>
-                      <div class="info-item"><?php echo _("Signal Level"); ?></div><div><?php echo htmlspecialchars($clientinfo["signal"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("Connected To"); ?></div><div><?php  $valEcho($clientinfo,"ssid"); ?></div>
+                      <div class="info-item"><?php echo _("AP Mac Address"); ?></div><div><?php $valEcho($clientinfo,"ap-mac"); ?></div>
+                      <div class="info-item"><?php echo _("Bitrate"); ?></div><div><?php  $valEcho($clientinfo,"bitrate"); ?></div>
+                      <div class="info-item"><?php echo _("Signal Level"); ?></div><div><?php  $valEcho($clientinfo,"signal"); ?></div>
                       <div class="info-item"><?php echo _("Transmit Power"); ?></div><div><?php echo htmlspecialchars($txPower, ENT_QUOTES); ?></div>
-                      <div class="info-item"><?php echo _("Frequency"); ?></div><div><?php echo htmlspecialchars($clientinfo["freq"]." MHz", ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("Frequency"); ?></div><div><?php  $valEcho($clientinfo,"freq"); ?></div>
                     <?php elseif ($clientinfo["type"] == "phone" ) : // Smartphones (tethering over USB) ?>
-                      <div class="info-item"><?php echo _("Device"); ?></div><div><?php echo htmlspecialchars($clientinfo["vendor"]." ".$clientinfo["model"], ENT_QUOTES); ?></div>
-                      <div class="info-item"><?php echo _("IP Address"); ?></div><div><?php echo htmlspecialchars($clientinfo["ipaddress"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("Device"); ?></div><div><?php  $valEcho($clientinfo,"vendor")." ". $valEcho($clientinfo,"model"); ?></div>
+                      <div class="info-item"><?php echo _("IP Address"); ?></div><div><?php  $valEcho($clientinfo,"ipaddress"); ?></div>
                     <?php elseif ($clientinfo["type"] == "hilink" ) : // MOBILE DATA - ROUTER MODE (HILINK) ?>
-                      <?php 
+                      <?php
                           exec('ip route list |  sed -rn "s/default via (([0-9]{1,3}\.){3}[0-9]{1,3}).*dev '.$clientinfo["name"].'.*/\1/p"',$gw); // get gateway
-                          $gw=empty($gw) ? "" : $gw[0]; 
+                          $gw=empty($gw) ? "" : $gw[0];
                       ?>
-                      <div class="info-item"><?php echo _("Device"); ?></div><div><?php echo htmlspecialchars($clientinfo["model"], ENT_QUOTES)." (Hilink)"; ?></div>
-                      <div class="info-item"><?php echo _("Connection mode"); ?></div><div><?php echo htmlspecialchars($clientinfo["mode"], ENT_QUOTES); ?></div>
-                      <div class="info-item"><?php echo _("Signal quality"); ?></div><div><?php echo htmlspecialchars($clientinfo["signal"], ENT_QUOTES); ?></div>
-                      <div class="info-item"><?php echo _("Network"); ?></div><div><?php echo htmlspecialchars($clientinfo["operator"], ENT_QUOTES); ?></div>
-                      <div class="info-item"><?php echo _("WAN IP"); ?></div><div><?php echo htmlspecialchars($clientinfo["ipaddress"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("Device"); ?></div><div><?php  $valEcho($clientinfo,"model")." (Hilink)"; ?></div>
+                      <div class="info-item"><?php echo _("Connection mode"); ?></div><div><?php  $valEcho($clientinfo,"mode"); ?></div>
+                      <div class="info-item"><?php echo _("Signal quality"); ?></div><div><?php  $valEcho($clientinfo,"signal"); ?></div>
+                      <div class="info-item"><?php echo _("Network"); ?></div><div><?php  $valEcho($clientinfo,"operator"); ?></div>
+                      <div class="info-item"><?php echo _("WAN IP"); ?></div><div><?php  $valEcho($clientinfo,"wan_ip"); ?></div>
                       <div class="info-item"><?php echo _("Web-GUI"); ?></div><div><?php if(!empty($gw)) echo '<a href="http://'.$gw.'" >'.$gw."</a>"; ?></div>
                     <?php elseif ($clientinfo["type"] == "ppp" ) : // MOBILE DATA MODEM) ?>
-                      <div class="info-item"><?php echo _("Device"); ?></div><div><?php echo htmlspecialchars($clientinfo["model"], ENT_QUOTES); ?></div>
-                      <div class="info-item"><?php echo _("Connection mode"); ?></div><div><?php echo htmlspecialchars($clientinfo["mode"], ENT_QUOTES); ?></div>
-                      <div class="info-item"><?php echo _("Signal strength"); ?></div><div><?php echo htmlspecialchars($clientinfo["signal"], ENT_QUOTES); ?></div>
-                      <div class="info-item"><?php echo _("Network"); ?></div><div><?php echo htmlspecialchars($clientinfo["operator"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("Device"); ?></div><div><?php  $valEcho($clientinfo,"model"); ?></div>
+                      <div class="info-item"><?php echo _("Connection mode"); ?></div><div><?php  $valEcho($clientinfo,"mode"); ?></div>
+                      <div class="info-item"><?php echo _("Signal strength"); ?></div><div><?php  $valEcho($clientinfo,"signal"); ?></div>
+                      <div class="info-item"><?php echo _("Network"); ?></div><div><?php  $valEcho($clientinfo,"operator"); ?></div>
                     <?php elseif  ($clientinfo["type"] == "eth" ) : // ETHERNET ?>
-                      <div class="info-item"><?php echo _("Device"); ?></div><div><?php echo htmlspecialchars($clientinfo["vendor"]." ".$clientinfo["model"], ENT_QUOTES); ?></div>
-                      <div class="info-item"><?php echo _("IP Address"); ?></div><div><?php echo htmlspecialchars($clientinfo["ipaddress"], ENT_QUOTES); ?></div>
+                      <div class="info-item"><?php echo _("Device"); ?></div><div><?php  $valEcho($clientinfo,"vendor")." ".$valEcho($clientinfo,"model"); ?></div>
+                      <div class="info-item"><?php echo _("IP Address"); ?></div><div><?php echo  $valEcho($clientinfo,"ipaddress"); ?></div>
                     <?php else : // NO CLIENT ?>
                       <div class="info-item"><?php echo _("No Client device found"); ?></div>
                     <?php endif; ?>

From 3ab90f64b7ae81131c9817bbb4e31c29358b73cb Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Fri, 12 Mar 2021 15:55:43 +0100
Subject: [PATCH 118/300] Update README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 3cdbbc68..6a974b35 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ As part of the initial rollout of Insiders, all previous one-time backers of Ras
 > ℹ️ **Important**: If you're [sponsoring](https://github.com/sponsors/RaspAP) RaspAP through a GitHub organization, please send a short email to [sponsors@raspap.com](mailto:sponsors@raspap.com) with the name of your organization and the account that should be added as a collaborator. <sup>[2](#footnote-2)</sup>
 
 ## Exclusive features
-When backers were asked which feature they'd most like to see added to RaspAP, the ability to manage multiple OpenVPN client configurations topped the list of requests. Therefore, we're adding this as the first feature exclusive to insiders. 
+The following features are currently available exclusively to sponsors. A tangible side benefit of sponsorship is that Insiders are able to help steer future development of RaspAP. This is done through your Insiders access to discussions, feature requests, issues and pull requests in the private GitHub repository.
 
 ✅ Manage OpenVPN client configs  
 ✅ OpenVPN service logging  
@@ -34,7 +34,7 @@ When backers were asked which feature they'd most like to see added to RaspAP, t
 ✅ WireGuard support  
 ⚙️ Traffic shaping (in progress)  
 
-Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/orgs/RaspAP/teams/insiders/discussions) and let us know!
+Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/RaspAP/raspap-insiders/discussions) and let us know!
 
 ## Funding targets
 Following is a list of funding targets. When a funding target is reached, the features that are tied to it are merged back into RaspAP and released to the public for general availability.

From 438ab9430949355c7aaaa08bc5884defa06878b8 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sun, 14 Mar 2021 18:02:19 +0100
Subject: [PATCH 119/300] Fix access token option in raspbian.sh

---
 installers/raspbian.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/installers/raspbian.sh b/installers/raspbian.sh
index 230f4887..0e3c8611 100755
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@@ -88,6 +88,7 @@ function _parse_params() {
             ;;
             -t|--token)
             acctoken="$2"
+			shift
             ;;
             -v|--version)
             _version

From c87253a06b0b839307143ff48f7ca5cc55b4697c Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sun, 14 Mar 2021 19:53:08 +0100
Subject: [PATCH 120/300] Fix SSID consisting of multiple words

---
 includes/get_clients.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/includes/get_clients.php b/includes/get_clients.php
index d75a4a0d..b91633b9 100644
--- a/includes/get_clients.php
+++ b/includes/get_clients.php
@@ -64,7 +64,7 @@ function getClients($simple=true) {
               $cl["device"][$i]["isAP"] = !empty($retiw);
               unset($retiw);
               exec("iw dev $dev link 2> /dev/null",$retiw);
-              if(!$simple && !empty($ssid=preg_only_match("/.*SSID: (\w*).*/",$retiw)) ) {
+              if(!$simple && !empty($ssid=preg_only_match("/.*SSID: ([\w ]*).*/",$retiw)) ) {
                  $cl["device"][$i]["connected"] = "y";
                  $cl["device"][$i]["ssid"] = $ssid;
                  $cl["device"][$i]["ap-mac"] = preg_only_match("/^Connected to ([0-9a-f\:]*).*$/",$retiw);
@@ -212,8 +212,8 @@ function setClientState($state) {
                 }
                 break;
             case "ppp":
-                if($state == "up") exec('ipup '.$dev["name"]);
-                if(!empty($connected) && $state == "down") exec('ipup '.$dev["name"]);
+                if($state == "up") exec('sudo ifup '.$dev["name"]);
+                if(!empty($connected) && $state == "down") exec('sudo ifdown '.$dev["name"]);
                 break;
             default:
                 break;

From 2b3d37a68ab0b2df940c15078317314dab436447 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 14 Mar 2021 19:27:13 +0000
Subject: [PATCH 121/300] Fix for -t,--token option, thx @zbchristian

---
 installers/raspbian.sh | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/installers/raspbian.sh b/installers/raspbian.sh
index fed9b619..f340b638 100755
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@@ -15,11 +15,11 @@
 # -c, --cert, --certficate          Installs mkcert and generates an SSL certificate for lighttpd
 # -o, --openvpn <flag>              Used with -y, --yes, sets OpenVPN install option (0=no install)
 # -a, --adblock <flag>              Used with -y, --yes, sets Adblock install option (0=no install)
-# -r, --repo, --repository <name>   Overrides the default GitHub repo (raspap/raspap-webgui)
+# -r, --repo, --repository <name>   Overrides the default GitHub repo (RaspAP/raspap-webgui)
 # -b, --branch <name>               Overrides the default git branch (master)
-# -t, --token <accesstoken>         Token to access a private repository
+# -t, --token <accesstoken>         Specify a GitHub token to access a private repository
 # -u, --upgrade                     Upgrades an existing installation to the latest release version
-# -i, --insiders                    Installs from the Insiders Edition (raspap/raspap-insiders)
+# -i, --insiders                    Installs from the Insiders Edition (RaspAP/raspap-insiders)
 # -v, --version                     Outputs release info and exits
 # -h, --help                        Outputs usage notes and exits
 #
@@ -45,7 +45,7 @@ function _main() {
 }
 
 function _parse_params() {
-    # default flag values
+    # default option values
     assume_yes=0
     upgrade=0
     ovpn_option=1
@@ -89,6 +89,7 @@ function _parse_params() {
             ;;
             -t|--token)
             acctoken="$2"
+            shift
             ;;
             -v|--version)
             _version
@@ -132,11 +133,11 @@ OPTIONS:
 -c, --cert, --certificate           Installs an SSL certificate for lighttpd
 -o, --openvpn <flag>                Used with -y, --yes, sets OpenVPN install option (0=no install)
 -a, --adblock <flag>                Used with -y, --yes, sets Adblock install option (0=no install)
--r, --repo, --repository <name>     Overrides the default GitHub repo (raspap/raspap-webgui)
+-r, --repo, --repository <name>     Overrides the default GitHub repo (RaspAP/raspap-webgui)
 -b, --branch <name>                 Overrides the default git branch (latest release)
--t, --token <accesstoken>           Token to access a private repository
+-t, --token <accesstoken>           Specify a GitHub token to access a private repository
 -u, --upgrade                       Upgrades an existing installation to the latest release version
--i, --insiders                      Installs from the Insiders Edition (raspap/raspap-insiders)
+-i, --insiders                      Installs from the Insiders Edition (RaspAP/raspap-insiders)
 -v, --version                       Outputs release info and exits
 -h, --help                          Outputs usage notes and exits
 
@@ -173,7 +174,7 @@ function _display_welcome() {
     echo -e " 88     88 88.  .88       88 88.  .88 88     88   88"
     echo -e " dP     dP  88888P8  88888P  88Y888P  88     88   dP"
     echo -e "                             88"
-    echo -e "                             dP       version ${RASPAP_RELEASE}"
+    echo -e "                             dP      version ${RASPAP_RELEASE}"
     echo -e "${ANSI_GREEN}"
     echo -e "The Quick Installer will guide you through a few easy steps${ANSI_RESET}\n\n"
 }
@@ -182,10 +183,10 @@ function _display_welcome() {
 function _get_release() {
     readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
     if [ "$insiders" == 1 ]; then
-        RASPAP_INSIDERS_LATEST=$(curl -s "https://install.raspap.com/repos/RaspAP/raspap-insiders/releases/latest/" | grep -Po '"tag_name": "\K.*?(?=")' )
-        RASPAP_RELEASE="${RASPAP_INSIDERS_LATEST} Insiders"
+        readonly RASPAP_INSIDERS_LATEST=$(curl -s "https://install.raspap.com/repos/RaspAP/raspap-insiders/releases/latest/" | grep -Po '"tag_name": "\K.*?(?=")' )
+        readonly RASPAP_RELEASE="${RASPAP_INSIDERS_LATEST} Insiders"
     else
-        RASPAP_RELEASE="${RASPAP_LATEST}"
+        readonly RASPAP_RELEASE="${RASPAP_LATEST}"
     fi
 }
 
@@ -221,7 +222,6 @@ function _update_system_packages() {
 
 # Fetch required installer functions
 function _load_installer() {
-
     # fetch latest release tag
     _get_release
 
@@ -230,11 +230,13 @@ function _load_installer() {
         branch=$RASPAP_LATEST
     fi
 
-    UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/"
+    # add optional auth token header if defined with -t, --token option
     header=()
     if [[ ! -z "$acctoken" ]]; then
         header=(--header "Authorization: token $acctoken")
     fi
+
+    UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/"
     if [ "${install_cert:-}" = 1 ]; then
         source="mkcert"
         wget "${header[@]}" -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
@@ -242,7 +244,7 @@ function _load_installer() {
         _install_certificate || _install_status 1 "Unable to install certificate"
     else
         source="common"
-        wget "${header[@]}" -q ${UPDATE_URL}installers/${source}.sh  -O /tmp/raspap_${source}.sh
+        wget "${header[@]}" -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
         source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
         _install_raspap || _install_status 1 "Unable to install RaspAP"
     fi

From ee634c4b50f8032290bc35e26655234b80006667 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 15 Mar 2021 10:11:36 +0000
Subject: [PATCH 122/300] Initial commit: ajax fetch wg client.conf

---
 ajax/networking/get_wgcfg.php | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 ajax/networking/get_wgcfg.php

diff --git a/ajax/networking/get_wgcfg.php b/ajax/networking/get_wgcfg.php
new file mode 100644
index 00000000..6a9d771d
--- /dev/null
+++ b/ajax/networking/get_wgcfg.php
@@ -0,0 +1,9 @@
+<?php
+
+require '../../includes/csrf.php';
+require_once '../../includes/config.php';
+
+// fetch wg client.conf
+exec('sudo cat '. RASPI_WIREGUARD_PATH.'client.conf', $return);
+echo implode(PHP_EOL,$return);
+

From 1c158eade71858a7552411bf1a5d3377252129ad Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 15 Mar 2021 10:12:18 +0000
Subject: [PATCH 123/300] Add handler for wg client.conf download

---
 app/js/custom.js | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/app/js/custom.js b/app/js/custom.js
index b2214c9c..72f363de 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -361,6 +361,26 @@ $('.wg-keygen').click(function(){
     })
 })
 
+// Handler for wireguard client.conf download
+$('.wg-client-dl').click(function(){
+    var req = new XMLHttpRequest();
+    var url = 'ajax/networking/get_wgcfg.php';
+    req.open('get', url, true);
+    req.responseType = 'blob';
+    req.setRequestHeader('Content-type', 'text/plain; charset=UTF-8');
+    console.log(req);
+    req.onreadystatechange = function (event) {
+        if(req.readyState == 4 && req.status == 200) {
+            var blob = req.response;
+            var link=document.createElement('a');
+            link.href=window.URL.createObjectURL(blob);
+            link.download = 'client.conf';
+            link.click();
+        }
+    }
+    req.send();
+})
+
 // Event listener for Bootstrap's form validation
 window.addEventListener('load', function() {
     // Fetch all the forms we want to apply custom Bootstrap validation styles to

From a89140435b570449ddec99c181a076773ec2aab4 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 15 Mar 2021 10:30:36 +0000
Subject: [PATCH 124/300] Update peer template w/ download button

---
 templates/wg/peers.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 319cc0f9..d4347575 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -36,7 +36,7 @@
       </div>
 
       <div class="row">
-        <div class="form-group col-md-6">
+        <div class="form-group col-xs-3 col-sm-6">
           <label for="code"><?php echo _("IP Address"); ?></label>
           <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" />
         </div>
@@ -65,10 +65,14 @@
     </div>
 
     <div class="col-md-6 mt-5">
-      <figure class="figure">
+      <figure class="figure w-75 ml-3">
         <?php if ($wg_penabled == true ) : ?>
         <img src="app/img/wg-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
-        <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this tunnel"); ?></figcaption>
+        <figcaption class="figure-caption">
+          <?php echo _("Scan this QR code with your client to connect to this tunnel"); ?>
+          <?php echo _("or download the <code>client.conf</code> file to your device."); ?>
+        </figcaption>
+        <button class="btn btn-outline-secondary rounded-right wg-client-dl mt-2" type="button"><?php echo _("Download"); ?> <i class="fas fa-download ml-1"></i></button> 
         <?php endif; ?>
       </figure>
     </div>

From 319f917071ffb05fe2dd0f8d785fafc2ff6a942c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 15 Mar 2021 10:31:17 +0000
Subject: [PATCH 125/300] Update w/ wg download msgs

---
 locale/en_US/LC_MESSAGES/messages.po | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index dcd00a5c..74627378 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -909,6 +909,12 @@ msgstr "Enable this option to display an updated WireGuard status."
 msgid "Scan this QR code with your client to connect to this tunnel"
 msgstr "Scan this QR code with your client to connect to this tunnel"
 
+msgid "or download the <code>client.conf</code> file to your device."
+msgstr "or download the <code>client.conf</code> file to your device."
+
+msgid "Download"
+msgstr "Download"
+
 msgid "Start WireGuard"
 msgstr "Start WireGuard"
 

From c7c8eacb0ceea8a64894897b5d3c58a93e511fc7 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 15 Mar 2021 10:38:14 +0000
Subject: [PATCH 126/300] Minor: remove debug output

---
 app/js/custom.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index 72f363de..d5047558 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -368,7 +368,6 @@ $('.wg-client-dl').click(function(){
     req.open('get', url, true);
     req.responseType = 'blob';
     req.setRequestHeader('Content-type', 'text/plain; charset=UTF-8');
-    console.log(req);
     req.onreadystatechange = function (event) {
         if(req.readyState == 4 && req.status == 200) {
             var blob = req.response;

From 11e2724afa8c2fc96551986753c0e9eca5f53223 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Mon, 15 Mar 2021 13:29:16 +0100
Subject: [PATCH 127/300] Dashboard: show correct status after switching the
 client state fix huawei hilink service (udev rule)

---
 ajax/networking/save_net_dev_config.php |  2 +-
 includes/dashboard.php                  | 50 ++++++++++---------------
 installers/raspap.sudoers               |  3 +-
 3 files changed, 22 insertions(+), 33 deletions(-)

diff --git a/ajax/networking/save_net_dev_config.php b/ajax/networking/save_net_dev_config.php
index af79cfb4..c718ae9b 100644
--- a/ajax/networking/save_net_dev_config.php
+++ b/ajax/networking/save_net_dev_config.php
@@ -71,7 +71,7 @@ if (isset($_POST['interface'])) {
             if (!empty($rule) ) exec('echo \''.$rule.'\' | sudo /usr/bin/tee -a '.$udevfile);
           }
           $ret=print_r($ret,true);
-          $jsonData = ['return'=>0,'output'=>['Udev rules changed for device '.$dev ] ];
+          $jsonData = ['return'=>0,'output'=>['Settings changed for device '.$dev ] ];
           echo json_encode($jsonData);
           return;
         }
diff --git a/includes/dashboard.php b/includes/dashboard.php
index aaae3188..39934239 100755
--- a/includes/dashboard.php
+++ b/includes/dashboard.php
@@ -24,6 +24,24 @@ function DisplayDashboard(&$extraFooterScripts)
         $status->showMessages();
         return;
     }
+
+    // ------------------------- Button pressed to switch client on/off ---------------------------------------------------------   
+    $switchedOn = false;
+    if (!RASPI_MONITOR_ENABLED) {
+        if (isset($_POST['ifdown_wlan0'])) {
+            // Pressed stop button
+            $status->addMessage(sprintf(_('Interface is going %s.'), _('down')), 'warning');
+            setClientState("down");
+            $status->addMessage(sprintf(_('Interface is now %s.'), _('down')), 'success');
+        } elseif (isset($_POST['ifup_wlan0'])) {
+            // Pressed start button
+            $status->addMessage(sprintf(_('Interface is going %s.'), _('up')), 'warning');
+            setClientState("up");
+            $status->addMessage(sprintf(_('Interface is now %s.'), _('up')), 'success');
+            $switchedOn = true;
+        }
+    }
+        
     
     // ----------------------------- INFOS ABOUT THE ACCESS POINT -------------------------------------------------------------
     
@@ -112,36 +130,8 @@ function DisplayDashboard(&$extraFooterScripts)
     if ($interfaceState === 'UP') {
         $classMsgDevicestatus = 'success';
     }
-    if (!RASPI_MONITOR_ENABLED) {
-        if (isset($_POST['ifdown_wlan0'])) {
-            // Pressed stop button
-            if ($interfaceState === 'UP') {
-                $status->addMessage(sprintf(_('Interface is going %s.'), _('down')), 'warning');
-                setClientState("down");
-//                exec('sudo /usr/local/sbin/switchClientState.sh down');
-                $status->addMessage(sprintf(_('Interface is now %s.'), _('down')), 'success');
-            } elseif ($interfaceState === 'unknown') {
-                $status->addMessage(_('Interface state unknown.'), 'danger');
-            } else {
-                $status->addMessage(sprintf(_('Interface already %s.'), _('down')), 'warning');
-            }
-        } elseif (isset($_POST['ifup_wlan0'])) {
-            // Pressed start button
-            if ($interfaceState === 'DOWN') {
-                $status->addMessage(sprintf(_('Interface is going %s.'), _('up')), 'warning');
-                setClientState("up");
-//                exec('sudo /usr/local/sbin/switchClientState.sh up');
-                exec('sudo ip -s a f label ' . $raspi_client);
-                $status->addMessage(sprintf(_('Interface is now %s.'), _('up')), 'success');
-            } elseif ($interfaceState === 'unknown') {
-                $status->addMessage(_('Interface state unknown.'), 'danger');
-            } else {
-                $status->addMessage(sprintf(_('Interface already %s.'), _('up')), 'warning');
-            }
-        } else {
-            $status->addMessage(sprintf(_('Interface is %s.'), strtolower($interfaceState)), $classMsgDevicestatus);
-        }
-    }
+
+    if ($switchedOn) exec('sudo ip -s a f label ' . $raspi_client);
 
     // brought in from template
     $arrHostapdConf = parse_ini_file(RASPI_CONFIG.'/hostapd.ini');
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 246deefa..4c3b5b68 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -49,5 +49,4 @@ www-data ALL=(ALL) NOPASSWD:/usr/local/sbin/onoff_huawei_hilink.sh *
 www-data ALL=(ALL) NOPASSWD:/bin/sed -i * /etc/wvdial.conf
 www-data ALL=(ALL) NOPASSWD:/bin/sed -i * /etc/udev/rules.d/80-raspap-net-devices.rules
 www-data ALL=(ALL) NOPASSWD:/usr/bin/tee -a /etc/udev/rules.d/80-raspap-net-devices.rules
-
-
+www-data ALL=(ALL) NOPASSWD:/usr/local/sbin/switchClientState.sh *

From 3b64697b4af3a3b2c8f598bf6fef32130a4c7dd7 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Mon, 15 Mar 2021 14:03:34 +0100
Subject: [PATCH 128/300] Switch client on: wait for connection w/ timeout add
 new switchClientState.sh to be used in hilink service (calls the php
 getClients code)

---
 config/client_config/switchClientState.sh | 34 +++++++++++++++++++++++
 includes/get_clients.php                  | 10 +++++++
 2 files changed, 44 insertions(+)
 create mode 100644 config/client_config/switchClientState.sh

diff --git a/config/client_config/switchClientState.sh b/config/client_config/switchClientState.sh
new file mode 100644
index 00000000..544fe30a
--- /dev/null
+++ b/config/client_config/switchClientState.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+# start with "sudo"
+# parameters: up or on 
+#
+# switch client  state to UP
+# the actual code is in PHP
+
+# get webroot
+webroot=$(cat /etc/lighttpd/lighttpd.conf | sed -rn 's/server.document-root\s*=\s*\"(.*)\"\s*$/\1/p')
+if [ -z "$webroot" ] || [ ! -d "$webroot" ]; then
+  exit
+fi
+cd $webroot
+
+state=""
+if [ ! -z $1 ] && [[ $1 =~ ^(up|on|UP|ON)$ ]]; then
+  state="up"
+elif [ ! -z $1 ] && [[ $1 =~ ^(down|off|DOWN|OFF)$ ]]; then
+  state="down"
+fi
+
+[ -z "$state" ] && exit
+
+php << _EOF_
+<?php
+require_once("includes/config.php");
+require_once("includes/get_clients.php");
+
+ load_client_config();
+ setClientState("$state");
+?>
+_EOF_
+
+
diff --git a/includes/get_clients.php b/includes/get_clients.php
index b91633b9..f8a43c4a 100644
--- a/includes/get_clients.php
+++ b/includes/get_clients.php
@@ -190,6 +190,15 @@ function findCurrentClientIndex($clients) {
     return $devid;
 }
 
+function waitClientConnected($dev, $timeout=10) {
+    do {
+        exec('ifconfig -a | grep -i '.$dev.' -A 1 | grep -oP "(?<=inet )([0-9]{1,3}\.){3}[0-9]{1,3}"',$res);
+        $connected= !empty($res);
+        if(!$connected) sleep(1);
+    } while(!$connected && --$timeout > 0);
+    return $connected;
+}
+
 function setClientState($state) {
     $clients=getClients();
     if ( ($idx = findCurrentClientIndex($clients)) >= 0) {
@@ -218,6 +227,7 @@ function setClientState($state) {
             default:
                 break;
         }
+        if($state=="up") waitClientConnected($dev["name"],15);
     }
 }
 

From 8bccf1d07721380a9d2eda19395f0822c43e72c1 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Mon, 15 Mar 2021 18:07:14 +0100
Subject: [PATCH 129/300] Add modal message when start/stop client interface is
 pressed

---
 templates/dashboard.php | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/templates/dashboard.php b/templates/dashboard.php
index 77e462af..acadda95 100755
--- a/templates/dashboard.php
+++ b/templates/dashboard.php
@@ -135,15 +135,15 @@
         <div class="col-lg-12 mt-3">
           <div class="row">
             <form action="wlan0_info" method="POST">
-                <?php echo CSRFTokenFieldTag() ?>
+                <?php echo CSRFTokenFieldTag(); ?>
                 <?php if (!RASPI_MONITOR_ENABLED) : ?>
                     <?php if ($ifaceStatus == "down") : ?>
-                    <input type="submit" class="btn btn-success" value="<?php echo _("Start").' '.$type_name ?>" name="ifup_wlan0" />
+                    <input type="submit" class="btn btn-success" value="<?php echo _("Start").' '.$type_name ?>" name="ifup_wlan0" data-toggle="modal" data-target="#switchClientModal"/>
                     <?php else : ?>
-                    <input type="submit" class="btn btn-warning" value="<?php echo _("Stop").' '.$type_name ?>"  name="ifdown_wlan0" />
+                    <input type="submit" class="btn btn-warning" value="<?php echo _("Stop").' '.$type_name ?>"  name="ifdown_wlan0" data-toggle="modal" data-target="#switchClientModal"/>
                     <?php endif ?>
                 <?php endif ?>
-              <button type="button" onClick="window.location.reload();" class="btn btn-outline btn-primary"><i class="fas fa-sync-alt"></i> <?php echo _("Refresh") ?></a>
+              <button type="button" onClick="window.location.reload();" class="btn btn-outline btn-primary"><i class="fas fa-sync-alt"></i> <?php echo _("Refresh") ?></button>
             </form>
           </div>
         </div>
@@ -152,6 +152,21 @@
     </div><!-- /.card -->
   </div><!-- /.col-lg-12 -->
 </div><!-- /.row -->
+
+<!-- Modal -->
+<div class="modal fade" id="switchClientModal" tabindex="-1" role="dialog" aria-labelledby="ModalLabel" aria-hidden="true">
+  <div class="modal-dialog" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+        <div class="modal-title" id="ModalLabel">
+            <i class="fas fa-sync-alt mr-2"></i>
+            <?php if($ifaceStatus=="down") echo _("Waiting for the interface to start ... might take a moment"); else  echo _("Stop the Interface"); ?>
+        </div>
+        <button type="button" class="close" data-dismiss="modal" aria-label="Close"> <span aria-hidden="true">&times;</span>
+      </div>
+  </div>
+</div>
+
 <script type="text/javascript"<?php //echo ' nonce="'.$csp_page_nonce.'"'; ?>>
 // js translations:
 var t = new Array();

From f77fb660bfc128147b8127712fb9ac3ac9d59bb7 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Tue, 16 Mar 2021 19:11:40 +0100
Subject: [PATCH 130/300] Fix missing mobiledata.ini and some cleanup

---
 app/img/wifi-qr-code.php   | 10 +---------
 includes/functions.php     |  3 ---
 includes/get_clients.php   |  9 ++++-----
 includes/internetRoute.php |  1 -
 templates/networking.php   |  2 +-
 5 files changed, 6 insertions(+), 19 deletions(-)

diff --git a/app/img/wifi-qr-code.php b/app/img/wifi-qr-code.php
index 21092f82..57e6d238 100644
--- a/app/img/wifi-qr-code.php
+++ b/app/img/wifi-qr-code.php
@@ -21,14 +21,6 @@ $hostapd = parse_ini_file(RASPI_HOSTAPD_CONFIG, false, INI_SCANNER_RAW);
 $type = "WPA";
 $password = isset($hostapd['wpa_psk']) ? $hostapd['wpa_psk'] : $hostapd['wpa_passphrase'];
 
-// use wep if configured
-$wep_default_key = intval($hostapd['wep_default_key']);
-$wep_key = 'wep_key' . $wep_default_key;
-if (array_key_exists($wep_key, $hostapd)) {
-    $type = "WEP";
-    $password = $hostapd[$wep_key];
-}
-
 // if password is still empty, assume nopass
 if (empty($password)) {
     $type = "nopass";
@@ -54,5 +46,5 @@ header("Content-Length: $content_length");
 header("Last-Modified: $last_modified");
 header("ETag: \"$etag\"");
 header("X-QR-Code-Content: $data");
-echo shell_exec($command);
+echo $svg
 
diff --git a/includes/functions.php b/includes/functions.php
index 2a70712b..4d03fe8b 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -740,6 +740,3 @@ function preg_only_match($pat,$haystack) {
   }
   return $match;
 }
-
-?>
-
diff --git a/includes/get_clients.php b/includes/get_clients.php
index f8a43c4a..3f5bd3f2 100644
--- a/includes/get_clients.php
+++ b/includes/get_clients.php
@@ -214,11 +214,12 @@ function setClientState($state) {
                 preg_match("/^([0-9]{1,3}\.){3}/",$connected,$ipadd);
                 $ipadd = $ipadd[0].'1'; // ip address of the Hilink api
                 $mode = ($state == "up") ? 1 : 0;
-                if (file_exists(RASPI_CONFIG."/networking/mobiledata.ini")) {
-                    $dat = parse_ini_file(RASPI_CONFIG."/networking/mobiledata.ini");
+				$pin="";
+                if (file_exists(($f = RASPI_CONFIG."/networking/mobiledata.ini"))) {
+                    $dat = parse_ini_file($f);
                     $pin = (isset($dat["pin"]) && preg_match("/^[0-9]*$/",$dat["pin"])) ? $dat["pin"] : "";
-                    exec('sudo '.RASPI_CLIENT_SCRIPT_PATH.'/onoff_huawei_hilink.sh -c '.$mode.' -h '.$ipadd.' -p '.$pin);
                 }
+                exec('sudo '.RASPI_CLIENT_SCRIPT_PATH.'/onoff_huawei_hilink.sh -c '.$mode.' -h '.$ipadd.' -p '.$pin);
                 break;
             case "ppp":
                 if($state == "up") exec('sudo ifup '.$dev["name"]);
@@ -230,5 +231,3 @@ function setClientState($state) {
         if($state=="up") waitClientConnected($dev["name"],15);
     }
 }
-
-?>
diff --git a/includes/internetRoute.php b/includes/internetRoute.php
index 0143a099..67913197 100755
--- a/includes/internetRoute.php
+++ b/includes/internetRoute.php
@@ -41,5 +41,4 @@ function getRouteInfo($checkAccess)
     }
     return $rInfo;
 }
-?>
 
diff --git a/templates/networking.php b/templates/networking.php
index 6df5ba87..e925367b 100755
--- a/templates/networking.php
+++ b/templates/networking.php
@@ -81,7 +81,7 @@
 			  </div>
 			</div>
           </div>
-          <?php $arrMD = parse_ini_file('/etc/raspap/networking/mobiledata.ini');
+          <?php $arrMD = file_exists(($f = RASPI_CONFIG."/networking/mobiledata.ini")) ? parse_ini_file($f) : false;
                 if ($arrMD==false) { $arrMD=[]; $arrMD["pin"]=$arrMD["apn"]=$arrMD["apn_user"]=$arrMD["apn_pw"]=$arrMD["router_user"]=$arrMD["router_pw"]=""; }
           ?>
           <div role="tabpanel" class="tab-pane fade in" id="netdevices">

From f15533d25601ba43941c8c2f6a9d5af6ac1f6609 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Tue, 16 Mar 2021 21:45:26 +0100
Subject: [PATCH 131/300] Add feature install option to common.sh Add
 installers/install_feature_clients.sh

---
 installers/common.sh                  | 63 +++++++++++++++++++--------
 installers/install_feature_clients.sh | 40 +++++++++++++++++
 2 files changed, 85 insertions(+), 18 deletions(-)
 create mode 100644 installers/install_feature_clients.sh

diff --git a/installers/common.sh b/installers/common.sh
index 67f4dea0..95a70e03 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -51,11 +51,38 @@ function _install_raspap() {
     _configure_networking
     _prompt_install_adblock
     _prompt_install_openvpn
-    _install_client_config
+	_install_features
     _patch_system_files
     _install_complete
 }
 
+# search for optional installation files names install_feature_*.sh
+function _install_features() {
+        for feature in $(ls $webroot_dir/installers/install_feature_*.sh) ; do
+           source $feature
+           f=$(basename $feature)
+           func="_${f%.*}"
+           if declare -f -F $func > /dev/null; then
+				_install_log "Installing $func"
+				$func || _install_status 1 "Not able to install feature ($func)"
+			else
+				_install_status 1 "Install file $f is missing install function $func"
+           fi
+       done
+}
+
+function _install_features() {
+	path="$webroot_dir/installers"
+	foreach feature in $(ls "$path/install_feature*.sh"); do
+	    source $feature
+		f=$(basename $feature)
+		func="_${$f%.*}"
+		if declare -f -F $1 > /dev/null; then
+ 		    echo "Call $func"
+		fi
+	done
+}
+
 # Prompts user to set installation options
 function _config_installation() {
     if [ "$upgrade" == 1 ]; then
@@ -147,7 +174,7 @@ function _install_dependencies() {
     echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
     echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
     sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || _install_status 1 "Unable to install dependencies"
-    sudo apt-get install wvdial socat bc || _install_status 1 "Unable to install dependencies"
+#    sudo apt-get install wvdial socat bc || _install_status 1 "Unable to install dependencies"
     _install_status 0
 }
 
@@ -472,22 +499,22 @@ function _enable_raspap_daemon() {
     sudo systemctl enable raspapd.service || _install_status 1 "Failed to enable raspap.service"
 }
 
-function _install_client_config() {
-    _install_log "Install mobile client scripts and settings"
-    # Move scripts 
-    sudo cp "$webroot_dir/config/client_config/"*.sh "$raspap_client_scripts/" || _install_status 1 "Unable to move client scripts"
-    sudo chmod a+rx "$raspap_client_scripts/"*.sh  || _install_status 1 "Unable to chmod client scripts"
-    sudo cp "$webroot_dir/config/client_config/mcc-mnc-table.csv" "$raspap_client_scripts/" || _install_status 1 "Unable to move client data"
-    # wvdial settings
-    sudo cp "$webroot_dir/config/client_config/wvdial.conf" "/etc/" || _install_status 1 "Unable to install client configuration"
-    sudo cp "$webroot_dir/config/client_config/interfaces" "/etc/network/interfaces" || _install_status 1 "Unable to install interface settings"
-    # udev rules/services to auto start mobile data services
-    sudo cp "$webroot_dir/config/client_config/70-mobile-data-sticks.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules"
-    sudo cp "$webroot_dir/config/client_config/80-raspap-net-devices.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules"
-    sudo cp "$webroot_dir/config/client_config/"*.service "/etc/systemd/system/" || _install_status 1 "Unable to install client startup services"
-    # client configuration and udev rule templates
-    sudo cp "$webroot_dir/config/client_udev_prototypes.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration"
-}
+#function _install_client_config() {
+#    _install_log "Install mobile client scripts and settings"
+#    # Move scripts 
+#    sudo cp "$webroot_dir/config/client_config/"*.sh "$raspap_client_scripts/" || _install_status 1 "Unable to move client scripts"
+#    sudo chmod a+rx "$raspap_client_scripts/"*.sh  || _install_status 1 "Unable to chmod client scripts"
+#    sudo cp "$webroot_dir/config/client_config/mcc-mnc-table.csv" "$raspap_client_scripts/" || _install_status 1 "Unable to move client data"
+#    # wvdial settings
+#    sudo cp "$webroot_dir/config/client_config/wvdial.conf" "/etc/" || _install_status 1 "Unable to install client configuration"
+#    sudo cp "$webroot_dir/config/client_config/interfaces" "/etc/network/interfaces" || _install_status 1 "Unable to install interface settings"
+#    # udev rules/services to auto start mobile data services
+#    sudo cp "$webroot_dir/config/client_config/70-mobile-data-sticks.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules"
+#    sudo cp "$webroot_dir/config/client_config/80-raspap-net-devices.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules"
+#    sudo cp "$webroot_dir/config/client_config/"*.service "/etc/systemd/system/" || _install_status 1 "Unable to install client startup services"
+#    # client configuration and udev rule templates
+#    sudo cp "$webroot_dir/config/client_udev_prototypes.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration"
+#}
 
 # Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon
 function _configure_networking() {
diff --git a/installers/install_feature_clients.sh b/installers/install_feature_clients.sh
new file mode 100644
index 00000000..f9a0b674
--- /dev/null
+++ b/installers/install_feature_clients.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+#
+# RaspAP feature installation: handling of mobile data clients and client configuration
+# to be sources by the RaspAP installer script
+# Author: @zbchristian <christian@zeitnitz.eu>
+# Author URI: https://github.com/zbchristian/
+# License: GNU General Public License v3.0
+# License URI: https://github.com/raspap/raspap-webgui/blob/master/LICENSE
+
+# path for mobile modem scripts 
+readonly raspap_clients_scripts="/usr/local/sbin"
+#
+# table of mobile network operators - links the 5 digit operator code (from the modem) with a clear text operator name 
+readonly raspap_clients_operator_table="https://raw.githubusercontent.com/musalbas/mcc-mnc-table/master/mcc-mnc-table.csv"
+
+function _install_feature_clients() {
+    name="feature clients"
+
+    _install_log "Install $name"
+
+    _install_log " - required packages for mobile data clients"
+    sudo apt-get install wvdial socat bc || _install_status 1 "Unable to install dependencies for $name"
+
+    _install_log " - copy configuration files and scripts"
+    # Move scripts 
+    sudo cp "$webroot_dir/config/client_config/"*.sh "$raspap_clients_scripts/" || _install_status 1 "Unable to move client scripts ($name)"
+    sudo chmod a+rx "$raspap_clients_scripts/"*.sh  || _install_status 1 "Unable to chmod client scripts ($name)"
+	#    wget $raspap_clients_operator_table -o "$raspap_clients_scripts/"mcc-mnc-table.csv || _install_status 1 "Unable to wget operator table ($name)"
+	sudo cp "$webroot_dir/config/client_config/mcc-mnc-table.csv" "$raspap_clients_scripts/" || _install_status 1 "Unable to move client data ($name)"
+    # wvdial settings
+    sudo cp "$webroot_dir/config/client_config/wvdial.conf" "/etc/" || _install_status 1 "Unable to install client configuration ($name)"
+    sudo cp "$webroot_dir/config/client_config/interfaces" "/etc/network/interfaces" || _install_status 1 "Unable to install interface settings ($name)"
+    # udev rules/services to auto start mobile data services
+    sudo cp "$webroot_dir/config/client_config/70-mobile-data-sticks.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules ($name)"
+    sudo cp "$webroot_dir/config/client_config/80-raspap-net-devices.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules ($name)"
+    sudo cp "$webroot_dir/config/client_config/"*.service "/etc/systemd/system/" || _install_status 1 "Unable to install client startup services ($name)"
+    # client configuration and udev rule templates
+    sudo cp "$webroot_dir/config/client_udev_prototypes.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration ($name)"
+    _install_status 0
+}

From a34485225f07fc1c98865219c04f2457dd76a244 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Tue, 16 Mar 2021 21:50:44 +0100
Subject: [PATCH 132/300] Fix install_feature function

---
 installers/common.sh | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index 95a70e03..24f19dbe 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -71,18 +71,6 @@ function _install_features() {
        done
 }
 
-function _install_features() {
-	path="$webroot_dir/installers"
-	foreach feature in $(ls "$path/install_feature*.sh"); do
-	    source $feature
-		f=$(basename $feature)
-		func="_${$f%.*}"
-		if declare -f -F $1 > /dev/null; then
- 		    echo "Call $func"
-		fi
-	done
-}
-
 # Prompts user to set installation options
 function _config_installation() {
     if [ "$upgrade" == 1 ]; then

From fd487a9824954a28998468af7028467adf12da65 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Tue, 16 Mar 2021 22:04:40 +0100
Subject: [PATCH 133/300] Fix line break to Unix

---
 installers/common.sh                  | 12 ++--
 installers/install_feature_clients.sh | 80 +++++++++++++--------------
 2 files changed, 46 insertions(+), 46 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index 24f19dbe..5ae8c906 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -26,7 +26,7 @@ readonly raspap_adblock="/etc/dnsmasq.d/090_adblock.conf"
 readonly raspap_sysctl="/etc/sysctl.d/90_raspap.conf"
 readonly raspap_network="$raspap_dir/networking/"
 readonly rulesv4="/etc/iptables/rules.v4"
-readonly raspap_client_scripts="/usr/local/sbin"
+# readonly raspap_client_scripts="/usr/local/sbin"
 readonly notracking_url="https://raw.githubusercontent.com/notracking/hosts-blocklists/master/"
 webroot_dir="/var/www/html"
 git_source_url="https://github.com/$repo"  # $repo from install.raspap.com
@@ -51,7 +51,7 @@ function _install_raspap() {
     _configure_networking
     _prompt_install_adblock
     _prompt_install_openvpn
-	_install_features
+    _install_features
     _patch_system_files
     _install_complete
 }
@@ -63,10 +63,10 @@ function _install_features() {
            f=$(basename $feature)
            func="_${f%.*}"
            if declare -f -F $func > /dev/null; then
-				_install_log "Installing $func"
-				$func || _install_status 1 "Not able to install feature ($func)"
-			else
-				_install_status 1 "Install file $f is missing install function $func"
+                _install_log "Installing $func"
+                $func || _install_status 1 "Not able to install feature ($func)"
+            else
+                _install_status 1 "Install file $f is missing install function $func"
            fi
        done
 }
diff --git a/installers/install_feature_clients.sh b/installers/install_feature_clients.sh
index f9a0b674..fa5f5852 100644
--- a/installers/install_feature_clients.sh
+++ b/installers/install_feature_clients.sh
@@ -1,40 +1,40 @@
-#!/bin/bash
-#
-# RaspAP feature installation: handling of mobile data clients and client configuration
-# to be sources by the RaspAP installer script
-# Author: @zbchristian <christian@zeitnitz.eu>
-# Author URI: https://github.com/zbchristian/
-# License: GNU General Public License v3.0
-# License URI: https://github.com/raspap/raspap-webgui/blob/master/LICENSE
-
-# path for mobile modem scripts 
-readonly raspap_clients_scripts="/usr/local/sbin"
-#
-# table of mobile network operators - links the 5 digit operator code (from the modem) with a clear text operator name 
-readonly raspap_clients_operator_table="https://raw.githubusercontent.com/musalbas/mcc-mnc-table/master/mcc-mnc-table.csv"
-
-function _install_feature_clients() {
-    name="feature clients"
-
-    _install_log "Install $name"
-
-    _install_log " - required packages for mobile data clients"
-    sudo apt-get install wvdial socat bc || _install_status 1 "Unable to install dependencies for $name"
-
-    _install_log " - copy configuration files and scripts"
-    # Move scripts 
-    sudo cp "$webroot_dir/config/client_config/"*.sh "$raspap_clients_scripts/" || _install_status 1 "Unable to move client scripts ($name)"
-    sudo chmod a+rx "$raspap_clients_scripts/"*.sh  || _install_status 1 "Unable to chmod client scripts ($name)"
-	#    wget $raspap_clients_operator_table -o "$raspap_clients_scripts/"mcc-mnc-table.csv || _install_status 1 "Unable to wget operator table ($name)"
-	sudo cp "$webroot_dir/config/client_config/mcc-mnc-table.csv" "$raspap_clients_scripts/" || _install_status 1 "Unable to move client data ($name)"
-    # wvdial settings
-    sudo cp "$webroot_dir/config/client_config/wvdial.conf" "/etc/" || _install_status 1 "Unable to install client configuration ($name)"
-    sudo cp "$webroot_dir/config/client_config/interfaces" "/etc/network/interfaces" || _install_status 1 "Unable to install interface settings ($name)"
-    # udev rules/services to auto start mobile data services
-    sudo cp "$webroot_dir/config/client_config/70-mobile-data-sticks.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules ($name)"
-    sudo cp "$webroot_dir/config/client_config/80-raspap-net-devices.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules ($name)"
-    sudo cp "$webroot_dir/config/client_config/"*.service "/etc/systemd/system/" || _install_status 1 "Unable to install client startup services ($name)"
-    # client configuration and udev rule templates
-    sudo cp "$webroot_dir/config/client_udev_prototypes.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration ($name)"
-    _install_status 0
-}
+#!/bin/bash
+#
+# RaspAP feature installation: handling of mobile data clients and client configuration
+# to be sources by the RaspAP installer script
+# Author: @zbchristian <christian@zeitnitz.eu>
+# Author URI: https://github.com/zbchristian/
+# License: GNU General Public License v3.0
+# License URI: https://github.com/raspap/raspap-webgui/blob/master/LICENSE
+
+# path for mobile modem scripts 
+readonly raspap_clients_scripts="/usr/local/sbin"
+#
+# table of mobile network operators - links the 5 digit operator code (from the modem) with a clear text operator name 
+readonly raspap_clients_operator_table="https://raw.githubusercontent.com/musalbas/mcc-mnc-table/master/mcc-mnc-table.csv"
+
+function _install_feature_clients() {
+    name="feature clients"
+
+    _install_log "Install $name"
+
+    _install_log " - required packages for mobile data clients"
+    sudo apt-get install wvdial socat bc || _install_status 1 "Unable to install dependencies for $name"
+
+    _install_log " - copy configuration files and scripts"
+    # Move scripts 
+    sudo cp "$webroot_dir/config/client_config/"*.sh "$raspap_clients_scripts/" || _install_status 1 "Unable to move client scripts ($name)"
+    sudo chmod a+rx "$raspap_clients_scripts/"*.sh  || _install_status 1 "Unable to chmod client scripts ($name)"
+    #    wget $raspap_clients_operator_table -o "$raspap_clients_scripts/"mcc-mnc-table.csv || _install_status 1 "Unable to wget operator table ($name)"
+    sudo cp "$webroot_dir/config/client_config/mcc-mnc-table.csv" "$raspap_clients_scripts/" || _install_status 1 "Unable to move client data ($name)"
+    # wvdial settings
+    sudo cp "$webroot_dir/config/client_config/wvdial.conf" "/etc/" || _install_status 1 "Unable to install client configuration ($name)"
+    sudo cp "$webroot_dir/config/client_config/interfaces" "/etc/network/interfaces" || _install_status 1 "Unable to install interface settings ($name)"
+    # udev rules/services to auto start mobile data services
+    sudo cp "$webroot_dir/config/client_config/70-mobile-data-sticks.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules ($name)"
+    sudo cp "$webroot_dir/config/client_config/80-raspap-net-devices.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules ($name)"
+    sudo cp "$webroot_dir/config/client_config/"*.service "/etc/systemd/system/" || _install_status 1 "Unable to install client startup services ($name)"
+    # client configuration and udev rule templates
+    sudo cp "$webroot_dir/config/client_udev_prototypes.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration ($name)"
+    _install_status 0
+}

From 159e3674e5043c4d741aa9db420f3044aa108f2e Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Tue, 16 Mar 2021 22:31:00 +0100
Subject: [PATCH 134/300] cleanup common.sh typo in wifi-qr-code.php corrected

---
 app/img/wifi-qr-code.php |  3 ++-
 installers/common.sh     | 19 -------------------
 2 files changed, 2 insertions(+), 20 deletions(-)

diff --git a/app/img/wifi-qr-code.php b/app/img/wifi-qr-code.php
index 57e6d238..0e174bc2 100644
--- a/app/img/wifi-qr-code.php
+++ b/app/img/wifi-qr-code.php
@@ -44,7 +44,8 @@ $content_length = strlen($svg);
 header("Content-Type: image/svg+xml");
 header("Content-Length: $content_length");
 header("Last-Modified: $last_modified");
+header("Content-Disposition: attachment; filename=\"qr.svg\"");
 header("ETag: \"$etag\"");
 header("X-QR-Code-Content: $data");
-echo $svg
+echo $svg;
 
diff --git a/installers/common.sh b/installers/common.sh
index 5ae8c906..dd44ee90 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -26,7 +26,6 @@ readonly raspap_adblock="/etc/dnsmasq.d/090_adblock.conf"
 readonly raspap_sysctl="/etc/sysctl.d/90_raspap.conf"
 readonly raspap_network="$raspap_dir/networking/"
 readonly rulesv4="/etc/iptables/rules.v4"
-# readonly raspap_client_scripts="/usr/local/sbin"
 readonly notracking_url="https://raw.githubusercontent.com/notracking/hosts-blocklists/master/"
 webroot_dir="/var/www/html"
 git_source_url="https://github.com/$repo"  # $repo from install.raspap.com
@@ -162,7 +161,6 @@ function _install_dependencies() {
     echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
     echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
     sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || _install_status 1 "Unable to install dependencies"
-#    sudo apt-get install wvdial socat bc || _install_status 1 "Unable to install dependencies"
     _install_status 0
 }
 
@@ -487,23 +485,6 @@ function _enable_raspap_daemon() {
     sudo systemctl enable raspapd.service || _install_status 1 "Failed to enable raspap.service"
 }
 
-#function _install_client_config() {
-#    _install_log "Install mobile client scripts and settings"
-#    # Move scripts 
-#    sudo cp "$webroot_dir/config/client_config/"*.sh "$raspap_client_scripts/" || _install_status 1 "Unable to move client scripts"
-#    sudo chmod a+rx "$raspap_client_scripts/"*.sh  || _install_status 1 "Unable to chmod client scripts"
-#    sudo cp "$webroot_dir/config/client_config/mcc-mnc-table.csv" "$raspap_client_scripts/" || _install_status 1 "Unable to move client data"
-#    # wvdial settings
-#    sudo cp "$webroot_dir/config/client_config/wvdial.conf" "/etc/" || _install_status 1 "Unable to install client configuration"
-#    sudo cp "$webroot_dir/config/client_config/interfaces" "/etc/network/interfaces" || _install_status 1 "Unable to install interface settings"
-#    # udev rules/services to auto start mobile data services
-#    sudo cp "$webroot_dir/config/client_config/70-mobile-data-sticks.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules"
-#    sudo cp "$webroot_dir/config/client_config/80-raspap-net-devices.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules"
-#    sudo cp "$webroot_dir/config/client_config/"*.service "/etc/systemd/system/" || _install_status 1 "Unable to install client startup services"
-#    # client configuration and udev rule templates
-#    sudo cp "$webroot_dir/config/client_udev_prototypes.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration"
-#}
-
 # Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon
 function _configure_networking() {
     _install_log "Configuring networking"

From 3c83dde059c017059246f900f93cba3c9da2fdb9 Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Thu, 18 Mar 2021 08:35:25 +0100
Subject: [PATCH 135/300] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6a974b35..df67af3e 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-![](https://i.imgur.com/DpgvLIO.png)
+![](https://i.imgur.com/TCJKWT4.png)
 [![Release 2.7.2](https://img.shields.io/badge/release-v2.7.2-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.

From ac16d67609c5b3bd9603a529acb94e16fd570e98 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Thu, 18 Mar 2021 18:20:52 +0100
Subject: [PATCH 136/300] Handling of USB tethering (Android phone) improved

---
 config/client_udev_prototypes.json | 18 +++++++++++++-----
 includes/dashboard.php             |  1 +
 includes/get_clients.php           |  2 ++
 3 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/config/client_udev_prototypes.json b/config/client_udev_prototypes.json
index d0ec6e00..9cbf32a8 100644
--- a/config/client_udev_prototypes.json
+++ b/config/client_udev_prototypes.json
@@ -11,10 +11,18 @@
      "name_prefix": "eth",
      "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$MAC$\", NAME=\"$DEVNAME$\" "
     },
+    {
+     "type": "usb", 
+     "type_info": "usb network interface", 
+     "clientid": 1,
+     "comment": "network interface - e.g. USB tethering of an Android phone ",
+     "name_prefix": "usb",
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\" "
+    },
     {
      "type": "wlan", 
      "type_info": "wireless adapter", 
-     "clientid": 1,
+     "clientid": 2,
      "comment": "standard wireless interface",
      "name_prefix": "wlan",
      "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$MAC$\", NAME=\"$DEVNAME$\" "
@@ -22,7 +30,7 @@
     {
      "type": "ppp", 
      "type_info": "mobile data modem", 
-     "clientid": 2,
+     "clientid": 3,
      "name_prefix": "ppp",
      "comment": "recognized mobile data modems are automatically named as ppp0-9. Renaming is not possible. Dialin service relies on the name",
      "udev_rule": "SUBSYSTEM==\"tty\", KERNEL==\"ttyUSB0\", TAG+=\"systemd\", ENV{SYSTEMD_WANTS}=\"start start_ppp0_device.service\" "
@@ -30,7 +38,7 @@
     {
      "type": "hilink",
      "type_info": "Huawei Hilink",
-     "clientid": 3,
+     "clientid": 4,
      "comment": "Huawei mobile data device in router mode. Control via HTTP",
      "name_prefix": "hilink",
      "default_ip": "192.168.8.1",
@@ -39,10 +47,10 @@
     {
      "type": "phone", 
      "type_info": "USB tethered phone", 
-     "clientid": 4,
+     "clientid": 5,
      "comment": "ethernet access provided by tethering from phone via USB",
      "name_prefix": "phone",
-     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$MAC$\", NAME=\"$DEVNAME$\" "
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\" "
     }
   ]
 }
diff --git a/includes/dashboard.php b/includes/dashboard.php
index 39934239..0fd6a8a1 100755
--- a/includes/dashboard.php
+++ b/includes/dashboard.php
@@ -154,6 +154,7 @@ function DisplayDashboard(&$extraFooterScripts)
     $ifaceStatus = $clientinfo["connected"]=="y" ? "up" : "down";
     switch($clientinfo["type"]) {
         case "eth":
+        case "usb":
             $client_title = "Client: Ethernet cable";
             $type_name = "Ethernet";
             break;
diff --git a/includes/get_clients.php b/includes/get_clients.php
index 3f5bd3f2..05edff6d 100644
--- a/includes/get_clients.php
+++ b/includes/get_clients.php
@@ -137,6 +137,8 @@ function getClients($simple=true) {
               $cl["device"][$i]["operator"] = $res[0];
               break;
            case "phone":
+           case "usb":
+              $cl["device"][$i]["connected"] = "y";
               break;
            default:
         }

From 68ec5f7db5822bf2d0ae60a170861cc5f2d43896 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sat, 20 Mar 2021 10:24:19 +0100
Subject: [PATCH 137/300] Fix name of internal wlan interface

---
 includes/get_clients.php | 3 +++
 templates/networking.php | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/includes/get_clients.php b/includes/get_clients.php
index 05edff6d..1b3e124a 100644
--- a/includes/get_clients.php
+++ b/includes/get_clients.php
@@ -32,6 +32,9 @@ function getClients($simple=true) {
           if(empty($model) || preg_match("/^[0-9a-f]{4}$/",$model) === 1) {
              $model = preg_only_match("/ID_MODEL_FROM_DATABASE=(.*)$/",$udevinfo);
           }
+          if(empty($model)) {
+             $model = preg_only_match("/ID_OUI_FROM_DATABASE=(.*)$/",$udevinfo);
+          }
           $vendor = preg_only_match("/ID_VENDOR_ENC=(.*)$/",$udevinfo);
           if(empty($vendor) || preg_match("/^[0-9a-f]{4}$/",$vendor) === 1) {
              $vendor = preg_only_match("/ID_VENDOR_FROM_DATABASE=(.*)$/",$udevinfo);
diff --git a/templates/networking.php b/templates/networking.php
index e925367b..0bcf5c54 100755
--- a/templates/networking.php
+++ b/templates/networking.php
@@ -119,7 +119,8 @@
                                    if(isset($dev["isAP"]) && $dev["isAP"]) $ty="Access Point";
                                    echo "<td>".$ty."</td>\n";
                                    echo "<td>".$dev["mac"]."</td>\n";
-                                   echo "<td>".$dev["vid"]."/".$dev["pid"]."</td>\n";
+                                   if(isset($dev["vid"]) && !empty($dev["vid"])) echo "<td>".$dev["vid"]."/".$dev["pid"]."</td>\n";
+                                   else echo "<td> - </td>\n";
                                    $udevfile=$_SESSION["udevrules"]["udev_rules_file"];
                                    $isStatic=array();
                                    exec('find /etc/udev/rules.d/  -type f \( -iname "*.rules" ! -iname "'.basename($udevfile).'" \) -exec grep -i '.$dev["mac"].' {} \; ',$isStatic);

From 1b47fcf2a96dfcf6f3a0c57a88f30580331d3ae0 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 20 Mar 2021 14:58:06 +0000
Subject: [PATCH 138/300] Update it_IT locale, thx Ioma Taani

---
 locale/en_US/LC_MESSAGES/messages.mo | Bin 21077 -> 21775 bytes
 locale/it_IT/LC_MESSAGES/messages.mo | Bin 18771 -> 23425 bytes
 locale/it_IT/LC_MESSAGES/messages.po | 136 ++++++++++++++++++++++++++-
 3 files changed, 134 insertions(+), 2 deletions(-)

diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index fd81791e6c75dcabb201ea6f86cf88f95198c69e..d9fec98abcf58d48890136d8e32d629fd951ac0e 100644
GIT binary patch
literal 21775
zcmeI3eViOcna3LffrNxWcnj|h1hRqbW<z)hNeCpn30cT)mh2|s@HF<!^zJs9=^mzM
zcC#SHi}(Vby!lG-H7Y2+g5oLoisAu>9OoMxDsqbFTU1m~PE_vutE!%vO|p9G=l<K#
zXTM$5-BnLL_0&^UUEztD`@G5H*SeSI9RshP;(0f6y>q5=J+J*p&uf7TU<@yX2f_#7
zH24_YAN~*?0e=D4z{y8>-dflPRn&Xn0q~RXXm~H21fPJ1!S6%8{~X*89>hb3!&y+}
z&xZ%YMNs8j2oHrDp!C@c_5Ky`Sa=iU|K7(OAA&0H$58Ej0aBHB3<>dUsB+dpl@q{y
z;i${s3TKeM4obgwK(*^um;Y(lL;3+IeP^MBcmkXZPldAA0;u<wK~(ToLFtu)nBE(O
zQ{gM2+IbyRz1!i7;O$U)O+L<Y8kF8MVFjK5Wv4en)psjYeIIw}d*D3M_rrtWvv3uh
ze7v<wH&nfsLD_d0s-Ip5rPuXP^>26g-vy=jUGDzpq5AVdD7~MASHq{F>`?RV{g=Uo
zq;G<_jQ16IGJF!sZj(>IhHwTv6}CXxsSnETmqF=$6{HE?m!aPKflKd%KIsEawDy<>
z)vwE-?6m=^ogthKFNX`@R_N{Jd3V4Xmv^3oz?Rvbw-J6DE`|$Hb`y-@CGcUm2+ldh
z@}*FAzZuF7?}qA^JD}|TB`CeW0j0-pp!9nIs+~v7@jOiCwLv}C11G~0l)bBPANX>p
z=U?gax4ZOvq3m=IlwBT%K717J2cLr~PlH?iwI5Xf9t-6+EskeGRPt6p=@U6#<M;t6
zyFK92&qMk3(Q~cdXG6Ne+W@8a7O48RLG{C1q5SMNsCIk?%1&R0vfB^gA@EtaKb(Ry
zP=z-Ws;id3Dexsw_lKa$xg4sT*TSiAJ5)Q~2i3lZp!EDtI2Aq%)i2&@_Pv9l>OToe
z&xP;+xWcgq%5N`)dcW%Ow?f(Vbx?M`2}+;sP|w`~RsUz8;?4t5dOrpA{Li6jFO*%T
zFj&RopwR=$Usu3suotQwFNXZz8|9D6xfQD3k3jjseNf~0F(^I01LZ$If@<eZsCxbY
z4}b@^+WW^s>31UZ;b~Cit$}LiCaCfTp!B;O%8svq(&I+BFTB~^e<##?AAxG;T`v8A
zOFsgo&r^=ixcq(EtUj}#`u|us9j<~)VLz0fH$wIMc6a|n5ZCeUcKJ`i14;iDO22*Q
z+xAR{YKIS1|7lS6Spwz1=R=jBgVW$<sCu?Q>2WQTAHEgNfID3NosM6Cvg^Z8?S35U
z`CmYl^Bhz;Q`@Z`v!LoZ398<9D80{d`Kuk*L+PD^D!&Aog1k}3H$%1a<4|_L2de+>
zg&K$7g!1E`x%_<>*m`C`={Luv7r-vk=fePA3%lV?cmZ5|y63Hg+u$mAKkS1u7TWgZ
z9c%Cq@?Qhho?GAycsnGtdUwNv;rF2Q{S{REo`dqwNoUynSx|O49%>x5K&tdQpyKE-
zRJqqd+2tMZ5O_P(c=;Su{CFI$g@1JE?lbK;Dm%U%s+<R*`sZ;dd;S>8Kc0rF?^(y`
zXW9Idq3m}mJQtn;^<KsC3b;4vZSc&!JnvPoh4ejV+jZ7cQ1<C#Qjs6zpxT>2)wcz%
zfj2<u|6Mo}ww`0#dp=Y<*FcT?A$S-pLcPBYN}uiUaJU1i{7*yK|6VA&eFGi}pM=uq
zS*Z8-VG?91;vEB3&tk_7P~}yi{O}rh6ui~(i%{i!2dbQ(LB)qjOKkoWD0|O>(ys-o
zUF|Nv1NM;agVJ}0;|HPq<r7f$x(Dk0`{B{>5h%TOLiNief`<HRI#fGnLDf4Oz6hQH
zrPmFPZ-&zQZLk7A2xX_^=v>v;4prZ|F1-@YBfSnD1h+zsiyPoE@KLCGpMkQkx6Jm_
zVNiM<3041WsQafv>3yEN-v!m5{ZM*e2Cs%!K-u91cYpGEcAa$$Jd*rgc(R^{vfmAG
z7Q7jr3h#un(|4il{tT4f`<?IBAyDs?TzVM#q~8Q(k55AN>-|vndJ?Lgzl0h;&%*_9
z%5whT_e)@n%cU#qI_pljk#yK$*IA#1n@B$gFM*eI+V#~Pjz5L6`$;RU9ZrMNV+oYq
zyWw&0B~W@?1*P9LQ0;s-JRW`u>bb|D?Dsn;d;baU1NX-WdVV@o{%n_SgR;{~D7#z&
zeHcLLwGB>&*FyEzjZpo28<gMN>G*kg3h9TS^!bhBAs5*6LMXfSx%8``{Q7-RdVdj~
z0H1`?Z|~K%zG+bXa3Yi+Er4prDkwX>7|MSVsQ9=Q?hoGpTj1N^iSRzCa(@i>hrfm@
z=Xt1dW_H<j&4y~ne5m$qfYLMX?r(+amusQky9KKL4@2qsS*U(`$nh~KzkLeIZhvz5
zQ!cc2Jq+$g{xMMc%!X6p5~%uD!J}Xwl-@Da^CQr-7s@VgaC|>BdO-Q>Lr~>B4%Lny
z!Fh1fMYf!FsCpMc`N3MKc$<S$;Q*BXTn^RFVW|3E4G(~~K;6F$O1}?5AKnF3-nZan
z_!Fq|o`%xzc_=$hU1Rk)8tzN_B&hpyq25~r)z0%=y3eIAh0-T>e7VcN4oaULum#=*
zWrs%~A<ugPO3$OaZU4=Nx_=g&3p-tY45h~_pzM7;RD0e6)sEYt>c0!BzWbp3_d%%g
zcfx7#Stvi*yT{gZD4at2M5y=Yx%{P$7s3O`zXYn?1*qq@K$Wu%PKR%V(qjiyJs*au
z_ilI~{F2N6n&bDNp5F;o{_mjT_@uR#K2$r;g|hofsP?Xb8uy!^{J7@wuZIVc-T|fG
z9WH$j>>~Xj4B(-?cAYg0FChJ8NJ#RgU2Nm>I@m}0W~lc4-0=md_8+{?)^jqPLHZ0h
z8+JlHA3^DRB~<&iLHXzFUH%RzyL<p@9Nh^|hhK$?qpDox&VsT_3sk*lK#iBxQ1PPx
zX_EIEmwpt^BmH~FIsLYreyIK_K-seb<sVl-)wk90EiV6~Q1<%-WGeMO2ld_`9QRpo
z*ICoxUgV#KoQ(`4S0X&-U4yJbnCiR`IYbZglfL_K{brLQ_Cd8pzwaYk%$3#eH||<<
z)$Q&&!!eX0o9VX$d6l_h@9Fp+sIhyXt5?~w`9fXrTaN5BSN6}{pn#l!Y(~_7C-Cks
z;Z4Y|kz<kPk;jpLM;=6Em!BfpPkyjB@+9(p<UbJk^l6m!O?WUo3o-<~`;bGCS0m>j
z`c3BkHmLD)xia|8vGBeGH@fRzK>6BYB#&slq2KS3lPTjwB>UyK_%8B#m+^I&BCkcR
zK>itd1(N-K!o`=7{VC&*@a4#7kar=+lJ_~d8qrVwcyv=;FCwk6_ANv|`QxeF-w(N-
z>x1C6y20-b<lE-T{<#Xg200U9D0n9!|B4)f{1$l@Aw-xl1-uRV!|xHq#1HreWD0fM
z1NA$cYdPtuU=;ZQqBYOw5ygs|ks)Lz&s+xIf*jBFKf!k+Hz4}`57I(@_PdjduOPF@
zy9my3H-6<P{F}SJ7~bfv2jOwN^HO*ie3Q$68Qkiw_a%QW*GIXua6hsV`4Dmd_kCm%
zqTe#)P_BPwQtVe?6*-c;?V`(Xfqz1-My7FZs(b$l(*KR<_b~EC<N~CGd==?H<|F#O
z*TQ=mz8JX>ImMN8tGg#$imYi$&vMTk;kbZ%2{M=Tz3>yr6eRl{<({jMaSQSf*$p_)
z-K)90*TIvKMaa*Q6^MS*k+QjBjR6lwd?Y~h`<R7y9sC~h0y2ZL&w%R@{l0@lNT(9~
z+K{&*dpjK-Ql|SI55Iv-LT0+WQydS1Z$oq@@Bui2+=aXnITz9I84L6GDR=!v_+jK9
zkxwK4f}D>mMV24~h<-)nQRFz}?Z_XH?Dsw{K7zc&WqcHV5a~sxqt7Q@euk6CdyK@#
zUB(0Oo$mSz@U!kZhVMXrh#ZF8hGf70;-Vedi?Y53=fFPr9HQS57T%}CrMYEYy~Aht
z;g+COE{2Pj&d)9L+uO|l{9I5NO44duJ}G%i(`qG&2bc9ERXycW{>GKPevr?HY3i4g
zD6Xb{P%ei-#Sc<{&f0Pq&uR151!;MCuU|;Q)Q^*@pRZLaVO%Ya`f06PPAcRiaUABW
zQ9S5Z6P4-le0Pxdmlp~Z%J!D$l3LXj<SpmP;h-AUFML(Bp|{7+7b6O8<lD50ABYBP
zm7p3W@p*p#P?Y*3QL*S#b~T{>>QLw>lrdb6TirWpSQ(D;VOv(1bPJkFO5)v%Sej1?
z;j*y>EuC*N{jueRe&_0rUcVRyX-Mk|{)%Ff-%K4`2jyy5@w<An#`}F?Ri@E%1&NQ+
z)hORogvqUy>69=i`JFv|rn<1Ad~3f#DT@7akftL^rQp}f1?;E7hJ!fYbisRBUBzND
z5*E;ddW&cj^M)z956h_Na#=lCf4*7`OXaK!ty%lmuJe}fA%A032`{Jx6%^RR-JztK
zmJ@n$5BHpHce|IA{XJDi_V{&ibG)j!Rj;XrbHte2IFGk{OtR7Z6+s&1J@dCIGYoJ&
zpJ9Q?f}*z~s^Wv8XF9tWrPZcKD^Xz(bL00VoXA@-HtplFVI1U&VWG`ml~nxIjLSGE
zg?<pLkLFQQ=#M6~ieF)*gq1lAMAzqoIB`esdVft46wF0G9p!bX<BML$P!JD>42iH5
znnY|elO&~RKPRs=ik2(Ma8#h%JBHjnMFtd>Un|>;Jin_myIPYBW|t};yRQ3-eL>@}
zIz&xnhGCSi6^R@}IL1g&3H|Qn9W=r?u%8cNKPZj_qp6=mGn|tSp?ZznRCZvzxMyi?
z5%s-}q?n*s^Vm=8$uKpqmVzyt;#z4F{z{K4Jow1~Zb7<?r7??N2nT{%v1$y><58(r
zQg58z-hOtQ-!<UN>qmXMq<x+#vi>~dBMMWrvB3>xJ41yOqlCg8IsJ)lr%6%j*5Ybq
z)bCLDX9>j)zf{9hXmzd_#G6%9btLigm?@x)3dPxY+HfY9!SD=*gQzIC*(F3a1v1)<
zuVC&%l$MLZC|c!0#y*NuZ&GS<0tIiH7sW&j6Te(2FxS=*8cGm_JVm1H859}yI`!9Q
z6buXyz=D$6OlCTiOB4<|1Nxzs27_VKB?BUks!2uBvD0<N1#~{npfuVrqZm!qZ}e+o
zjfLx~Eu#z^%w*zsjGHjoVM2IT<}m(1;({Fy2l1#sG89$Av>fC^zr`RmRu6LNT;m3E
zI@RTC1h%0>F=SL*>|*FF_s`5kxV8*S2iM|4605)n^MwBDuvjeN_lyndF<spmrKUIS
zOhb<m(Ubfpx@%LA-|XfZ-ZxKSPur!9AZVtJTIzMiX(>oAAL|C$w7|4%X7qttQC;R9
z#pk7Fr54AgCmPxHti(K#X%%V0FjJL0EXPb&@EKp>7OfVd;ZSZsArT3(2k?v<a}}*m
zN<pMI>cOWNVC!to>P$xBqC(k96A$eyIG|CXY2C!y0eUXGy^2_o!!~k@K09x&H3L0+
zpk7Uy<v4Gu-^lWd$>5-x?kX;a#65TIqM%FRAB0aEPmDkErq$C85(aKG992i#viFVd
zE&xRX3grGs5N9hM>CQsUDCBEQRl>__EL~DOmz7o_CGrpqw0<!DnV>+$AC4;3T2S-{
zgG!DOrIlTqzalfL9rJ^M9;IUjDvb0JaV}yNIFBVA3Wf|-bww57k(Akmt}`_RH6nu+
zAy{`b>zaA2zruh==b5&bqAPey^OI&YO?;;R1HWK`01gq++jW!Cd4I_O(O{eqs5C_F
zcuLK3mEoFa4&ja*G%bhuh~ZPf7wq(4d)=<Jd`(7wU9D+I6J&L4ULm5ZHxvPEU#9gj
zM2#kJ%EOB_d3bTu8GW=qi@3FLP)rj79fd{oVq@i|MWHR13Ea%@u9m+-WkLdmYMKzK
zg#l(&F4}pgK1}vlE)8T5YcjyrS?}%^M8<nHjPsSzGK*>#<q4{J)}>}?82DA<M_9yC
z)sZlav%P`5gr$;MrDI18tv&k&s{O6yn=z)6$5ULR)CN|!0La$ve|ET{QR79oY8>xH
z1ubJ7MZEsevZ7Q$qqecySB}|9WwVpFa!Z)68S6RckxQ_SP;9MKxm{*C?N=ifaH|+u
zm=BfAJ-=Xs^q73sw!3HB;7XOv+k~dq-2D*-R%3=|9ZC%FR+(rN=SRKOtPsr~zpt;W
zQ{yjJAyVfF-`?tMzBE_Md$~P!LeT>*JDX6Hr9og`(Z#rv!fLl?SWS##&a$X`pj&4&
z8QClYvdxiM3)B-aF;$_B9&(Fbvxu0Vj;8bT%tYz@IIMbI<2>eO%W>}q1rx=`z3)74
z-1|}4MAT@+z(j2nW9v2U8`(x?JdIgdjr;C!toeJ~+aoyMpxMWDX^CZ~-TIZ^R3Rm}
z`+kr5vyn7Ya>_)KHf07y;zfa=$yDEzjl=AoQ!Cpi=oCc|^BEy=Z)wlf74tVDy4WRR
zW1GO-$$CqXv8W~Ft`Djsc75ccFf1=G64<>p?3!v?re+t}s9-ZP%<6d8?9^MMt-jx{
zQMx87MXVi(fJtR@_VvV$Sqza)Z9K+m|6*ov77Cs=ZweGwwqM0kDlUvf1@=wa1XQ`l
zH0<~CA;n#mYq=r?Z4ULGTX|$l2Ak8E&6FM>YWQp$%eAVfO;<J+x|_bhbi1t&yQLh9
z3wB9v3ii6gQo_DvJzK8EWr6Ezg)MP+5?6;9l8(EM$sTJ3EvtIMk@^>kF$s0Mnc5ka
z`5~_-%5OGNp(pXRVenvMXtO(}Tb0+;l164<EhkUu4${r_Oyf9i>fyz@AJLC%i%drD
ztI3!|<7<{xYHiFqC}byWRtckKy)fPa!CPxTS7qEa61v;U&LUxN-$h<8dX$GMxRKYZ
zrKkS*O<mo~oXO&b-3~n;mhl@LwKwwDvFp?l+cO^0TS=-(J}G)`GTEq*&K|V!fy{Uk
zBd7TRy{fD*m+)m~U6>Ck-0xnIUGf2Ilr2*u*~@Y?tSV!GMg0(DHDUi|Lq#`B2|BI|
z`C_O6(bWIz!jydxx9mjL{Dmyb%Rb&Hji<3gH@g;Z9V+@A%l&-FCk3{dEId8UN9Ips
zGwl{23rrwgczW}Ox{op3(6Ue89?at5;&p@=Hst1;h56Xxwsj0%7kljDke;*a9IubL
zyP^S{T{M;JZuwO$1p3%S(uS<>v&E2|h|B<OX-oJ%IX8PU@cA5IgOGcd#g+Mt)29V1
zebZ+?&5X5!&0@il-K~F+=^IK$JpIYS42`;S!BraRSDt>AHql!A@<gp_qHrIJOv26@
zoWAH0#`%oe+)Fkm^K_fiCpvr8_$p`9*^0!bvYxf65!%^q-`i!W#C-+Ku3p`>R~S%J
zH+tF}6Lww7PBVQ~RzMBCNLaPFXx6G}nPlE*=)@hTQX`gleN9_tyZB-qR&UkVn+adY
zn{Sp%K?Mh~)3}A-JbAh-JNRURo@C?%_q?zEFpER&i|rlSvuj9kSy?zylEuxIQLkSf
z)9}fD?V;T^jL&JQTMt_|=Nup&$d<NvhjtWolhv2+#$($kc+VwKM6296D@QATyXdCA
zxK-0GyE^;L+|}XC_<yXSFqAKwVzN@4=Vsfszo9g{@65{ko3x6P)=J2CzTv;Cl##*q
zzpoRBWaAmTz+%qq`u~!l_zJ>uAr6Kkz8+{^>DPChfsjL;Y#M0J$z}qRr-e^1=L!|C
z-|hqJ;b*=5nuBq*f+EB+Ex9q*aL@Je=2&hXWy?u#y*bHnV39Dw<!;9yDVb(}#2STj
z43=Qog`E!E=Qr~u*W1{;+)Vj)s@-kASY+mlvlceb7aPMII_f*PpNsHkJekf;y{3E}
zb9o!1RgqgZHDA|1`kT3UwcX0p8|_w<=3Ztk^R>)w^z_-#o#u>v#O3-q4$j;sMwBvf
zy2YhKv$G8SIV0s@6Jwn3O4+;<&Y6pfO}o9Uma!iP#~J?P>F17p#*XCiOD^hIvBRF}
zsV0-|*7xyj8>M3`FB{R>wjqmhyXNzaSdrH=(^tcV_=Kh$eN!|c%?^+~ggi3~<Dh2d
zFPLxnZC+McRyg|+mROfDlv=wAtsAr^OX9`;g0|D!7EEQOgCDeZr-M<UbwzD3ZS7AM
z`zv%5d1+KCg={<-pgGc4WXbaf`2<(g5$v+5y=z;u#at^Z-*7Rf5T`F_ZC}{hzQ}Js
zXK{P`Y3=-`t_jj=s~K;_fbHF1QA4(GY3=7Aaj{QHc8Rf=`G3>;zNy_^-7A|L)jqX@
z^*s@`RbMj}`_*tubv_@CqIiiJAUN!~>-$%=E^0jIf<-G|LK1Ch7W<2GQFZFXN%X`?
z^u$T@o({GX`wtU#IeOkDS)VTK8T7<SH2Xa}bNGDV$Sx;NqTRXk#7XqTNp#aEANOyf
z+_G@uBzoc`+MIt(oJ5az6hCni&52{v7oI(P%EU?Zo=>`s<t9#|n?A8N4zArv^TbIs
z2a*#f(fT*1=J<W$BznwY^~6bZ$)7lhw*Q#F{@+zhoJ4adogG2AGwOn$oj**RL{FSV
z_x9LxWOwANGwb>ZhP&eq4P2^m>Z@lbPNK~jwLftZ-Td!m#y#tvIEl{wo4Y-jXyPP#
S;v~B2Pn<-@-v8rC^#1~zV$K}^

literal 21077
zcmeI3d4L>MoyRMLa}pqgGaR9~azJJ>30E>;U^0_qAd?K436VsN)!j8SMY_A1uI`x(
zh|5BBSy4d+Q9)5*BPa@r0*k1Cf{L=@jesI5UTnMoPmcY3-+R^FGs(EC|Li|g<kz2i
z?^V6`d%yR4XAM7^zUws}*PKb7cQ|~_UY_?h?ysM&SkHU(5Ypf`VG;fn?gOJ4o;MY4
zfqTL?!Gq!3;VQTdu7S@%Wz})0=S_j<!oy$&PKIxU2f|CC-hU6=1Kth~f_FpZ{|&ew
zd<-g|U&907AEES_LZ*8EP<RAf2vtsxV;(BM%c1Id1LRfjUdQi4<?{!qd?xYGZg2)v
z{E={9*aD^B5~zADck$=J)r2D`eeZU>AMQ^0VJLfj6YBjRL5lKz4yD&FD2?g88L$Z+
z169u!sB+ujMtByKUfUdRh0^a+ung~qveQX3ZF$R~%IkIEjc^{}K{yRw1DC^X5LLYG
zP~|oqY3+LuR6CsjrPq9@^4nbcnNWJKbLpF)+VgxUy)S`V;Z;y}IMBE0hr<&IFNC;=
z*AI__mq6KX8^qPT+u-r=D^PZN4$AILM_Ij(fT--{94~`B;(Zv(4qt?7&+kI%vmMG_
zFTn+H>e2j6qCH`i+cS>AmhdxhJsdoiy2AV5CipkF2yR4K@oKm?d<4qQPe7IPQ>gNv
zgR=8(v#g#6LD~0YD81UD>UAE(L|zH1K3Bor;cZa%y%X*V?}K{&K^Om|3;!I-E-yjZ
zZ`y2YhZ#_MwZYxtQmFRnf@;rAP=0y7<1i!(Z!45OA9MVg<Fin9n=;3yzY5BaUkj!8
z2*kABd!Y2b2dca;LD~IrsDAq^sCv8%Wv2t@TD#4L`x8DD?g`I^JmU31HPyv%FZe;I
z^p8U2a|cvD4@1@KNvL}K0;+!d;6&2%FsSrXq1t6B)O)>9?G{4mS%qq+t&Ueg`RVnr
z3Et`A?}xJMBXAG+9VmUCgiY`{sPbQi8gHhYVD+8__56Hj>I-F;vmIX#jUG_`wG}F#
zcS6<U1~?CX7Al`#LY4bFC_mVPMD^Q4q4byu<v(+w>e&KS-V!(k_PX><P<G8h9~PkU
zdplG;KLnNE%~1N?0cFPrp!E1Q+zmeA(w~NU?{`r3{F4h$X}00%Q2NYrJjKN?hthWg
zRQqp&d&A4&>G0i9dVU+K{how-!{0!f+<Vc*&uX!HE`ri;1yp_3K-D7yRek}gyo;gy
z_fn|*Z-P_d$Dzu(2dbQ}!@c0+Q1AcD#Xs-3%Y19sX;Ae(9P0U2sC?R>@>vC?#|Ef!
zLa1`fa36S)i+_vbwNTIB1l4Z0L5<s=b$kq}o-aVz{UxaS?%Hbm;lWUT+zb`J0;-%1
zQ2IqKoWOwarLY_R46c9+7kJ(>cp>bC_d(U?fQ6Q`pz6B_D&JLbU$_w-3pYbOe-)H|
zABL*WEl~dWX&3)hC_6j~)o*?P`R6^)kH*c}C)#|^fU?6HsB$+#^^X{8yto3cfuC^U
zmmx0b9d(lBYAF3Kf@+T|pzQZvD1Z16RC(JRKkwqd2W77(pq_umaXZ|F@C)$dNuKv-
zIEQe{DR%v|9?C8cLACdHq3Zb)sB)f#tKj5Qt=>IwI^hpO)$<Oh`h5Yae?I{=zCHyH
zhA%+rvp18|LGVDR{O3X0{bZ<oR=@*bFO)umQ11^zmJr^RQ008w@vBhzJp<)$FG97;
zjK!8GLFKasDxcRujRQk2{tZxez5+_W>!9j&ql>>2t|t5tl)eWt>54O<{A4ziy;`8&
zKMhL14k*1gLAA#als{bpRnIG+%DonDgdc&@Yw~H9dqL^FFD%2EP<DC;RCzZ-m3O-f
z-wo#xeh^NBe}K#3WCkVK<t(Uj2cYbmK(*85P<p);s{CtR`um~u{*+6<7pgtK45jxE
z;a0dE$`0jM+4K>JD|=VM8SsnnIQT;-yG>qV*H2U7@q~|qvQrO~-3Orbz7WoY_dEU=
z`h;JBvV(tyZO?^J`kV!2uMKbkjG%{~Uk9t)UVo-tKTU79>!$}HCijk5YS&M%hPaM*
zx8v`j`rYvz*3OHd$~hCN{2nMfXW&ejK-u@5P=59SsCwNAkA#mvJ+~doUQ;`*efNjz
z&qqK#f3%BV?7|&TcG&=BzXJ5(5LEkL3zgpuQ0=n~sy*+8@{=z+eh1DX{4|t4doHt_
z<G2#aZi6oTK6n`6d!Y3G9y|)Z0Oc14(?}}sC@8z13guVJq3W>_%1&h{yKRO0!>gg{
zaWk9)KM9Y9k3;4Al1txXh0SLgR6etz>a`fof}K$H+YF`W7MFfCRJ+^&_1^7J<v#$W
z=eMBR>1oI9P=5LssQmX|Y13!I-3cEL_kata>a`f^xgMzUH^M{VAlwsP2KD?~p{XyF
zU2b;#95i}B`Pb7>`TQ2D9xuXq@Q^N>&oZcTyP^Cb2PeZ}C_OHMyTUg^)$<Cd@~(rb
z=j|^2UbrXW`=JjXhRW|*sCvE(mEUe>S^cI#+3`rI`n1B`;3Aj41nRwRsCxFf@SqFF
zQ2Jcv_%0WJBb2^(!8!0=C_6j@8A`n8p!94#+qU0gsPwbpTzH;~zYNNb*Ffoa6I6X}
zg-!4aP~|@iRo>%J{`(YE{*zW&yEj4k$-z+N%!PZwQ=#5(ck$;qZh}*YFF@6M1nT*>
zLFIETR6e&r>2VjF3Lk(f_Zv`pKjz|p;rKk%^OL%5{!`)Mgb#5%8LFOZq3pf^s=fhK
zKdeCc@mpN{O;F|B1*P9ZF8nAA2tNh+=e4i4>!&LrUEBLU?1e|HvGuvY@iM6TUIUfy
zEpT6WH#`=81*-nrq4awNsy@5-Sby9PDt;D}9h#x~%_(ppJO^sr+zR)F*F)L)R;Y6C
zhUy<*hZ-+_2`R#xa*hpeg!2f$(eYzY`8)>q*7H#I`y-S;ybM*|<h7QELB*d4Wv@k0
z&o6a63+_UAEt~}3j7-x_!&Tt^jYx<rM~)toPLy{uas(oqU5UI7$s_k6Er_PAxybL4
zK_tCS;O0q$Y1HU_ic9#hqcDtIjNGY!yISGbkvAbPB4;78=Ub2mk<TO35M9q8hoSQi
zOo%lwybHMzImXrH1@3c5<AuwZbGo}B-OF6E;ePHuh1y{wveZTV93Du%>)_#VGI9y`
z_ai05M}CH!hWrY-1vwLmk#<Daw~()zJNvW3-M<%Jid>KEN4`GtNACBBSHY?97^q9_
ztV`qUzQq3&{!kHI@>N}5K|YPhr_^u$6Zvms51wBI(`#443kj%?{Mtpn18Pj}bKyo@
zM&MtN<B=sug#0_wgltEyL4Jp<L|%{VP5xV95jhb#mas0|+1rcznJ&Bw;d_w}AfG|L
zi0GQ((sln)<YUP96yW+Y(rNB&pQ>>GeHZ=%yaG9Z_s@e5A+JXEB>Yx*2cqk8<h#hZ
z$b95aNEUe*(WO3r8`7hIyN2MY$koU%kPPxRWHF*^j)iv=W%YCahzq|5ekV<X-$ve!
zXnpe-awyMlhPwXE!n+B65Sc>S2s{psy>=t+T|^!XpNFqSwlq96oA}u-JiQ@)2KO6W
z_&0D?Lz-^imxg)&QSQHnJdL~)nNHkV_!DFS@>@jLA;_nYGIAg?71<q`#q-NxdOhH7
z9#13SCy;xP*SNUj;9rqzk$**+$m3bK8}d2ic4Qyo{sZoc`~|rH(RH1L_Yp_o6?cCS
z?|hv5KO;Xv=DB#`^oD!gCdhNhOA2s(0ok4RJK(#KlaWb;bu}Yx$Y&McI^4n=fQyhR
z$QooD(uKT?%tRWm!w4KfexHQrBNrjPh_0uQzaig1Za{QBfgH*6o8X6#^~n2?D)L{*
zA*4-)>2(q}-$VlBLgbgomk?cVKz8BzTNOAxv!ttM=p;Yf5)?}Lu<i8unI(Q}i}}yb
z1i8UDskCI{f_HjSDaXZuC9C6#o^m07{jwfE$Y#SN@k?=3tR#L=DuqGW4-$X&no?Mt
z-Quqel2Ut*pNqr9FUA!=TP>HvVkJM~C)H9ZE)x?Mi($4B6$kuEtUNuQ?+&tldoEWd
zZ?8QQS1T?fubn4{f=XDs@m0{dJ*)j}J|g3KybUY+{%D|D4k}SxJj3rBj1qr1%IAIZ
zt^|}{84UfHJcdfeX7^4KmWQHj*pg-@-GYXk;^K~3oSuzy;gZoAoj%`0`lIs;{mzvg
zJ$^n6l91Zv{H6IgyO}b$4@#A=?05B~mG^tYicF*DauOe<D^a!~3lm!{(I{b1@H<!c
zn&QH;;;sF1g{bJ4f+QJ^%Q?SV%3(icHWU=I4L7`(mX*)P!(k3RC^wHrMcy!3_hK1k
zT`H*sYtL6IVWE^Zp*3sYnzdg0PU6=`<#0tcD5JnmQU~KoQi^HCouoP2?vNIj{GAm>
z^!R0wI9^dC)k>=397W7+oX2Y)6|7f(X^=!&&-^w-h5@eU(=9MrkoT5G6?`!COk?Mx
zq|)$cIm!)SZv4K06M0KVhkZOYEC!i;m}~Ku$7O#d{jwMoLO&>~jpmV4=#RwJvR|gB
zgyq?EMAzm6IB`eMI)7Ch<jhSU4dr#H;qzX{U{D+g=@MZfG=ZXtjN^o?{fxZQC|WAV
zLs5=q?-+Dx8W~VneywQJ^Zc&P^lnu=klreT^uFdV_67CB${;0`=!Q|YnrGw~#4(10
za_D!rcTfrAz<xF;`aym;7)ksLn&F%@2*s=CCb9$l#XU=H^QiB2#Q7M-8vA}y3x<h#
zwGeFCRIC;@;jgr~h6g|H$1Mn#ury}zb76l_%~y<}c|0mq3u=vpt*xiF_+9<Jyne)|
zNm}QbENjoxKcX-}8#}n6Y-gw;#VDcSj+nk!$w{1-y47N(JmPn#`O|>L4!=;vQ>b+&
z9~3vMq{?vYXE9Si9%Zt#<7wTQTm;=S7z(1i+-A%W*)Wh%XM6>7=c1&P4@S@`6Vmrl
zoO0trgA-`*rg~A45yOmMZYVJK))DGTFba7ZiPC3KWW?*#uTL-N?`HrD3aT@a$zUed
zaL^gh4%H+W2pewc5XGnxmo++ey2e;R<KqkpqYX2P(Nyh5yT;a7xUT9lLdU^OX8bPV
zCQNpi5T24cjNc!-!H$Q6;)p*y7*)cg6l6nxjzMCq9%Pca#tr0jD$7?7Y(a^9NUydS
zW9T&Y@61HFwhT)HSBts0s0<^_6Z$K|e7=C+(>Ex`G<9c`nAWs24K2oq9%nbvT$_UI
zW;fUHzIh6J+9s_Jf@bQdCSGSTDFn#{qun5#7MPaJjNV_(tI6D>_`K9CSBpi{67}d>
zRBWC|wTd)hn5jx0mSLvL`Sh=Fi&hKKP$)MblZXJ({dh)|xr*Ayg&@)!wZSJJVC!_w
zT4shpJNfmiGiWw9Lu@|{=DFnM3=tVjB5&xm)8!h|ztab5xhH9ibD~;88Xp#OW@(d#
z^YOrdEZ|DQ85k?=;9;DPbgP}~5%kh%D5{LK)Zaj3H`+w~8nyl5pqMUiq%o^9qlT{z
zR1PnwvQ9~GQ<hb^gkgrBuf>9K#ux?4{!mn|RD--f5R@}?A1&ir{H3V{Z3iC+^eC;+
zU#43Z7}O$`eDhepp<qbAl-(-`k0eYbw38_zs4@&_#eq#n(sr1~Vk-=Ibe^e7A-a&a
zG#P37(ky2hJMeR+$J6=|O<ObB|G@y!Krv=iQh&6aCoyYN`ev31gA{pVQVO#XeI<tn
z*tx*AwOv^GntA@QQWIL+SRI>}8NSsT>h88JlUj$NL^Ddto%2<>bAH4beWW&JxP@<!
zPhv(jGK*-%`Z7%`K$|bKwVBLaDgS`V^nVQ1F#Ayoy~(Pax06h*bL=!<DoBsj$d9el
z*4<&m81L1vm@SW#SV6lXoe?z4BGjw{1HZyx5$3T}WjG9r=|(_a!n(*T$+2T8WD*-M
ze|081*ttnLT~GhrUPYbiFS?c7_%9kIop0u#sgcH{zLAm!l$^R+eLb!iGa#h%hqr7?
zn5~*ByB1eFGSh4HD_2M^vEcP95lgJ)bO-8;f+o$+*<o~4Jgd(gqwVlVk&O%ahSyyB
zFukEZ2eVS7<9f@@5K_#Jcq>`MnIFHmx2sc~CR1ivm}P+VR;DwWxohtsdGwI42V8VI
z<SR;^YhKaKxWo2Jx2j*sz{0FzQF9x&5@;~8nW)q4i<zx!fg%H;#v@wDElbTbKR+2s
z=4Y8JlKI83;&qMln48bWO%HNr=p8rR`Qf<fQOOL0(XfFTYEg{M(YSA<TaEEFX6-ZX
zyF*3Iu;V5V<9GvRr`4rJkeMNCcYZ^G<lxf%)oRar(9E6*qkqy68RY5YIYzp8xY!Vl
z!|WJSE!ih%6m@&E(U09*+7)#b`HdJ7>>{qdkY~bUMWo>@uSMS22h|W`A2~Y=OYM0^
zV{aAvnyMC(=}p=z*e(pQejOW~c&oG-_xsdKS4D-0)g8lDT;80XZ`eMIA=3GX$5@Y_
z!?ern?rD3af#Rapi&^XxbHh=NosE|171EeH{T_}w+-<3v$&=CMQ17|rLORde7$$x<
z1u5LmsNu7*D^)9=wnb@Q=x#V8>2{kF_A?n)1ngtnyy<m^g_xbiIyOc1+Z^|mGMm=!
zxL6saOFEA2ldG*2wBlJE4%f~QMg`RDW<I7{W(U31QFgN#6;{W-mh>L1cWw5sG^^qo
zYEqBvt!CsY-9fUs7HJ&E%@@2_^CQ}EO`aLVookE=)X$r&QfrDVUPAV&#;zlN{gh<K
zS>0P>50p}l9SL2sqSKMEr}u2H2R%xIW!%W?VNx?cenV6DFwwChVLw94hb8<5N9~FH
zwd@PE2=<JJ^pxXDoQ?CIn@rYgNN1N=Kf*GeM9*n_K(8t)%*33XtPQgvnfu*K(_4<1
zM%dKUgFUPv!-^vMS#}RXmH_rQ?J7zv#OSy-<V;T;qM`lQh6y_tlI%p*c!rh6rN=7@
z<7w=n&A!50i;8|nyPpl&^s^CUwdiR+GC%e0u3I%MFazm{3mdn*z4YO_mc2S1F#CXW
z)-uGfWj3b@<~YP{yy(1c?6E64TFx#`yk6$+vN~{j(~z%A@+(>h^s>#P4r$w`D;PTw
znGQOqCFTTiZu(^4vthS`kb9REkvVAT)hd&=={1KZqwQd$SiYpGwIh?>!FbryPddy{
zsf!j|te$?+!i%-d)ryrTsueQ|_p&l%*ja_s=RJmT4mulK$;PCfZbLdmvv>7#GaF7<
zBsP?`tPKrQ&sO{1n57cw8Zf(hlxpuVpr&s0v@vGbbs;;=^j25_)%7A^)#9d6tA=Hg
zd84iqDNd#OSmO0IY-;V|i*;D7R-+SR&afL33x%MJgV<@@!f%{BU6k#7GQsM2_$c?h
zul6vD!%ikkn?ilY4k<1w9ZnQvakFK_>yyXSebO9WyUim9UWr>B%Nv{JgtcWZ9%dKL
zJXLJgWXT4~o<-v~+90^f*Vf|3lUpc|&aq<&xxsA7WRvFN{4L!f{S&#_Enb@6Kc!VM
zZZ3zMpAG$!xiD~yXQdo#C$lsD-)hKt0JC#37>d|oYZ&j-!A5_`SB`YlZH!3=UK6Kv
zMh^$=Wv|cfm1@0xojvEkDq65GqA?3N7q5H6y5i=dyedjpZ{9j{wC}*2Jk0G5-vtsP
z&31$(0SEi6c+wj?`nvNdbF}HL?`bzPtex3*7@ilI;rWyk8;9rhVFn#_Fzja{91$0!
zl@hNZUf+GZ_0jUktx_8AYp395>RV}d4z)_V1)NDst!0jn?7m9pXzugI=to?vpW#cA
zJ99%RGc3+=;m~a4LVxyfDcHo!!P!eX%!mA`{m%0nby`*%phowq@$_@wLB>3sYPv(t
zd3|T=uphZpk_mU~z&PEt=(~=WcExm+o(?Kw<2f|dK<Am+qV7WJ<7qMrc-AE6(;1q(
za?R&z5fc~N`~@uwTNX62G@vD$yOV(^*SxekkTmzjZT?byUE2^93L!f+x>$zrg=z52
z0S=n-`l`63sb@`dy83BmsTj6#u)c6XbL)xCt&9BD#ci#vC$w@ktqPJ#v*|JUfc?-v
zP(r%UZ|>vUSes8yc1~_%!rZj3x2e0Uds$<pTAMmp5Hq+nYy02kSHdlo`5cc##nX(7
z<8rTB*SEZRQT;jB-J3Z&h_wf3^A}~JO4G#0)rpU*6CYQ1_N_Ly-`dA~O&t@g4fyu6
z>cq!YHb{2t_c;+rZzn#kx=*PSA6F+nt~Q*JxIgo83%iMrs}mnr%^#t$otpT#npraO
zah30J4d)y?{|rCzag}eK=I>1!ZABO2bkZH0xRqRb`m*C!*@=&<6CYR2pAMRDwCOQL
z!{O<uZ@3d5SNW@f^w?&{PpLb`OnhAB^XSCK)%qWcPkdaR__#XpadqP3>cq#@hCf!G
l__#XpaaDhantm?yCO)o)_G{+E$5rz`In+L;{(pR2{U86J?%@Cc

diff --git a/locale/it_IT/LC_MESSAGES/messages.mo b/locale/it_IT/LC_MESSAGES/messages.mo
index b5846ff2943291add9219750e361d479886eea0c..b894df8cefc28249c15f80a7f87b6f693a892c6b 100644
GIT binary patch
delta 9693
zcmbuE2YemHwTJh*%S|rWmTb#jTP|{uEZZ35g0XDN1sCK>HD-0Sme#(ySH4BE9Ly!A
zhL*rW0;cx>p(@}PFwJyAOK7GO+T+ne=p-b(@4q|O5|HG*-+S}(x!;+Y-I+7zoS9j{
zGiOJBx-*h}tzV~eElO#`vWCJF@+|8t^bh-~)w0S9Evp1hhH-c}><u4<J>eeM4ZZ^h
z!H?lm*k!O~9Sm1N4Rr<V0dI#x;BMH_va;4|C<ADC6Ka63VOQ9Prv}0Ts0k*)zOVvn
zpo8E(a4nQUo1os`3X9;`kbl<AhL1yy_a4+jzk`FB-x^AdIj#Mn23iR<kOMoz7So=E
z`P9#ZGVo%km0fMxe+QRSe-z5#0;~{6z%Fn+l*cARy+0ccVSZ}?iY%*vc;9M)-Qn?2
zD?Jlx;vMh^cpa2sU517131xUcn1mysJarD#gjYjN*lOx`!im%$f!RJNU!W|2U51CQ
zSq3%nMkp6IL1JZ{24&dKp$ynz`Y(kt{5I2n4^&7WgEIULcmn(c$`cto>_5iF|5Ir=
zn+Ed6dI*k&Z$P=O%Lv>E^Wk_{0_CYyP_EwyW%xG88mtGP-h0c`KZG{*9wS4KOoR&U
zY$%Vd9hnVR>eA4QhRtv?%t9+-S+~Fp>aE2HEE#24hrpNN3^)~Q*TXnG6g~+n;Mg%C
zkA`yn`B0v?3@S9YKzaWDEQ&0D7Ru$HL0R}6)Jg}9wJf}5l|enX9Cm>XP%clyPViW$
z=Z`n-J52pbC{Nu9<(Vg;4PSs=VfJej4X917n01AUaS>GVlo(Ef*ksLxGRQOhnc=li
zo_o~P{|4D%){t?b;rm0PVXcKSd<$g0thF6Qu{aMZ*{*?F$u1~YJp<*scVK_`1?&d%
zNC@Vz`awl&Cd`9JLG{-|jk6hQoKs+TxC3e-SHYgz|Bs`{(idTO_ytsKtO?<ZeW45}
zhB9<2>;dN*E{96q!=c_!oAxY}XHSE2_1RDc?SOjj7TA;dtz9TOfF6ai{B5WgK7zrD
zp*)kvrWJ?5z!0dUoeO)yYN&;*gZ#5v_|Z65Lrr`mR4zOSwVn6CtSos2MM?CZP%Hfq
zYNBsp57@Uf>@R{ca3r+h1gHU*LalT?)OZ`94BQOm$>X35ISY1%=bQdZO7Xv5ypaa2
z^fsvaqo)2eltFJBes0=3m4yZsK;=LY>;)IVS#UL!p=UwGeuwG*4J3W6J52lAW%$20
z4PVkA3p-B=SJVq?B{q}+6QDda6Do`6Kuu5sd%{gn6K#Pq<W#6+JP+o>%T4>OhWA2w
z_Q@=YR{j#y3m-!b^flB#-OEEm3ZNz`hMKq>%JAu?eUafBD8p-@CTM`%M^=mBFQFFN
z3gzkSohXXoZm9kL98@-cVA?xR4ks#rGH|S^Plk)B&w&m+6)uAx!i8|g6w9iD+u;KE
z2wVm8r-loRhRj+Sl>T&_47H*QU_QJKa>`nFz`pQxD2x9BwZgBVlC<N#VS53TXNE)V
zrV_}U);y>awFzq6God_lG3>AXe;tap&D~H3$xHBH_;*uZHZ9yvjfNLN4fGgPh+cwn
z>3dK)@(I+0Ul{h<FKizT<-zgr0Jtygs{Nmo0=L2ra69}oVp%6bylHLWM%e<dgIZbf
z^l(4VhVsZ7H~=0ASHmP+2_J^?++c31ec(h$o?Dero@#_yt-J+ANpdcfg}1^&xC`pR
z=b<Ke9csm2z=5#i%y6ZHp?1X-I2Nvke4|*$KrTdU2jl{^?uFyv+fbKT?^*a?FO;%r
z75g<%9ko!dJRWKVr@;Pj2b8C7gfifEsFghd<M2(W+*pBs6`~`do{vGrJPqZs<KS?3
z@&Wi?vATu^t^6J+Lmq|NZhN36eg{V3H&6qtn;o(i>iJFZXK*W&L7ff^4Jm~3;3%l^
zN+D6TW<Wi+Ig7Fu<s>Lqy$WS%$2nn0@}bV^iBKymhw7gR<?@A4hI>$+N<q2$L@2|r
zg_ps*pbS}G8G5cBuBM*Nq7<M!3rpZfP?ipy8yZjy%c##W^#s)Or^AEbRZxb10_Ey~
z^FjlLLAB3?GOQlja4XdN7eMC8TE8_9+y@!MdIk=PFwlGwh<aI-W&Ivr508e;3&MkE
z4_r@u<U+1qxE=D(dX*m;HhNL$nMNoBwnBO2bf{#$6pqsVzui3WG8{t3M}~Qe`B0=j
z8cu+<uq*rp%!B8_Zt!wg46irsPr;$oUxZrem!>@*t4gRBLX9&Qc42<&AQZi@0?PGq
zsHFOd;i+&8_4DCyc(36bhSn1PI-=c%>aT`cNFy8uPlqGm^{@wg0?M!#VetL`DT;PM
z$ED%E9|Dz~(_lY%kg2bO-Ki&`j@E64H=Fji3_pf4;2S8H58z_Zg2ut|umUOs(Pj9b
z9c8u9&=c;2+Sd=j!SH1$1HOcMA#Ztj01Y=Rg<8o>sOMIj_BtpRXAHN&BI+kXohw(s
z-tgDU@xNlXlLoEqWhfWD3+0hdp-#f?TnMU<f;w1cK^eRh_JM~%jk6I}z%!u?co-_Q
zPeB>_A?ye{SBIX-%c97lBB%#OLb-k>)CASAGh7E{U=)soaVXcG1vSxCFc01Ud&8Yj
z9(f2VNneC|?oFtLyl?8+4lBZmyF<NL3}x{Y*cToQ`#=XO1W71^Pl2WI45*3jgoN9A
z63UPvE5lHZh8lMkoC=pfEieoFYX6^uA`7pEiv3McFFXWg>2pv=?nhAD=W|mpS`~(3
z6jZM43wyzXp$u4O`s+-4v#Fm572<Q@0PX+FP~_U3us_@lW#RKs4}Jji;a8^Kb#++p
z4>e)2sZWM_zS3|RlqU}}Y=T;-4;6|F;UMO>u0+xP+y!m;8dNTP2ls&mYr++kLR@C;
z4{?IE7}mlI;Sw0(A|b5SGN}5+kbJY=hlju!{AgRA4Yi;fVYWZY-6(_L9}VA!)2Mei
zG;FVcvb-AV#lxTs^I$)CEY!-+f}`L?aDTWP+VHPX&ks2)e6Ac8P@i=e{@2Ra(6AqD
zhH-c!90!Xy*k#B<SPr+rz;dXG?}l>aAE1)*MW}uL8q@^en)U%lgcA>j2hu(UDs&r;
z!2e2?Gz}f#u`mKBAX-5a@)Lwe1ou04PB4HA`|Cl9T-*u$mqCs1K&UOM@+Pt+&_V-0
zGx~aXopi-NSB5gk6jQkzo@n$J4X=PY3woQ0)vT~gl|rdRJ`A+*=MJF!7=dg;w2MaY
z?w{e=$frnF?)n?@67m%C7$TRxkK~GCD(}33{2KWKqRgJaV9&w6P~lsKJcuaPCn3`j
zl`iyehdR(UtAR2$MAo_=g?tOj$NVb8XCP5TF;w|0GMYg~BDqq7@+xwMX?O;vkW-MY
z$mz&&NUr=B$^%F@#`rrt7TG2LUy4#h<K1u(qB2C%ZZgs$_-p5Rby6lG<LU2;{2aXx
zJXIZ(TacFnE&SOAPDYf-E0JR4VWdCurQ-huvK;A-sH_cPJq@+3zCwH?k4f%?Dg)7#
zspCNl@)mL^au1@@^L(Tp>Blo0;jfV4=s$&*A-_OWvfuDiLPxILit-RLinb*%-*o)N
zQ24#kSHQE3UI&Nq&e3oHJlC`z19M5<nRadK!KN?hdW7F9<TpqU9<Y&)h>AYH_Cfz3
zsD&3!8oiLV9inM3f&V~GKzh>G-Ms%A^>-1KCy{fIg-8SP1Ts&iO+rz*GKBRBT!$Ql
zj4=aUZTf`6k)`eG1?Cxjw5m)-6395}yWwvUoiVvG*gTh{;R3nluv`zEXgV{d?KC(V
zsX#tL<{~P+kj6mcKij~8h>bXi%FQ9HGvVvVcSt^C?+e!;Dz6|}kDvLfQOc0>kPgO(
z$JJ=caQH0J5$R{z#u)a27b5z92-m`9<Tm7Z<N!qF^AN%B+eW`nsc{39Baz=BJCQla
zEMz9K0a1w|FCfE^i;!=TT)7J6M&u~da1*>9sYZHX(Cwx@hhp0HP-zVs*7LU>$|a`v
zUU-+$<M3kS9b^D<4U#K=LMcZg4E9Gj7OsL{BPxSJSpVUlJK(OYlXk7jXxeK+u@7!^
z<7=yz+tHZk#?x)>Vcm`<;v2lWOwvhviTHu`>Uu9_H+!*|ope)aCz-a>^{$;@jHbqT
zsd*>mCY!vdTb3Kli`Uss+ep*XiTIDlm=#Uby0gDO(yU2Aqn#VjUpnx*Zm~qOTWc?_
z_CFoCGVc&C=`PGT$y$HXplDmI_1HmuBAuOh)Q$P47aWt-(qwnK9zz;2+lyvmPSURD
z&1NU*+RG~E*-mXOi%Qv1CvH2jW~U`(*SKi0L=;EW1}jZD4K8!%o-MQH#S$sknwN+r
zlKi&wRcde5P5DC$U!9*!VnnRPcA6Y7=G4S~==wGX$<--aX4QJB#+cK><TWnqF7v-E
zoa^s9_|J>nnET_{%@14uP2^ZwJdxJ2GV$6(+%5A*3|TTLoW$PiOPk21Gbw-LkX>Ep
zCz|82gyWAIy1iec>n5$LcwoCi;wD=!9(r_SkyjT_V5}2wF<F$FHK}H{-CXZQ@i#r1
zGu7xuy$v2q@#3K?nZ%3QG1p1CDLdw+(ydPy6-P#zH8Y%@X{-%A{{zeXr-}wHN+)bL
z9!<71l7dNR!v=<`Vg97cs6oD^Gx4|^W3B0C*NxjNom68bfs5Dfbu_j#y8dy)3g-Vm
z21{#4$TR-aMFad#hE4SM6!n6=x|&?}I}JY|FJ9Z2@ZxFPX`McNWu%*38RlB+DfZ-u
zf7FP9dCeqpof5hA_7UZgQ4L<&j$?Tuxyg2-QKcm|DlV)u3~<VSYvjbjs1viR6Unr-
zlq`+ejhUJlPi%5qT6-4niHudms`+WxK|Ptm+hilpxs6WDYx4gz>fPRK=%g3L#$Z1G
z!O<&cYAXZ_T(J_b)w<ypYDr|0#t2!(5fOKJ4>fo;bbRZ8F$Iyf9qEr5dq!KW^@g#1
zBO`+or%WeIZlec7xNVu}&mK3z-&s;$P+K2uEUizZ(zz$GKIyTuCXFla8y+3OBVj7~
zCFAz@3&$-O6ZSOMmH$t(T%W%>OqZ0KR{o?~-y3&lWJ++f?9G?p474|}eRUcnf^8IL
zsI@mk{p65Q{v{JO9*{`dwc*|gPma)(Fm&IuW&^`%w7{#iZg6t?-6oziWoqe^a(nW=
zGp1H_U+SdNrK^)pJQZ`&iR27>aiYPoS36GJvr9bmwA68}J10);kga3|O^y{J7bkPf
zn^yK@tlf#cl>>*vhTRg{cc8r@LpCJrq~|m>d2aIlOKmR}9>YBQgY%wqKA4dcMWa^j
zy)wdKQ{KNC=HDFoW&WFGuk_-eWv~>n_R^kz*Q7%VSy_Tpkwdh})5+52_s-?b{-Ndl
z+T~b7d3~g7WjvmV#T@_H$tPtO=bXWy9DwE`NN^Fj97?rb(%ZT<5nKh0iBu{P=Y&ad
z&T+DVx;Wv-1r3dA;8I{W(w%7c=HhDZgL*Gh>xCDB?geur$Q2Q<wQfqU$l9fDTSlqf
z%b8_jWIO3}#)&ns?C=KQks2??<T9zrOVNp?y1elOmSwzjqRdZCt?oE~`Ks34Q>RC=
zRWYx@ixc8tkL50T%QUls|3&y6#X0GOQH<lV#?1Y<?sZA%*R)e+RXa&;MYf|o-{Ty1
z?M1HNd)lm_%h;|-#|}J2*2>tna4nwpLf2JMhXcp)hwpdEz~FAF)H2gfF4wqUZriUZ
z;(t}qXT_|V*}>lS?9D7c<vFBPxVYf1k$Hi8%r(P}o!|hC#l~_c#-mK`df`=L4pFZ)
zzv7@sX`46YlkkL1*iK!Ymq-%u9~hlqQMeG7*j!}EAZcQ`yN6Sdn@2l<yfQbB7H@7H
zH@G3%!cI0b*4+Q&SewJm8C*IH<FA=s;TKf&fkXP><nL`Of7|rw0~YU1Zn|A_7q#9t
z{lQ3U!_27>|F)U!FQAKN#UkUEl0QTuHa5Hs0!JkE&Ee$yo^zz%ZT6aCT|o*pcMw@$
z&#}RhGc~%5a?Pzr&Yss{iY}ucJ)n~(NPs2gK9awZ4NhEJp!MQ8{UUvSXpetW<xxwx
zo>FWehnxtGE3PQMJMG}IiYtrK83Ge-fxy?gsnThe??1i+%}eIG>M?g!`|IkEc~`VM
zN<N#nAkw|<y7K=~Rn((>HgBu4{fa8LlkOn@o2v1CwrW_9_7@T_L_Gh#s*(P$s+RWt
z{<ZW^MjPzERdrFnbg=il;9xdZZe6gT!}7%qI-hhV5Dt^7|9nfgv+?_9QTvng=xK%i
zy^FRSLH36mQl1NLrGI&6r81#!^{tjjaX2?6$}GO?+>{&51P6xY@V%?=m4ubbSpN-k
C7$5Qg

delta 5937
zcmZA43w%#?1IO{-+1QPYVVbf1-F9o6&8?ZsmN5)t$fZ)PnTO11n-c1u3gyz{acblV
zPb<1d{fk<W3KgXbDkP$W^h7C7(&h8r`R(<3UY*yz|M&0r`=4`uw{!k!-eza-a>xH=
zRD*{MhvOL220Mlsb1mi6rfM~2WlLj{@L?>+x3CFjMjO)@b1@2sVI#Z|W3dc_@jm1d
zvjkgV4TfSZ^5-{i@kyWN05-#8*aFX^Itu41U3fVkx^aeeC~}IKjIGgcU4^>tW#rFn
z=c6HhVcU;kB=vI`O8>^W+?zo->Wem5h^eT7&9UB#n(<Q93|65ARD&AGRt(4e7=cGn
zD{>lj-(OGz35oG+j1}~6q9|zQ^HCkFKy~oAtv`#Y)L%vI$_dm~T|jlvg6V6;e5j7Q
zqdLm9?fIyIU2DHDMQzCp^lM}bDBO$H7=p1(i+h{)*a>^1R^ld1!KtVjSEKg+In2jx
z7>A*ZP9~ra2cRZ630ZYB3$;bd+OYna6xPyUc<4UH7b$+y)|jz4pSxt?VbqF5$9qc|
zhq_@ps-s-gO5A|zU@B^W_aJ{}6(2gU7B#^Gs1-RH?>D9ah0`?Xf*<S`AwI9(6g9&{
z)Cy!He<qI)4QL|jhGnQFtwe3%{nlzsp#B(gYqQIG+8W_+$E(B_DX0^!LsrquMU8kR
zYNVS{9lVKJy3bI1egZY{-%u+O)!tj7j@X=fH`KrfVG<T0e`Yoxy03pV1)cB&>P8z;
zH+l#4Fdab6=xfx#&e`uT>)>@1j~Y;C)E4x$7NDM?F{t~@u<dhDE4C0>LBDx`f;z57
zo%kH8!&i{!(d<AC@F;4@PoZXZ4z&UeJ9@Upx`E(jwD(2bXDDjm<1rOyqV7|J(R%-%
zrl3836N7OdY9ODZW^^1I;18&QoJSx2j=C<6S41<)L|vDK8b}`MbsdT7uml_8RMhvk
zU<m!2yC`Tz3)O)Cw)Gm+>$%C+ccKPz5Ve;_P%{nV3Ddx$QCk;}YR|-E%(3lLP#w=f
z4QLViHG}08H1c(*4mYAY+J-z=W(TT+Z&6En7S+-3sE#5Ny@#nSs-9@=j#|My)C7m4
z9=a0L_0tkre_i0GK?7Kd>R=_R!*#a)y!AEIdGDfbychM;am0EFL#fBGJR#T)HNhm*
z+tUm6P!`$tsY$HAmgG(vG_s|r`U)(@^*8{-SjSOVh#Gl~^(EBIcA~C3h&&eNl>NR*
ziZ>7+YT${ehqjAtALyqLMnfU$X&;MSumbf<whpx=TTnCp0M+3E)KmRE@<y8QD_CAk
zMb+n`u3L**;SH#j*@D{I9jN>JciF-*`^7~J=Zim47liZ9$YvOXF?h;h*)fxPNIJjg
zn1!0a3#ixmebh=FN6q+W<j+KO_9omDnSkH)qo6&!9@X(2)E>=8t;|}~-aU!B@mAEx
z_oE)p?~(spn8*z8KUQhTPlFkS`USlW6R{eb;8xrI0XES4e};ladJeU;!AwgtZiVVF
z9yNm=SdK$50&6i6cVHvjk9z37!gxH18fX~%sfqbe14zNf*b|%U{m-YM3$L*j<Neep
zqdNW()nRB?Z$+X|H;Ba^n1nj-2IMEfRG|j63bnH9QP;n1+xMVW?jZU#vP%@2VMsS`
z=`P3S)O+KjI0Cg5KO+B#F~1=%hH25=8%Q72-WH%byd8C3H5T9o)W9yHw#LV(Rqx+}
z^;gF?)8NCos0&wPKiq_^9AkdP-PD_9@efQqj03T6Pj6`#pzgB_HSikLYq-g_AHuq~
z#TuT?wS3<xoAu{GHxp^lo-aeK$V$|VYfvM8#<qWmn&AP|K!36Ak-fYXi9y|`A8Jbr
zQ0Et+_P*SD2PRNo;-{d8C1Bla{Rw%nP4nK~_jwpgy#)1C`%!zm1~rhUu_?Zddg%6H
z44%Oj7}Cf4C5%PY(^1caKaT>>mnpQ)vtPVqeFN3;F4WSVK+WVLw#0DOk)nym);Iy9
za2D$O#i$>kN39!B1Kxt1=Qp3)FHWJB?t=ACY)d^f$NR<VgmteEYD;>eW-tM@5|dFg
zuR_gyiLI|ky{21HZ_OUmN*%%ub?-j~o+r~Z*BiiKY(u>WHPUhn#)YUASd6;ST5O2V
zq6YFJ>Zf-L>b#?<37yBfw+uCbkgL2EYKdWf8j>jJ#7xu-dfIvsY5?O=7gnGKHV^f*
zuR$&GM$~WmPE5nys4e&v)p289rD%*s-6svZVsG^8VVFTdH=K`p>Q|sH_z&uW&8UIx
zL_O7CqTc^+Y`saIx5O<`&p;>Cp68+lP-yGpP+KtxwPm;FvHqID-85(kSE82gG1R~|
z+Y{eMUHG}JpG0+V-nIwz_ih+vjYF+eigh4rViQp-Jq<OXnf+P+b`+M<;KL25CI1LD
zfK#X${DE4bumRizTjLP)<5=8{dP_RwdjriuO=LK#qY~_nb8P(u)PUaeQ_##lL3MZx
zwRaa#OB6BC`z4FUE2;NFA6BBye-L%vQ>cNzjGE9M<VVw-#d1s><o#Q)8r9!6R6qWY
zD1=ftjt%fT)N6MZb;Bluz4k;@N2#c#&%$ub#~>Vm4!%K3h>mUK3l%u@Tx=rW6TN;*
z$SS@6ohb|_HxV7*l0)P-qSx#>vW94II`q8UOfHcmqJy#4{fbVmtMTAkMFmM9H<Hcd
z|Bs`3|8@LAv>ZC-lB>zJs&MS^FlX=yvVh!a+v2c>w6}FJj@&@Dk^^Kk(b3Vvl;W?%
zVY&XH{`-;Z$w_j7G$hA}4n1^NkTCKw(J_I1N7Be7GM#K8e?P9V4cf+2B=v76tflS`
z*v7qo`|@S#Pm&B$Og<nFkhh2qy<SD+UgDA!M2DXGXX;A4Rrrl9Z^y4~xt{m5|3TD#
zvMu9r1nFYyVhky;bv>955xr`CY}>0ijm)t1nbr{egLEUkZQCn2h0Gz|&ht5o%0*It
zd`01PvdcC^TW>|Zf-jQ8q&w+FbnrW5ey=O>D~ij>Wn><?og5)LvdCwoE7?Qt&?suj
zX>y$Cc$$1ls>wU#e`Fx(OX`mgDXg}Yb~u1MXzTyPv*apU--m@H+txqA$H+nA_wkWQ
z7Lxu%N3w_cFHR)ak&)zIM8`SOp|0fpJMMYP%g7M&IeDM_OimCT5#$zf7pXrgDGaUO
zh1cp^v5_s`hdph1omD(a-XuL#u}8i&#`*%@O-7L)NFvcOl?)@{s&G7B|Nb|j@)X%f
zJ|WMNP@>~uQclXqN-~?|k`1I4sUj&PowOjq<PoA{J=tGZ;=|#8?IDN!NfwjAxqQ4!
z?jg64m&jNWNp$S?FpKbQvXh)A_meNlk8WDb7Wc{4kGtby3*GIcbDK+Um$tLRr&pGm
zyy<1rD_mdPNq2aBj=MbmJNF&mU^ls4t$U{3U4aGd$2sokjz7D75|Z7u37rD_6AGL_
zN>aKLn4O&FxO-BP1I@44@3>KE$K8hMBLd6QqaF8^&I<y=G8#E<O=hwCaF<-y*L6{#
zwreftcc0`|^q8NVnbsxKmzj~>EhA!Rab;E7=!)X<%Ch3B=@r?&p)*U0eWQviCzh6#
zO$j7lnHuD_&OYP@_Zs8Q>oqyhy!Uv=t?D!1ozS;c;GVw0j(a#~cpxJ;%W?NzHQdeZ
z_o*9~w<d5XZ<-U>F(BP>a|g9@BL}s0ZyS^x*feOn6IfV~-~>J#GR1LAhK&v!8rCl;
zFk(bA$E_%u5NI>9$Z_u&^++IjbdKY`cJ)N}^)dPG$g!&fq2qFc+~=>E6+5NeS6W$G
XGIREn>E)%SxT2!8vWk(L%9-XbNJp@Y

diff --git a/locale/it_IT/LC_MESSAGES/messages.po b/locale/it_IT/LC_MESSAGES/messages.po
index 328f5ea7..63163cf1 100644
--- a/locale/it_IT/LC_MESSAGES/messages.po
+++ b/locale/it_IT/LC_MESSAGES/messages.po
@@ -3,8 +3,8 @@ msgstr ""
 "Project-Id-Version: raspap\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2021-01-21 10:40\n"
-"Last-Translator: Luca Sasdelli\n"
+"PO-Revision-Date: 2021-03-20 14:38\n"
+"Last-Translator: Ioma Taani (iomataani)\n"
 "Language-Team: Italian\n"
 "Language: it_IT\n"
 "MIME-Version: 1.0\n"
@@ -361,6 +361,24 @@ msgstr "Registra le richieste DHCP"
 msgid "Log DNS queries"
 msgstr "Registra query DNS"
 
+msgid "Restrict access"
+msgstr "Limita l'accesso"
+
+msgid "Limit network access to static clients"
+msgstr "Limita l'accesso di rete ai client statici"
+
+msgid "Enable this option if you want RaspAP to <b>ignore any clients</b> which are not specified in the static leases list."
+msgstr "Abilita questa opzione se vuoi che RaspAP <b>ignori qualsiasi client</b> non sono specificato nell'elenco dei lease statici."
+
+msgid "This option adds <code>dhcp-ignore</code> to the dnsmasq configuration."
+msgstr "Questa opzione aggiunge <code>dhcp-ignore</code> alla configurazione di dnsmasq."
+
+msgid "Clients with a particular hardware MAC address can always be allocated the same IP address."
+msgstr "I client con un particolare indirizzo MAC possono essere assegnati sempre allo stesso indirizzo IP."
+
+msgid "This option adds <code>dhcp-host</code> entries to the dnsmasq configuration."
+msgstr "Questa opzione aggiunge <code>dhcp-host</code> alla configurazione dnsmasq."
+
 #: includes/hostapd.php
 msgid "Basic"
 msgstr "Base"
@@ -676,6 +694,36 @@ msgstr "Tentativo di avviare openvpn in corso"
 msgid "Attempting to stop openvpn"
 msgstr "Tentativo di arrestare openvpn in corso"
 
+msgid "Configurations"
+msgstr "Configurazioni"
+
+msgid "Currently available OpenVPN client configurations are displayed below."
+msgstr "Le configurazioni client OpenVPN attualmente disponibili sono visualizzate di seguito."
+
+msgid "Activating a configuraton will restart the <code>openvpn-client</code> service."
+msgstr "Attivando la configurazione si riavvierà il servizio <code>openvpn-client</code>."
+
+msgid "Delete OpenVPN client"
+msgstr "Elimina client OpenVPN"
+
+msgid "Delete client configuration? This cannot be undone."
+msgstr "Eliminare la configurazione del client? Questa operazione non può essere annullata."
+
+msgid "Activate OpenVPN client"
+msgstr "Attiva client OpenVPN"
+
+msgid "Activate client configuration? This will restart the openvpn-client service."
+msgstr "Attivare la configurazione del client? Questo riavvierà il servizio openvpn-client."
+
+msgid "Activate"
+msgstr "Attiva"
+
+msgid "Cancel"
+msgstr "Annulla"
+
+msgid "Enable this option to log <code>openvpn</code> activity."
+msgstr "Abilita questa opzione per registrare l'attività di <code>openvpn</code>."
+
 #: includes/torproxy.php
 msgid "TOR is not running"
 msgstr "TOR non è in esecuzione"
@@ -799,3 +847,87 @@ msgstr "Host personalizzato non valido trovato sulla riga "
 msgid "Invalid custom host found on line "
 msgstr "Host personalizzato non valido trovato sulla riga "
 
+msgid "Tunnel settings"
+msgstr "Impostazioni del tunnel"
+
+msgid "Enable server"
+msgstr "Abilita il server"
+
+msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
+msgstr "Abilita questa opzione per cifrare il traffico creando un tunnel tra RaspAP e peer configurati."
+
+msgid "This option adds <code>wg0.conf</code> to the WireGuard configuration."
+msgstr "Questa opzione aggiunge <code>wg0.conf</code> alla configurazione di WireGuard."
+
+msgid "Local public key"
+msgstr "Chiave pubblica locale"
+
+msgid "Local Port"
+msgstr "Porta locale"
+
+msgid "IP Address"
+msgstr "Indirizzo IP"
+
+msgid "DNS"
+msgstr "DNS"
+
+msgid "Peer"
+msgstr "Peer"
+
+msgid "Enable peer"
+msgstr "Abilita peer"
+
+msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and this peer."
+msgstr "Abilita questa opzione per cifrare il traffico creando un tunnel tra RaspAP e questo peer."
+
+msgid "This option adds <code>client.conf</code> to the WireGuard configuration."
+msgstr "Questa opzione aggiunge <code>client.conf</code> alla configurazione di WireGuard."
+
+msgid "Peer public key"
+msgstr "Chiave pubblica del peer"
+
+msgid "Endpoint address"
+msgstr "Indirizzo di endpoint"
+
+msgid "Allowed IPs"
+msgstr "IP consentiti"
+
+msgid "Persistent keepalive"
+msgstr "Keepalive permanente"
+
+msgid "Display WireGuard status"
+msgstr "Mostra lo stato di WireGuard"
+
+msgid "Enable this option to display an updated WireGuard status."
+msgstr "Abilita questa opzione per visualizzare lo stato aggiornato di WireGuard."
+
+msgid "Scan this QR code with your client to connect to this tunnel"
+msgstr "Scansiona questo codice QR con il tuo client per connetterti a questo tunnel"
+
+msgid "or download the <code>client.conf</code> file to your device."
+msgstr "o scarica il file <code>client.conf</code> sul tuo dispositivo."
+
+msgid "Download"
+msgstr "Scarica"
+
+msgid "Start WireGuard"
+msgstr "Avvia WireGuard"
+
+msgid "Stop WireGuard"
+msgstr "Ferma WireGuard"
+
+msgid "Information provided by wireguard"
+msgstr "Informazioni fornite da wireguard"
+
+msgid "Attempting to start WireGuard"
+msgstr "Tentativo di avviare WireGuard in corso"
+
+msgid "Attempting to stop WireGuard"
+msgstr "Tentativo di arrestare WireGuard in corso"
+
+msgid "WireGuard configuration updated successfully"
+msgstr "Configurazione WireGuard aggiornata con successo"
+
+msgid "WireGuard configuration failed to be updated"
+msgstr "Impossibile aggiornare la configurazione di WireGuard"
+

From b2b19cd1595115f4d0c1daef56024f42fdbcf839 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 21 Mar 2021 17:32:37 +0000
Subject: [PATCH 139/300] Update w/ api.raspap.com

---
 installers/raspbian.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installers/raspbian.sh b/installers/raspbian.sh
index f340b638..67a77c96 100755
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@@ -183,7 +183,7 @@ function _display_welcome() {
 function _get_release() {
     readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
     if [ "$insiders" == 1 ]; then
-        readonly RASPAP_INSIDERS_LATEST=$(curl -s "https://install.raspap.com/repos/RaspAP/raspap-insiders/releases/latest/" | grep -Po '"tag_name": "\K.*?(?=")' )
+        readonly RASPAP_INSIDERS_LATEST=$(curl -s "https://api.raspap.com/repos/RaspAP/raspap-insiders/releases/latest/" | grep -Po '"tag_name": "\K.*?(?=")' )
         readonly RASPAP_RELEASE="${RASPAP_INSIDERS_LATEST} Insiders"
     else
         readonly RASPAP_RELEASE="${RASPAP_LATEST}"

From 720e6c3e77bf552164dcaac914dc821c0dcb8818 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sat, 27 Mar 2021 10:29:09 +0100
Subject: [PATCH 140/300] Add certificate option to openvpn GUI add JS code to
 display options and selected ovpn file

---
 app/js/custom.js              | 16 +++++++
 includes/openvpn.php          |  2 +-
 templates/openvpn/configs.php |  6 +--
 templates/openvpn/general.php | 83 ++++++++++++++++++++++++-----------
 4 files changed, 77 insertions(+), 30 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index d5047558..cd142a89 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -281,6 +281,22 @@ $('#ovpn-confirm-activate').on('shown.bs.modal', function (e) {
     $('.btn-activate', this).data('recordId', data.recordId);
 });
 
+$('#ovpn-userpw,#ovpn-certs').on('click', function (e) {
+//    e.stopPropagation();
+    if (this.id == 'ovpn-userpw') {
+        $('#PanelCerts').hide();
+        $('#PanelUserPW').show();
+    } else if (this.id == 'ovpn-certs') {
+        $('#PanelUserPW').hide();
+        $('#PanelCerts').show();
+    }
+});
+
+// Add the following code if you want the name of the file appear on select
+$(".custom-file-input").on("change", function() {
+  var fileName = $(this).val().split("\\").pop();
+  $(this).siblings(".custom-file-label").addClass("selected").html(fileName);
+});
 
 /*
 Sets the wirelss channel select options based on hw_mode and country_code.
diff --git a/includes/openvpn.php b/includes/openvpn.php
index 810746a2..c5b00d1c 100755
--- a/includes/openvpn.php
+++ b/includes/openvpn.php
@@ -53,7 +53,7 @@ function DisplayOpenVPNConfig()
         $authUser = current($auth);
         $authPassword = next($auth);
     }
-    $clients = preg_grep('~\login.(conf)$~', scandir(pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME)));
+    $clients = preg_grep('/client.(conf)$/', scandir(pathinfo(RASPI_OPENVPN_CLIENT_CONFIG, PATHINFO_DIRNAME)));
 
     $logEnable = 0;
     if (!empty($_POST) && !isset($_POST['log-openvpn'])) {
diff --git a/templates/openvpn/configs.php b/templates/openvpn/configs.php
index 6f8056fd..dc624c63 100644
--- a/templates/openvpn/configs.php
+++ b/templates/openvpn/configs.php
@@ -8,11 +8,11 @@
         </p>
         <div class="openvpn-configs js-openvpn-configs-container">
           <?php foreach ($clients as $client) :
-                if ($client == "login.conf") {
-                    $label = file_get_meta(RASPI_OPENVPN_CLIENT_LOGIN,'#\sfilename\s(.*)');
+                if ($client == "client.conf") {
+                    $label = file_get_meta(RASPI_OPENVPN_CLIENT_CONFIG,'#\sfilename\s(.*)');
                     $btn_class = "active";
                 } else {
-                    $label = trim(pathinfo($client, PATHINFO_FILENAME), "_login");
+                    $label = preg_replace('/_client$/','',pathinfo($client, PATHINFO_FILENAME));
                     $client = $label;
                     $btn_class = "disabled";
                 }?>
diff --git a/templates/openvpn/general.php b/templates/openvpn/general.php
index f8f2052c..9494bf0c 100644
--- a/templates/openvpn/general.php
+++ b/templates/openvpn/general.php
@@ -1,35 +1,66 @@
 <div class="tab-pane active" id="openvpnclient">
   <h4 class="mt-3"><?php echo _("Client settings"); ?></h4>
   <div class="row">
-    <div class="col">
-      <div class="row">
-        <div class="col-lg-12 mt-2 mb-2">
-          <div class="info-item"><?php echo _("IPv4 Address"); ?></div>
-          <div class="info-item"><?php echo htmlspecialchars($public_ip, ENT_QUOTES); ?><a class="text-gray-500" href="https://ipapi.co/<?php echo($public_ip); ?>" target="_blank" rel="noopener noreferrer"><i class="fas fa-external-link-alt ml-2"></i></a></div>
-        </div>
+    <div class="col-lg-8">
+      <div class="row mb-2">
+         <div class="col-lg-12 mt-2 mb-2">
+            <div class="info-item"><?php echo _("IPv4 Address"); ?></div>
+            <div class="info-item"><?php echo htmlspecialchars($public_ip, ENT_QUOTES); ?><a class="text-gray-500" href="https://ipapi.co/<?php echo($public_ip); ?>" target="_blank" rel="noopener noreferrer"><i class="fas fa-external-link-alt ml-2"></i></a></div>
+         </div>
       </div>
-      <div class="row">
-       <div class="form-group col-lg-12">
-        <label for="code"><?php echo _("Username"); ?></label>
-          <input type="text" class="form-control" name="authUser" value="<?php echo htmlspecialchars($authUser, ENT_QUOTES); ?>" />
-        </div>
+      <form> 
+      <h5><?php echo _("Authentification Method"); ?></h5>
+      <div class="col-sm-12 mt-2 mb-2 form-check">
+          <input class="form-check-input" id="ovpn-userpw" name="sel1" value="userpw" data-toggle="" data-parent="#clientsettings" data-target="#UserPW" type="radio" checked>
+          <label class="form-check-label">User name and password</label>
       </div>
-      <div class="row">
-        <div class="form-group col-lg-12">
-          <label for="code"><?php echo _("Password"); ?></label>
-          <input type="password" class="form-control" name="authPassword" value="<?php echo htmlspecialchars($authPassword, ENT_QUOTES); ?>" />
-        </div>
+      <div class="col-sm-12 mt-2 mb-2 form-check">
+          <input class="form-check-input" id="ovpn-certs" name="sel1" value="certs" data-toggle="" data-parent="#clientsettings" data-target="#Certs" type="radio">
+          <label class="form-check-label">Certificates</label>
       </div>
-      <div class="row">
-        <div class="form-group col-lg-12">
-          <div class="custom-file">
-            <input type="file" class="custom-file-input" name="customFile" id="customFile">
-            <label class="custom-file-label" for="customFile"><?php echo _("Select OpenVPN configuration file (.ovpn)"); ?></label>
-          </div>
-        </div>
-      </div>
-    </div><!-- col-->
-    <div class="col-sm">
+      <div class="col-sm-12 ml-2">
+         <div class="panel-group" id="clientsettings">
+           <div class="panel panel-default panel-collapse" id="PanelUserPW" >
+             <div class="panel-heading">
+               <h5 class="panel-title">Enter username and password</h5>
+             </div>
+             <div class="panel-body">
+                <div class="form-group col-lg-12">
+                  <label for="code"><?php echo _("Username"); ?></label>
+                  <input type="text" class="form-control" name="authUser" value="<?php echo htmlspecialchars($authUser, ENT_QUOTES); ?>" />
+                </div>
+                <div class="form-group col-lg-12">
+                  <label for="code"><?php echo _("Password"); ?></label>
+                  <input type="password" class="form-control" name="authPassword" value="<?php echo htmlspecialchars($authPassword, ENT_QUOTES); ?>" />
+                </div>
+             </div>
+           </div> <!-- panel -->
+           <div class="panel panel-default panel-collapse collapse in" id="PanelCerts" >
+              <div class="panel-body">
+                    <h5 class="panel-title">Certificates in the configuration file</h5>
+                    <p> RaspAP does not support the import of the required cerficates. Please paste them into the configuration file
+                      <ul>
+                        <li>Signing certification authority (CA) certificate (e.g. <code>ca.crt</code>): enclosed in <code>&lt;ca> ... &lt;/ca></code> tags </li>
+                        <li>Client certificate (public key) (e.g. <code>client.crt</code>): enclosed in <code>&lt;cert> ... &lt;/cert></code> tags </li>
+                        <li>Private key of the client certificate (e.g. <code>client.key</code>): enclosed in <code>&lt;key> ... &lt;/key></code> tags </li>
+                      </ul>
+                    </p>
+              </div>
+           </div> <!-- panel -->
+         </div> <!-- panel-group -->
+      </div> <!-- col -->
+      <div class="col-sm-12 ">
+         <div class="form-group">
+            <h5 class="panel-title">Configuration File</h4>
+            <div class="custom-file">
+             <input type="file" class="custom-file-input" name="customFile" id="customFile">
+             <label class="custom-file-label" for="customFile"><?php echo _("Select OpenVPN configuration file (.ovpn)"); ?></label>
+           </div>
+         </div>
+      </div> <!-- col -->
+      </form> 
+    </div><!-- col-8 -->
+    <div class="col-sm-auto">
         <a href="https://go.nordvpn.net/aff_c?offer_id=15&aff_id=36402&url_id=902"><img src="app/img/no-trace-200x200.png" class="float-left mb-3 mt-3"></a>
     </div>
   </div><!-- /.row -->

From 72ae09461de61546e2b1d1f8bc3ebdc24b881296 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sat, 27 Mar 2021 11:22:26 +0100
Subject: [PATCH 141/300] Fix form

---
 templates/openvpn/general.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/templates/openvpn/general.php b/templates/openvpn/general.php
index 9494bf0c..7a33163d 100644
--- a/templates/openvpn/general.php
+++ b/templates/openvpn/general.php
@@ -8,7 +8,6 @@
             <div class="info-item"><?php echo htmlspecialchars($public_ip, ENT_QUOTES); ?><a class="text-gray-500" href="https://ipapi.co/<?php echo($public_ip); ?>" target="_blank" rel="noopener noreferrer"><i class="fas fa-external-link-alt ml-2"></i></a></div>
          </div>
       </div>
-      <form> 
       <h5><?php echo _("Authentification Method"); ?></h5>
       <div class="col-sm-12 mt-2 mb-2 form-check">
           <input class="form-check-input" id="ovpn-userpw" name="sel1" value="userpw" data-toggle="" data-parent="#clientsettings" data-target="#UserPW" type="radio" checked>
@@ -37,6 +36,9 @@
            </div> <!-- panel -->
            <div class="panel panel-default panel-collapse collapse in" id="PanelCerts" >
               <div class="panel-body">
+             <div class="panel-heading">
+               <h5 class="panel-title">Enter username and password</h5>
+             </div>
                     <h5 class="panel-title">Certificates in the configuration file</h5>
                     <p> RaspAP does not support the import of the required cerficates. Please paste them into the configuration file
                       <ul>
@@ -58,7 +60,6 @@
            </div>
          </div>
       </div> <!-- col -->
-      </form> 
     </div><!-- col-8 -->
     <div class="col-sm-auto">
         <a href="https://go.nordvpn.net/aff_c?offer_id=15&aff_id=36402&url_id=902"><img src="app/img/no-trace-200x200.png" class="float-left mb-3 mt-3"></a>

From 4f168dca46f988a3868371e507658f56f809e69c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 27 Mar 2021 13:10:33 +0000
Subject: [PATCH 142/300] Set repo with --insiders option

---
 installers/raspbian.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/installers/raspbian.sh b/installers/raspbian.sh
index 67a77c96..d056062c 100755
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@@ -183,6 +183,7 @@ function _display_welcome() {
 function _get_release() {
     readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
     if [ "$insiders" == 1 ]; then
+        repo="RaspAP/raspap-insiders"
         readonly RASPAP_INSIDERS_LATEST=$(curl -s "https://api.raspap.com/repos/RaspAP/raspap-insiders/releases/latest/" | grep -Po '"tag_name": "\K.*?(?=")' )
         readonly RASPAP_RELEASE="${RASPAP_INSIDERS_LATEST} Insiders"
     else

From 43043d48e4ec4ef5612b43fcbc7f68bcc073eddb Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 27 Mar 2021 14:38:03 +0000
Subject: [PATCH 143/300] Processed with phpcbf

---
 includes/get_clients.php | 411 +++++++++++++++++++++------------------
 1 file changed, 217 insertions(+), 194 deletions(-)

diff --git a/includes/get_clients.php b/includes/get_clients.php
index 1b3e124a..4c669f40 100644
--- a/includes/get_clients.php
+++ b/includes/get_clients.php
@@ -2,237 +2,260 @@
 
 require_once 'includes/functions.php';
 
-function getClients($simple=true) {
-    exec ('ifconfig -a | grep -oP "^(?!lo)(\w*)"',$rawdevs); // all devices except loopback
+function getClients($simple=true)
+{
+    exec('ifconfig -a | grep -oP "^(?!lo)(\w*)"', $rawdevs); // all devices except loopback
     $path=RASPI_CLIENT_SCRIPT_PATH;
     $cl=array();
     if(!empty($rawdevs) && is_array($rawdevs)) {
-      $cl["clients"]=count($rawdevs);
-      // search for possibly not connected modem 
-      exec("find /sys/bus/usb/devices/usb*/ -name dev ",$devtty); // search for ttyUSB
-      $devtty = preg_only_match("/(ttyUSB0)/",$devtty);
-      if( empty(preg_only_match("/(ppp)[0-9]/",$rawdevs))) {
-        if(!empty($devtty)) {
-          $rawdevs[]="ppp0";
-          exec("udevadm info --name='$devtty' 2> /dev/null");
+        $cl["clients"]=count($rawdevs);
+        // search for possibly not connected modem 
+        exec("find /sys/bus/usb/devices/usb*/ -name dev ", $devtty); // search for ttyUSB
+        $devtty = preg_only_match("/(ttyUSB0)/", $devtty);
+        if(empty(preg_only_match("/(ppp)[0-9]/", $rawdevs))) {
+            if(!empty($devtty)) {
+                $rawdevs[]="ppp0";
+                exec("udevadm info --name='$devtty' 2> /dev/null");
+            }
         }
-      }
-      foreach ($rawdevs as $i => $dev) {
-        $cl["device"][$i]["name"]=$dev;
-        if (preg_match("/^(\w+)[0-9]$/",$dev,$nam) === 1) $nam=$nam[1];
-        else $nam="none";
-        if (($n = array_search($nam,$_SESSION["net-device-name-prefix"])) === false) $n = count($_SESSION["net-device-types"])-1;
-        $ty = $_SESSION["net-device-types"][$n];
-        $cl["device"][$i]["type"]=$ty;
-        unset($udevinfo);
-        exec("udevadm info /sys/class/net/$dev 2> /dev/null",$udevinfo);
-        if ( $nam == "ppp" && isset($devtty))  exec("udevadm info --name='$devtty' 2> /dev/null", $udevinfo);
-        if(!empty($udevinfo) && is_array($udevinfo)) {
-          $model = preg_only_match("/ID_MODEL_ENC=(.*)$/",$udevinfo);
-          if(empty($model) || preg_match("/^[0-9a-f]{4}$/",$model) === 1) {
-             $model = preg_only_match("/ID_MODEL_FROM_DATABASE=(.*)$/",$udevinfo);
-          }
-          if(empty($model)) {
-             $model = preg_only_match("/ID_OUI_FROM_DATABASE=(.*)$/",$udevinfo);
-          }
-          $vendor = preg_only_match("/ID_VENDOR_ENC=(.*)$/",$udevinfo);
-          if(empty($vendor) || preg_match("/^[0-9a-f]{4}$/",$vendor) === 1) {
-             $vendor = preg_only_match("/ID_VENDOR_FROM_DATABASE=(.*)$/",$udevinfo);
-          }
-          $driver = preg_only_match("/ID_NET_DRIVER=(.*)$/",$udevinfo);
-          $vendorid = preg_only_match("/ID_VENDOR_ID=(.*)$/",$udevinfo);
-          $productid = preg_only_match("/ID_MODEL_ID=(.*)$/",$udevinfo);
-        }
-        $cl["device"][$i]["model"] = preg_replace("/\\\\x20/"," ",$model);
-        $cl["device"][$i]["vendor"] = preg_replace("/\\\\x20/"," ",$vendor);
-        $cl["device"][$i]["vid"] = $vendorid;
-        $cl["device"][$i]["pid"] = $productid;
-        unset($mac);
-        exec("cat /sys/class/net/$dev/address 2> /dev/null",$mac);
-        $cl["device"][$i]["mac"] = empty($mac) ? "":$mac[0];
-        unset($ip);
-        exec("ifconfig $dev 2> /dev/null",$ip);
-        $cl["device"][$i]["ipaddress"] =  preg_only_match("/.*inet ([0-9\.]+) .*/",$ip);
+        foreach ($rawdevs as $i => $dev) {
+            $cl["device"][$i]["name"]=$dev;
+            if (preg_match("/^(\w+)[0-9]$/", $dev, $nam) === 1) { $nam=$nam[1];
+            } else { $nam="none";
+            }
+            if (($n = array_search($nam, $_SESSION["net-device-name-prefix"])) === false) { $n = count($_SESSION["net-device-types"])-1;
+            }
+            $ty = $_SESSION["net-device-types"][$n];
+            $cl["device"][$i]["type"]=$ty;
+            unset($udevinfo);
+            exec("udevadm info /sys/class/net/$dev 2> /dev/null", $udevinfo);
+            if ($nam == "ppp" && isset($devtty)) {  exec("udevadm info --name='$devtty' 2> /dev/null", $udevinfo);
+            }
+            if(!empty($udevinfo) && is_array($udevinfo)) {
+                $model = preg_only_match("/ID_MODEL_ENC=(.*)$/", $udevinfo);
+                if(empty($model) || preg_match("/^[0-9a-f]{4}$/", $model) === 1) {
+                     $model = preg_only_match("/ID_MODEL_FROM_DATABASE=(.*)$/", $udevinfo);
+                }
+                if(empty($model)) {
+                    $model = preg_only_match("/ID_OUI_FROM_DATABASE=(.*)$/", $udevinfo);
+                }
+                $vendor = preg_only_match("/ID_VENDOR_ENC=(.*)$/", $udevinfo);
+                if(empty($vendor) || preg_match("/^[0-9a-f]{4}$/", $vendor) === 1) {
+                    $vendor = preg_only_match("/ID_VENDOR_FROM_DATABASE=(.*)$/", $udevinfo);
+                }
+                $driver = preg_only_match("/ID_NET_DRIVER=(.*)$/", $udevinfo);
+                $vendorid = preg_only_match("/ID_VENDOR_ID=(.*)$/", $udevinfo);
+                $productid = preg_only_match("/ID_MODEL_ID=(.*)$/", $udevinfo);
+            }
+            $cl["device"][$i]["model"] = preg_replace("/\\\\x20/", " ", $model);
+            $cl["device"][$i]["vendor"] = preg_replace("/\\\\x20/", " ", $vendor);
+            $cl["device"][$i]["vid"] = $vendorid;
+            $cl["device"][$i]["pid"] = $productid;
+            unset($mac);
+            exec("cat /sys/class/net/$dev/address 2> /dev/null", $mac);
+            $cl["device"][$i]["mac"] = empty($mac) ? "":$mac[0];
+            unset($ip);
+            exec("ifconfig $dev 2> /dev/null", $ip);
+            $cl["device"][$i]["ipaddress"] =  preg_only_match("/.*inet ([0-9\.]+) .*/", $ip);
 
-        switch($ty) {
-           case "eth":
-              unset($res);
-              exec("ip link show $dev 2> /dev/null | grep -oP ' UP '",$res);
-              if(empty($res) && empty($ipadd)) $cl["device"][$i]["connected"] = "n";
-              else $cl["device"][$i]["connected"] = "y";
-              break;
-           case "wlan":
-              unset($retiw);
-              exec("iwconfig $dev 2> /dev/null | sed -rn 's/.*(mode:master).*/1/ip'",$retiw);
-              $cl["device"][$i]["isAP"] = !empty($retiw);
-              unset($retiw);
-              exec("iw dev $dev link 2> /dev/null",$retiw);
-              if(!$simple && !empty($ssid=preg_only_match("/.*SSID: ([\w ]*).*/",$retiw)) ) {
-                 $cl["device"][$i]["connected"] = "y";
-                 $cl["device"][$i]["ssid"] = $ssid;
-                 $cl["device"][$i]["ap-mac"] = preg_only_match("/^Connected to ([0-9a-f\:]*).*$/",$retiw);
-                 $sig = preg_only_match("/.*signal: (.*)$/",$retiw);
-                 $val = preg_only_match("/^([0-9\.-]*).*$/",$sig);
-                 if (!is_numeric($val)) $val = -100;
-                 if( $val >= -50 ) $qual=100;
-                 else if( $val < -100) $qual=0;
-                 else $qual=round($val*2+200);
-                 $cl["device"][$i]["signal"] = "$sig (".$qual."%)";
-                 $cl["device"][$i]["bitrate"] = preg_only_match("/.*bitrate: ([0-9\.]* \w*\/s).*$/",$retiw);
-                 $cl["device"][$i]["freq"] = preg_only_match("/.*freq: (.*)$/",$retiw);
-                 $cl["device"][$i]["ap-mac"] = preg_only_match("/^Connected to ([0-9a-f\:]*).*$/",$retiw);
-              } else $cl["device"][$i]["connected"] = "n";
-              break;
-           case "ppp":
-              unset($res);
-              exec("ip link show $dev 2> /dev/null | grep -oP '( UP | UNKNOWN)'",$res);
-              if($simple) {
-                if(empty($res)) {
-                  $cl["device"][$i]["connected"] = "n";
-                  $cl["device"][$i]["signal"] =  "-100 dB (0%)";
-                } else {
-                  $cl["device"][$i]["connected"] = "y";
-                  $cl["device"][$i]["signal"] =  "-0 dB (0%)";
+            switch($ty) {
+            case "eth":
+                unset($res);
+                exec("ip link show $dev 2> /dev/null | grep -oP ' UP '", $res);
+                if(empty($res) && empty($ipadd)) { $cl["device"][$i]["connected"] = "n";
+                } else { $cl["device"][$i]["connected"] = "y";
                 }
                 break;
-              }
-              if(empty($res) && empty($ipadd)) $cl["device"][$i]["connected"] = "n";
-              else $cl["device"][$i]["connected"] = "y";
-              unset($res);
-              exec("$path/info_huawei.sh mode modem",$res);
-              $cl["device"][$i]["mode"] = $res[0];
-              unset($res);
-              exec("$path/info_huawei.sh device modem",$res);
-              if( $res[0] != "none" ) $cl["device"][$i]["model"] = $res[0];
-              unset($res);
-              exec("$path/info_huawei.sh signal modem",$res);
-              $cl["device"][$i]["signal"] = $res[0];
-              unset($res);
-              exec("$path/info_huawei.sh operator modem",$res);
-              $cl["device"][$i]["operator"] = $res[0];
-              break;
-           case "hilink":
-              unset($res);
-//              exec("ip link show $dev 2> /dev/null | grep -oP ' UP '",$res);
-              exec("ifconfig -a | grep -i $dev -A 1 | grep -oP '(?<=inet )([0-9]{1,3}\.){3}'",$apiadd);
-              $apiadd = !empty($apiadd) ? $apiadd[0]."1" : "";
-              unset($res);
-              exec("$path/info_huawei.sh mode hilink $apiadd",$res);
-              $cl["device"][$i]["mode"] = $res[0];
-              unset($res);
-              exec("$path/info_huawei.sh device hilink $apiadd",$res);
-              if( $res[0] != "none" ) $cl["device"][$i]["model"] = $res[0];
-              unset($res);
-              exec("$path/info_huawei.sh signal hilink $apiadd",$res);
-              $cl["device"][$i]["signal"] = $res[0];
-              unset($ipadd);
-              exec("$path/info_huawei.sh ipaddress hilink $apiadd",$ipadd);
-              if(!empty($ipadd) && $ipadd[0] !== "none" ) {
+            case "wlan":
+                unset($retiw);
+                exec("iwconfig $dev 2> /dev/null | sed -rn 's/.*(mode:master).*/1/ip'", $retiw);
+                $cl["device"][$i]["isAP"] = !empty($retiw);
+                unset($retiw);
+                exec("iw dev $dev link 2> /dev/null", $retiw);
+                if(!$simple && !empty($ssid=preg_only_match("/.*SSID: ([\w ]*).*/", $retiw)) ) {
+                    $cl["device"][$i]["connected"] = "y";
+                    $cl["device"][$i]["ssid"] = $ssid;
+                    $cl["device"][$i]["ap-mac"] = preg_only_match("/^Connected to ([0-9a-f\:]*).*$/", $retiw);
+                    $sig = preg_only_match("/.*signal: (.*)$/", $retiw);
+                    $val = preg_only_match("/^([0-9\.-]*).*$/", $sig);
+                    if (!is_numeric($val)) { $val = -100;
+                    }
+                    if($val >= -50 ) { $qual=100;
+                    } else if($val < -100) { $qual=0;
+                    } else { $qual=round($val*2+200);
+                    }
+                    $cl["device"][$i]["signal"] = "$sig (".$qual."%)";
+                    $cl["device"][$i]["bitrate"] = preg_only_match("/.*bitrate: ([0-9\.]* \w*\/s).*$/", $retiw);
+                    $cl["device"][$i]["freq"] = preg_only_match("/.*freq: (.*)$/", $retiw);
+                    $cl["device"][$i]["ap-mac"] = preg_only_match("/^Connected to ([0-9a-f\:]*).*$/", $retiw);
+                } else { $cl["device"][$i]["connected"] = "n";
+                }
+                break;
+            case "ppp":
+                unset($res);
+                exec("ip link show $dev 2> /dev/null | grep -oP '( UP | UNKNOWN)'", $res);
+                if($simple) {
+                    if(empty($res)) {
+                        $cl["device"][$i]["connected"] = "n";
+                        $cl["device"][$i]["signal"] =  "-100 dB (0%)";
+                    } else {
+                        $cl["device"][$i]["connected"] = "y";
+                        $cl["device"][$i]["signal"] =  "-0 dB (0%)";
+                    }
+                    break;
+                }
+                if(empty($res) && empty($ipadd)) { $cl["device"][$i]["connected"] = "n";
+                } else { $cl["device"][$i]["connected"] = "y";
+                }
+                unset($res);
+                exec("$path/info_huawei.sh mode modem", $res);
+                $cl["device"][$i]["mode"] = $res[0];
+                unset($res);
+                exec("$path/info_huawei.sh device modem", $res);
+                if($res[0] != "none" ) { $cl["device"][$i]["model"] = $res[0];
+                }
+                unset($res);
+                exec("$path/info_huawei.sh signal modem", $res);
+                $cl["device"][$i]["signal"] = $res[0];
+                unset($res);
+                exec("$path/info_huawei.sh operator modem", $res);
+                $cl["device"][$i]["operator"] = $res[0];
+                break;
+            case "hilink":
+                unset($res);
+                //              exec("ip link show $dev 2> /dev/null | grep -oP ' UP '",$res);
+                exec("ifconfig -a | grep -i $dev -A 1 | grep -oP '(?<=inet )([0-9]{1,3}\.){3}'", $apiadd);
+                $apiadd = !empty($apiadd) ? $apiadd[0]."1" : "";
+                unset($res);
+                exec("$path/info_huawei.sh mode hilink $apiadd", $res);
+                $cl["device"][$i]["mode"] = $res[0];
+                unset($res);
+                exec("$path/info_huawei.sh device hilink $apiadd", $res);
+                if($res[0] != "none" ) { $cl["device"][$i]["model"] = $res[0];
+                }
+                unset($res);
+                exec("$path/info_huawei.sh signal hilink $apiadd", $res);
+                $cl["device"][$i]["signal"] = $res[0];
+                unset($ipadd);
+                exec("$path/info_huawei.sh ipaddress hilink $apiadd", $ipadd);
+                if(!empty($ipadd) && $ipadd[0] !== "none" ) {
+                    $cl["device"][$i]["connected"] = "y";
+                    $cl["device"][$i]["wan_ip"] = $ipadd[0];
+                }
+                else  {
+                    $cl["device"][$i]["connected"] = "n";
+                    $cl["device"][$i]["wan_ip"] = "-";
+                }
+                unset($res);
+                exec("$path/info_huawei.sh operator hilink $apiadd", $res);
+                $cl["device"][$i]["operator"] = $res[0];
+                break;
+            case "phone":
+            case "usb":
                 $cl["device"][$i]["connected"] = "y";
-                $cl["device"][$i]["wan_ip"] = $ipadd[0];
-              }
-              else  {
-                $cl["device"][$i]["connected"] = "n";
-                $cl["device"][$i]["wan_ip"] = "-";
-              }
-              unset($res);
-              exec("$path/info_huawei.sh operator hilink $apiadd",$res);
-              $cl["device"][$i]["operator"] = $res[0];
-              break;
-           case "phone":
-           case "usb":
-              $cl["device"][$i]["connected"] = "y";
-              break;
-           default:
+                break;
+            default:
+            }
+            if (!isset($cl["device"][$i]["signal"])) {
+                $cl["device"][$i]["signal"]= $cl["device"][$i]["connected"] == "n" ? "-100 dB (0%)": "0 dB (100%)";;
+            }
+            if (!isset($cl["device"][$i]["isAP"])) { $cl["device"][$i]["isAP"]=false;
+            }
         }
-        if (!isset($cl["device"][$i]["signal"])){
-           $cl["device"][$i]["signal"]= $cl["device"][$i]["connected"] == "n" ? "-100 dB (0%)": "0 dB (100%)";;
-        }
-        if (!isset($cl["device"][$i]["isAP"])) $cl["device"][$i]["isAP"]=false;
-      }
     }
     return $cl;
 }
 
-function load_client_config() {
-// load network device config file for UDEV rules into $_SESSION
+function load_client_config()
+{
+    // load network device config file for UDEV rules into $_SESSION
     if(true) {
-//    if(!isset($_SESSION["udevrules"])) {
-      $_SESSION["net-device-types"]=array();
-      $_SESSION["net-device-name-prefix"]=array();
-      try {
-          $udevrules = file_get_contents(RASPI_CLIENT_CONFIG_PATH);
-          $_SESSION["udevrules"] = json_decode($udevrules, true);
-          // get device types
-          foreach ($_SESSION["udevrules"]["network_devices"] as $dev) {
-             $_SESSION["net-device-name-prefix"][]=$dev["name_prefix"];
-             $_SESSION["net-device-types"][]=$dev["type"];
-             $_SESSION["net-device-types-info"][]=$dev["type_info"];
-          }
-      } catch (Exception $e) {
-          $_SESSION["udevrules"]= NULL;
-      }
-      $_SESSION["net-device-types"][]="none";
-      $_SESSION["net-device-types-info"][]="unknown";
-      $_SESSION["net-device-name-prefix"][]="none";
+        //    if(!isset($_SESSION["udevrules"])) {
+        $_SESSION["net-device-types"]=array();
+        $_SESSION["net-device-name-prefix"]=array();
+        try {
+            $udevrules = file_get_contents(RASPI_CLIENT_CONFIG_PATH);
+            $_SESSION["udevrules"] = json_decode($udevrules, true);
+            // get device types
+            foreach ($_SESSION["udevrules"]["network_devices"] as $dev) {
+                $_SESSION["net-device-name-prefix"][]=$dev["name_prefix"];
+                $_SESSION["net-device-types"][]=$dev["type"];
+                $_SESSION["net-device-types-info"][]=$dev["type_info"];
+            }
+        } catch (Exception $e) {
+            $_SESSION["udevrules"]= null;
+        }
+        $_SESSION["net-device-types"][]="none";
+        $_SESSION["net-device-types-info"][]="unknown";
+        $_SESSION["net-device-name-prefix"][]="none";
     }
 }
 
-function findCurrentClientIndex($clients) {
+function findCurrentClientIndex($clients)
+{
     $devid = -1;
     if(!empty($clients)) {
         $ncl=$clients["clients"];
         if($ncl > 0) {
             $ty=-1;
             foreach($clients["device"] as $i => $dev) {
-               if(($id=array_search($dev["type"],$_SESSION["net-device-types"])) > $ty && !$dev["isAP"]) {
-                 $ty=$id;
-                 $devid=$i;
-               }
+                if(($id=array_search($dev["type"], $_SESSION["net-device-types"])) > $ty && !$dev["isAP"]) {
+                    $ty=$id;
+                    $devid=$i;
+                }
             }
         }
     }
     return $devid;
 }
 
-function waitClientConnected($dev, $timeout=10) {
+function waitClientConnected($dev, $timeout=10)
+{
     do {
-        exec('ifconfig -a | grep -i '.$dev.' -A 1 | grep -oP "(?<=inet )([0-9]{1,3}\.){3}[0-9]{1,3}"',$res);
+        exec('ifconfig -a | grep -i '.$dev.' -A 1 | grep -oP "(?<=inet )([0-9]{1,3}\.){3}[0-9]{1,3}"', $res);
         $connected= !empty($res);
-        if(!$connected) sleep(1);
+        if(!$connected) { sleep(1);
+        }
     } while(!$connected && --$timeout > 0);
     return $connected;
 }
 
-function setClientState($state) {
+function setClientState($state)
+{
     $clients=getClients();
-    if ( ($idx = findCurrentClientIndex($clients)) >= 0) {
+    if (($idx = findCurrentClientIndex($clients)) >= 0) {
         $dev = $clients["device"][$idx];
-        exec('ifconfig -a | grep -i '.$dev["name"].' -A 1 | grep -oP "(?<=inet )([0-9]{1,3}\.){3}[0-9]{1,3}"',$res);
-        if ( !empty($res)) $connected=$res[0];
-        switch($dev["type"]) {
-            case "wlan":
-                if($state =="up") exec('sudo ip link set '.$dev["name"].' up');
-                if(!empty($connected) && $state =="down") exec('sudo ip link set '.$dev["name"].' down');
-                break;
-            case "hilink":
-                preg_match("/^([0-9]{1,3}\.){3}/",$connected,$ipadd);
-                $ipadd = $ipadd[0].'1'; // ip address of the Hilink api
-                $mode = ($state == "up") ? 1 : 0;
-				$pin="";
-                if (file_exists(($f = RASPI_CONFIG."/networking/mobiledata.ini"))) {
-                    $dat = parse_ini_file($f);
-                    $pin = (isset($dat["pin"]) && preg_match("/^[0-9]*$/",$dat["pin"])) ? $dat["pin"] : "";
-                }
-                exec('sudo '.RASPI_CLIENT_SCRIPT_PATH.'/onoff_huawei_hilink.sh -c '.$mode.' -h '.$ipadd.' -p '.$pin);
-                break;
-            case "ppp":
-                if($state == "up") exec('sudo ifup '.$dev["name"]);
-                if(!empty($connected) && $state == "down") exec('sudo ifdown '.$dev["name"]);
-                break;
-            default:
-                break;
+        exec('ifconfig -a | grep -i '.$dev["name"].' -A 1 | grep -oP "(?<=inet )([0-9]{1,3}\.){3}[0-9]{1,3}"', $res);
+        if (!empty($res)) { $connected=$res[0];
+        }
+        switch($dev["type"]) {
+        case "wlan":
+            if($state =="up") { exec('sudo ip link set '.$dev["name"].' up');
+            }
+            if(!empty($connected) && $state =="down") { exec('sudo ip link set '.$dev["name"].' down');
+            }
+            break;
+        case "hilink":
+            preg_match("/^([0-9]{1,3}\.){3}/", $connected, $ipadd);
+            $ipadd = $ipadd[0].'1'; // ip address of the Hilink api
+            $mode = ($state == "up") ? 1 : 0;
+            $pin="";
+            if (file_exists(($f = RASPI_CONFIG."/networking/mobiledata.ini"))) {
+                $dat = parse_ini_file($f);
+                $pin = (isset($dat["pin"]) && preg_match("/^[0-9]*$/", $dat["pin"])) ? $dat["pin"] : "";
+            }
+            exec('sudo '.RASPI_CLIENT_SCRIPT_PATH.'/onoff_huawei_hilink.sh -c '.$mode.' -h '.$ipadd.' -p '.$pin);
+            break;
+        case "ppp":
+            if($state == "up") { exec('sudo ifup '.$dev["name"]);
+            }
+            if(!empty($connected) && $state == "down") { exec('sudo ifdown '.$dev["name"]);
+            }
+            break;
+        default:
+            break;
+        }
+        if($state=="up") { waitClientConnected($dev["name"], 15);
         }
-        if($state=="up") waitClientConnected($dev["name"],15);
     }
 }

From 5b9d4ca8143fb691a560fb36c6e97bb031437c96 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sat, 27 Mar 2021 17:43:15 +0100
Subject: [PATCH 144/300] Add unconfigured client state to dashboard.php Add
 tun device as client_udev_prototypes.json

---
 app/js/custom.js                   | 5 +++++
 config/client_udev_prototypes.json | 7 +++++++
 includes/dashboard.php             | 3 ++-
 includes/get_clients.php           | 7 ++++---
 templates/dashboard.php            | 6 +++---
 templates/networking.php           | 4 ++--
 6 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index 571e6404..f3627528 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -300,6 +300,11 @@ $('#ovpn-confirm-activate').on('shown.bs.modal', function (e) {
     $('.btn-activate', this).data('recordId', data.recordId);
 });
 
+// Add the following code if you want the name of the file appear on select
+$(".custom-file-input").on("change", function() {
+  var fileName = $(this).val().split("\\").pop();
+  $(this).siblings(".custom-file-label").addClass("selected").html(fileName);
+});
 
 /*
 Sets the wirelss channel select options based on hw_mode and country_code.
diff --git a/config/client_udev_prototypes.json b/config/client_udev_prototypes.json
index 9cbf32a8..fe4f5249 100644
--- a/config/client_udev_prototypes.json
+++ b/config/client_udev_prototypes.json
@@ -51,6 +51,13 @@
      "comment": "ethernet access provided by tethering from phone via USB",
      "name_prefix": "phone",
      "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\" "
+    },
+	{
+     "type": "tun", 
+     "type_info": "tunnel device", 
+     "clientid": -1,
+     "comment": "tunneling device used by OpenVPN",
+     "name_prefix": "tun",
     }
   ]
 }
diff --git a/includes/dashboard.php b/includes/dashboard.php
index 0fd6a8a1..d2f06ee9 100755
--- a/includes/dashboard.php
+++ b/includes/dashboard.php
@@ -173,7 +173,8 @@ function DisplayDashboard(&$extraFooterScripts)
             break;
         default: 
             $client_title = "No information for client available";
-            $type_name = "No Client";
+            $type_name = "Not configured";
+			$ifaceStatus = "warn";
     }
 
     echo renderTemplate(
diff --git a/includes/get_clients.php b/includes/get_clients.php
index 4c669f40..b30358ff 100644
--- a/includes/get_clients.php
+++ b/includes/get_clients.php
@@ -198,9 +198,10 @@ function findCurrentClientIndex($clients)
         $ncl=$clients["clients"];
         if($ncl > 0) {
             $ty=-1;
-            foreach($clients["device"] as $i => $dev) {
-                if(($id=array_search($dev["type"], $_SESSION["net-device-types"])) > $ty && !$dev["isAP"]) {
-                    $ty=$id;
+            foreach($clients["device"] as $i => $dev) {               
+				$id=array_search($dev["type"],$_SESSION["net-device-types"]);
+				if($id >=0 && $_SESSION["udevrules"]["network_devices"][$id]["clientid"] > $ty && !$dev["isAP"]) {
+					$ty=$id;
                     $devid=$i;
                 }
             }
diff --git a/templates/dashboard.php b/templates/dashboard.php
index acadda95..ca2db13f 100755
--- a/templates/dashboard.php
+++ b/templates/dashboard.php
@@ -9,7 +9,7 @@
           <div class="col">
             <button class="btn btn-light btn-icon-split btn-sm service-status float-right">
               <span class="icon"><i class="fas fa-circle service-status-<?php echo $ifaceStatus ?>"></i></span>
-              <span class="text service-status"><?php echo $type_name .' '. _($ifaceStatus) ?></span>
+              <span class="text service-status"><?php echo $type_name . ($ifaceStatus!="warn") echo ' '. _($ifaceStatus) ?></span>
             </button>
           </div>
         </div><!-- /.row -->
@@ -66,7 +66,7 @@
                       <div class="info-item"><?php echo _("Device"); ?></div><div><?php  $valEcho($clientinfo,"vendor")." ".$valEcho($clientinfo,"model"); ?></div>
                       <div class="info-item"><?php echo _("IP Address"); ?></div><div><?php echo  $valEcho($clientinfo,"ipaddress"); ?></div>
                     <?php else : // NO CLIENT ?>
-                      <div class="info-item"><?php echo _("No Client device found"); ?></div>
+                      <div class="info-item"><?php echo _("No Client foudn or client is not unconfigured yet"); ?></div>
                     <?php endif; ?>
                   </div>
                   <div class="col-md mt-2 d-flex justify-content-center">
@@ -139,7 +139,7 @@
                 <?php if (!RASPI_MONITOR_ENABLED) : ?>
                     <?php if ($ifaceStatus == "down") : ?>
                     <input type="submit" class="btn btn-success" value="<?php echo _("Start").' '.$type_name ?>" name="ifup_wlan0" data-toggle="modal" data-target="#switchClientModal"/>
-                    <?php else : ?>
+                    <?php elseif ($ifaceStatus == "up") : ?>
                     <input type="submit" class="btn btn-warning" value="<?php echo _("Stop").' '.$type_name ?>"  name="ifdown_wlan0" data-toggle="modal" data-target="#switchClientModal"/>
                     <?php endif ?>
                 <?php endif ?>
diff --git a/templates/networking.php b/templates/networking.php
index 0bcf5c54..9b93f08d 100755
--- a/templates/networking.php
+++ b/templates/networking.php
@@ -135,12 +135,12 @@
                                       if(!empty($devname)) $devname=$devname[0];
                                    }
                                    if(empty($devname)) $devname="";
-                                   $isStatic = $isStatic || $dev["type"] === "ppp";
+                                   $isStatic = $isStatic || in_array($dev["type"],array("ppp","tun"));
                                    $txtdisabled=$isStatic ? "disabled":"";
                                    echo '<td><select '.$txtdisabled.' class="selectpicker" id="int-new-type-'.$dev["name"].'">';
                                    foreach($_SESSION["net-device-types"] as $i => $type) {
                                      $txt=$_SESSION["net-device-types-info"][$i];
-                                     $txtdisabled =  $type == "ppp" ? "disabled":"";
+                                     $txtdisabled =   in_array($type,array("ppp","tun")) ? "disabled":"";
                                      if(preg_match("/^".$_SESSION["net-device-name-prefix"][$i]."[0-9]*$/",$dev["name"])===1) echo '<option '.$txtdisabled.' selected value="'.$type.'">'.$txt.'</option>';
                                      else echo '<option '.$txtdisabled.' value="'.$type.'">'.$txt.'</option>';
                                    }

From f583a3eeae874c3e91ad9c69c0f67394cf0e0134 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sat, 27 Mar 2021 18:00:40 +0100
Subject: [PATCH 145/300] modified text in case of unconfigured client

---
 includes/dashboard.php  | 2 +-
 templates/dashboard.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/dashboard.php b/includes/dashboard.php
index d2f06ee9..8b608f77 100755
--- a/includes/dashboard.php
+++ b/includes/dashboard.php
@@ -172,7 +172,7 @@ function DisplayDashboard(&$extraFooterScripts)
             $type_name = "Mobile Data";
             break;
         default: 
-            $client_title = "No information for client available";
+            $client_title = "No information available";
             $type_name = "Not configured";
 			$ifaceStatus = "warn";
     }
diff --git a/templates/dashboard.php b/templates/dashboard.php
index ca2db13f..5d4c7716 100755
--- a/templates/dashboard.php
+++ b/templates/dashboard.php
@@ -66,7 +66,7 @@
                       <div class="info-item"><?php echo _("Device"); ?></div><div><?php  $valEcho($clientinfo,"vendor")." ".$valEcho($clientinfo,"model"); ?></div>
                       <div class="info-item"><?php echo _("IP Address"); ?></div><div><?php echo  $valEcho($clientinfo,"ipaddress"); ?></div>
                     <?php else : // NO CLIENT ?>
-                      <div class="info-item"><?php echo _("No Client foudn or client is not unconfigured yet"); ?></div>
+                      <div class="info-item"><?php echo _("No Client found or client is not yet configured"); ?></div>
                     <?php endif; ?>
                   </div>
                   <div class="col-md mt-2 d-flex justify-content-center">

From 34f46007bd6cc4aa68048ba9eccfa235f25cd757 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sat, 27 Mar 2021 18:39:42 +0100
Subject: [PATCH 146/300] fix coding standard violations

---
 config/client_config/switchClientState.sh |   2 +-
 includes/dashboard.php                    |   2 +-
 includes/get_clients.php                  | 113 +++++++++++++---------
 includes/networking.php                   |   2 +-
 4 files changed, 70 insertions(+), 49 deletions(-)

diff --git a/config/client_config/switchClientState.sh b/config/client_config/switchClientState.sh
index 544fe30a..4d8abbf2 100644
--- a/config/client_config/switchClientState.sh
+++ b/config/client_config/switchClientState.sh
@@ -26,7 +26,7 @@ php << _EOF_
 require_once("includes/config.php");
 require_once("includes/get_clients.php");
 
- load_client_config();
+ loadClientConfig();
  setClientState("$state");
 ?>
 _EOF_
diff --git a/includes/dashboard.php b/includes/dashboard.php
index 8b608f77..7bfbeef5 100755
--- a/includes/dashboard.php
+++ b/includes/dashboard.php
@@ -113,7 +113,7 @@ function DisplayDashboard(&$extraFooterScripts)
     // ------------------------ INFOS ABOUT THE CLIENT---------------------------------------------------------------
     $clientinfo=array("name"=>"none","type"=>-1,"connected"=>"n");
     $raspi_client=$_SESSION['wifi_client_interface'];
-    load_client_config();
+    loadClientConfig();
     $all_clients = getClients(false);
     $clientinfo = array("name" => "none", "connected" => "n");
     if ( ($idx = findCurrentClientIndex($all_clients)) >= 0) $clientinfo = $all_clients["device"][$idx];
diff --git a/includes/get_clients.php b/includes/get_clients.php
index b30358ff..0fd70e83 100644
--- a/includes/get_clients.php
+++ b/includes/get_clients.php
@@ -7,40 +7,44 @@ function getClients($simple=true)
     exec('ifconfig -a | grep -oP "^(?!lo)(\w*)"', $rawdevs); // all devices except loopback
     $path=RASPI_CLIENT_SCRIPT_PATH;
     $cl=array();
-    if(!empty($rawdevs) && is_array($rawdevs)) {
+    if (!empty($rawdevs) && is_array($rawdevs)) {
         $cl["clients"]=count($rawdevs);
         // search for possibly not connected modem 
         exec("find /sys/bus/usb/devices/usb*/ -name dev ", $devtty); // search for ttyUSB
         $devtty = preg_only_match("/(ttyUSB0)/", $devtty);
-        if(empty(preg_only_match("/(ppp)[0-9]/", $rawdevs))) {
-            if(!empty($devtty)) {
+        if (empty(preg_only_match("/(ppp)[0-9]/", $rawdevs))) {
+            if (!empty($devtty)) {
                 $rawdevs[]="ppp0";
                 exec("udevadm info --name='$devtty' 2> /dev/null");
             }
         }
         foreach ($rawdevs as $i => $dev) {
             $cl["device"][$i]["name"]=$dev;
-            if (preg_match("/^(\w+)[0-9]$/", $dev, $nam) === 1) { $nam=$nam[1];
-            } else { $nam="none";
+            if (preg_match("/^(\w+)[0-9]$/", $dev, $nam) === 1) {
+                $nam=$nam[1];
+            } else {
+                $nam="none";
             }
-            if (($n = array_search($nam, $_SESSION["net-device-name-prefix"])) === false) { $n = count($_SESSION["net-device-types"])-1;
+            if (($n = array_search($nam, $_SESSION["net-device-name-prefix"])) === false) {
+                $n = count($_SESSION["net-device-types"])-1;
             }
             $ty = $_SESSION["net-device-types"][$n];
             $cl["device"][$i]["type"]=$ty;
             unset($udevinfo);
             exec("udevadm info /sys/class/net/$dev 2> /dev/null", $udevinfo);
-            if ($nam == "ppp" && isset($devtty)) {  exec("udevadm info --name='$devtty' 2> /dev/null", $udevinfo);
+            if ($nam == "ppp" && isset($devtty)) {
+                exec("udevadm info --name='$devtty' 2> /dev/null", $udevinfo);
             }
-            if(!empty($udevinfo) && is_array($udevinfo)) {
+            if (!empty($udevinfo) && is_array($udevinfo)) {
                 $model = preg_only_match("/ID_MODEL_ENC=(.*)$/", $udevinfo);
-                if(empty($model) || preg_match("/^[0-9a-f]{4}$/", $model) === 1) {
+                if (empty($model) || preg_match("/^[0-9a-f]{4}$/", $model) === 1) {
                      $model = preg_only_match("/ID_MODEL_FROM_DATABASE=(.*)$/", $udevinfo);
                 }
-                if(empty($model)) {
+                if (empty($model)) {
                     $model = preg_only_match("/ID_OUI_FROM_DATABASE=(.*)$/", $udevinfo);
                 }
                 $vendor = preg_only_match("/ID_VENDOR_ENC=(.*)$/", $udevinfo);
-                if(empty($vendor) || preg_match("/^[0-9a-f]{4}$/", $vendor) === 1) {
+                if (empty($vendor) || preg_match("/^[0-9a-f]{4}$/", $vendor) === 1) {
                     $vendor = preg_only_match("/ID_VENDOR_FROM_DATABASE=(.*)$/", $udevinfo);
                 }
                 $driver = preg_only_match("/ID_NET_DRIVER=(.*)$/", $udevinfo);
@@ -62,8 +66,10 @@ function getClients($simple=true)
             case "eth":
                 unset($res);
                 exec("ip link show $dev 2> /dev/null | grep -oP ' UP '", $res);
-                if(empty($res) && empty($ipadd)) { $cl["device"][$i]["connected"] = "n";
-                } else { $cl["device"][$i]["connected"] = "y";
+                if (empty($res) && empty($ipadd)) {
+                    $cl["device"][$i]["connected"] = "n";
+                } else {
+                    $cl["device"][$i]["connected"] = "y";
                 }
                 break;
             case "wlan":
@@ -72,30 +78,35 @@ function getClients($simple=true)
                 $cl["device"][$i]["isAP"] = !empty($retiw);
                 unset($retiw);
                 exec("iw dev $dev link 2> /dev/null", $retiw);
-                if(!$simple && !empty($ssid=preg_only_match("/.*SSID: ([\w ]*).*/", $retiw)) ) {
+                if (!$simple && !empty($ssid=preg_only_match("/.*SSID: ([\w ]*).*/", $retiw)) ) {
                     $cl["device"][$i]["connected"] = "y";
                     $cl["device"][$i]["ssid"] = $ssid;
                     $cl["device"][$i]["ap-mac"] = preg_only_match("/^Connected to ([0-9a-f\:]*).*$/", $retiw);
                     $sig = preg_only_match("/.*signal: (.*)$/", $retiw);
                     $val = preg_only_match("/^([0-9\.-]*).*$/", $sig);
-                    if (!is_numeric($val)) { $val = -100;
+                    if (!is_numeric($val)) {
+                        $val = -100;
                     }
-                    if($val >= -50 ) { $qual=100;
-                    } else if($val < -100) { $qual=0;
-                    } else { $qual=round($val*2+200);
+                    if ($val >= -50 ) {
+                        $qual=100;
+                    } else if ($val < -100) {
+                        $qual=0;
+                    } else {
+                        $qual=round($val*2+200);
                     }
                     $cl["device"][$i]["signal"] = "$sig (".$qual."%)";
                     $cl["device"][$i]["bitrate"] = preg_only_match("/.*bitrate: ([0-9\.]* \w*\/s).*$/", $retiw);
                     $cl["device"][$i]["freq"] = preg_only_match("/.*freq: (.*)$/", $retiw);
                     $cl["device"][$i]["ap-mac"] = preg_only_match("/^Connected to ([0-9a-f\:]*).*$/", $retiw);
-                } else { $cl["device"][$i]["connected"] = "n";
+                } else {
+                    $cl["device"][$i]["connected"] = "n";
                 }
                 break;
             case "ppp":
                 unset($res);
                 exec("ip link show $dev 2> /dev/null | grep -oP '( UP | UNKNOWN)'", $res);
-                if($simple) {
-                    if(empty($res)) {
+                if ($simple) {
+                    if (empty($res)) {
                         $cl["device"][$i]["connected"] = "n";
                         $cl["device"][$i]["signal"] =  "-100 dB (0%)";
                     } else {
@@ -104,15 +115,18 @@ function getClients($simple=true)
                     }
                     break;
                 }
-                if(empty($res) && empty($ipadd)) { $cl["device"][$i]["connected"] = "n";
-                } else { $cl["device"][$i]["connected"] = "y";
+                if (empty($res) && empty($ipadd)) {
+                    $cl["device"][$i]["connected"] = "n";
+                } else {
+                    $cl["device"][$i]["connected"] = "y";
                 }
                 unset($res);
                 exec("$path/info_huawei.sh mode modem", $res);
                 $cl["device"][$i]["mode"] = $res[0];
                 unset($res);
                 exec("$path/info_huawei.sh device modem", $res);
-                if($res[0] != "none" ) { $cl["device"][$i]["model"] = $res[0];
+                if ($res[0] != "none" ) {
+                    $cl["device"][$i]["model"] = $res[0];
                 }
                 unset($res);
                 exec("$path/info_huawei.sh signal modem", $res);
@@ -131,18 +145,18 @@ function getClients($simple=true)
                 $cl["device"][$i]["mode"] = $res[0];
                 unset($res);
                 exec("$path/info_huawei.sh device hilink $apiadd", $res);
-                if($res[0] != "none" ) { $cl["device"][$i]["model"] = $res[0];
+                if ($res[0] != "none" ) {
+                    $cl["device"][$i]["model"] = $res[0];
                 }
                 unset($res);
                 exec("$path/info_huawei.sh signal hilink $apiadd", $res);
                 $cl["device"][$i]["signal"] = $res[0];
                 unset($ipadd);
                 exec("$path/info_huawei.sh ipaddress hilink $apiadd", $ipadd);
-                if(!empty($ipadd) && $ipadd[0] !== "none" ) {
+                if (!empty($ipadd) && $ipadd[0] !== "none" ) {
                     $cl["device"][$i]["connected"] = "y";
                     $cl["device"][$i]["wan_ip"] = $ipadd[0];
-                }
-                else  {
+                } else {
                     $cl["device"][$i]["connected"] = "n";
                     $cl["device"][$i]["wan_ip"] = "-";
                 }
@@ -159,18 +173,18 @@ function getClients($simple=true)
             if (!isset($cl["device"][$i]["signal"])) {
                 $cl["device"][$i]["signal"]= $cl["device"][$i]["connected"] == "n" ? "-100 dB (0%)": "0 dB (100%)";;
             }
-            if (!isset($cl["device"][$i]["isAP"])) { $cl["device"][$i]["isAP"]=false;
+            if (!isset($cl["device"][$i]["isAP"])) {
+                $cl["device"][$i]["isAP"]=false;
             }
         }
     }
     return $cl;
 }
 
-function load_client_config()
+function loadClientConfig()
 {
     // load network device config file for UDEV rules into $_SESSION
-    if(true) {
-        //    if(!isset($_SESSION["udevrules"])) {
+    if (!isset($_SESSION["udevrules"])) {
         $_SESSION["net-device-types"]=array();
         $_SESSION["net-device-name-prefix"]=array();
         try {
@@ -194,14 +208,14 @@ function load_client_config()
 function findCurrentClientIndex($clients)
 {
     $devid = -1;
-    if(!empty($clients)) {
+    if (!empty($clients)) {
         $ncl=$clients["clients"];
-        if($ncl > 0) {
+        if ($ncl > 0) {
             $ty=-1;
-            foreach($clients["device"] as $i => $dev) {               
-				$id=array_search($dev["type"],$_SESSION["net-device-types"]);
-				if($id >=0 && $_SESSION["udevrules"]["network_devices"][$id]["clientid"] > $ty && !$dev["isAP"]) {
-					$ty=$id;
+            foreach ($clients["device"] as $i => $dev) {               
+                $id=array_search($dev["type"], $_SESSION["net-device-types"]);
+                if ($id >=0 && $_SESSION["udevrules"]["network_devices"][$id]["clientid"] > $ty && !$dev["isAP"]) {
+                    $ty=$id;
                     $devid=$i;
                 }
             }
@@ -215,9 +229,10 @@ function waitClientConnected($dev, $timeout=10)
     do {
         exec('ifconfig -a | grep -i '.$dev.' -A 1 | grep -oP "(?<=inet )([0-9]{1,3}\.){3}[0-9]{1,3}"', $res);
         $connected= !empty($res);
-        if(!$connected) { sleep(1);
+        if (!$connected) {
+            sleep(1);
         }
-    } while(!$connected && --$timeout > 0);
+    } while (!$connected && --$timeout > 0);
     return $connected;
 }
 
@@ -227,13 +242,16 @@ function setClientState($state)
     if (($idx = findCurrentClientIndex($clients)) >= 0) {
         $dev = $clients["device"][$idx];
         exec('ifconfig -a | grep -i '.$dev["name"].' -A 1 | grep -oP "(?<=inet )([0-9]{1,3}\.){3}[0-9]{1,3}"', $res);
-        if (!empty($res)) { $connected=$res[0];
+        if (!empty($res)) {
+            $connected=$res[0];
         }
         switch($dev["type"]) {
         case "wlan":
-            if($state =="up") { exec('sudo ip link set '.$dev["name"].' up');
+            if ($state =="up") {
+                exec('sudo ip link set '.$dev["name"].' up');
             }
-            if(!empty($connected) && $state =="down") { exec('sudo ip link set '.$dev["name"].' down');
+            if (!empty($connected) && $state =="down") {
+                exec('sudo ip link set '.$dev["name"].' down');
             }
             break;
         case "hilink":
@@ -248,15 +266,18 @@ function setClientState($state)
             exec('sudo '.RASPI_CLIENT_SCRIPT_PATH.'/onoff_huawei_hilink.sh -c '.$mode.' -h '.$ipadd.' -p '.$pin);
             break;
         case "ppp":
-            if($state == "up") { exec('sudo ifup '.$dev["name"]);
+            if ($state == "up") {
+                exec('sudo ifup '.$dev["name"]);
             }
-            if(!empty($connected) && $state == "down") { exec('sudo ifdown '.$dev["name"]);
+            if (!empty($connected) && $state == "down") {
+                exec('sudo ifdown '.$dev["name"]);
             }
             break;
         default:
             break;
         }
-        if($state=="up") { waitClientConnected($dev["name"], 15);
+        if ($state=="up") {
+            waitClientConnected($dev["name"], 15);
         }
     }
 }
diff --git a/includes/networking.php b/includes/networking.php
index a2874f22..1cb93f0e 100755
--- a/includes/networking.php
+++ b/includes/networking.php
@@ -22,7 +22,7 @@ function DisplayNetworkingConfig()
     foreach ($interfaces as $interface) {
         exec("ip a show $interface", $$interface);
     }
-    load_client_config();
+    loadClientConfig();
     $clients=getClients();
     echo renderTemplate("networking", compact(
         "status",

From c6597b27c91dbe6246128a8c7864b308e6ac8a6e Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 27 Mar 2021 19:33:35 +0000
Subject: [PATCH 147/300] Use dynamic navbar logo

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 065dd2c5..60c6088b 100755
--- a/index.php
+++ b/index.php
@@ -119,7 +119,7 @@ $bridgedEnabled = getBridgedState();
         <hr class="sidebar-divider my-0">
         <div class="row">
           <div class="col-xs ml-3 sidebar-brand-icon">
-            <img src="app/img/raspAP-logo.png" class="navbar-logo" width="64" height="64">
+            <img src="app/img/raspAP-logo.php" class="navbar-logo" width="64" height="64">
           </div>
           <div class="col-xs ml-2">
             <div class="ml-1">Status</div>

From 20ef52de578dcebfab35696ea6d8d1266be6342d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 27 Mar 2021 19:34:11 +0000
Subject: [PATCH 148/300] Bugfix: syntax error (echo)

---
 templates/dashboard.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/dashboard.php b/templates/dashboard.php
index 5d4c7716..5c55135b 100755
--- a/templates/dashboard.php
+++ b/templates/dashboard.php
@@ -9,7 +9,7 @@
           <div class="col">
             <button class="btn btn-light btn-icon-split btn-sm service-status float-right">
               <span class="icon"><i class="fas fa-circle service-status-<?php echo $ifaceStatus ?>"></i></span>
-              <span class="text service-status"><?php echo $type_name . ($ifaceStatus!="warn") echo ' '. _($ifaceStatus) ?></span>
+              <span class="text service-status"><?php echo $type_name . ($ifaceStatus!="warn") .' '. _($ifaceStatus); ?></span>
             </button>
           </div>
         </div><!-- /.row -->

From 61c550165dd79a544a88b10f77839955faeca76c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 27 Mar 2021 19:34:35 +0000
Subject: [PATCH 149/300] Update with form-control class

---
 templates/networking.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/networking.php b/templates/networking.php
index 9b93f08d..78f751a0 100755
--- a/templates/networking.php
+++ b/templates/networking.php
@@ -137,7 +137,7 @@
                                    if(empty($devname)) $devname="";
                                    $isStatic = $isStatic || in_array($dev["type"],array("ppp","tun"));
                                    $txtdisabled=$isStatic ? "disabled":"";
-                                   echo '<td><select '.$txtdisabled.' class="selectpicker" id="int-new-type-'.$dev["name"].'">';
+                                   echo '<td><select '.$txtdisabled.' class="selectpicker form-control" id="int-new-type-'.$dev["name"].'">';
                                    foreach($_SESSION["net-device-types"] as $i => $type) {
                                      $txt=$_SESSION["net-device-types-info"][$i];
                                      $txtdisabled =   in_array($type,array("ppp","tun")) ? "disabled":"";

From fd3dcedb4a296b6d46b98fba6ac1401f4e24cc8d Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sun, 28 Mar 2021 11:15:46 +0200
Subject: [PATCH 150/300] Fix Client status text

---
 templates/dashboard.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/dashboard.php b/templates/dashboard.php
index 5c55135b..723f915f 100755
--- a/templates/dashboard.php
+++ b/templates/dashboard.php
@@ -9,7 +9,7 @@
           <div class="col">
             <button class="btn btn-light btn-icon-split btn-sm service-status float-right">
               <span class="icon"><i class="fas fa-circle service-status-<?php echo $ifaceStatus ?>"></i></span>
-              <span class="text service-status"><?php echo $type_name . ($ifaceStatus!="warn") .' '. _($ifaceStatus); ?></span>
+              <span class="text service-status"><?php echo $type_name; if ($ifaceStatus!="warn") echo ' '. _($ifaceStatus); ?></span>
             </button>
           </div>
         </div><!-- /.row -->

From 1715237529ed8594e1fa2dab52f7a50bfb6fc212 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sun, 28 Mar 2021 11:59:57 +0200
Subject: [PATCH 151/300] Remove signal strength meter in case of unconfigured
 client

---
 templates/dashboard.php | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/templates/dashboard.php b/templates/dashboard.php
index 723f915f..59d08605 100755
--- a/templates/dashboard.php
+++ b/templates/dashboard.php
@@ -9,7 +9,7 @@
           <div class="col">
             <button class="btn btn-light btn-icon-split btn-sm service-status float-right">
               <span class="icon"><i class="fas fa-circle service-status-<?php echo $ifaceStatus ?>"></i></span>
-              <span class="text service-status"><?php echo $type_name; if ($ifaceStatus!="warn") echo ' '. _($ifaceStatus); ?></span>
+              <span class="text service-status"><?php echo $type_name; if ($isConfigured=($ifaceStatus!="warn")) echo ' '. _($ifaceStatus); ?></span>
             </button>
           </div>
         </div><!-- /.row -->
@@ -66,19 +66,21 @@
                       <div class="info-item"><?php echo _("Device"); ?></div><div><?php  $valEcho($clientinfo,"vendor")." ".$valEcho($clientinfo,"model"); ?></div>
                       <div class="info-item"><?php echo _("IP Address"); ?></div><div><?php echo  $valEcho($clientinfo,"ipaddress"); ?></div>
                     <?php else : // NO CLIENT ?>
-                      <div class="info-item"><?php echo _("No Client found or client is not yet configured"); ?></div>
+                      <div class=""><?php echo _("No Client device or not yet configured"); ?></div>
                     <?php endif; ?>
                   </div>
-                  <div class="col-md mt-2 d-flex justify-content-center">
-                    <?php 
-                      preg_match("/.*\((\s*\d*)\s*%\s*\)/",$clientinfo["signal"],$match);
-                      $strLinkQuality=array_key_exists(1,$match) ? $match[1] : 0;
-                    ?>
-                    <script>var linkQ = <?php echo json_encode($strLinkQuality); ?>;</script>
-                    <div class="chart-container">
-                      <canvas id="divChartLinkQ"></canvas>
-                    </div>
-                  </div>
+                  <?php if ($isConfigured) : ?>
+                     <div class="col-md mt-2 d-flex justify-content-center">
+                        <?php
+                          preg_match("/.*\((\s*\d*)\s*%\s*\)/",$clientinfo["signal"],$match);
+                          $strLinkQuality=array_key_exists(1,$match) ? $match[1] : 0;
+                        ?>
+                        <script>var linkQ = <?php echo json_encode($strLinkQuality); ?>;</script>
+                        <div class="chart-container">
+                           <canvas id="divChartLinkQ"></canvas>
+                        </div>
+                     </div>
+                  <?php endif; ?>
                 </div><!--row-->
               </div><!-- /.card-body -->
             </div><!-- /.card -->

From 6eb51a2d63d95e6f603fc2bf1f6511e7ee4f414f Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sun, 28 Mar 2021 14:44:05 +0200
Subject: [PATCH 152/300] Add flag for client configuration

---
 includes/dashboard.php  | 7 +++++--
 templates/dashboard.php | 4 ++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/includes/dashboard.php b/includes/dashboard.php
index 7bfbeef5..a53aa820 100755
--- a/includes/dashboard.php
+++ b/includes/dashboard.php
@@ -152,6 +152,7 @@ function DisplayDashboard(&$extraFooterScripts)
         exec('cat ' . RASPI_DNSMASQ_LEASES . '| grep -E $(iw dev ' . $apInterface . ' station dump | grep -oE ' . $MACPattern . ' | paste -sd "|")', $clients);
     }
     $ifaceStatus = $clientinfo["connected"]=="y" ? "up" : "down";
+    $isClientConfigured = true;
     switch($clientinfo["type"]) {
         case "eth":
         case "usb":
@@ -174,7 +175,8 @@ function DisplayDashboard(&$extraFooterScripts)
         default: 
             $client_title = "No information available";
             $type_name = "Not configured";
-			$ifaceStatus = "warn";
+            $ifaceStatus = "warn";
+            $isClientConfigured = false;
     }
 
     echo renderTemplate(
@@ -197,7 +199,8 @@ function DisplayDashboard(&$extraFooterScripts)
             "strTxPackets",
             "strTxBytes",
             "txPower",
-            "clientinfo"
+            "clientinfo",
+            "isClientConfigured"
         )
     );
     $extraFooterScripts[] = array('src'=>'app/js/dashboardchart.js', 'defer'=>false);
diff --git a/templates/dashboard.php b/templates/dashboard.php
index 59d08605..0b3b90c2 100755
--- a/templates/dashboard.php
+++ b/templates/dashboard.php
@@ -9,7 +9,7 @@
           <div class="col">
             <button class="btn btn-light btn-icon-split btn-sm service-status float-right">
               <span class="icon"><i class="fas fa-circle service-status-<?php echo $ifaceStatus ?>"></i></span>
-              <span class="text service-status"><?php echo $type_name; if ($isConfigured=($ifaceStatus!="warn")) echo ' '. _($ifaceStatus); ?></span>
+              <span class="text service-status"><?php echo $type_name; if ( $isClientConfigured ) echo ' '. _($ifaceStatus); ?></span>
             </button>
           </div>
         </div><!-- /.row -->
@@ -69,7 +69,7 @@
                       <div class=""><?php echo _("No Client device or not yet configured"); ?></div>
                     <?php endif; ?>
                   </div>
-                  <?php if ($isConfigured) : ?>
+                  <?php if ($isClientConfigured) : ?>
                      <div class="col-md mt-2 d-flex justify-content-center">
                         <?php
                           preg_match("/.*\((\s*\d*)\s*%\s*\)/",$clientinfo["signal"],$match);

From f7cef44b065d194ae54ace40771a167fe64ecc10 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sun, 28 Mar 2021 16:35:19 +0200
Subject: [PATCH 153/300] Add code for PPP and TUN devices

---
 includes/internetRoute.php | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/includes/internetRoute.php b/includes/internetRoute.php
index 67913197..bbb090f7 100755
--- a/includes/internetRoute.php
+++ b/includes/internetRoute.php
@@ -11,10 +11,23 @@ function getRouteInfo($checkAccess)
     $rInfo = array();
     // get all default routes
     exec('ip route list |  sed -rn "s/default via (([0-9]{1,3}\.){3}[0-9]{1,3}).*dev (\w*).*src (([0-9]{1,3}\.){3}[0-9]{1,3}).*/\3 \4 \1/p"', $routes);
-    exec('ip route list |  sed -rn "s/default dev (\w*) scope link/\1/p"', $devs);
+    $devpat = array("tun", "ppp");  // routing in case of VPN and PPP connection are different
+    foreach ($devpat as $pat) {
+       exec('ip route list |  grep -oP "'.$pat.'[0-9]" | sort -u', $devs);
+    }
     if (!empty($devs)) {
-        foreach ($devs as $dev)
-            exec('ip route list |  sed -rn "s/(([0-9]{1,3}\.){3}[0-9]{1,3}).*dev.*("' . $dev . '").*scope link src (([0-9]{1,3}\.){3}[0-9]{1,3}).*/\3 \4 \1/p"', $routes);
+        foreach ($devs as $dev) {
+            unset($gateway);
+            unset($ipadd);
+            exec('ip route list |  sed -rn "s/^.*via (([0-9]{1,3}\.){3}[0-9]{1,3}) dev "' . $dev . '".*$/\1/p" | head -n 1', $gateway);
+            if (empty($gateway)) {
+                exec('ip route list | sed -rn "s/(([0-9]{1,3}\.){3}[0-9]{1,3}).*dev.*"' . $dev . '".*scope link src.*/\1/p"', $gateway);
+            }
+            exec('ifconfig -a | grep -i ' . $dev . ' -A 1 | grep -oP "(?<=inet )([0-9]{1,3}\.){3}[0-9]{1,3}"', $ipadd);
+            if (!empty($gateway) && !empty($ipadd)) {
+                $routes[]="$dev $ipadd[0] $gateway[0]";
+            }
+        }
     }
     if (!empty($routes)) {
         foreach ($routes as $i => $route) {
@@ -33,7 +46,7 @@ function getRouteInfo($checkAccess)
                 $rInfo[$i]["access-ip"] = empty($okip) ? false : true;
                 unset($okdns);
                 exec('ping -W1 -c 1 -I ' . $prop[0] . ' ' . RASPI_ACCESS_CHECK_DNS . ' |  sed -rn "s/.*icmp_seq=1.*time=.*/OK/p"', $okdns);
-                $rInfo[$i]["access-dns"] = empty($okdns) ? false : true;
+                 $rInfo[$i]["access-dns"] = empty($okdns) ? false : true;
             }
         }
     } else {

From 300f2c24570d08229fc4d9d3cb4be4c646451e2d Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Mon, 29 Mar 2021 15:16:23 +0200
Subject: [PATCH 154/300] Cleanup and fix for udev rules written for clients
 Fix device type in client table

---
 ajax/networking/save_net_dev_config.php | 126 ++++++++++++------------
 includes/get_clients.php                |  33 +++++--
 includes/internetRoute.php              |   2 +-
 templates/networking.php                |   2 +-
 4 files changed, 89 insertions(+), 74 deletions(-)

diff --git a/ajax/networking/save_net_dev_config.php b/ajax/networking/save_net_dev_config.php
index c718ae9b..e90cd1ea 100644
--- a/ajax/networking/save_net_dev_config.php
+++ b/ajax/networking/save_net_dev_config.php
@@ -17,76 +17,78 @@ if (isset($_POST['interface'])) {
     $file = $int.".ini";
     $cfgfile="/etc/wvdial.conf";
     if ( $int == "mobiledata") {
-      $cfg['pin'] = $_POST["pin-mobile"];
-      $cfg['apn'] = $_POST["apn-mobile"];
-      $cfg['apn_user'] = $_POST["apn-user-mobile"];
-      $cfg['apn_pw'] = $_POST["apn-pw-mobile"];
-      if (file_exists($cfgfile)) {
-        if($cfg["pin"] !== "") exec('sudo /bin/sed -i  "s/CPIN=\".*\"/CPIN=\"'.$cfg["pin"].'\"/gi" '.$cfgfile);
-        if($cfg["apn"] !== "") exec('sudo /bin/sed -i "s/\"IP\"\,\".*\"/\"IP\"\,\"'.$cfg["apn"].'\"/gi" '.$cfgfile);
-        if($cfg["apn_user"] !== "") exec('sudo /bin/sed -i "s/^username = .*$/Username = '.$cfg["apn_user"].'/gi" '.$cfgfile);
-        if($cfg["apn_pw"] !== "") exec('sudo /bin/sed -i "s/^password = .*$/Password = '.$cfg["apn_pw"].'/gi" '.$cfgfile);
-      }
+        $cfg['pin'] = $_POST["pin-mobile"];
+        $cfg['apn'] = $_POST["apn-mobile"];
+        $cfg['apn_user'] = $_POST["apn-user-mobile"];
+        $cfg['apn_pw'] = $_POST["apn-pw-mobile"];
+        if (file_exists($cfgfile)) {
+            if($cfg["pin"] !== "") exec('sudo /bin/sed -i  "s/CPIN=\".*\"/CPIN=\"'.$cfg["pin"].'\"/gi" '.$cfgfile);
+            if($cfg["apn"] !== "") exec('sudo /bin/sed -i "s/\"IP\"\,\".*\"/\"IP\"\,\"'.$cfg["apn"].'\"/gi" '.$cfgfile);
+            if($cfg["apn_user"] !== "") exec('sudo /bin/sed -i "s/^username = .*$/Username = '.$cfg["apn_user"].'/gi" '.$cfgfile);
+            if($cfg["apn_pw"] !== "") exec('sudo /bin/sed -i "s/^password = .*$/Password = '.$cfg["apn_pw"].'/gi" '.$cfgfile);
+        }
     } else if ( preg_match("/netdevices/",$int)) {
         if(!isset($_POST['opts']) ) {
-          $jsonData = ['return'=>0,'output'=>['No valid data to add/delete udev rule ']];
-          echo json_encode($jsonData);
-          return;
+            $jsonData = ['return'=>0,'output'=>['No valid data to add/delete udev rule ']];
+            echo json_encode($jsonData);
+            return;
         } else {
-          $opts=explode(" ",$_POST['opts'] );
-          $dev=$opts[0];
-          $vid=$_POST["int-vid-".$dev];
-          $pid=$_POST["int-pid-".$dev];
-          $mac=$_POST["int-mac-".$dev];
-          $name=trim($_POST["int-name-".$dev]);
-          $type=$_POST["int-type-".$dev];
-          $newtype=$_POST["int-new-type-".$dev];
-          $udevfile=$_SESSION["udevrules"]["udev_rules_file"];
-          // $udevfile="/etc/udev/rules.d/80-net-devices.rules";
+            $opts=explode(" ",$_POST['opts'] );
+            $dev=$opts[0];
+            $vid=$_POST["int-vid-".$dev];
+            $pid=$_POST["int-pid-".$dev];
+            $mac=$_POST["int-mac-".$dev];
+            $name=trim($_POST["int-name-".$dev]);
+            $name=preg_replace("/[^a-z0-9]/", "", strtolower($name));
+            $type=$_POST["int-type-".$dev];
+            $newtype=$_POST["int-new-type-".$dev];
+            $udevfile=$_SESSION["udevrules"]["udev_rules_file"]; // default file /etc/udev/rules.d/80-net-devices.rules";
 
-          // find the rule prototype and prefix
-          $rule = "";
-          foreach($_SESSION["udevrules"]["network_devices"] as $devt) {
-             if($devt["type"]==$newtype) {
-                $rule = $devt["udev_rule"];
-                $prefix = $devt["name_prefix"];
-             }
-          }
-          if(!empty($mac)) $rule = preg_replace("/\\\$MAC\\\$/i",$mac,$rule);
-          if(!empty($vid)) $rule = preg_replace("/\\\$IDVENDOR\\\$/i",$vid,$rule);
-          if(!empty($pid)) $rule = preg_replace("/\\\$IDPRODUCT\\\$/i",$pid,$rule);
-          // check for existing rule
-          $pre="";
-          if(preg_match("/^(\w+)[0-9]$/",$dev,$match)=== 1) $pre=$match[1];
-          $ruleold = preg_replace("/\\\$DEVNAME\\\$/i",$pre.".",$rule);
-          exec("grep -oP '".$ruleold."' $udevfile",$ret);
-          $newRule = empty($ret) || !empty($name);
-          // delete current entry
-          if(!empty($ret)) exec("sudo sed -i '/^".$ruleold."$/d' ".$udevfile);
-          exec('sudo sed -i "/^.*'.$mac.'.*$/d" '.$udevfile);
-          if($newRule) {
+            // find the rule prototype and prefix
+            $rule = "";
+            foreach($_SESSION["udevrules"]["network_devices"] as $devt) {
+                if($devt["type"]==$newtype) {
+                    $rulenew = $devt["udev_rule"];
+                    $prefix = $devt["name_prefix"];
+                }
+            }
+
+            // check for an existing rule and delete lines with same MAC or same VID/PID
+            if (!empty($vid) && !empty($pid)) {
+                $rule = '^.*ATTRS{idVendor}==\"' . $vid . '\".*ATTRS{idProduct}==\"' . $pid . '\".*$';
+                exec('sudo sed -i "/'.$rule.'/Id" '.$udevfile);  // clear all entries with this VID/PID
+                $rule = '^.*ATTRS{idProduct}==\"' . $pid . '\".*ATTRS{idVendor}==\"' . $vid . '\".*$';
+                exec('sudo sed -i "/'.$rule.'/Id" '.$udevfile);  // clear all entries with this VID/PID
+            }
+            if (!empty($mac)) {
+                exec('sudo sed -i "/^.*'.$mac.'.*$/d" '.$udevfile);  // clear all entries with same MAC
+            }
             // create new entry
-            if(empty($name)) $name = $prefix."0";
-            if(!empty($name)) $rule = preg_replace("/\\\$DEVNAME\\\$/i",$name,$rule);
-            if (!empty($rule) ) exec('echo \''.$rule.'\' | sudo /usr/bin/tee -a '.$udevfile);
-          }
-          $ret=print_r($ret,true);
-          $jsonData = ['return'=>0,'output'=>['Settings changed for device '.$dev ] ];
-          echo json_encode($jsonData);
-          return;
+            if ( ($type != $newtype) || !empty($name) ) { // new device type or new name
+                if (empty($name)) $name = $prefix."*";
+                if (!empty($mac)) $rule = preg_replace("/\\\$MAC\\\$/i", $mac, $rulenew);
+                if (!empty($vid)) $rule = preg_replace("/\\\$IDVENDOR\\\$/i", $vid, $rule);
+                if (!empty($pid)) $rule = preg_replace("/\\\$IDPRODUCT\\\$/i", $pid, $rule);
+                if (!empty($name)) $rule = preg_replace("/\\\$DEVNAME\\\$/i",$name,$rule);
+                if (!empty($rule)) exec('echo \''.$rule.'\' | sudo /usr/bin/tee -a '.$udevfile);
+            }
+            $ret=print_r($ret,true);
+            $jsonData = ['return'=>0,'output'=>['Settings changed for device '.$dev. '<br>Changes will only be in effect after reconnecting the device'  ] ];
+            echo json_encode($jsonData);
+            return;
         }
     } else {
-      $ip = $_POST[$int.'-ipaddress'];
-      $netmask = mask2cidr($_POST[$int.'-netmask']);
-      $dns1 = $_POST[$int.'-dnssvr'];
-      $dns2 = $_POST[$int.'-dnssvralt'];
+        $ip = $_POST[$int.'-ipaddress'];
+        $netmask = mask2cidr($_POST[$int.'-netmask']);
+        $dns1 = $_POST[$int.'-dnssvr'];
+        $dns2 = $_POST[$int.'-dnssvralt'];
 
-      $cfg['interface'] = $int;
-      $cfg['routers'] = $_POST[$int.'-gateway'];
-      $cfg['ip_address'] = $ip."/".$netmask;
-      $cfg['domain_name_server'] = $dns1." ".$dns2;
-      $cfg['static'] = $_POST[$int.'-static'];
-      $cfg['failover'] = $_POST[$int.'-failover'];
+        $cfg['interface'] = $int;
+        $cfg['routers'] = $_POST[$int.'-gateway'];
+        $cfg['ip_address'] = $ip."/".$netmask;
+        $cfg['domain_name_server'] = $dns1." ".$dns2;
+        $cfg['static'] = $_POST[$int.'-static'];
+        $cfg['failover'] = $_POST[$int.'-failover'];
     }
     if (write_php_ini($cfg, RASPI_CONFIG.'/networking/'.$file)) {
         $jsonData = ['return'=>0,'output'=>['Successfully Updated Network Configuration']];
diff --git a/includes/get_clients.php b/includes/get_clients.php
index 0fd70e83..d322c423 100644
--- a/includes/get_clients.php
+++ b/includes/get_clients.php
@@ -20,16 +20,8 @@ function getClients($simple=true)
         }
         foreach ($rawdevs as $i => $dev) {
             $cl["device"][$i]["name"]=$dev;
-            if (preg_match("/^(\w+)[0-9]$/", $dev, $nam) === 1) {
-                $nam=$nam[1];
-            } else {
-                $nam="none";
-            }
-            if (($n = array_search($nam, $_SESSION["net-device-name-prefix"])) === false) {
-                $n = count($_SESSION["net-device-types"])-1;
-            }
-            $ty = $_SESSION["net-device-types"][$n];
-            $cl["device"][$i]["type"]=$ty;
+            $nam = (preg_match("/^(\w+)[0-9]$/",$dev,$nam) === 1) ? $nam=$nam[1] : "";
+            $cl["device"][$i]["type"]=$ty=getClientType($dev);
             unset($udevinfo);
             exec("udevadm info /sys/class/net/$dev 2> /dev/null", $udevinfo);
             if ($nam == "ppp" && isset($devtty)) {
@@ -181,6 +173,27 @@ function getClients($simple=true)
     return $cl;
 }
 
+function getClientType($dev) {
+    loadClientConfig();
+    // check if device type stored in DEVTYPE or raspapType (from UDEV rule) protperty of the device
+    exec("udevadm info /sys/class/net/$dev 2> /dev/null", $udevadm);
+    $type="none";
+    if (!empty($udevadm)) {
+         $type=preg_only_match("/raspapType=(\w*)/i",$udevadm);
+        if (empty($type)) {
+            $type=preg_only_match("/DEVTYPE=(\w*)/i",$udevadm);
+        }
+    }
+    if (empty($type) || array_search($type, $_SESSION["net-device-name-prefix"]) === false) {
+        // no device type yet -> get device type from device name 
+        if (preg_match("/^(\w+)[0-9]$/",$dev,$nam) === 1) $nam=$nam[1];
+        else $nam="none";
+        if (($n = array_search($nam, $_SESSION["net-device-name-prefix"])) === false) $n = count($_SESSION["net-device-types"])-1;
+        $type = $_SESSION["net-device-types"][$n];
+    }
+    return $type;
+}
+
 function loadClientConfig()
 {
     // load network device config file for UDEV rules into $_SESSION
diff --git a/includes/internetRoute.php b/includes/internetRoute.php
index bbb090f7..e83dca22 100755
--- a/includes/internetRoute.php
+++ b/includes/internetRoute.php
@@ -46,7 +46,7 @@ function getRouteInfo($checkAccess)
                 $rInfo[$i]["access-ip"] = empty($okip) ? false : true;
                 unset($okdns);
                 exec('ping -W1 -c 1 -I ' . $prop[0] . ' ' . RASPI_ACCESS_CHECK_DNS . ' |  sed -rn "s/.*icmp_seq=1.*time=.*/OK/p"', $okdns);
-                 $rInfo[$i]["access-dns"] = empty($okdns) ? false : true;
+                $rInfo[$i]["access-dns"] = empty($okdns) ? false : true;
             }
         }
     } else {
diff --git a/templates/networking.php b/templates/networking.php
index 78f751a0..12b997b9 100755
--- a/templates/networking.php
+++ b/templates/networking.php
@@ -141,7 +141,7 @@
                                    foreach($_SESSION["net-device-types"] as $i => $type) {
                                      $txt=$_SESSION["net-device-types-info"][$i];
                                      $txtdisabled =   in_array($type,array("ppp","tun")) ? "disabled":"";
-                                     if(preg_match("/^".$_SESSION["net-device-name-prefix"][$i]."[0-9]*$/",$dev["name"])===1) echo '<option '.$txtdisabled.' selected value="'.$type.'">'.$txt.'</option>';
+                                     if(preg_match("/^".$_SESSION["net-device-name-prefix"][$i].".*$/",$dev["type"])===1) echo '<option '.$txtdisabled.' selected value="'.$type.'">'.$txt.'</option>';
                                      else echo '<option '.$txtdisabled.' value="'.$type.'">'.$txt.'</option>';
                                    }
                                    echo "</select></td>";

From 689b3439f7ffb5bc815598161a6359bbe7d4d887 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Mon, 29 Mar 2021 15:53:43 +0200
Subject: [PATCH 155/300] Update prototypes of udev rules with extra
 "raspapType" property

---
 config/client_udev_prototypes.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/config/client_udev_prototypes.json b/config/client_udev_prototypes.json
index fe4f5249..2cca8257 100644
--- a/config/client_udev_prototypes.json
+++ b/config/client_udev_prototypes.json
@@ -9,7 +9,7 @@
      "clientid": 0,
      "comment": "standard ethernet port",
      "name_prefix": "eth",
-     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$MAC$\", NAME=\"$DEVNAME$\" "
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$MAC$\", NAME=\"$DEVNAME$\", ENV{raspapType}="eth" "
     },
     {
      "type": "usb", 
@@ -17,7 +17,7 @@
      "clientid": 1,
      "comment": "network interface - e.g. USB tethering of an Android phone ",
      "name_prefix": "usb",
-     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\" "
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\", ENV{raspapType}="eth"  "
     },
     {
      "type": "wlan", 
@@ -25,7 +25,7 @@
      "clientid": 2,
      "comment": "standard wireless interface",
      "name_prefix": "wlan",
-     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$MAC$\", NAME=\"$DEVNAME$\" "
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$MAC$\", NAME=\"$DEVNAME$\", ENV{raspapType}="wlan"  "
     },
     {
      "type": "ppp", 
@@ -42,7 +42,7 @@
      "comment": "Huawei mobile data device in router mode. Control via HTTP",
      "name_prefix": "hilink",
      "default_ip": "192.168.8.1",
-     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\",  TAG+=\"systemd\", ENV{SYSTEMD_WANTS}=\"start start_huawei_hilink.service\" "
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\", ENV{raspapType}="hilink",  TAG+=\"systemd\", ENV{SYSTEMD_WANTS}=\"start start_huawei_hilink.service\" "
     },
     {
      "type": "phone", 
@@ -50,7 +50,7 @@
      "clientid": 5,
      "comment": "ethernet access provided by tethering from phone via USB",
      "name_prefix": "phone",
-     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\" "
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\", ENV{raspapType}="phone"  "
     },
 	{
      "type": "tun", 

From afe0553935e959a85f039b5de8e1f9e517495309 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Mon, 29 Mar 2021 20:30:26 +0200
Subject: [PATCH 156/300] Fix EOL format

---
 installers/raspap.sudoers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 39ea7697..93389d4d 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -59,4 +59,4 @@ www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/*.conf
-www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/wg-*.key
\ No newline at end of file
+www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/wg-*.key

From d7428be2ec72b818daa6ec0050860bc3c49122e6 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Mon, 29 Mar 2021 21:53:26 +0200
Subject: [PATCH 157/300] Fix json format of client udev prototypes limit
 device name length to 20

---
 ajax/networking/save_net_dev_config.php |  3 ++-
 config/client_udev_prototypes.json      | 14 +++++++-------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/ajax/networking/save_net_dev_config.php b/ajax/networking/save_net_dev_config.php
index e90cd1ea..57c4c30f 100644
--- a/ajax/networking/save_net_dev_config.php
+++ b/ajax/networking/save_net_dev_config.php
@@ -39,7 +39,9 @@ if (isset($_POST['interface'])) {
             $pid=$_POST["int-pid-".$dev];
             $mac=$_POST["int-mac-".$dev];
             $name=trim($_POST["int-name-".$dev]);
+			// limit device name to letters and numbers. Total length max 20
             $name=preg_replace("/[^a-z0-9]/", "", strtolower($name));
+            $name=substr($name, 0, min(strlen($name),20));
             $type=$_POST["int-type-".$dev];
             $newtype=$_POST["int-new-type-".$dev];
             $udevfile=$_SESSION["udevrules"]["udev_rules_file"]; // default file /etc/udev/rules.d/80-net-devices.rules";
@@ -72,7 +74,6 @@ if (isset($_POST['interface'])) {
                 if (!empty($name)) $rule = preg_replace("/\\\$DEVNAME\\\$/i",$name,$rule);
                 if (!empty($rule)) exec('echo \''.$rule.'\' | sudo /usr/bin/tee -a '.$udevfile);
             }
-            $ret=print_r($ret,true);
             $jsonData = ['return'=>0,'output'=>['Settings changed for device '.$dev. '<br>Changes will only be in effect after reconnecting the device'  ] ];
             echo json_encode($jsonData);
             return;
diff --git a/config/client_udev_prototypes.json b/config/client_udev_prototypes.json
index 2cca8257..a147e776 100644
--- a/config/client_udev_prototypes.json
+++ b/config/client_udev_prototypes.json
@@ -9,7 +9,7 @@
      "clientid": 0,
      "comment": "standard ethernet port",
      "name_prefix": "eth",
-     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$MAC$\", NAME=\"$DEVNAME$\", ENV{raspapType}="eth" "
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$MAC$\", NAME=\"$DEVNAME$\", ENV{raspapType}=\"eth\" "
     },
     {
      "type": "usb", 
@@ -17,7 +17,7 @@
      "clientid": 1,
      "comment": "network interface - e.g. USB tethering of an Android phone ",
      "name_prefix": "usb",
-     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\", ENV{raspapType}="eth"  "
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\", ENV{raspapType}=\"eth\" "
     },
     {
      "type": "wlan", 
@@ -25,7 +25,7 @@
      "clientid": 2,
      "comment": "standard wireless interface",
      "name_prefix": "wlan",
-     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$MAC$\", NAME=\"$DEVNAME$\", ENV{raspapType}="wlan"  "
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$MAC$\", NAME=\"$DEVNAME$\", ENV{raspapType}=\"wlan\" "
     },
     {
      "type": "ppp", 
@@ -42,7 +42,7 @@
      "comment": "Huawei mobile data device in router mode. Control via HTTP",
      "name_prefix": "hilink",
      "default_ip": "192.168.8.1",
-     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\", ENV{raspapType}="hilink",  TAG+=\"systemd\", ENV{SYSTEMD_WANTS}=\"start start_huawei_hilink.service\" "
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\", ENV{raspapType}=\"hilink\", TAG+=\"systemd\", ENV{SYSTEMD_WANTS}=\"start start_huawei_hilink.service\" "
     },
     {
      "type": "phone", 
@@ -50,14 +50,14 @@
      "clientid": 5,
      "comment": "ethernet access provided by tethering from phone via USB",
      "name_prefix": "phone",
-     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\", ENV{raspapType}="phone"  "
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\", ENV{raspapType}=\"phone\" "
     },
-	{
+    {
      "type": "tun", 
      "type_info": "tunnel device", 
      "clientid": -1,
      "comment": "tunneling device used by OpenVPN",
-     "name_prefix": "tun",
+     "name_prefix": "tun"
     }
   ]
 }

From 20d2443468aea115a35d9bd5ccf13a8bf1212308 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Wed, 31 Mar 2021 12:48:31 +0200
Subject: [PATCH 158/300] Fix panel title for certificate option

---
 templates/openvpn/general.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/templates/openvpn/general.php b/templates/openvpn/general.php
index 7a33163d..21262db1 100644
--- a/templates/openvpn/general.php
+++ b/templates/openvpn/general.php
@@ -37,9 +37,8 @@
            <div class="panel panel-default panel-collapse collapse in" id="PanelCerts" >
               <div class="panel-body">
              <div class="panel-heading">
-               <h5 class="panel-title">Enter username and password</h5>
+               <h5 class="panel-title">Certificates in the configuration file</h5>
              </div>
-                    <h5 class="panel-title">Certificates in the configuration file</h5>
                     <p> RaspAP does not support the import of the required cerficates. Please paste them into the configuration file
                       <ul>
                         <li>Signing certification authority (CA) certificate (e.g. <code>ca.crt</code>): enclosed in <code>&lt;ca> ... &lt;/ca></code> tags </li>

From fc83727408d9948c244954edea1fe9d04f17eb45 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Wed, 31 Mar 2021 12:54:43 +0200
Subject: [PATCH 159/300] Use client.conf to get path and name of configuration

---
 ajax/openvpn/activate_ovpncfg.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ajax/openvpn/activate_ovpncfg.php b/ajax/openvpn/activate_ovpncfg.php
index b8f822c2..2a8542a9 100644
--- a/ajax/openvpn/activate_ovpncfg.php
+++ b/ajax/openvpn/activate_ovpncfg.php
@@ -5,11 +5,11 @@ require_once '../../includes/functions.php';
 
 if (isset($_POST['cfg_id'])) {
     $ovpncfg_id = $_POST['cfg_id'];
-    $ovpncfg_path = pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME).'/';
+    $ovpncfg_path = pathinfo(RASPI_OPENVPN_CLIENT_CONFIG, PATHINFO_DIRNAME).'/';
     $ovpncfg_files = $ovpncfg_path .$ovpncfg_id.'_*.conf';
 
     // move currently active profile
-    $meta = file_get_meta(RASPI_OPENVPN_CLIENT_LOGIN,'#\sfilename\s(.*)');
+    $meta = file_get_meta(RASPI_OPENVPN_CLIENT_CONFIG,'#\sfilename\s(.*)');
     $ovpncfg_client = $ovpncfg_path .$meta.'_client.conf';
     $ovpncfg_login = $ovpncfg_path .$meta.'_login.conf';
     exec("sudo mv ".RASPI_OPENVPN_CLIENT_CONFIG." $ovpncfg_client", $return);

From 12d52dfd3ca14d7b01727aea829fc5cc5db1558b Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Thu, 1 Apr 2021 06:58:36 +0200
Subject: [PATCH 160/300] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index df67af3e..9ff0fe56 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/TCJKWT4.png)
-[![Release 2.7.2](https://img.shields.io/badge/release-v2.7.2-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.7.2](https://img.shields.io/badge/release-v2.7.2-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.
 

From d3c830d69f6b4bfd3b3713f72667db1e500cbd66 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 6 Apr 2021 10:34:39 +0100
Subject: [PATCH 161/300] Wrap strings w/ php gettext, update en_US locale +
 compile

---
 locale/en_US/LC_MESSAGES/messages.mo | Bin 21775 -> 23191 bytes
 locale/en_US/LC_MESSAGES/messages.po |  30 ++++++++++++++++++++++
 templates/openvpn/general.php        |  36 ++++++++++++++-------------
 3 files changed, 49 insertions(+), 17 deletions(-)

diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index d9fec98abcf58d48890136d8e32d629fd951ac0e..1a789dd42f68697f65c8d0205e7e508441d06a02 100644
GIT binary patch
literal 23191
zcmeI3d3+sJ*~h1pwG;|npe&^Wl(vB;O<M{jErm2`X`oqXQp#Q@_fC?b_ujd^OVWTW
zvM9VFE~p^-0tzCc0wRJUBKQg_FDjyfFN?1tFYsdBZ~@%EzjMyqd($?r3xB<zPX?ZR
z=bV{2^PJ~A=Q+!r{%G=!AMiMi9_M)n!td|qc{g!><rL+5-t_%FZ!X*q=HLprC;Tj&
z2p@#I!f(NS;gfI;`~~cUOAqk8$?%<UcX&PIfA2Q_jE9fFY4A~~=YI@$fv>}Tpp;Vi
z`@+4U4^_@WI2A63(x)5h`Cd2!o(n0$yVmh;sPZ0%{O`TQA5`>q<YsXuR5?vh<+M2l
za3|8k?)rsr66vd;^t>Lbez&;%FTxJe--Ob8`azZl!<|VV4rR9ma5h}-(jioN1t`7G
zh0^zfkS6gy11G?H;Sl^PlpUI8T76c*Gf1BTrSDyiUx3o@0jT<Y7Z%`;q3qf1TYW-k
z-tW@q!g-$Oy#wwA?}n@3!%+5{c(8qc9aK9khHB3fq4ey4(&IFDeFIcIO78jvQ0;yN
zls#{Nm%=-s>~!QI_WDw|i1f*DKX@5D4Bh}`--qFJ_-%MNd<n{KlMl7^u7lEh8N_7X
zB~Z_O%%wjCebSFY+2dzW?f+*edrg~V>p2VVLAntxfXksb&hzrH%;_eSx(mJp*Td^(
z(>Cx`xB=GB@w`*vyWkS|qT|fD*6yc5+2JivdgP((ele6kTn(lF9Z>E5Z74mThN|zY
zkS6tZtF!mjLD_LNl-)bwj_@?7`_FdyWtYAX%1=HBcZHvXKD-OcFTMv=-ZN0`_B>QO
zzYgWk<1xOt7o^JG3@CkC9n+4NLfP+Tmwpnee!qvR-{d1a4;Szjz};Xs)cekYYL6n6
zzg-Mfk87apbvu;(9)t>Ak3-et1&C?9pF>>3+XtssxyL|VZ-FXj4OBTPI02TS>TwaA
z2tNU(=iN}(ABSq6XP}<j0`>mCK<T+>y=|u%j&)G}yBO;EPM3c=lwJFv?3{(trwn!9
zm2e`w1}aY745jy1pzi+$H1&nD%L|TgK%+;4_1hUx<s1Q3k0lUQy&kA?-UjvFE1>+~
zMmQdR4oZ)Eq5S8oQ1$#e)cc--yTdK+`s?sK(tn21b9lb>ql=-+y$QC#d!Xv=HQMrb
zfqRmi3}x4Yq4Zh^6-Sz&t{)HeTqjh$PjTsUTzV6nME+%tA8`2}htmIxQ2y`$+ylM@
zm%-mb>AMi;RC_Lky50_PaqkS5e;Je>*Ffoa3sk*shqBW{Q15>X>V3~b`SVYp${)Yb
zw!=ht5$XNl-tao8_k9}5KktJo=W8zi`;N~;+51;e_5Typ{d+C4<?Iht&O9i6nxNW!
zCDi-ZLg{~o%Rk3)2<rYzp~`<ZRGj~?;}@Xn`vWNZKL;nn7ohs*Yf%2Z$B{OF4%B;^
zp!92V>2BCYx)%oU)36=xx!ChgfM>#$@MgFQz5=`9f}?ExE_1vFP9gu3Q1AING<Jux
zNIwf@*KtQ%eWyUxZ+|!y9_I3!pzP8Nr@<4U`q^6`ruEK)`@-9y%6|mPK2Jiu|9NQQ
z7gT(iOmOdni=on&LG`m+9e)5-&JM@ecA5-jS0Bn>=E8kpz2i!ke-@M-d*QJ#1NGc(
zj(5QwNZ$t+kHa2tF6rMe2<6~`ORb&W3FQyhLDl;cQ181Fu7Tfx(tjGALhTzu)ps*I
z0A30e7jA^I*UeDR-v_176L25+G*tP&hH8gDK$SBQ<z@frQ0-O^_53n81NK0@r{H)M
zRC%|-1K~qZ?einYH=xRyy4;p?sN+(oxX}%D{WK`M4?yX;8LEC4x%{hP2kD!j^nTUx
zk5K-;<8jt*yTjR}r@QoVQ01+G(z^#r-#k=%y#vbc-V2A|N1*I5^?0j~56>Xo2&M0p
zj_-rg?^-DRKLrc$J}7(EH(Py<gXaA%-2>%s0o)5-1=WvkfU@6<Q12hV!nVUCsP>!%
zrRQ8IJr=p^$3WGi!(BfWs@+pi_8f+n!YiQcv}cRGJ`EBQyd&U#a05IH4nx`Z1~?tw
z3J-@5LD_8!RK3TyTD|vy2a!Gt>bbYN^kvW|eKV9j9)|Lxr=aZhOQ?GO1u7m+SZU`S
z)1fzxeh$l=o`iAkf)By<uylf*w><_okltmrowxNvx~})2;~P+RU)W~t&;+H&iBNVw
z6Ura5Q2Jj1rO&NUdfp9H-^bug_*1C+#-C{IcnI8$bRFCgE`qv$iOcVF>C>R>m4~~+
zOP~+0gwpRbQ0?-0sCK&_PJmB9#ewG>UxBkpzXqkxK_^)*cRU*|ApZiFz7wi`k3;Fb
z1s)7{Cx}SzdZ_mu4b>j)Q2qW)sCsOIve)HMesmpFJiQI79uL5|@aymp_$#P#r!ZLP
z`V6RYW<!;8ESvy4q3UruoCx0rrRP=d`fX6{^LeP}9)WuQ525sY8SV~Wa~$7c{dW>n
z`E^j&kA$-8@lbX?0ZN}vsQdb$-oFVdUR?mC_lKbF{}?p&g|f>7j^BfOl71QP0bheE
zXQxhEkI8Tz=?18B&VYJv3d#@8h2!D7p!9ezl>dALPJ$nWdf#WE>hTEF^(WwY@F^%g
zySuC(oe5R$`4AWN-UC(dr=iOK36#ED;9l^LP<l-~*~XEnP}lc|dae$t-i<EZ>e45{
zN#t*Ej9vbPQ2JdB<qy|F+2tX~km7v@O5cfVZF^3Gx;_Wi!No3r1C$<{p!B;4PKK95
z)#JlZ@4p4=efL25^OvB?e-5f0UW6CH-@v_LsoTEq?NI*teyDP;clozF-VbH(N8uFs
zB-H({K$Y`bD7|;?vHDDfdf!Z__s@gUf3eGNbvzkL|FfaWkD%gw+3|f)^}Pei{`bPk
z@Byg)`CX{^{F2Kbx6Zz2DwKYQx^z8kBfSg;@a?c2z6?)*N1bBlZ5O~*q`wBKlD9iS
zRrTB8xCu@neF;>3u7Sqxa2Dx%pzePLO5dMD)$g}(D*UU<pL(jb%K>m2`Lm$<Src3c
z*TH?^<xu6{2xXr;q27N#H1P{6zHEV=aMEcuy#cD9UF>)VR5{N=wbK?TyZ!;nUv@a%
zzHb-DnNayhL)mc|WUAt=f_m;!$1C9uq~8z6!4&d#glU2~uH^5J?Ww7!P9JpXd*JVo
zOOSCq{62U$@;stryb9!a8JWfT_h7R!I8?Wr&6$ngI(^cmg(J9M^<4m`Ad5NQ7apUF
z9A83wop5{{S%4hE^$^ZR)Mkg1J{Qh~I(C7w$u%Zr|C|Uk&VJwJoeYoSz8#R?a{ix)
z>=hxmAfHBb?8fz*;Lh*{xD<H=`4yrgXW?BAFGIeJ$RBm=gzSSfBF`f4KpsNoP}Vb0
z2Vu<nGjcp~Co+iq1^GR)C-=Pw<)>=2zXJKzbmUd!bBGSL>(0nd-17$95xxt~Ky<7@
z`jHPKpGCfl{0tdFwmz<^$ymwxew1}6GMDof<XYq>$On=8kk!ccjzwf%jQk1ts=Hy6
zW5)4YaDQYf<<}kukfxh>Ymx6D12q@F$oT^<eWYW_@!fD@O<Diz@=t<g<SFDfq@H^Y
zhc_Yza()J!1lPk}M8_|Y39hUyobS&0Ti|?`_XW<sj_7y}Ioq7sKmYE|FNJ$?|GqWX
zUgCU_E8`cOAAmevbA6^eZ{!~J=T9I3@)eg~NB)o8`B`up>Brz?m)8ds@AgCPLLNqR
z>}uit8@wMmjOTRx5y>M3<Y4lC1CyhPlTPGq$U5Yk$P366M8^sX@12gqOv)&_wAP0@
zmLs1+PDdsp8aIA`%tEe5CUf5$_*O)*{xn3#do4_yZ*%7-z$M6d<XGfhM87HM_yBSd
z@^j=AM91yOf0#4YoUqlMf6Q?YxIfQd4Ig)Tufro<nKK-9>8HpM$T0E>k{kzfa)C?q
z!1Is~AqTl<vz$*w{tMZgyhGsEkQliFNe<uLe=8XmBFm8Tkv+)&Jk;?AWFhH=CdIrB
zz6YsC_Cgwv*{+;lbDl=#k-iRYL^dNjK4am15<cqA4|UwtJ%1+YkGi}c!o!e#xHjMA
z{SW*Iax^lX{P(;32F}0j&YyrC$Q{TzNFDOuh>oN5XIby^wywb={cv-T&1b@<W%GNN
z`;86eKfgCf55&b%Ln_XC%ZjB!oa<lS5tnqAOZn?pcKJan6&8zrK8|vwq95e*VNmdc
zqCclIALiyX_-lh=zPZa!$6?XW#U(#gE)>FCDKqRB%lUj<ASce{!c-~B_4}n*WqRD-
z9;E!{bh<#<UUP3;F1dodX6_seN@3;1*NaZ+>hM#Uh=Qy6Hm&0OqW*FrC`EDZIKO8g
zD*8iFCgW3fDd7F3fzXdBV=$kqch3~V!eEpN8<N7LTToL{oZGgDWvMtFE+1LYviT;{
zA6Z`Lx2|sK@-tyj45?k(Uy+GZ8+ixkLB13g{I;&7@_u(%l4*2bTH>R0DN5B8VRFlP
z8YK*}errd!d0kjgzO`RE8|D0bP%I9`g|uJJr?H<38w_%(niHN&-j&J3Ltz>{cy9)c
zay(&*?#41II-geyR_-sA!fZZiLTlEZ&b40icJkLph46%OP(Xq0Tpfr@#e7UFZs(e_
z?KaoqyuZDdkv;mmxH#IYxKw#l8Ry7hZsR;&^N3_k^<93SyU}kCO9OG*TM-nal>J-1
zc|{oDl0Mx9QwAAtMO4B!L(e!tCMuR{ZY@OVewu;)kj1&Y6(iF=o*d?a-b|Qo@K?nJ
ze>MFz7i2>}$f@n-QBvp+$K`@wpa+G8Ido9x3;j5EOV>JoO&p}nNe>O^wa6hdUQ1Xg
zMW!<NXKezlO?Mg5r~JMs6M8KJL9Rcfdxcq>$f=-#I4+`&-zyI{mCG06!6=OjRjw(@
zP)YR>Wt(2?x3wl`YvTUoG*#8hpPMiDX6OeS!{IuAZrIS@;M*Q(yKqCQP;$Mmt_drp
zGANRk{`RifnbJ}fx7=@NXz-PqZ<0xmEd~8WEM%3D;>mf%=j}DclF|S*%o9qYR5?TR
z8^F1Tf<oxGH@9GL(+T}lkn@AgP%vEdd$9-|45vaPMW3SDj6Uz~)qBy_Yl$;42C0o-
z{wibZ+ALbgCBvdAEgNj!kSk|5&<$~9MLj?6!`n&caTHp}PltU$Ia4xz!tGJEoRu>z
zY-~Kb!EfvH)tQHVJgRY?DY9}u-98Fs7#p+Ezco~(G)gFnlhYIHaxs=u#N}M6FzmO;
zdy|AhqMt3}=oq3m6XZ7PO{JmOPhq)$G71!Dhly%ma2Z6MU@(X>^7^eJe@%R*&bT@)
zkdBJ^OfZaAy&)kD#d&X>t?@^VNmMV&5eQ9Kb`j2;Tc4~dL2&gHV3T`LWY}xfU!P9g
zN0;$~tm;f=aiBL=lxq!WhjKCK4{J{8&$*}+7ZmhcU1OYpKj0rqqYVS4(Nyh5yT;a7
z^di+|7>~wGW?0JMIgH_$5FVBIklz=(7|zW>ZrC3hh)Q8GAEZKmu0hdQJ?Jgg88?t0
z>RrA9NCQe_LV}XTR)$V;ZBH9%b~nJ{?J_J4T+XHAoC=IEPw1}>Gnp)1f$qY4OjEZ;
zMbnzLW71*_RB>tp&9xy&ZFC)y=gnQ%(>7@}wwn>LT=ZIV#cWXAG*X{rv}3kmCMtd9
zjGD~diqA{ULOGW+Em6&`WX0x=M5{>Spc#SXVZ99CX`lWTZq_6y8VuzI6cUjjyARJO
zGXzunI2%NIq7nx)0k%$t;?{U5mr*2MX~MZ3-22okG+Qx4MISAfTwX=^=*2d2i*7p|
z=rkQYxuNo!Vv^&$sd6F7&&2)xs=9k|J|qOYa~F_Z3jZLI+jwI9kteO5u9MJlqrs>&
z+>ktPbaw$L>eD#n4+XhoA}8IMe;S2+^{GO*smzS5i03kaOc#kf1OrWrjDN-`Q1Az%
zLa7{N{QjWOOOMiowZUJJ7}fUq{y?|VFntAjdX_jBF}a<`Ocez~x~iI@gm6od!I7pj
zZwSgn2F<Oo?r_pH^O#nK0k_UGb<alU@|1>G4agd|P5TFa+5`a{BBHe`CZqBGo&lo%
zTuh)+7q$JVXlCJb*A&AFSLC3@e3)WD=4EaGHZGWQQ%GOq(?9ptVn`Kab!=WBqN_C&
z0c=|qD}9JJn!qU!&y?linPF%2;mRoDruado7!&9yETR>w6H?7}ZMn=p%=E;)<)2WQ
zkbt3T#z@{m2eT???6_0uCfhBS3et%+7+~w9b+-v3qdm$5qA;9it>B_OK{ds6+st?a
zzeM~9GgzuL6o$EE$s;dGB|~%CSJ&FUZ=l-0TE6LHDtR=;)k|$)brXPOg7bfNS2U_V
z=qAIXJ*c2%jH8IxGn`kHN~_ma7ct5)3&dn}B7@K`XJKXG=Bvs2#9O&JOqGpgony&e
zm}4mJ7D`;svx4wT5%bJd^g3J=b<H(DZ3Fm-e5Ui;X4}AvI<+gKn#bJrAv#@k^k<4q
zeDGG8NR>+sd#jnqnm>MbcU!CaW^aKgo+7k+tCO+RoHciGdE{WD8(elW*eFZ(FpubD
z)B$6)TPCe0elea|RJ_y8L24SnOc9dxpqVFB5;@|n!XB;X=H_OCF~2xmoS$NpD$dV^
zC9iFi+uTSx>h&OPBK)Y=omY-}J<6MC8x0wlh>l{cHb;FTS-Xv<F|)2wpB>C8u#S3p
z2*>L;OV>8}uNjgnXMW8KDZyR$JJg=lWVeRvB7;n^CNszoOVR{XrU5nCILx*=<-EOv
zMp1MzJ14PwO3TT%9DgGskDWeNR~3w_%*7NnGn!s*eWMy;>sw9=!+djwpzp0=aaYz9
zHaSUp1#6c<X3kq@7riyw-SB(VOV>o%h<PQ^F)nOOHjHea#SqD`$8D?xPG)px65(lG
zsvvS+<M~Xpa_ONc%`!_1gc8>nqWv!Rj@)T=DM*H!l_b*%n^PU>l-7dPXGNSZmprY}
zlD^Phv+30CmPM?jdI?pmpxp56wTIc5HO)F!Xw}m+=cNLx{q{Il8lX!$Zrvw4tQ9on
z>IjD_n=&I3YIZa1(=Ag2UPqMLXre+#>}xUM!D`oL;ZL(Fucju|%<gipJf%G-ZmeV)
z$1!_iv|I<%3+G3qIx`GZZlh>KqPl@+mFmnfM+#Z6n;FEguepR9)@uhnGkNej?G9bS
zts|kktn4Hbc6FcRb)iRopnw~BU7D8ak6+W&U5ux6C00Ug0)%<|21o6R{I#q|HU0LC
zhjbOpcA@qO)QFlfB<q&i-Gps75O}~1d82M1a7)epfl|pJX}1r$3UMh;#Tm~HWa~AY
zur{vlM;b4t*Vf)3wX0cfmy{`4Rb7UKVMZHfWTuZ$CzkJ{?aVZIYs21{Ew!~_D#S#7
z`-<e0oyTDoh1Fyi6Yj92j6Rkv1CaTW{hM@nUChQ<dTq#7uex=O7q1PAto*oShvV9<
z%_J|`byJ%D!XAWKmw9VZ(Qj$4t){0@)%>Y$7q}_b0y7*eT3EYf&`l(&YT2y~7c)IN
zc`Y8vmV?=-F}q>T0SH0P^X>E(|FbhWubUZ2L18F4sVUc8@=KcPbhAvR4v7a-Tus}W
zFf+FyW@EW7xij$D@UWrOJ<Igb?3s0IN>1B!n|-j6cCcAY$&#y;U8wGXc*xVABv?|Z
z^A?;hS3hsz`PwGX^qxD)B{P<EGmR#AuA%E@JSFs8)wMJWU>!8T&IB7kb6cA0YA&*K
zP}@y{e`t>_sOcf8V5<(oXvhY9t((}KBw*N-Hh1k=bwAgplZl;8C9Y*tLm0ZzKBqcX
zBc}2+?zDAP&uBr-fH0K3W=1cUvZHl(iHT%YFA`QQPHMHPnQfXUsycDSsZ<TgUU$u|
zgq_1OovqYr<i(iZR%$P1vq1q5wX-1$zjhAdvTW~{2|D7TgWdhU9Ky`8we?`HP@k<M
zv&%}NvXaaZHxGL~a@lI9=+QQXTj{ciS=?$XmR?Z_jCP$_F<E7>Ff-5w3f_K66j87K
zl$4{zm0j2HzFfU#FD#txuPt-|g?VSjfA9_IfmGfUla%7RPO>uo7fQ2B`=q>oNvm93
zUkKSs9eh)z4D~niGv1qM1VZU(#!fRQHXAE{&robMG3&|&gAp4v8lHQ!Rn`~sb6_$K
z)#fBak;&8iv5Q}%3SN(0YFFalI=f+paWxSo#xugYK38?mb-9f>xp|b#%Dr{wH!uh0
zT0@*}^8;FuOtZ{ns%O@zUUFhapL{Y;s^pqYZMW}fw$Q!xUCm}bW#=*53}Z`7K}RjB
z9mdv&y=boALj2wcFUP-efudKFub)l5_0g)xO=W7&D?b*Q$;N8CPOO;1P1nt}#D->@
z(ypSlU+aDy9C?e&^?Ugt*6r=0l!@MRT{<+&_Rya*ln*vA!m^>442R*II#jG#N+)j_
zxhp$LP#8@=_cP+i{yloh8U0M%Vt*snn@qZ0KTITRRQ)XKCH*{ElO?fl>wGrn6^}hL
zs#YC~y-Ve2GuH$m+imQGV?-Y`lLOq=Oi0q^N0bIHd0A38i#_I$=g`6G+tT%?Xu=!k
zn*0R~3mX<pU;>68)VCM=qjdd>a(}VDCvNgr=%?+|qii;0RZq9=C4Fv^Jied3&y0T3
zUp}F$vp$(A*R!k$oA~)>;ez_cMfHtK{KjLN8XJ#j<e0D~D3<C?FU$n2o&Sk9B#XlO
z9)6f^@+ryAeDr(VhIQQ&+S}S!)>f)<LJNy0;%>dRk(&HcxVbc+9lI#E)N~LW_Skhj
ztLm3j?{gufo-L?YbKxd`NpDn|F!p7`*q04sUp8#-Ly6da=(5$P3|l2D!$l>3?8^rI
zZq8noK64oRvcc>%xrxcxmkncIHjI7QF!p6b@*_MOTw`B0jD6YAyWDPnu)-btvcdei
zy8Ulp*hIik+Maad>DZSIW>aMB%Z9Np8^*qD81YF)vUaQ4<R5W;?8}C+FB`_bY_Pw;
zj(yo+|NX|upKQ(Ucf;714P#$6@F9Wy#G$&^SIHUsvSIAY20nxs`?7(5bvfGi2sV<w
nsUOwdPlID$HoS?iHpaee82hrp{+s2oFB{Cie*b^;Wy9Y9e%ge^

literal 21775
zcmeI3eViOcna3LffrNxWcnj|h1hRqbW<z)hNeCpn30cT)mh2|s@HF<!^zJs9=^mzM
zcC#SHi}(Vby!lG-H7Y2+g5oLoisAu>9OoMxDsqbFTU1m~PE_vutE!%vO|p9G=l<K#
zXTM$5-BnLL_0&^UUEztD`@G5H*SeSI9RshP;(0f6y>q5=J+J*p&uf7TU<@yX2f_#7
zH24_YAN~*?0e=D4z{y8>-dflPRn&Xn0q~RXXm~H21fPJ1!S6%8{~X*89>hb3!&y+}
z&xZ%YMNs8j2oHrDp!C@c_5Ky`Sa=iU|K7(OAA&0H$58Ej0aBHB3<>dUsB+dpl@q{y
z;i${s3TKeM4obgwK(*^um;Y(lL;3+IeP^MBcmkXZPldAA0;u<wK~(ToLFtu)nBE(O
zQ{gM2+IbyRz1!i7;O$U)O+L<Y8kF8MVFjK5Wv4en)psjYeIIw}d*D3M_rrtWvv3uh
ze7v<wH&nfsLD_d0s-Ip5rPuXP^>26g-vy=jUGDzpq5AVdD7~MASHq{F>`?RV{g=Uo
zq;G<_jQ16IGJF!sZj(>IhHwTv6}CXxsSnETmqF=$6{HE?m!aPKflKd%KIsEawDy<>
z)vwE-?6m=^ogthKFNX`@R_N{Jd3V4Xmv^3oz?Rvbw-J6DE`|$Hb`y-@CGcUm2+ldh
z@}*FAzZuF7?}qA^JD}|TB`CeW0j0-pp!9nIs+~v7@jOiCwLv}C11G~0l)bBPANX>p
z=U?gax4ZOvq3m=IlwBT%K717J2cLr~PlH?iwI5Xf9t-6+EskeGRPt6p=@U6#<M;t6
zyFK92&qMk3(Q~cdXG6Ne+W@8a7O48RLG{C1q5SMNsCIk?%1&R0vfB^gA@EtaKb(Ry
zP=z-Ws;id3Dexsw_lKa$xg4sT*TSiAJ5)Q~2i3lZp!EDtI2Aq%)i2&@_Pv9l>OToe
z&xP;+xWcgq%5N`)dcW%Ow?f(Vbx?M`2}+;sP|w`~RsUz8;?4t5dOrpA{Li6jFO*%T
zFj&RopwR=$Usu3suotQwFNXZz8|9D6xfQD3k3jjseNf~0F(^I01LZ$If@<eZsCxbY
z4}b@^+WW^s>31UZ;b~Cit$}LiCaCfTp!B;O%8svq(&I+BFTB~^e<##?AAxG;T`v8A
zOFsgo&r^=ixcq(EtUj}#`u|us9j<~)VLz0fH$wIMc6a|n5ZCeUcKJ`i14;iDO22*Q
z+xAR{YKIS1|7lS6Spwz1=R=jBgVW$<sCu?Q>2WQTAHEgNfID3NosM6Cvg^Z8?S35U
z`CmYl^Bhz;Q`@Z`v!LoZ398<9D80{d`Kuk*L+PD^D!&Aog1k}3H$%1a<4|_L2de+>
zg&K$7g!1E`x%_<>*m`C`={Luv7r-vk=fePA3%lV?cmZ5|y63Hg+u$mAKkS1u7TWgZ
z9c%Cq@?Qhho?GAycsnGtdUwNv;rF2Q{S{REo`dqwNoUynSx|O49%>x5K&tdQpyKE-
zRJqqd+2tMZ5O_P(c=;Su{CFI$g@1JE?lbK;Dm%U%s+<R*`sZ;dd;S>8Kc0rF?^(y`
zXW9Idq3m}mJQtn;^<KsC3b;4vZSc&!JnvPoh4ejV+jZ7cQ1<C#Qjs6zpxT>2)wcz%
zfj2<u|6Mo}ww`0#dp=Y<*FcT?A$S-pLcPBYN}uiUaJU1i{7*yK|6VA&eFGi}pM=uq
zS*Z8-VG?91;vEB3&tk_7P~}yi{O}rh6ui~(i%{i!2dbQ(LB)qjOKkoWD0|O>(ys-o
zUF|Nv1NM;agVJ}0;|HPq<r7f$x(Dk0`{B{>5h%TOLiNief`<HRI#fGnLDf4Oz6hQH
zrPmFPZ-&zQZLk7A2xX_^=v>v;4prZ|F1-@YBfSnD1h+zsiyPoE@KLCGpMkQkx6Jm_
zVNiM<3041WsQafv>3yEN-v!m5{ZM*e2Cs%!K-u91cYpGEcAa$$Jd*rgc(R^{vfmAG
z7Q7jr3h#un(|4il{tT4f`<?IBAyDs?TzVM#q~8Q(k55AN>-|vndJ?Lgzl0h;&%*_9
z%5whT_e)@n%cU#qI_pljk#yK$*IA#1n@B$gFM*eI+V#~Pjz5L6`$;RU9ZrMNV+oYq
zyWw&0B~W@?1*P9LQ0;s-JRW`u>bb|D?Dsn;d;baU1NX-WdVV@o{%n_SgR;{~D7#z&
zeHcLLwGB>&*FyEzjZpo28<gMN>G*kg3h9TS^!bhBAs5*6LMXfSx%8``{Q7-RdVdj~
z0H1`?Z|~K%zG+bXa3Yi+Er4prDkwX>7|MSVsQ9=Q?hoGpTj1N^iSRzCa(@i>hrfm@
z=Xt1dW_H<j&4y~ne5m$qfYLMX?r(+amusQky9KKL4@2qsS*U(`$nh~KzkLeIZhvz5
zQ!cc2Jq+$g{xMMc%!X6p5~%uD!J}Xwl-@Da^CQr-7s@VgaC|>BdO-Q>Lr~>B4%Lny
z!Fh1fMYf!FsCpMc`N3MKc$<S$;Q*BXTn^RFVW|3E4G(~~K;6F$O1}?5AKnF3-nZan
z_!Fq|o`%xzc_=$hU1Rk)8tzN_B&hpyq25~r)z0%=y3eIAh0-T>e7VcN4oaULum#=*
zWrs%~A<ugPO3$OaZU4=Nx_=g&3p-tY45h~_pzM7;RD0e6)sEYt>c0!BzWbp3_d%%g
zcfx7#Stvi*yT{gZD4at2M5y=Yx%{P$7s3O`zXYn?1*qq@K$Wu%PKR%V(qjiyJs*au
z_ilI~{F2N6n&bDNp5F;o{_mjT_@uR#K2$r;g|hofsP?Xb8uy!^{J7@wuZIVc-T|fG
z9WH$j>>~Xj4B(-?cAYg0FChJ8NJ#RgU2Nm>I@m}0W~lc4-0=md_8+{?)^jqPLHZ0h
z8+JlHA3^DRB~<&iLHXzFUH%RzyL<p@9Nh^|hhK$?qpDox&VsT_3sk*lK#iBxQ1PPx
zX_EIEmwpt^BmH~FIsLYreyIK_K-seb<sVl-)wk90EiV6~Q1<%-WGeMO2ld_`9QRpo
z*ICoxUgV#KoQ(`4S0X&-U4yJbnCiR`IYbZglfL_K{brLQ_Cd8pzwaYk%$3#eH||<<
z)$Q&&!!eX0o9VX$d6l_h@9Fp+sIhyXt5?~w`9fXrTaN5BSN6}{pn#l!Y(~_7C-Cks
z;Z4Y|kz<kPk;jpLM;=6Em!BfpPkyjB@+9(p<UbJk^l6m!O?WUo3o-<~`;bGCS0m>j
z`c3BkHmLD)xia|8vGBeGH@fRzK>6BYB#&slq2KS3lPTjwB>UyK_%8B#m+^I&BCkcR
zK>itd1(N-K!o`=7{VC&*@a4#7kar=+lJ_~d8qrVwcyv=;FCwk6_ANv|`QxeF-w(N-
z>x1C6y20-b<lE-T{<#Xg200U9D0n9!|B4)f{1$l@Aw-xl1-uRV!|xHq#1HreWD0fM
z1NA$cYdPtuU=;ZQqBYOw5ygs|ks)Lz&s+xIf*jBFKf!k+Hz4}`57I(@_PdjduOPF@
zy9my3H-6<P{F}SJ7~bfv2jOwN^HO*ie3Q$68Qkiw_a%QW*GIXua6hsV`4Dmd_kCm%
zqTe#)P_BPwQtVe?6*-c;?V`(Xfqz1-My7FZs(b$l(*KR<_b~EC<N~CGd==?H<|F#O
z*TQ=mz8JX>ImMN8tGg#$imYi$&vMTk;kbZ%2{M=Tz3>yr6eRl{<({jMaSQSf*$p_)
z-K)90*TIvKMaa*Q6^MS*k+QjBjR6lwd?Y~h`<R7y9sC~h0y2ZL&w%R@{l0@lNT(9~
z+K{&*dpjK-Ql|SI55Iv-LT0+WQydS1Z$oq@@Bui2+=aXnITz9I84L6GDR=!v_+jK9
zkxwK4f}D>mMV24~h<-)nQRFz}?Z_XH?Dsw{K7zc&WqcHV5a~sxqt7Q@euk6CdyK@#
zUB(0Oo$mSz@U!kZhVMXrh#ZF8hGf70;-Vedi?Y53=fFPr9HQS57T%}CrMYEYy~Aht
z;g+COE{2Pj&d)9L+uO|l{9I5NO44duJ}G%i(`qG&2bc9ERXycW{>GKPevr?HY3i4g
zD6Xb{P%ei-#Sc<{&f0Pq&uR151!;MCuU|;Q)Q^*@pRZLaVO%Ya`f06PPAcRiaUABW
zQ9S5Z6P4-le0Pxdmlp~Z%J!D$l3LXj<SpmP;h-AUFML(Bp|{7+7b6O8<lD50ABYBP
zm7p3W@p*p#P?Y*3QL*S#b~T{>>QLw>lrdb6TirWpSQ(D;VOv(1bPJkFO5)v%Sej1?
z;j*y>EuC*N{jueRe&_0rUcVRyX-Mk|{)%Ff-%K4`2jyy5@w<An#`}F?Ri@E%1&NQ+
z)hORogvqUy>69=i`JFv|rn<1Ad~3f#DT@7akftL^rQp}f1?;E7hJ!fYbisRBUBzND
z5*E;ddW&cj^M)z956h_Na#=lCf4*7`OXaK!ty%lmuJe}fA%A032`{Jx6%^RR-JztK
zmJ@n$5BHpHce|IA{XJDi_V{&ibG)j!Rj;XrbHte2IFGk{OtR7Z6+s&1J@dCIGYoJ&
zpJ9Q?f}*z~s^Wv8XF9tWrPZcKD^Xz(bL00VoXA@-HtplFVI1U&VWG`ml~nxIjLSGE
zg?<pLkLFQQ=#M6~ieF)*gq1lAMAzqoIB`esdVft46wF0G9p!bX<BML$P!JD>42iH5
znnY|elO&~RKPRs=ik2(Ma8#h%JBHjnMFtd>Un|>;Jin_myIPYBW|t};yRQ3-eL>@}
zIz&xnhGCSi6^R@}IL1g&3H|Qn9W=r?u%8cNKPZj_qp6=mGn|tSp?ZznRCZvzxMyi?
z5%s-}q?n*s^Vm=8$uKpqmVzyt;#z4F{z{K4Jow1~Zb7<?r7??N2nT{%v1$y><58(r
zQg58z-hOtQ-!<UN>qmXMq<x+#vi>~dBMMWrvB3>xJ41yOqlCg8IsJ)lr%6%j*5Ybq
z)bCLDX9>j)zf{9hXmzd_#G6%9btLigm?@x)3dPxY+HfY9!SD=*gQzIC*(F3a1v1)<
zuVC&%l$MLZC|c!0#y*NuZ&GS<0tIiH7sW&j6Te(2FxS=*8cGm_JVm1H859}yI`!9Q
z6buXyz=D$6OlCTiOB4<|1Nxzs27_VKB?BUks!2uBvD0<N1#~{npfuVrqZm!qZ}e+o
zjfLx~Eu#z^%w*zsjGHjoVM2IT<}m(1;({Fy2l1#sG89$Av>fC^zr`RmRu6LNT;m3E
zI@RTC1h%0>F=SL*>|*FF_s`5kxV8*S2iM|4605)n^MwBDuvjeN_lyndF<spmrKUIS
zOhb<m(Ubfpx@%LA-|XfZ-ZxKSPur!9AZVtJTIzMiX(>oAAL|C$w7|4%X7qttQC;R9
z#pk7Fr54AgCmPxHti(K#X%%V0FjJL0EXPb&@EKp>7OfVd;ZSZsArT3(2k?v<a}}*m
zN<pMI>cOWNVC!to>P$xBqC(k96A$eyIG|CXY2C!y0eUXGy^2_o!!~k@K09x&H3L0+
zpk7Uy<v4Gu-^lWd$>5-x?kX;a#65TIqM%FRAB0aEPmDkErq$C85(aKG992i#viFVd
zE&xRX3grGs5N9hM>CQsUDCBEQRl>__EL~DOmz7o_CGrpqw0<!DnV>+$AC4;3T2S-{
zgG!DOrIlTqzalfL9rJ^M9;IUjDvb0JaV}yNIFBVA3Wf|-bww57k(Akmt}`_RH6nu+
zAy{`b>zaA2zruh==b5&bqAPey^OI&YO?;;R1HWK`01gq++jW!Cd4I_O(O{eqs5C_F
zcuLK3mEoFa4&ja*G%bhuh~ZPf7wq(4d)=<Jd`(7wU9D+I6J&L4ULm5ZHxvPEU#9gj
zM2#kJ%EOB_d3bTu8GW=qi@3FLP)rj79fd{oVq@i|MWHR13Ea%@u9m+-WkLdmYMKzK
zg#l(&F4}pgK1}vlE)8T5YcjyrS?}%^M8<nHjPsSzGK*>#<q4{J)}>}?82DA<M_9yC
z)sZlav%P`5gr$;MrDI18tv&k&s{O6yn=z)6$5ULR)CN|!0La$ve|ET{QR79oY8>xH
z1ubJ7MZEsevZ7Q$qqecySB}|9WwVpFa!Z)68S6RckxQ_SP;9MKxm{*C?N=ifaH|+u
zm=BfAJ-=Xs^q73sw!3HB;7XOv+k~dq-2D*-R%3=|9ZC%FR+(rN=SRKOtPsr~zpt;W
zQ{yjJAyVfF-`?tMzBE_Md$~P!LeT>*JDX6Hr9og`(Z#rv!fLl?SWS##&a$X`pj&4&
z8QClYvdxiM3)B-aF;$_B9&(Fbvxu0Vj;8bT%tYz@IIMbI<2>eO%W>}q1rx=`z3)74
z-1|}4MAT@+z(j2nW9v2U8`(x?JdIgdjr;C!toeJ~+aoyMpxMWDX^CZ~-TIZ^R3Rm}
z`+kr5vyn7Ya>_)KHf07y;zfa=$yDEzjl=AoQ!Cpi=oCc|^BEy=Z)wlf74tVDy4WRR
zW1GO-$$CqXv8W~Ft`Djsc75ccFf1=G64<>p?3!v?re+t}s9-ZP%<6d8?9^MMt-jx{
zQMx87MXVi(fJtR@_VvV$Sqza)Z9K+m|6*ov77Cs=ZweGwwqM0kDlUvf1@=wa1XQ`l
zH0<~CA;n#mYq=r?Z4ULGTX|$l2Ak8E&6FM>YWQp$%eAVfO;<J+x|_bhbi1t&yQLh9
z3wB9v3ii6gQo_DvJzK8EWr6Ezg)MP+5?6;9l8(EM$sTJ3EvtIMk@^>kF$s0Mnc5ka
z`5~_-%5OGNp(pXRVenvMXtO(}Tb0+;l164<EhkUu4${r_Oyf9i>fyz@AJLC%i%drD
ztI3!|<7<{xYHiFqC}byWRtckKy)fPa!CPxTS7qEa61v;U&LUxN-$h<8dX$GMxRKYZ
zrKkS*O<mo~oXO&b-3~n;mhl@LwKwwDvFp?l+cO^0TS=-(J}G)`GTEq*&K|V!fy{Uk
zBd7TRy{fD*m+)m~U6>Ck-0xnIUGf2Ilr2*u*~@Y?tSV!GMg0(DHDUi|Lq#`B2|BI|
z`C_O6(bWIz!jydxx9mjL{Dmyb%Rb&Hji<3gH@g;Z9V+@A%l&-FCk3{dEId8UN9Ips
zGwl{23rrwgczW}Ox{op3(6Ue89?at5;&p@=Hst1;h56Xxwsj0%7kljDke;*a9IubL
zyP^S{T{M;JZuwO$1p3%S(uS<>v&E2|h|B<OX-oJ%IX8PU@cA5IgOGcd#g+Mt)29V1
zebZ+?&5X5!&0@il-K~F+=^IK$JpIYS42`;S!BraRSDt>AHql!A@<gp_qHrIJOv26@
zoWAH0#`%oe+)Fkm^K_fiCpvr8_$p`9*^0!bvYxf65!%^q-`i!W#C-+Ku3p`>R~S%J
zH+tF}6Lww7PBVQ~RzMBCNLaPFXx6G}nPlE*=)@hTQX`gleN9_tyZB-qR&UkVn+adY
zn{Sp%K?Mh~)3}A-JbAh-JNRURo@C?%_q?zEFpER&i|rlSvuj9kSy?zylEuxIQLkSf
z)9}fD?V;T^jL&JQTMt_|=Nup&$d<NvhjtWolhv2+#$($kc+VwKM6296D@QATyXdCA
zxK-0GyE^;L+|}XC_<yXSFqAKwVzN@4=Vsfszo9g{@65{ko3x6P)=J2CzTv;Cl##*q
zzpoRBWaAmTz+%qq`u~!l_zJ>uAr6Kkz8+{^>DPChfsjL;Y#M0J$z}qRr-e^1=L!|C
z-|hqJ;b*=5nuBq*f+EB+Ex9q*aL@Je=2&hXWy?u#y*bHnV39Dw<!;9yDVb(}#2STj
z43=Qog`E!E=Qr~u*W1{;+)Vj)s@-kASY+mlvlceb7aPMII_f*PpNsHkJekf;y{3E}
zb9o!1RgqgZHDA|1`kT3UwcX0p8|_w<=3Ztk^R>)w^z_-#o#u>v#O3-q4$j;sMwBvf
zy2YhKv$G8SIV0s@6Jwn3O4+;<&Y6pfO}o9Uma!iP#~J?P>F17p#*XCiOD^hIvBRF}
zsV0-|*7xyj8>M3`FB{R>wjqmhyXNzaSdrH=(^tcV_=Kh$eN!|c%?^+~ggi3~<Dh2d
zFPLxnZC+McRyg|+mROfDlv=wAtsAr^OX9`;g0|D!7EEQOgCDeZr-M<UbwzD3ZS7AM
z`zv%5d1+KCg={<-pgGc4WXbaf`2<(g5$v+5y=z;u#at^Z-*7Rf5T`F_ZC}{hzQ}Js
zXK{P`Y3=-`t_jj=s~K;_fbHF1QA4(GY3=7Aaj{QHc8Rf=`G3>;zNy_^-7A|L)jqX@
z^*s@`RbMj}`_*tubv_@CqIiiJAUN!~>-$%=E^0jIf<-G|LK1Ch7W<2GQFZFXN%X`?
z^u$T@o({GX`wtU#IeOkDS)VTK8T7<SH2Xa}bNGDV$Sx;NqTRXk#7XqTNp#aEANOyf
z+_G@uBzoc`+MIt(oJ5az6hCni&52{v7oI(P%EU?Zo=>`s<t9#|n?A8N4zArv^TbIs
z2a*#f(fT*1=J<W$BznwY^~6bZ$)7lhw*Q#F{@+zhoJ4adogG2AGwOn$oj**RL{FSV
z_x9LxWOwANGwb>ZhP&eq4P2^m>Z@lbPNK~jwLftZ-Td!m#y#tvIEl{wo4Y-jXyPP#
S;v~B2Pn<-@-v8rC^#1~zV$K}^

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index 74627378..e715a5be 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -725,6 +725,36 @@ msgstr "Cancel"
 msgid "Enable this option to log <code>openvpn</code> activity."
 msgstr "Enable this option to log <code>openvpn</code> activity."
 
+msgid "Authentification Method"
+msgstr "Authentification Method"
+
+msgid "Username and password"
+msgstr "Username and password"
+
+msgid "Certificates"
+msgstr "Certificates"
+
+msgid "Enter username and password"
+msgstr "Enter username and password"
+
+msgid "Certificates in the configuration file"
+msgstr "Certificates in the configuration file"
+
+msgid "RaspAP supports certificates by including them in the configuration file."
+msgstr "RaspAP supports certificates by including them in the configuration file."
+
+msgid "Signing certification authority (CA) certificate (e.g. <code>ca.crt</code>): enclosed in <code>&lt;ca> ... &lt;/ca></code> tags."
+msgstr "Signing certification authority (CA) certificate (e.g. <code>ca.crt</code>): enclosed in <code>&lt;ca> ... &lt;/ca></code> tags."
+
+msgid "Client certificate (public key) (e.g. <code>client.crt</code>): enclosed in <code>&lt;cert> ... &lt;/cert></code> tags."
+msgstr "Client certificate (public key) (e.g. <code>client.crt</code>): enclosed in <code>&lt;cert> ... &lt;/cert></code> tags."
+
+msgid "Private key of the client certificate (e.g. <code>client.key</code>): enclosed in <code>&lt;key> ... &lt;/key></code> tags."
+msgstr "Private key of the client certificate (e.g. <code>client.key</code>): enclosed in <code>&lt;key> ... &lt;/key></code> tags."
+
+msgid "Configuration File"
+msgstr "Configuration File"
+
 #: includes/torproxy.php
 msgid "TOR is not running"
 msgstr "TOR is not running"
diff --git a/templates/openvpn/general.php b/templates/openvpn/general.php
index 21262db1..841f4085 100644
--- a/templates/openvpn/general.php
+++ b/templates/openvpn/general.php
@@ -11,17 +11,17 @@
       <h5><?php echo _("Authentification Method"); ?></h5>
       <div class="col-sm-12 mt-2 mb-2 form-check">
           <input class="form-check-input" id="ovpn-userpw" name="sel1" value="userpw" data-toggle="" data-parent="#clientsettings" data-target="#UserPW" type="radio" checked>
-          <label class="form-check-label">User name and password</label>
+          <label class="form-check-label"><?php echo _("Username and password"); ?></label>
       </div>
       <div class="col-sm-12 mt-2 mb-2 form-check">
           <input class="form-check-input" id="ovpn-certs" name="sel1" value="certs" data-toggle="" data-parent="#clientsettings" data-target="#Certs" type="radio">
-          <label class="form-check-label">Certificates</label>
+          <label class="form-check-label"><?php echo _("Certificates"); ?></label>
       </div>
       <div class="col-sm-12 ml-2">
          <div class="panel-group" id="clientsettings">
            <div class="panel panel-default panel-collapse" id="PanelUserPW" >
              <div class="panel-heading">
-               <h5 class="panel-title">Enter username and password</h5>
+               <h5 class="panel-title"><?php echo _("Enter username and password"); ?></h5>
              </div>
              <div class="panel-body">
                 <div class="form-group col-lg-12">
@@ -33,26 +33,28 @@
                   <input type="password" class="form-control" name="authPassword" value="<?php echo htmlspecialchars($authPassword, ENT_QUOTES); ?>" />
                 </div>
              </div>
-           </div> <!-- panel -->
-           <div class="panel panel-default panel-collapse collapse in" id="PanelCerts" >
-              <div class="panel-body">
-             <div class="panel-heading">
-               <h5 class="panel-title">Certificates in the configuration file</h5>
-             </div>
-                    <p> RaspAP does not support the import of the required cerficates. Please paste them into the configuration file
-                      <ul>
-                        <li>Signing certification authority (CA) certificate (e.g. <code>ca.crt</code>): enclosed in <code>&lt;ca> ... &lt;/ca></code> tags </li>
-                        <li>Client certificate (public key) (e.g. <code>client.crt</code>): enclosed in <code>&lt;cert> ... &lt;/cert></code> tags </li>
-                        <li>Private key of the client certificate (e.g. <code>client.key</code>): enclosed in <code>&lt;key> ... &lt;/key></code> tags </li>
-                      </ul>
-                    </p>
+           </div><!-- panel -->
+           <div class="panel panel-default panel-collapse collapse in" id="PanelCerts">
+             <div class="panel-body">
+               <div class="panel-heading">
+                 <h5 class="panel-title"><?php echo _("Certificates in the configuration file"); ?></h5>
+               </div>
+               <p><?php echo _("RaspAP supports certificates by including them in the configuration file."); ?>
+                 <ul>
+                   <small>
+                     <li><?php echo _("Signing certification authority (CA) certificate (e.g. <code>ca.crt</code>): enclosed in <code>&lt;ca> ... &lt;/ca></code> tags."); ?></li>
+                     <li><?php echo _("Client certificate (public key) (e.g. <code>client.crt</code>): enclosed in <code>&lt;cert> ... &lt;/cert></code> tags."); ?></li>
+                     <li><?php echo _("Private key of the client certificate (e.g. <code>client.key</code>): enclosed in <code>&lt;key> ... &lt;/key></code> tags."); ?></li>
+                   </small>
+                 </ul>
+                </p>
               </div>
            </div> <!-- panel -->
          </div> <!-- panel-group -->
       </div> <!-- col -->
       <div class="col-sm-12 ">
          <div class="form-group">
-            <h5 class="panel-title">Configuration File</h4>
+            <h5 class="panel-title"><?php echo _("Configuration File"); ?></h4>
             <div class="custom-file">
              <input type="file" class="custom-file-input" name="customFile" id="customFile">
              <label class="custom-file-label" for="customFile"><?php echo _("Select OpenVPN configuration file (.ovpn)"); ?></label>

From d221c76e32e7ea14f494ba7e00880cda33929908 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 6 Apr 2021 12:48:27 +0100
Subject: [PATCH 162/300] Spacing + remove extraneous div

---
 templates/openvpn.php         | 3 +--
 templates/openvpn/general.php | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/templates/openvpn.php b/templates/openvpn.php
index 4f76d6ec..4e0adaba 100755
--- a/templates/openvpn.php
+++ b/templates/openvpn.php
@@ -45,8 +45,7 @@
             </div><!-- /.tab-content -->
 
             <?php echo $buttons ?>
-            </form>
-          </div>
+          </form>
         </div><!-- /.card-body -->
       <div class="card-footer"><?php echo _("Information provided by openvpn"); ?></div>
     </div><!-- /.card -->
diff --git a/templates/openvpn/general.php b/templates/openvpn/general.php
index 841f4085..4cacd41a 100644
--- a/templates/openvpn/general.php
+++ b/templates/openvpn/general.php
@@ -63,7 +63,7 @@
       </div> <!-- col -->
     </div><!-- col-8 -->
     <div class="col-sm-auto">
-        <a href="https://go.nordvpn.net/aff_c?offer_id=15&aff_id=36402&url_id=902"><img src="app/img/no-trace-200x200.png" class="float-left mb-3 mt-3"></a>
+      <a href="https://go.nordvpn.net/aff_c?offer_id=15&aff_id=36402&url_id=902"><img src="app/img/no-trace-200x200.png" class="float-left mb-3 mt-3"></a>
     </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | general tab -->

From aa6df37801df13e96ad73693362f7472948a9332 Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Tue, 6 Apr 2021 14:24:36 +0200
Subject: [PATCH 163/300] Update README.md

---
 README.md | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 9ff0fe56..ba9ff12d 100644
--- a/README.md
+++ b/README.md
@@ -27,11 +27,12 @@ As part of the initial rollout of Insiders, all previous one-time backers of Ras
 ## Exclusive features
 The following features are currently available exclusively to sponsors. A tangible side benefit of sponsorship is that Insiders are able to help steer future development of RaspAP. This is done through your Insiders access to discussions, feature requests, issues and pull requests in the private GitHub repository.
 
-✅ Manage OpenVPN client configs  
+✅ [Manage OpenVPN client configs](https://docs.raspap.com/openvpn/#multiple-client-configs)  
+✅ [OpenVPN certificate authentication](https://docs.raspap.com/openvpn/#certificate-authentication)      
 ✅ OpenVPN service logging  
 ✅ Night mode toggle  
 ✅ Restrict network to static clients  
-✅ WireGuard support  
+✅ [WireGuard support](https://docs.raspap.com/wireguard/)  
 ⚙️ Traffic shaping (in progress)  
 
 Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/RaspAP/raspap-insiders/discussions) and let us know!
@@ -40,12 +41,7 @@ Look for the list above to grow as we add more exlcusive features. Have an idea
 Following is a list of funding targets. When a funding target is reached, the features that are tied to it are merged back into RaspAP and released to the public for general availability.
 
 ### $500 
-✅ Manage OpenVPN client configs  
-✅ OpenVPN service logging  
-✅ Night mode toggle  
-✅ Restrict network to static clients  
-✅ WireGuard support  
-⚙️ Traffic shaping (in progress) 
+The first **Insiders Edition** includes the exclusive features listed above.
 
 ## Frequently asked questions
 

From d3c769b7484536318f7b78b4791b95978c4187fd Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 9 Apr 2021 15:05:40 +0100
Subject: [PATCH 164/300] Layout fix: dashboard client widget + openvpn ipv4

---
 app/css/custom.php            |  5 +++++
 app/css/hackernews.css        |  5 +++++
 app/css/lightsout.css         |  5 +++++
 templates/dashboard.php       | 34 ++++++++++++++++++++++++----------
 templates/openvpn/general.php |  6 ++++--
 5 files changed, 43 insertions(+), 12 deletions(-)

diff --git a/app/css/custom.php b/app/css/custom.php
index 6726a0a8..273a9629 100644
--- a/app/css/custom.php
+++ b/app/css/custom.php
@@ -124,6 +124,11 @@ i.fa.fa-bars:hover{
   color: #858796;
 }
 
+.info-value {
+  font-size: 0.7rem;
+  margin-left: 0.7rem;
+}
+
 .info-item-xs {
   font-size: 0.7rem;
   margin-left: 0.3rem;
diff --git a/app/css/hackernews.css b/app/css/hackernews.css
index 2d76492c..6aef443b 100644
--- a/app/css/hackernews.css
+++ b/app/css/hackernews.css
@@ -155,6 +155,11 @@ ul.nav-tabs, .nav-tabs .nav-link {
   color: #858796;
 }
 
+.info-value {
+  font-size: 0.7rem;
+  margin-left: 0.7rem;
+}
+
 .info-item-xs {
   font-size: 0.7rem;
   margin-left: 0.3rem;
diff --git a/app/css/lightsout.css b/app/css/lightsout.css
index cc020f22..3e8e6e76 100644
--- a/app/css/lightsout.css
+++ b/app/css/lightsout.css
@@ -254,6 +254,11 @@ hr {
   color: #858796;
 }
 
+.info-value {
+  font-size: 0.7rem;
+  margin-left: 0.7rem;
+}
+
 .info-item-xs {
   font-size: 0.7rem;
   line-height: 1.5em;
diff --git a/templates/dashboard.php b/templates/dashboard.php
index 47443ee8..597dc6b5 100755
--- a/templates/dashboard.php
+++ b/templates/dashboard.php
@@ -34,17 +34,31 @@
             <div class="card h-100">
               <div class="card-body wireless">
                 <h4 class="card-title"><?php echo _("Wireless Client"); ?></h4>
-                <div class="row justify-content-md-center">
-                  <div class="col-md">
-                    <div class="info-item"><?php echo _("Connected To"); ?></div><p><?php echo htmlspecialchars($connectedSSID, ENT_QUOTES); ?></p>
-                    <div class="info-item"><?php echo _("Interface"); ?></div><p><?php echo htmlspecialchars($clientInterface); ?></p>
-                    <div class="info-item"><?php echo _("AP Mac Address"); ?></div><p><?php echo htmlspecialchars($connectedBSSID, ENT_QUOTES); ?></p>
-                    <div class="info-item"><?php echo _("Bitrate"); ?></div><p><?php echo htmlspecialchars($bitrate, ENT_QUOTES); ?></p>
-                    <div class="info-item"><?php echo _("Signal Level"); ?></div><p><?php echo htmlspecialchars($signalLevel, ENT_QUOTES); ?></p>
-                    <div class="info-item"><?php echo _("Transmit Power"); ?></div><p><?php echo htmlspecialchars($txPower, ENT_QUOTES); ?></p>
-                    <div class="info-item"><?php echo _("Frequency"); ?></div><p><?php echo htmlspecialchars($frequency, ENT_QUOTES); ?></p>
+                <div class="row ml-1">
+                  <div class="col-sm">
+                    <div class="row mb-1">
+                      <div class="info-item col-xs-3"><?php echo _("Connected To"); ?></div><div class="info-value col-xs-3"><?php echo htmlspecialchars($connectedSSID, ENT_QUOTES); ?></div>
+                    </div>
+                    <div class="row mb-1">
+                      <div class="info-item col-xs-3"><?php echo _("Interface"); ?></div><div class="info-value col-xs-3"><?php echo htmlspecialchars($clientInterface); ?></div>
+                    </div>
+                    <div class="row mb-1">
+                      <div class="info-item col-xs-3"><?php echo _("AP Mac Address"); ?></div><div class="info-value col-xs-3"><?php echo htmlspecialchars($connectedBSSID, ENT_QUOTES); ?></div>
+                    </div>
+                    <div class="row mb-1">
+                      <div class="info-item col-xs-3"><?php echo _("Bitrate"); ?></div><div class="info-value col-xs-3"><?php echo htmlspecialchars($bitrate, ENT_QUOTES); ?></div>
+                    </div>
+                    <div class="row mb-1">
+                      <div class="info-item col-xs-3"><?php echo _("Signal Level"); ?></div><div class="info-value col-xs-3"><?php echo htmlspecialchars($signalLevel, ENT_QUOTES); ?></div>
+                    </div>
+                    <div class="row mb-1">
+                      <div class="info-item col-xs-3"><?php echo _("Transmit Power"); ?></div><div class="info-value col-xs-3"><?php echo htmlspecialchars($txPower, ENT_QUOTES); ?></div>
+                    </div>
+                    <div class="row mb-1">
+                      <div class="info-item col-xs-3"><?php echo _("Frequency"); ?></div><div class="info-value col-xs-3"><?php echo htmlspecialchars($frequency, ENT_QUOTES); ?></div>
+                    </div>
                   </div>
-                  <div class="col-md mt-2 d-flex justify-content-center">
+                  <div class="col-md d-flex">
                     <script>var linkQ = <?php echo json_encode($strLinkQuality); ?>;</script>
                     <div class="chart-container">
                       <canvas id="divChartLinkQ"></canvas>
diff --git a/templates/openvpn/general.php b/templates/openvpn/general.php
index 4cacd41a..39573ce6 100644
--- a/templates/openvpn/general.php
+++ b/templates/openvpn/general.php
@@ -4,8 +4,10 @@
     <div class="col-lg-8">
       <div class="row mb-2">
          <div class="col-lg-12 mt-2 mb-2">
-            <div class="info-item"><?php echo _("IPv4 Address"); ?></div>
-            <div class="info-item"><?php echo htmlspecialchars($public_ip, ENT_QUOTES); ?><a class="text-gray-500" href="https://ipapi.co/<?php echo($public_ip); ?>" target="_blank" rel="noopener noreferrer"><i class="fas fa-external-link-alt ml-2"></i></a></div>
+           <div class="row ml-1">
+            <div class="info-item col-xs-3"><?php echo _("IPv4 Address"); ?></div>
+            <div class="info-value col-xs-3"><?php echo htmlspecialchars($public_ip, ENT_QUOTES); ?><a class="text-gray-500" href="https://ipapi.co/<?php echo($public_ip); ?>" target="_blank" rel="noopener noreferrer"><i class="fas fa-external-link-alt ml-2"></i></a></div>
+           </div>
          </div>
       </div>
       <h5><?php echo _("Authentification Method"); ?></h5>

From ba948d99ddb3c6bc95a35d35eab167cf3ec54928 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 14 Apr 2021 19:58:34 +0100
Subject: [PATCH 165/300] Update install_wireguard from apt on RPi OS

---
 installers/common.sh | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index 26f3e92f..fe36303a 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -350,18 +350,10 @@ function _prompt_install_wireguard() {
 # Install Wireguard from the Debian unstable distro
 function _install_wireguard() {
     _install_log "Configure WireGuard support"
-    if [ "$OS" == "Raspbian" ]; then
-        echo "Installing raspberrypi-kernel-headers"
-        sudo apt-get install $apt_option raspberrypi-kernel-headers || _install_status 1 "Unable to install raspberrypi-kernel-headers"
+    if [ "$OS" == "Debian" ]; then
+        echo 'deb http://ftp.debian.org/debian buster-backports main' | sudo tee /etc/apt/sources.list.d/buster-backports.list || _install_status 1 "Unable to add Debian backports repo"
     fi
-    echo "Installing WireGuard from Debian unstable distro"
-    echo "Adding Debian distro"
-    echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"
-    sudo apt-get install dirmngr || _install_status 1 "Unable to install dirmngr"
-    echo "Adding Debian distro keys"
-    sudo wget -q -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add - || _install_status 1 "Unable to add keys"
-    printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
-    echo "Installing WireGuard"
+    echo "Installing wireguard from apt"
     sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
     echo "Enabling wg-quick@wg0"
     sudo systemctl enable wg-quick@wg0 || _install_status 1 "Failed to enable wg-quick service"

From 263e326281d0eab36985dda4274c0536cc4bde9d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 15 Apr 2021 09:00:14 +0100
Subject: [PATCH 166/300] Descriptive function name + insiders flag check

---
 installers/common.sh | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index 72566447..e3733427 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -56,14 +56,16 @@ function _install_raspap() {
     _configure_networking
     _prompt_install_adblock
     _prompt_install_openvpn
-    _install_features
+    _install_mobile_clients
     _prompt_install_wireguard
     _patch_system_files
     _install_complete
 }
 
 # search for optional installation files names install_feature_*.sh
-function _install_features() {
+function _install_mobile_clients() {
+    if [ "$insiders" == 1 ]; then
+        echo -n "Installing support for mobile data clients"
         for feature in $(ls $webroot_dir/installers/install_feature_*.sh) ; do
            source $feature
            f=$(basename $feature)
@@ -75,6 +77,7 @@ function _install_features() {
                 _install_status 1 "Install file $f is missing install function $func"
            fi
        done
+    fi
 }
 
 # Prompts user to set installation options

From 6741560f1a1b6780a991b059a8c503a6014a447c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 15 Apr 2021 09:01:29 +0100
Subject: [PATCH 167/300] Merge with upstream master

---
 installers/raspbian.sh | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/installers/raspbian.sh b/installers/raspbian.sh
index d8496672..5c865625 100755
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@@ -38,6 +38,7 @@ set -eo pipefail
 function _main() {
     # set defaults
     repo="RaspAP/raspap-webgui" # override with -r, --repo option
+    repo_common="$repo"
     _parse_params "$@"
     _setup_colors
     _log_output
@@ -72,6 +73,7 @@ function _parse_params() {
             ;;
             -r|--repo|--repository)
             repo="$2"
+            repo_common="$repo"
             shift
             ;;
             -b|--branch)
@@ -91,10 +93,6 @@ function _parse_params() {
             acctoken="$2"
             shift
             ;;
-            -t|--token)
-            acctoken="$2"
-			shift
-            ;;
             -v|--version)
             _version
             ;;
@@ -188,6 +186,7 @@ function _get_release() {
     readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
     if [ "$insiders" == 1 ]; then
         repo="RaspAP/raspap-insiders"
+        repo_common="RaspAP/raspap-webgui"
         readonly RASPAP_INSIDERS_LATEST=$(curl -s "https://api.raspap.com/repos/RaspAP/raspap-insiders/releases/latest/" | grep -Po '"tag_name": "\K.*?(?=")' )
         readonly RASPAP_RELEASE="${RASPAP_INSIDERS_LATEST} Insiders"
     else
@@ -227,7 +226,6 @@ function _update_system_packages() {
 
 # Fetch required installer functions
 function _load_installer() {
-
     # fetch latest release tag
     _get_release
 
@@ -242,7 +240,7 @@ function _load_installer() {
         header=(--header "Authorization: token $acctoken")
     fi
 
-    UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/"
+    UPDATE_URL="https://raw.githubusercontent.com/$repo_common/$branch/"
     header=()
     if [[ ! -z "$acctoken" ]]; then
         header=(--header "Authorization: token $acctoken")

From 38c37296af5f3ddc2ffb500fac1f5cfa037d5b9e Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 15 Apr 2021 09:03:32 +0100
Subject: [PATCH 168/300] Add new messages to en_US, compile .mo

---
 locale/en_US/LC_MESSAGES/messages.mo | Bin 23191 -> 25603 bytes
 locale/en_US/LC_MESSAGES/messages.po |  99 +++++++++++++++++++++++++++
 2 files changed, 99 insertions(+)

diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index 1a789dd42f68697f65c8d0205e7e508441d06a02..707d029c0c940db483d962056e1097cd7b93ad22 100644
GIT binary patch
literal 25603
zcmeI4eVklXdB<-IuYvFy2$29MfshUCZZ-)*2qCc9&C5bIS+W}wKn-_i?(W`ZX6`U|
zW;bg9v7*>2Qbmd{Sfa&O)Kaw8LJ<-14Wz!7YOR7=K@q`PQBiBZzjMx=ncZYtt$+3N
z*$dBp&pG$rbDs0^Jm+ODeEXOKZVtFEoe>1{;rC|+!50aC@HnLg!DA%0z{g<;&N?Xw
zj)3FPz}LdV;rroS_%V10e8k5eg`0>!1Gm7{CkMeX@b&O8cpE$s-T`OA&q5Xb5LAAT
z!-L_k;PG(ADK7sL;L*evK;^Rn&Vd&|={ErNehyM}um`G~w|f2^RDNHEs`r!dh44V*
zXrS^r4=SIFJO|-{#9t0||5|t?yb(&z+o0<AUa0iD;b!;+sCJpRz;Piwi1?XM?YA7B
z4lnTWA*lRPD82VU>3a)26n+@eRl&#M7<>S#9nM?m%H06<{C3E{L5V+?!#6_d|Fq}N
zp!EF}RDBLVH3%y3M5y+C1C)Myq3ZJ?D826W=?}tI;$MMB!Qa94@Tk*VyKaZls|wXW
z*TR|bW+?sN3Z>8O{{9D`>UW>N|9PnK@HMFNe*~|C&qKA}D;Bx?uYoIw-wKufC8%;A
zh4bL|ApZux<&XN|R2usP*b2{p>!8}J4Amaj!}aiOkf9em4)tEJ*u@WphG+{^JM}<~
zlgpvnF@-AsPvLC%2Dl8~3WFKg2dokNr<NeN3$9y2U%_9(Rj?1GcEZ=e9q=i*5_X^I
zcr`qj_{X5y<r7ePJOb4Zk3o%_pF-7dHk~B>S3=dN6CMVyfYQ4FRsZWCrVzXx>bZO1
zEci`$5d3$j{`oOH06qux-miW7F>NkBAF3T!K$W{58n^{Y?=n<=yP^8`6;S2e3=fBU
zJwF6#`rvLTy&m_R(eC04pxU+5$5W_!-vp)q-#|<wcmzuCXQ9e_9v%UYTI$B-DNyw|
z3#uJ2hDXAe`t%|^miTp0^?3`V>w<SeOegpPRQ^x<`@ew7FX(Xj&4sGp5~%u|1y#?>
zq4XW`_pgIT5x)^ikG=3nco&qupMtWVFGKa;*F7JH8s|?#m2)tSqWi}{we!h7z6h#c
zmO<HLH&lOI3Z-udRo-r>d|nHs=S@)laW7Q;?}4hvr=i||3aWj629@u@%N^%K+1WBE
z{V#&E;iXXd4nx(y3R~e{K;?HYls*r_W8k--^m+!W{=b9LZze`BeU5+{k8`1(n-8T&
zD^xpl`un|b5Am%~?>zzyd=#pjU&0=E*jcXKwn3Hi5-9zL;ZblDO3&-zf$&Cu|7NK6
zz8xM5?|>1!&!;bXkxOrd((^*kKA(OCR6VLt<7*tMz1{^^!#kn$ei|MPpY!(*Ih(OX
z{CKGJ3!(Jg3Z-WVRlgXjK374Ne?2tt7N~MR4rMR*LY4C!sD649D!-pYy?4MlL2xac
z1C`&+Q04B0()TVXd-x>O^I!1k-}HPEs$ZUiYNr?A-1PkMQ27|Be3nDye<73}7enc_
z14^IJr<XmihN|bEL%sJ7sB+#1&ww9=n(x2k`5UPAnRl-1w*^q|x4`4zd2k-Q#Ha6q
zD)$;FeQ)sbTVN0I_rMT73wz;KocRX07p{X(!u7EIydda@HJHNBL)H6yI$7KT)h;1a
zc{QkZybh{9Z-&+$;c3M0fqL&TsPXq7Q1$;6oC6Oy-=)ukYCi*2za>!lT;T6t2A2~L
zq3rw3a4x(Ds{F4)wb%Ec#>-Ps`aBDz?{DCV@TfJ;FSf!h#JBkPZBTapDbHu1@|}Ny
z>+e>m{8vHczZR<e4W2uF`WRIEUj->Lcn#EhpZ0thzJU1G;EQHp->`-F>`u3iJsYZB
z-wh4?DAf4+I#hYzg=(kgeSGFxw~jp#sy-u7<K*K|^?wMe-j720r=LN!?=PV8o89H~
zTLh0M-UgL_H&nm%Lglj)s=szY>31#E`!~Xq;CrFUdC>E5sQi8l=fgSOu0NM~Zi32Z
z7%HDp&o@B%t@rr*AB5_Md!X9!A*lL&)u;aeZYKU5l-}zY%;ILK@wOeR{ayw&Zg%<j
zo1pT$4NC9#Lh1VeRR4VwYMg!_j=^W3+F^LT(<g;`{#9@xd>gzR-U|<e^ENo10;TUF
zsQRvi6}SPaeeZ_S?_sEVeghs1f9TVH3N<eO3(CKrxzX9_YN&R76_j3kq59{8a3;JT
zO8*C;^!bv%|IbkMd&=McIn;QNlTi7`!|UMb@E~{x)cw2Q3ivsn{u`)rXI|v|(2;Nv
z@g?vOxCNd7cfd2?l~C<<D^z=Y1kzN&XW+?j_QmeKR;c)kpn(HW?NoyrC)Y!@<8AOT
z_+co2d^cPMKL>*u*axf;{PiZcj=d76x1IQD3>I8na24DM{~qpub1@!VZcz4oKU6<_
z7aj?J1f|FGQ2lUtpBpzP!83@T3svttl>S9{7<@gH-fw}b|DEs@_*tmuo`AF9L6^Ap
zJ{lfM`~-LaTnP2vVxPXo$2UT?<4&k@E6~6_P<r1A)ql4`_1_&(<=hYLc=P-QJe~9(
zK<PDmt7DsIFI+}?(Z_FtvX}dy^#51506q_;_xyfW-sw>Nv>Iw$UJO-_E8x*^460rK
z%%{H<9!vaAsQP>ww!kk!+1GPW`Oh10_fLh&uN5l4E~xr#gR0LJQ1!eXO5Zp8`**^l
zh~ESC-osFOd>cyNpFr8qZ=w2c#x}><a31k_Q01)f>1&|c`63^`1Rg{DrEm@`L-oh2
zq4d20s=V8w^7$x~p7%k`cMn6={|TsiJPY;y+!wp{IRz@;6`mWR?Chmb`j0}{!>gh4
zy$P!Rdtod5N2vUM2#<$9h0^yBj6-^z2vz?xq4Zk{rOzs;@z@3R+(sxpc0jdL(cd43
zdx&2H_1^Q)z?m4C$~g_<I)Zbc+U=E4<-8V3|C^xt=Uq^Gegw*Y-Q(}y5B1)c;IZ&g
z7{RA}`X!gT^c_%o7Cf)=>92>X$6l!M^=_#4dIYj03BCoT_q@y8_*e*a|17u!uJ!2!
zD1EPi((?wW`rQmwpZ7tP{}E{515o9DAIe^S2vyEum%DzN1C`$bsP{VHweUiy{O*T#
zyh7>oZ76&AG1T+V`SgQc;_lCZ>X(I3?bHtS{934dHbLd{GN}9uP~&9`O0Vmn^tr*O
z-|G2(sCs@3>b=iHmGd=t27C<8hljn?u?4Dq)<N}KFVy=3@HjXO=fSIe`Yll9egI0}
zfAH}KU=Q)Hz!1)VnOnzR12+(V7_NhJaO&&fWe}GUyc4GI=TP;IuW;N0)h;(cmG@4l
zcDxg+KA(gygb%~h;1f{qA5P(_$H`FjUj$_b9X@>>RQqj$s^2!Ke0KT!uYt>n-vCdC
zpM-Pa6Hw*<4ywJ59CYJlE|fm=q4aHmC&JZmA>0ACz&$?x5R{$&#Ph_Q%XcGGfA4_G
ze+X(kmY~W{JzwY3{~D_O-v`f!cR{`PtmiM`3y24KJKYB75}Y#wJBHUG-GrCI>^h0~
zZ-_jSCBVg`>H4sP{kzepo$skc%`?(9yWT)xefC_I2p1yi>nnZQX3uRr`vl>o{++W3
z-;HQIW!D2fa8;H7zl)s6JLkaPA>TyQ7bhTZLF9LI9pdv<_<rPXkp-k_yr_*<Ar<5%
z<TRxDI*aEnBVp7h{un;!!v}D0HQ~QT783q9cs6nl;nR>G5k3<d<nx3z?scsqo?WvE
zzm>?xkY|13i#(r%E4aTIVHpy%!y-(OpCe2S!7!qJ|99kH5M8o!UCSKme_zP^uOoI0
zJQeu?;m45=`X`o=b{Aot>Fc`PAvlP*Z0POCQG{=V_aQTp79_jmCv?ewVD7<fNQ|6^
z$miUQR1sZ$<nv1SIplQ0{{i2L>>zv!@)%)V7ZF~L9EUti`~vuTcru)UTuk@~<P=1g
zZ10B%Zm53AesrD9^VxL;ft5be0Z-uGKfvRWHF^&DE1;{Nu;#q?Bl2P2Ko%iyLjDu^
z8nPXk&vS>uW8vXY*K<e>`4zH-^v}SxFuU#~AV1T5^%8lFPxvU@h+ND&U-oGm2>*ic
zGssVnYmp;KTZg=aa5s`&=aQzYfV|m;+@JUQ@QeNZGVxi2TcP~WNyrvN*AnDA$loA~
zcxDCEbp!H!<WopLqU#dw%kK^#$NRh&>ju|7$Z^O;$QP09dKH29AsdiQ$X4W0WC`yd
zhJ1@~9+^vc5MBt^LR|+E9*4V-&mu1%z8V=K{1=F>k2?gHLhb2w{Sx^A(n0)%Fo*ma
zX+vI(==zdF@Xwz2!hiDN7T!A;=|ujLw09w&ME(r98u=cgYo|l-6f7ZKJg;jT@-#Ar
zT!I{l==xJ+57MQGzy1|&;=Kdm%aLP|9^wZ66w&oIWH<6vMYy(e|F<q^|6bk{K8Wxd
zWI58xbGO0)_%rw(WCyYU`84u%WCZy(@)abzt|xE=?_2}VfVyr$W)gmdjj^_bD~Wgd
zxX|mL&5|zkf%AO&7l^+DImD;8k^bj|--yif&wPmRe<53mAC0sV4v{+$U8f>{Z$tPC
z&%g8hM|ddj{0aOBawhU_WH0gw<RRp6?lXa}>FFCi%S5}wV!05lTD^2|jp=B&|Cqrr
zKa!-?_FPg7R;SfUQW{>fIjQO?A2Zw6^_ei2i_+ATlekn(O;|2RVa0^0S-hnjl@_;~
ztzla3>@)c!N=+%Lnp~|?iAvSNxJhf}a#A5BDV3sJH7*UCYN9*?p6?BFrZb<fkT=oI
zra!9ciPW_8Ci$pn^3iCVi%hv(?pP9Z4kop#FDdAB3iU}LvpFnAriBc6h$2SAYE%yx
zY4~FD&J|)bYNWfk^csqXYn8AXC#4I_z(|~$vA9q$C{+znygCw@ggi#er8fUg8daoM
zdzP6h6*lFRl=jVHb&eXXnV8Y)r8dz_%r7$C8@u{UAqvxoX33kig(SC&G6;v|YE&^j
zeOas3Ta0^oi9zXVoNLO$rq;^zW)v1p_vU_ETvSoIYxsOIE}3$erejGZZ))W{?WfE}
z!&0s(z<aKDg3dxA8H@7hfqn%vD)ENRx}TO&*5$IgzW#i*8Wqb~-@9fV*s?X~+)w)U
zxDsusg%uRo&)t!vnwArKaX<Hb+wOBODVzNjM)K5UadWDoxK%Hy#^5N?+;;E;ofD!>
z)%WQ`{z20lRY#J1ur^HNocr5&cx@CiBn`uwrVI<g+PKQti~>6d3UOL(dbASfhv^0k
zsmS08)=rEYMsidN2MbZY-K<Y4W+R4PlBt9x^<67DMP@vyRZIoTiYkk-Y(Ex;8Qfic
z+svjU%-g^K9T;?JKoo+ms8Wq>Wf-5$5wy1EGQp<IP+W+Du92`b9AREj(M3wiXe3Ee
z)G>n^;kI(+N-`Sf8AA1Ya!*uJHlk!}#ipk_3vEh<vtX{FmuV^21`F81u4sITX^Gm0
z+l{k8XTt5dO4VE6l2x=)u7DzW>F=I8y-+<**{w0{?d?Xfr8b&bY&9I_cUG^A6wku-
zG4JlJGV2&3l~RNQR8RQFR+;`HzNI{plyF?z`q!E&Ln5kR<V*Y`@<P=S+NR8dajsUt
z;f`PyV__vSy`5cjl{H`TEt#+|7LKQ8kha7$8IIJ2{7kCe##{Jjr7`skx{^XdQ#N}(
zv)=Yna}s^)qfu&eD~7vwmTJYF7%(Ove`%5-?1XrkAx7Wgu!q80p=w7MkH^JYQNwU~
zN5?tsrf0~=4U8McVn?gZvi>{{BaYOhZkj;<ZtMH45}G(j8A!6*D%uWt9#0cBYf>v!
zE90h1c92EnTurft$<Q!^g|M_sC0EB1lcOa=@~n`(o2eRB<rDB<;b<5a)N7OGkS0%$
zA{Y%ll8@7JAsk1`!3gI_MJP8ZHjQjei&Qr*;Zm)G_rB7G-RN#8ftwEGs<UTMWIX8B
zUxPas!uU*BRGmpoM+Ou5%kGeVsiom?)D)zdN^v#O$O^iB=WJknFkTc#8|G@Osrr$A
zPF!PQkE+W!wm~!539iIQVi`db!n3n6Wrh+z8}M*g8aHDjaWzWIA@g>NMQU3;988zk
zVWDxUvW#3&J4zHH+?&IshR#x*%}#7~KUFjO)v$DMt(3=_l%eKk4^tg46OL)I$ZU)X
zg(B91MNzcv{q8um9qg>0PGlBLay#k4onda5w|3sQPtnA#mm3p@oo;Js&|ON4VS436
z6|<?7HIQAc4AlziMgJ&fA<ZkbQpt8sBe|ZG*e5crVokDkde@*EWOa}?*g>>gOS5=1
z(#Rl_m<Y*343--6I}MT)!&q<Boopeb`LlVxI~gk#<mT7exx%d+hGZyO3fXyRh|bJz
zugAj-(l#0?{cf$X#rlHmfqF4%mf{Ck{YI8vNQQ@1bzg8f!oT~l_x3)<kYSo|F2@d0
z-gJ6;yTO*@(YQL^p1p5%_dY5f(j;fbLRN}?or><PimgIMW>$%=tg+ln8O$te^C`{=
z|DZLO9kK}uRLp2xsn)`R84fFh7@3yQ?PhJ(sLl-xhkBHb8LD9XMO<OblDn1lGYUpn
zuezd&@JPzcOV`;F!Wzy(3pZMKJnNcP)~r#;qph~?#rWmCrMX+KPm2QE|DnlSzrcWq
z>Fs)x(Ru${1H{9n1m7jAbtabDy#W@SW9H$G254H2a?JJ==4W?11ap3UYBc%%VWp-K
zRZy$b<`ta2Mv|O@>&vumLzHNJsYZCArV(Bk_l-VYpJ;rChJ`f2_mNplFE&=YT1dNm
zS=`vQk1yp9P#Kp%Lp4pKl!Addl?!fas+-Av^QD3qvE~QbI_uqioXAwKvO1}Zm)VGT
z$B&=Qv6i>X>Cja1A5npps*XibDI4G#CAn<&&KsH5{>KKY{a^F9Hm01XQe0N*9IIa=
zWUHtD(Ol7}@uFX8PxYdlmTeq)yaBoTb)~$lwy{G}iruzm6BY@$ehn73Eq*baZGM7v
zl?omp4M&v;t2TB-yXp;TSNR&Pc14>l?1FW>qg>7Qh98U?V%oN1D3vO=%WP>(HD=+v
z9!q6dlZCx!^3Lf`NN0bsZ?bdNRH1pR*7TacKZc<;77^>?-4v!u1}y(^FTr~2=t{Zq
zU?Yoc`^WV6_jJp&2P;ehIcA1nV>Ub6P-h>vC(c!Rz$a&Om6B{pSzyZfW~1N2ZN&XC
z9Xiwpw_nvX^`BjIWP4S+@~B5jxNCV$I^XXb?2=_^I-V}gG0CM%>B69AipTs!Jmvi`
zZzqT;?~hPr7QR#7kIU9s$72?DLO?Ng!c)GH?JK9!n04Hg?~az_m#4fv#uyy7+v*+-
ze><bsL#C-fa`5-<u}V|4U$cG69F;aDh6P+v9)HX#qA8gHvu{eR-1LOCy|}~{H&zo;
zrrjj@Q=-IYrX6sPdnj9{Hnua&)-3wuiwj!EPJU4RGx?E=qo~|jU@GBfvl8vWS~&}3
zb|dR&i9R_w4L0dO#tg`gH^s%61+4cE{&37$HSLp4raZ=$;}X^kEKLG!rR7!jbX?8i
zt&|^&^X%`m6RC2KiQn{bPUeG+-75)xt&=TMTuNj9R9qg(u!%3%ssWoriOI~Qx9O0r
z*YC;L#tq^G*}nOSKj@8$2^*+wY!4g3JmG4ELyF#HP$g)K(Hu5zmpdUTJHsQfR2{*>
zJtv#^X5V_*KF`N#qF{40RzHuL5YeczixR9pHxg`)bGxk5*_?PyvJ*p`xYjP?+IQEd
z!GOnX4Pe8;a5Taw(!HieYb5s91~o8y!*o|8F>Z1x^<5%aOe(E@>dAQ8QeYbPXKWK9
zjYCscsVyZ|fDvaMc6~H%v{LemmZrM6rBSfO9d2fv?5O>1C1;MhuV=Hmy}zfIlLK~*
zef<{)edtvlsW7~4P{)8lpH}1gW17ZdAIk__0DD3XR-!Tk8%yeo%~tkY+I0kW2=`U&
z5v<N$RFoD<*$%Gxgl6AE8D8)+{gj6?JkoR~qgb{!a7QwIm86>Fl0x9;;_aFdIVEVE
z@me#(tu#L%wHrzP$eNXCLtUn`ab`&tqSlD169*epop!YcTcg2*W6G^jE~1G{@7gTL
zY3?}N<3_ZPeMVGO!VtT)5y&#p{mnd*ZWa?-dTYeFyZla*d2D6tf^W~WN{(`7s8(X9
zfk%`B_Pf@0(=`&YVPhX;pYfA9XF_f%QXVP$Wtx9uXO;`w0ee8L`lRf%1$!pmd?=lz
zW#^@e<1#n{vYXyuD-B_~I-46a(3->kX&le^_3JV_S*}>#d_>caLvFN1zYe_Y+VhgF
z7z9T=_Mpt3WBOr+C&ub^YUK77)YvVPgMOB36?x+<(3G#g<&F&cIhNq{%z!c{;uag$
z+qSeP{3Ni1oa~dK;eg4_DD@PLl86VGq!<DH_5^ccJGdm)yV>3P`C;Zp?UuC3{hG{Q
z_KzfEf&OHZ3bo#|>}pxup5<5T+(w%#o~TvrRNT)dhDl}<uB8z8$d!I>@=^UpP#Ug|
z*xSmsVE`IaY*I%!N#X#nrK@vE(@jo#nvFU9y-rudCOgiBlgzkrJQ}d<;8&RD5$94e
z*XLq7;di0Np}vb}i)k0jMyZR9(Ptg*Jyo|cDJV@dc~4&>#9)wV(WLI4T@Uz}TNd?K
zS-dy&BI48{(5zL{3g5ob(1|<pmh~kVMUmvSY)nK!f75}I+2($*G1-JV!P`xIG*w$-
z_4PJs&WBS#e%EWhS>%u!Q*nz{2Xw11y8RvFoShnQb27FdOVz-$yCNMhxjVGR<Qd8*
zWwVo_Eai8P2LrO5hIJ0;Fv_22;JMOCr};Se`aIxH6Y33KpERxQwv+Mxb0Uj28FrSB
zw$N_(N_nL=ttK;nn4MVoX8b)%$dBa8Hk+&jZ=!!hZtegl%MS;j(esCCRZ7|_5ohS5
ze^f4G!yWvD{6};GK7Fdj&NIE)<FntVp{krI7IdaWL%0k%lGACouijFZSV|@)XG2Tp
ze|Bz(>$@O7%j=lFt9zfWw#Bi>9*xORE1&@#!VX3J{GCnp%_-SzZ_~7g=;MdfN-*FK
zaq7-rzX<U&*wQk4qiyb3md?#{X3d;bSFP!m_AJbUtaZFIX;{v-(yo#$u<14HFaqZ{
zSSODW+~?=vltg=G!H&QllmuD8&d}v-DO*pqKeTAk%~`ztnJ3uZxmgZ$dtawr`MMS6
zJ~RGGo8Q?hnrHm&VQgK8>yD_QyM};uV)|V!*d7g1PyH@v24l<>LuD+d&FT8~K=HN>
z+j@fS@%q^Q@$1p%aQ#<QyJFnv4k_xb=r@J-Ue-(Yh}|ur^z(!N*?i(7KGh8J<%0jI
z0uAkq*5cz@lkw}TSv*z_cd~%tFgjapM2nZ8V$+dMR?5U*6sB->Q|ae_U!ORXr_LE`
zO0#{QO0sc%o)KgRB>G+;$h=N=Adq?V$?1NU3GAArF($D)rRax<CfjxExe1=duDuuq
zcD<LkzxA{SSz%e`oHVcz_!F$9tta31V(nUz(kip8eR=z`S*)TN6m7lfaGY;jTN_T>
z29i}~t-krVEG`x!j+Agl>~{+<&!QI&b8cVIM>1<>^=)a(wmWU?CZkpSy19H=TgQsF
zj+Lh4+*KVNXLfMS+7zbMHf!gFkb|2)poHw`p>2RKHdYyOatllSP`z_o|E%7g-gV8D
z>X^lpuT5E-jzCxOTk`JeQcj!W(s|aX7_jGW8(81AvhkdEQf(ZcCfd-fGAjq;>a6K+
zg{Hq1!V~N>8BBjGWa>_Kf8Q5nEBMKuC9!x<+^1ucJ`S1`t<N*{^yzPf^gRi?XMH#{
z{jJdSw?a+d7EOOEq!n+r3=KFSmKb-w#J4}w-wHL(;q9hu`dgvtZ-uh&K-{M|)87hB
ze=9Wot&sbVHm1K7s{d3z{jJdSw?g~<q^R3}sMYlA$AnLgvZJu6?oWR!#P@L7(V#v0
z>uDUYPk$@K@Bh=^3Qd12WItJ${#MBSCti(j4<>zHU~jiie=9Wot<dzhLi&}IPf)V|
zY+ApUPJb&j{jE^bN2?P*0Gj?*Xu^-l{)?IVZ#xrz6QBN8$bR+L_}XgvTOmGsSTp^t
e(B%J>#Pqj9{68t`KgdjfD`fviEB}wa75Z=JFF3dW

literal 23191
zcmeI3d3+sJ*~h1pwG;|npe&^Wl(vB;O<M{jErm2`X`oqXQp#Q@_fC?b_ujd^OVWTW
zvM9VFE~p^-0tzCc0wRJUBKQg_FDjyfFN?1tFYsdBZ~@%EzjMyqd($?r3xB<zPX?ZR
z=bV{2^PJ~A=Q+!r{%G=!AMiMi9_M)n!td|qc{g!><rL+5-t_%FZ!X*q=HLprC;Tj&
z2p@#I!f(NS;gfI;`~~cUOAqk8$?%<UcX&PIfA2Q_jE9fFY4A~~=YI@$fv>}Tpp;Vi
z`@+4U4^_@WI2A63(x)5h`Cd2!o(n0$yVmh;sPZ0%{O`TQA5`>q<YsXuR5?vh<+M2l
za3|8k?)rsr66vd;^t>Lbez&;%FTxJe--Ob8`azZl!<|VV4rR9ma5h}-(jioN1t`7G
zh0^zfkS6gy11G?H;Sl^PlpUI8T76c*Gf1BTrSDyiUx3o@0jT<Y7Z%`;q3qf1TYW-k
z-tW@q!g-$Oy#wwA?}n@3!%+5{c(8qc9aK9khHB3fq4ey4(&IFDeFIcIO78jvQ0;yN
zls#{Nm%=-s>~!QI_WDw|i1f*DKX@5D4Bh}`--qFJ_-%MNd<n{KlMl7^u7lEh8N_7X
zB~Z_O%%wjCebSFY+2dzW?f+*edrg~V>p2VVLAntxfXksb&hzrH%;_eSx(mJp*Td^(
z(>Cx`xB=GB@w`*vyWkS|qT|fD*6yc5+2JivdgP((ele6kTn(lF9Z>E5Z74mThN|zY
zkS6tZtF!mjLD_LNl-)bwj_@?7`_FdyWtYAX%1=HBcZHvXKD-OcFTMv=-ZN0`_B>QO
zzYgWk<1xOt7o^JG3@CkC9n+4NLfP+Tmwpnee!qvR-{d1a4;Szjz};Xs)cekYYL6n6
zzg-Mfk87apbvu;(9)t>Ak3-et1&C?9pF>>3+XtssxyL|VZ-FXj4OBTPI02TS>TwaA
z2tNU(=iN}(ABSq6XP}<j0`>mCK<T+>y=|u%j&)G}yBO;EPM3c=lwJFv?3{(trwn!9
zm2e`w1}aY745jy1pzi+$H1&nD%L|TgK%+;4_1hUx<s1Q3k0lUQy&kA?-UjvFE1>+~
zMmQdR4oZ)Eq5S8oQ1$#e)cc--yTdK+`s?sK(tn21b9lb>ql=-+y$QC#d!Xv=HQMrb
zfqRmi3}x4Yq4Zh^6-Sz&t{)HeTqjh$PjTsUTzV6nME+%tA8`2}htmIxQ2y`$+ylM@
zm%-mb>AMi;RC_Lky50_PaqkS5e;Je>*Ffoa3sk*shqBW{Q15>X>V3~b`SVYp${)Yb
zw!=ht5$XNl-tao8_k9}5KktJo=W8zi`;N~;+51;e_5Typ{d+C4<?Iht&O9i6nxNW!
zCDi-ZLg{~o%Rk3)2<rYzp~`<ZRGj~?;}@Xn`vWNZKL;nn7ohs*Yf%2Z$B{OF4%B;^
zp!92V>2BCYx)%oU)36=xx!ChgfM>#$@MgFQz5=`9f}?ExE_1vFP9gu3Q1AING<Jux
zNIwf@*KtQ%eWyUxZ+|!y9_I3!pzP8Nr@<4U`q^6`ruEK)`@-9y%6|mPK2Jiu|9NQQ
z7gT(iOmOdni=on&LG`m+9e)5-&JM@ecA5-jS0Bn>=E8kpz2i!ke-@M-d*QJ#1NGc(
zj(5QwNZ$t+kHa2tF6rMe2<6~`ORb&W3FQyhLDl;cQ181Fu7Tfx(tjGALhTzu)ps*I
z0A30e7jA^I*UeDR-v_176L25+G*tP&hH8gDK$SBQ<z@frQ0-O^_53n81NK0@r{H)M
zRC%|-1K~qZ?einYH=xRyy4;p?sN+(oxX}%D{WK`M4?yX;8LEC4x%{hP2kD!j^nTUx
zk5K-;<8jt*yTjR}r@QoVQ01+G(z^#r-#k=%y#vbc-V2A|N1*I5^?0j~56>Xo2&M0p
zj_-rg?^-DRKLrc$J}7(EH(Py<gXaA%-2>%s0o)5-1=WvkfU@6<Q12hV!nVUCsP>!%
zrRQ8IJr=p^$3WGi!(BfWs@+pi_8f+n!YiQcv}cRGJ`EBQyd&U#a05IH4nx`Z1~?tw
z3J-@5LD_8!RK3TyTD|vy2a!Gt>bbYN^kvW|eKV9j9)|Lxr=aZhOQ?GO1u7m+SZU`S
z)1fzxeh$l=o`iAkf)By<uylf*w><_okltmrowxNvx~})2;~P+RU)W~t&;+H&iBNVw
z6Ura5Q2Jj1rO&NUdfp9H-^bug_*1C+#-C{IcnI8$bRFCgE`qv$iOcVF>C>R>m4~~+
zOP~+0gwpRbQ0?-0sCK&_PJmB9#ewG>UxBkpzXqkxK_^)*cRU*|ApZiFz7wi`k3;Fb
z1s)7{Cx}SzdZ_mu4b>j)Q2qW)sCsOIve)HMesmpFJiQI79uL5|@aymp_$#P#r!ZLP
z`V6RYW<!;8ESvy4q3UruoCx0rrRP=d`fX6{^LeP}9)WuQ525sY8SV~Wa~$7c{dW>n
z`E^j&kA$-8@lbX?0ZN}vsQdb$-oFVdUR?mC_lKbF{}?p&g|f>7j^BfOl71QP0bheE
zXQxhEkI8Tz=?18B&VYJv3d#@8h2!D7p!9ezl>dALPJ$nWdf#WE>hTEF^(WwY@F^%g
zySuC(oe5R$`4AWN-UC(dr=iOK36#ED;9l^LP<l-~*~XEnP}lc|dae$t-i<EZ>e45{
zN#t*Ej9vbPQ2JdB<qy|F+2tX~km7v@O5cfVZF^3Gx;_Wi!No3r1C$<{p!B;4PKK95
z)#JlZ@4p4=efL25^OvB?e-5f0UW6CH-@v_LsoTEq?NI*teyDP;clozF-VbH(N8uFs
zB-H({K$Y`bD7|;?vHDDfdf!Z__s@gUf3eGNbvzkL|FfaWkD%gw+3|f)^}Pei{`bPk
z@Byg)`CX{^{F2Kbx6Zz2DwKYQx^z8kBfSg;@a?c2z6?)*N1bBlZ5O~*q`wBKlD9iS
zRrTB8xCu@neF;>3u7Sqxa2Dx%pzePLO5dMD)$g}(D*UU<pL(jb%K>m2`Lm$<Src3c
z*TH?^<xu6{2xXr;q27N#H1P{6zHEV=aMEcuy#cD9UF>)VR5{N=wbK?TyZ!;nUv@a%
zzHb-DnNayhL)mc|WUAt=f_m;!$1C9uq~8z6!4&d#glU2~uH^5J?Ww7!P9JpXd*JVo
zOOSCq{62U$@;stryb9!a8JWfT_h7R!I8?Wr&6$ngI(^cmg(J9M^<4m`Ad5NQ7apUF
z9A83wop5{{S%4hE^$^ZR)Mkg1J{Qh~I(C7w$u%Zr|C|Uk&VJwJoeYoSz8#R?a{ix)
z>=hxmAfHBb?8fz*;Lh*{xD<H=`4yrgXW?BAFGIeJ$RBm=gzSSfBF`f4KpsNoP}Vb0
z2Vu<nGjcp~Co+iq1^GR)C-=Pw<)>=2zXJKzbmUd!bBGSL>(0nd-17$95xxt~Ky<7@
z`jHPKpGCfl{0tdFwmz<^$ymwxew1}6GMDof<XYq>$On=8kk!ccjzwf%jQk1ts=Hy6
zW5)4YaDQYf<<}kukfxh>Ymx6D12q@F$oT^<eWYW_@!fD@O<Diz@=t<g<SFDfq@H^Y
zhc_Yza()J!1lPk}M8_|Y39hUyobS&0Ti|?`_XW<sj_7y}Ioq7sKmYE|FNJ$?|GqWX
zUgCU_E8`cOAAmevbA6^eZ{!~J=T9I3@)eg~NB)o8`B`up>Brz?m)8ds@AgCPLLNqR
z>}uit8@wMmjOTRx5y>M3<Y4lC1CyhPlTPGq$U5Yk$P366M8^sX@12gqOv)&_wAP0@
zmLs1+PDdsp8aIA`%tEe5CUf5$_*O)*{xn3#do4_yZ*%7-z$M6d<XGfhM87HM_yBSd
z@^j=AM91yOf0#4YoUqlMf6Q?YxIfQd4Ig)Tufro<nKK-9>8HpM$T0E>k{kzfa)C?q
z!1Is~AqTl<vz$*w{tMZgyhGsEkQliFNe<uLe=8XmBFm8Tkv+)&Jk;?AWFhH=CdIrB
zz6YsC_Cgwv*{+;lbDl=#k-iRYL^dNjK4am15<cqA4|UwtJ%1+YkGi}c!o!e#xHjMA
z{SW*Iax^lX{P(;32F}0j&YyrC$Q{TzNFDOuh>oN5XIby^wywb={cv-T&1b@<W%GNN
z`;86eKfgCf55&b%Ln_XC%ZjB!oa<lS5tnqAOZn?pcKJan6&8zrK8|vwq95e*VNmdc
zqCclIALiyX_-lh=zPZa!$6?XW#U(#gE)>FCDKqRB%lUj<ASce{!c-~B_4}n*WqRD-
z9;E!{bh<#<UUP3;F1dodX6_seN@3;1*NaZ+>hM#Uh=Qy6Hm&0OqW*FrC`EDZIKO8g
zD*8iFCgW3fDd7F3fzXdBV=$kqch3~V!eEpN8<N7LTToL{oZGgDWvMtFE+1LYviT;{
zA6Z`Lx2|sK@-tyj45?k(Uy+GZ8+ixkLB13g{I;&7@_u(%l4*2bTH>R0DN5B8VRFlP
z8YK*}errd!d0kjgzO`RE8|D0bP%I9`g|uJJr?H<38w_%(niHN&-j&J3Ltz>{cy9)c
zay(&*?#41II-geyR_-sA!fZZiLTlEZ&b40icJkLph46%OP(Xq0Tpfr@#e7UFZs(e_
z?KaoqyuZDdkv;mmxH#IYxKw#l8Ry7hZsR;&^N3_k^<93SyU}kCO9OG*TM-nal>J-1
zc|{oDl0Mx9QwAAtMO4B!L(e!tCMuR{ZY@OVewu;)kj1&Y6(iF=o*d?a-b|Qo@K?nJ
ze>MFz7i2>}$f@n-QBvp+$K`@wpa+G8Ido9x3;j5EOV>JoO&p}nNe>O^wa6hdUQ1Xg
zMW!<NXKezlO?Mg5r~JMs6M8KJL9Rcfdxcq>$f=-#I4+`&-zyI{mCG06!6=OjRjw(@
zP)YR>Wt(2?x3wl`YvTUoG*#8hpPMiDX6OeS!{IuAZrIS@;M*Q(yKqCQP;$Mmt_drp
zGANRk{`RifnbJ}fx7=@NXz-PqZ<0xmEd~8WEM%3D;>mf%=j}DclF|S*%o9qYR5?TR
z8^F1Tf<oxGH@9GL(+T}lkn@AgP%vEdd$9-|45vaPMW3SDj6Uz~)qBy_Yl$;42C0o-
z{wibZ+ALbgCBvdAEgNj!kSk|5&<$~9MLj?6!`n&caTHp}PltU$Ia4xz!tGJEoRu>z
zY-~Kb!EfvH)tQHVJgRY?DY9}u-98Fs7#p+Ezco~(G)gFnlhYIHaxs=u#N}M6FzmO;
zdy|AhqMt3}=oq3m6XZ7PO{JmOPhq)$G71!Dhly%ma2Z6MU@(X>^7^eJe@%R*&bT@)
zkdBJ^OfZaAy&)kD#d&X>t?@^VNmMV&5eQ9Kb`j2;Tc4~dL2&gHV3T`LWY}xfU!P9g
zN0;$~tm;f=aiBL=lxq!WhjKCK4{J{8&$*}+7ZmhcU1OYpKj0rqqYVS4(Nyh5yT;a7
z^di+|7>~wGW?0JMIgH_$5FVBIklz=(7|zW>ZrC3hh)Q8GAEZKmu0hdQJ?Jgg88?t0
z>RrA9NCQe_LV}XTR)$V;ZBH9%b~nJ{?J_J4T+XHAoC=IEPw1}>Gnp)1f$qY4OjEZ;
zMbnzLW71*_RB>tp&9xy&ZFC)y=gnQ%(>7@}wwn>LT=ZIV#cWXAG*X{rv}3kmCMtd9
zjGD~diqA{ULOGW+Em6&`WX0x=M5{>Spc#SXVZ99CX`lWTZq_6y8VuzI6cUjjyARJO
zGXzunI2%NIq7nx)0k%$t;?{U5mr*2MX~MZ3-22okG+Qx4MISAfTwX=^=*2d2i*7p|
z=rkQYxuNo!Vv^&$sd6F7&&2)xs=9k|J|qOYa~F_Z3jZLI+jwI9kteO5u9MJlqrs>&
z+>ktPbaw$L>eD#n4+XhoA}8IMe;S2+^{GO*smzS5i03kaOc#kf1OrWrjDN-`Q1Az%
zLa7{N{QjWOOOMiowZUJJ7}fUq{y?|VFntAjdX_jBF}a<`Ocez~x~iI@gm6od!I7pj
zZwSgn2F<Oo?r_pH^O#nK0k_UGb<alU@|1>G4agd|P5TFa+5`a{BBHe`CZqBGo&lo%
zTuh)+7q$JVXlCJb*A&AFSLC3@e3)WD=4EaGHZGWQQ%GOq(?9ptVn`Kab!=WBqN_C&
z0c=|qD}9JJn!qU!&y?linPF%2;mRoDruado7!&9yETR>w6H?7}ZMn=p%=E;)<)2WQ
zkbt3T#z@{m2eT???6_0uCfhBS3et%+7+~w9b+-v3qdm$5qA;9it>B_OK{ds6+st?a
zzeM~9GgzuL6o$EE$s;dGB|~%CSJ&FUZ=l-0TE6LHDtR=;)k|$)brXPOg7bfNS2U_V
z=qAIXJ*c2%jH8IxGn`kHN~_ma7ct5)3&dn}B7@K`XJKXG=Bvs2#9O&JOqGpgony&e
zm}4mJ7D`;svx4wT5%bJd^g3J=b<H(DZ3Fm-e5Ui;X4}AvI<+gKn#bJrAv#@k^k<4q
zeDGG8NR>+sd#jnqnm>MbcU!CaW^aKgo+7k+tCO+RoHciGdE{WD8(elW*eFZ(FpubD
z)B$6)TPCe0elea|RJ_y8L24SnOc9dxpqVFB5;@|n!XB;X=H_OCF~2xmoS$NpD$dV^
zC9iFi+uTSx>h&OPBK)Y=omY-}J<6MC8x0wlh>l{cHb;FTS-Xv<F|)2wpB>C8u#S3p
z2*>L;OV>8}uNjgnXMW8KDZyR$JJg=lWVeRvB7;n^CNszoOVR{XrU5nCILx*=<-EOv
zMp1MzJ14PwO3TT%9DgGskDWeNR~3w_%*7NnGn!s*eWMy;>sw9=!+djwpzp0=aaYz9
zHaSUp1#6c<X3kq@7riyw-SB(VOV>o%h<PQ^F)nOOHjHea#SqD`$8D?xPG)px65(lG
zsvvS+<M~Xpa_ONc%`!_1gc8>nqWv!Rj@)T=DM*H!l_b*%n^PU>l-7dPXGNSZmprY}
zlD^Phv+30CmPM?jdI?pmpxp56wTIc5HO)F!Xw}m+=cNLx{q{Il8lX!$Zrvw4tQ9on
z>IjD_n=&I3YIZa1(=Ag2UPqMLXre+#>}xUM!D`oL;ZL(Fucju|%<gipJf%G-ZmeV)
z$1!_iv|I<%3+G3qIx`GZZlh>KqPl@+mFmnfM+#Z6n;FEguepR9)@uhnGkNej?G9bS
zts|kktn4Hbc6FcRb)iRopnw~BU7D8ak6+W&U5ux6C00Ug0)%<|21o6R{I#q|HU0LC
zhjbOpcA@qO)QFlfB<q&i-Gps75O}~1d82M1a7)epfl|pJX}1r$3UMh;#Tm~HWa~AY
zur{vlM;b4t*Vf)3wX0cfmy{`4Rb7UKVMZHfWTuZ$CzkJ{?aVZIYs21{Ew!~_D#S#7
z`-<e0oyTDoh1Fyi6Yj92j6Rkv1CaTW{hM@nUChQ<dTq#7uex=O7q1PAto*oShvV9<
z%_J|`byJ%D!XAWKmw9VZ(Qj$4t){0@)%>Y$7q}_b0y7*eT3EYf&`l(&YT2y~7c)IN
zc`Y8vmV?=-F}q>T0SH0P^X>E(|FbhWubUZ2L18F4sVUc8@=KcPbhAvR4v7a-Tus}W
zFf+FyW@EW7xij$D@UWrOJ<Igb?3s0IN>1B!n|-j6cCcAY$&#y;U8wGXc*xVABv?|Z
z^A?;hS3hsz`PwGX^qxD)B{P<EGmR#AuA%E@JSFs8)wMJWU>!8T&IB7kb6cA0YA&*K
zP}@y{e`t>_sOcf8V5<(oXvhY9t((}KBw*N-Hh1k=bwAgplZl;8C9Y*tLm0ZzKBqcX
zBc}2+?zDAP&uBr-fH0K3W=1cUvZHl(iHT%YFA`QQPHMHPnQfXUsycDSsZ<TgUU$u|
zgq_1OovqYr<i(iZR%$P1vq1q5wX-1$zjhAdvTW~{2|D7TgWdhU9Ky`8we?`HP@k<M
zv&%}NvXaaZHxGL~a@lI9=+QQXTj{ciS=?$XmR?Z_jCP$_F<E7>Ff-5w3f_K66j87K
zl$4{zm0j2HzFfU#FD#txuPt-|g?VSjfA9_IfmGfUla%7RPO>uo7fQ2B`=q>oNvm93
zUkKSs9eh)z4D~niGv1qM1VZU(#!fRQHXAE{&robMG3&|&gAp4v8lHQ!Rn`~sb6_$K
z)#fBak;&8iv5Q}%3SN(0YFFalI=f+paWxSo#xugYK38?mb-9f>xp|b#%Dr{wH!uh0
zT0@*}^8;FuOtZ{ns%O@zUUFhapL{Y;s^pqYZMW}fw$Q!xUCm}bW#=*53}Z`7K}RjB
z9mdv&y=boALj2wcFUP-efudKFub)l5_0g)xO=W7&D?b*Q$;N8CPOO;1P1nt}#D->@
z(ypSlU+aDy9C?e&^?Ugt*6r=0l!@MRT{<+&_Rya*ln*vA!m^>442R*II#jG#N+)j_
zxhp$LP#8@=_cP+i{yloh8U0M%Vt*snn@qZ0KTITRRQ)XKCH*{ElO?fl>wGrn6^}hL
zs#YC~y-Ve2GuH$m+imQGV?-Y`lLOq=Oi0q^N0bIHd0A38i#_I$=g`6G+tT%?Xu=!k
zn*0R~3mX<pU;>68)VCM=qjdd>a(}VDCvNgr=%?+|qii;0RZq9=C4Fv^Jied3&y0T3
zUp}F$vp$(A*R!k$oA~)>;ez_cMfHtK{KjLN8XJ#j<e0D~D3<C?FU$n2o&Sk9B#XlO
z9)6f^@+ryAeDr(VhIQQ&+S}S!)>f)<LJNy0;%>dRk(&HcxVbc+9lI#E)N~LW_Skhj
ztLm3j?{gufo-L?YbKxd`NpDn|F!p7`*q04sUp8#-Ly6da=(5$P3|l2D!$l>3?8^rI
zZq8noK64oRvcc>%xrxcxmkncIHjI7QF!p6b@*_MOTw`B0jD6YAyWDPnu)-btvcdei
zy8Ulp*hIik+Maad>DZSIW>aMB%Z9Np8^*qD81YF)vUaQ4<R5W;?8}C+FB`_bY_Pw;
zj(yo+|NX|upKQ(Ucf;714P#$6@F9Wy#G$&^SIHUsvSIAY20nxs`?7(5bvfGi2sV<w
nsUOwdPlID$HoS?iHpaee82hrp{+s2oFB{Cie*b^;Wy9Y9e%ge^

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index 839bed68..475d49f9 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -244,6 +244,60 @@ msgstr "Stop wlan0"
 msgid "Connected Devices"
 msgstr "Connected Devices"
 
+msgid "Client: Ethernet cable"
+msgstr "Client: Ethernet cable"
+
+msgid "Ethernet"
+msgstr "Ethernet"
+
+msgid "Client: Smartphone (USB tethering)"
+msgstr "Client: Smartphone (USB tethering)"
+
+msgid "Smartphone"
+msgstr "Smartphone"
+
+msgid "WiFi"
+msgstr "WiFi"
+
+msgid "Mobile Data Client"
+msgstr "Mobile Data Client"
+
+msgid "Mobile Data"
+msgstr "Mobile Data"
+
+msgid "No information available"
+msgstr "No information available"
+
+msgid "Interface name invalid"
+msgstr "Interface name invalid"
+
+msgid "Required exec function is disabled. Check if exec is not added to php <code>disable_functions</code>."
+msgstr "Required exec function is disabled. Check if exec is not added to php <code>disable_functions</code>."
+
+msgid "Waiting for the interface to start ..."
+msgstr "Waiting for the interface to start ..."
+
+msgid "Stop the Interface"
+msgstr "Stop the Interface"
+
+msgid "Connection mode"
+msgstr "Connection mode"
+
+msgid "Signal quality"
+msgstr "Signal quality"
+
+msgid "WAN IP"
+msgstr "WAN IP"
+
+msgid "Web-GUI"
+msgstr "Web-GUI"
+
+msgid "Signal strength"
+msgstr "Signal strength"
+
+msgid "No Client device or not yet configured"
+msgstr "No Client device or not yet configured"
+
 #: includes/dhcp.php
 msgid "DHCP server settings"
 msgstr "DHCP server settings"
@@ -538,6 +592,51 @@ msgstr "Apply settings"
 msgid "Information provided by /sys/class/net"
 msgstr "Information provided by /sys/class/net"
 
+msgid "Network Devices"
+msgstr "Network Devices"
+
+msgid "Mobile Data Settings"
+msgstr "Mobile Data Settings"
+
+msgid "Device"
+msgstr "Device"
+
+msgid "MAC"
+msgstr "MAC"
+
+msgid "USB vid/pid"
+msgstr "USB vid/pid"
+
+msgid "Device type"
+msgstr "Device type"
+
+msgid "Fixed name"
+msgstr "Fixed name"
+
+msgid "Settings for Mobile Data Devices"
+msgstr "Settings for Mobile Data Devices"
+
+msgid "PIN of SIM card"
+msgstr "PIN of SIM card"
+
+msgid "APN Settings (Modem device ppp0)"
+msgstr "APN Settings (Modem device ppp0)"
+
+msgid "Access Point Name (APN)"
+msgstr "Access Point Name (APN)"
+
+msgid "Password"
+msgstr "Password"
+
+msgid "Successfully Updated Network Configuration"
+msgstr "Successfully Updated Network Configuration"
+
+msgid "Error saving network configuration to file"
+msgstr "Error saving network configuration to file"
+
+msgid "Unable to detect interface"
+msgstr "Unable to detect interface"
+
 #: includes/system.php
 msgid "System Information"
 msgstr "System Information"

From e1c2770a76430c1b69c8a06516358cc9c75e251c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 15 Apr 2021 09:04:20 +0100
Subject: [PATCH 169/300] Minor: formatting + status text

---
 templates/dashboard.php | 46 +++++++++++++++++++++--------------------
 1 file changed, 24 insertions(+), 22 deletions(-)

diff --git a/templates/dashboard.php b/templates/dashboard.php
index abac1fa8..e443db8d 100755
--- a/templates/dashboard.php
+++ b/templates/dashboard.php
@@ -39,29 +39,29 @@
                     <?php if ($clientinfo["type"] == "wlan") : // WIRELESS ?>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("Connected To"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"ssid"); ?></div>
-					            </div>
+                      </div>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("AP Mac Address"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"ap-mac"); ?></div>
-					            </div>
+                      </div>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("Bitrate"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"bitrate"); ?></div>
-					            </div>
+                      </div>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("Signal Level"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"signal"); ?></div>
-					            </div>
+                      </div>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("Transmit Power"); ?></div><div class="info-value col-xs-3"><?php echo htmlspecialchars($txPower, ENT_QUOTES); ?></div>
-					            </div>
+                      </div>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("Frequency"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"freq"); ?></div>
-					            </div>
+                      </div>
                     <?php elseif ($clientinfo["type"] == "phone" ) : // Smartphones (tethering over USB) ?>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("Device"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"vendor")." ". $valEcho($clientinfo,"model"); ?></div>
-					            </div>
+                      </div>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("IP Address"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"ipaddress"); ?></div>
-					            </div>
+                      </div>
                     <?php elseif ($clientinfo["type"] == "hilink" ) : // MOBILE DATA - ROUTER MODE (HILINK) ?>
                       <?php
                           exec('ip route list |  sed -rn "s/default via (([0-9]{1,3}\.){3}[0-9]{1,3}).*dev '.$clientinfo["name"].'.*/\1/p"',$gw); // get gateway
@@ -69,44 +69,46 @@
                       ?>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("Device"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"model")." (Hilink)"; ?></div>
-					            </div>
+                      </div>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("Connection mode"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"mode"); ?></div>
-					            </div>
+                      </div>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("Signal quality"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"signal"); ?></div>
-					            </div>
+                      </div>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("Network"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"operator"); ?></div>
-					            </div>
+                      </div>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("WAN IP"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"wan_ip"); ?></div>
-					            </div>
+                      </div>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("Web-GUI"); ?></div><div class="info-value col-xs-3"><?php if(!empty($gw)) echo '<a href="http://'.$gw.'" >'.$gw."</a>"; ?></div>
-					            </div>
+                      </div>
                     <?php elseif ($clientinfo["type"] == "ppp" ) : // MOBILE DATA MODEM) ?>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("Device"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"model"); ?></div>
-					            </div>
+                      </div>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("Connection mode"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"mode"); ?></div>
-					            </div>
+                      </div>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("Signal strength"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"signal"); ?></div>
-					            </div>
+                      </div>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("Network"); ?></div><div class="info-value col-xs-3"><?php  $valEcho($clientinfo,"operator"); ?></div>
-					            </div>
+                      </div>
                     <?php elseif  ($clientinfo["type"] == "eth" ) : // ETHERNET ?>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("Device"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"vendor")." ".$valEcho($clientinfo,"model"); ?></div>
-					            </div>
+                      </div>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("IP Address"); ?></div><div class="info-value col-xs-3"><?php echo $valEcho($clientinfo,"ipaddress"); ?></div>
-					            </div>
+                      </div>
                     <?php else : // NO CLIENT ?>
-                      <div class=""><?php echo _("No Client device or not yet configured"); ?></div>
+                      <div class="row mb-1">
+                        <div class="info-item col-xs-3"><?php echo _("No Client device or not yet configured"); ?></div>
+                      </div>
                     <?php endif; ?>
                   </div>
                   <?php if ($isClientConfigured) : ?>
@@ -202,7 +204,7 @@
       <div class="modal-header">
         <div class="modal-title" id="ModalLabel">
             <i class="fas fa-sync-alt mr-2"></i>
-            <?php if($ifaceStatus=="down") echo _("Waiting for the interface to start ... might take a moment"); else  echo _("Stop the Interface"); ?>
+            <?php if($ifaceStatus=="down") echo _("Waiting for the interface to start ..."); else  echo _("Stop the Interface"); ?>
         </div>
         <button type="button" class="close" data-dismiss="modal" aria-label="Close"> <span aria-hidden="true">&times;</span>
       </div>

From dc8b39dc401a58e5422d7a33981b6a2d1a3873f6 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 15 Apr 2021 09:05:01 +0100
Subject: [PATCH 170/300] Output tab labels with gettext()

---
 templates/networking.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/networking.php b/templates/networking.php
index 12b997b9..98309b5b 100755
--- a/templates/networking.php
+++ b/templates/networking.php
@@ -13,8 +13,8 @@
         <ul class="nav nav-tabs">
           <li role="presentation" class="nav-item"><a class="nav-link active" href="#summary" aria-controls="summary" role="tab" data-toggle="tab"><?php echo _("Summary"); ?></a></li>
           <?php if (!$bridgedEnabled) : // no interface details when bridged ?>
-            <li role="presentation" class="nav-item"><a class="nav-link" href="#netdevices" aria-controls="netdevices" role="tab" data-toggle="tab">Network Devices</a></li>
-            <li role="presentation" class="nav-item"><a class="nav-link" href="#mobiledata" aria-controls="mobiledata" role="tab" data-toggle="tab">Mobile Data Settings</a></li>
+            <li role="presentation" class="nav-item"><a class="nav-link" href="#netdevices" aria-controls="netdevices" role="tab" data-toggle="tab"><?php echo _("Network Devices"); ?></a></li>
+            <li role="presentation" class="nav-item"><a class="nav-link" href="#mobiledata" aria-controls="mobiledata" role="tab" data-toggle="tab"><?php echo _("Mobile Data Settings"); ?></a></li>
           <?php endif ?>
         </ul>
         <div class="tab-content">

From e4967e50459a52e3b0ed8560e169e6bade16bd6e Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 16 Apr 2021 13:42:51 +0100
Subject: [PATCH 171/300] Update en_US local, template + compile .mo

---
 locale/en_US/LC_MESSAGES/messages.mo | Bin 25603 -> 25717 bytes
 locale/en_US/LC_MESSAGES/messages.po |   6 ++++++
 templates/networking.php             |   2 +-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index 707d029c0c940db483d962056e1097cd7b93ad22..cd410c69d72f88d6f60dfe8efed0ca700e0a7c49 100644
GIT binary patch
delta 7573
zcma*rd01Cf9>?*Ef&wmVDzd0Q2@w}uFw9hNM{xn%av@VfG<O4cv!9NQnz?0`rIv-2
zSw<<8PK}mJnwo=UGiENO)9Q$tSfkAl^Zxwqx9924xsP97XSw&D?>Xn*3y(`b_WSu`
zKkvnG|EC>}96!g2#aqFSQ%3od`f7EYz($Ufh(S0Vld&$ogdThwYvZRFi5D>tf3bQM
z4x}F0*m1IOJceT_)^Z%LbCg014X3d>UPp~xfx2N(6UV8EO|b#CKn>6x!!QH6k&}b<
za3U(fM^M*4f#l$9LydF5ynqcD-?>9UGY|DRPBbQ&{ZKc`L*1yrT!{hHi%|WqVF>O)
zC3+M!!!lI+Wz58zsKk3Tb?uKe7~dI6K}$Fq6L6wBaE-M;jk<9WY6h>PR^kW-;RR&Z
zobPci-bAg)<Ty8hIjHlOA^)7``H_PkqE|DCy~~|Z94hlf)XchI0rp2N^*&UhWvH2*
zM<sUE+HYZN>VEO8Cbq$J?1oz5WvIlqp|<L+c-Fr<g~K#x1|OpmI&CMMMa}S<_1{K4
z8`Yb+2}I#z)LWodtQgh*4tBs3)?S4gxCYA`h2cn((>j6m*PaZap&{mAOPqyTvaP5U
zc^A|181h^?q0Qav+M?>6(1RmTD>V=G%&bJMWDzQXU04VAVS7B`rQrBEP9@H!_*<gm
z?8aFwxEVGlo6hLPvG^X2#OPKGiiPG*tV#V_)Yg=v5~)OOMF{(%XUBt@U{}<{y%Q;D
z1~ai1u0>_O8MOi>$P3~eN1b;CgE1({UGjRUEs8;ZY=*k7rM364`T*2QK8PB4HhT2_
zKT1KFZ^at89kqwWsDTb+Z7eg-BfH@Ih)OK9jcYqI8@04EtzLwh`9ahKE+Q|8Q;9)(
z|C_XR2W)|L>F9=fIx|r-$wMvW0t~@b*1iQJsF$E-bQIY==M?HSyMtPp*miDz0_uKk
zQTI#7V8(YwQqYX@P%~YL%6Owrz!D6_{iqAeFa$5568;JG7HQhrLVq(9^|Z&L?$goQ
zd!SZ&5PEgNFbdk6aj2OWqPAoOD&uvi0k@-Wv<H>wLDUzs47CDRP!p*@T_2t7u23B6
zz8%d0sJCrgGV8Ay%%`Cau0Y-R8Pp1F!`Ao#>V{WQ3EjeQti?;N#2TYkpbaX)WK=?_
zsE0Bgb>09}A~~pu&+NeZ>x4&WScpqdzbq<IH;B30eXrwD1NOlT9En=OBGiC8P!lP|
zP&|Z6_;U=v^VWYEb=^-Gfw#RB@+s6#aXSi79rIBcuQs2z_BT-pA3!~9M^Gzw9lK&B
zD)G)8-Djm2s((20NpbS5eKjg!?^X)Rv=}wRcTqDshDzXb^x!wBfdlSwU!P#qK&??*
zmV&xrPt<jTaWUqi?spl(upE_874mj?ojQERbU`Glqq&)a+M`~m70E)qPI;&sO+%gU
zMGdeTmB_QG#9l!qRBY}0%;Ttup21+f|5qqzpr5fN`rYgPwrXu=pjK!CYVW3_ZZI3`
z;|h$z7p#3RYTy&7guk@<H<&@a0&_8y@A@FU|63{a#d7R}DP7!OHVbhm^@CW54cK7K
ze5JVswKB!10S}^9@>A4=E}>q}a*W5oRQLKM)I_?WS4)>pp&kyljtQtGoQ9g=9Mp|g
zS^suSre2H*cnKphFwITCgIck6sAr}VDxp+V!WkHYW71fEeJbbEkcC@N^{c4&KBSv#
zSJccVq4s<}YJlaa0oI}t*kJCo_QR+xIELitoJL(2*4;I#yVr55(a@BJ6hD>;6RD5x
z;r_L|6t%QB(Sv?H-G?j=HDFuRO7*pRHV&lz5Nbm2pq`b0UhWDsM9n-Nt7CUB1ub!J
z)D1_YGAzIbxBxZ4lc>Glgj&j-s4d%zO7JA=`t#TbZ=nVX@9o+Kb-(@?i@B&R^*(Ba
z=TJ8)McwF-c@FgjtFZn%sI3U(NmZf^Q8V<Q+B;w-_Ch7T-rS6O=w3#>rf(q6j@Q|1
z9bZ|;cc>dzpl0wNROXTC?q0S*J+z&0F7`sL$or@Sj-t*#gK>Bbb1<y0JCSK-A%^Sy
zpHD$EUxfv@8MV}P`?;BVP&ZD(nwV<seNYeS5Y#u{i;U&0LoM+cRARSKTcwx3I@Cu^
zAPNH*--)N76Ix;rc0-+zfqFKEp%R#kkKqEWfmPODqrdytZY-)j8#V9<jKVx@hKn!|
zw_!uviTb<J`G|s+>;`HtYYuQ{5{-?i=b|oLZ1u;{L;W?>N*zNzGv`n%S%I~%8n1$0
z*SgpqW6|;B`M}u}vj(yLyD5A$$o*?~9#0M*LFW{X#adbJU%OL~ud{R5tVC@^$82|H
z(ol(HqPAij>e+c1HNn-W3G78p=m09gud`WyWqy?gt$_bv_m9aK)QMd%7)PU)HXnm<
zD*EFb)O8E3eZAGUpjNU3HSiJiU>Pd$8>su;_EOLuSD^-~Kg1q7GYJ!D?~F|_*IZ)0
zgzafRVD$>r%p-=n6KIP~sb``RpNSf80cxwf>nP~q+lrb=DTd(*48aT5UXBse{fD_T
zYKV!{o1$K`{-^<_S^r$r{T8F{w-GhL9jFPFVr{+u=O`%SAM6DG;qD%Wpf2>F5=lm7
z+!OU04My$Za5ES6v`<3~wA|X)qn7#wtG|Nb)OTS$z5j<PXiv_fGQNZw@HXm3f%myv
z5`p?;dQf}X1vQi2sOzVoR;Uo`;c{~e>UG<Nn!s_?TX7a^GrsdZ1+Bm>Y>lBK+#9B1
z1L}QH8Q+geYzArtyr=}1q7qtzdMG!d&f9`YWG8B+4p{$5TuA*h^y-&I=1BJjQ_(|x
zHfq3UkZ+8$1GR(|r~!XP%_LxyyH)j2E6@xBFbUP)0d-wZ)XHRFK8~^WL!(%KbsVQb
z8DBK7q1t~#%_w}d`>;i#maaSUM~#z-n)wr`XJv!+zltrWms<NpR6;jUiB_Q|STl$9
z*Nmcb+yt7Thk6QX;QLUoPY!CJMaWa@EJNM!DOBP`xEOb%?$_adH=#6C!r7>|;{nw9
z4_W&>uN9V|_GklY<}acyC`HX|Kk7!OPy<{<CGsOGv0qRLRatx8F>ZehYNm;(>$;%E
zNynDx9YP_N!Xk4MYKius_U;4J4US-aJd06y-P(g5a0iY>CEUvDDVRaMH|F9R9E3Np
zFQ$$4{juwHmQhHj;S(H+5#!vyb|<1{e$FgMtxOearV-p#OBsinQ8Gqj8ph)&)b)>|
zCbAB-0vl0pMUk(a{og}DOSm63!=tDhUGSa2cL0;AS78DsKj{9>7==pUVbqE(K|M2%
zqY_$!N_Z2-U@^wwam>PU)fwMO&2!)Tapr2&jo(A<`Ek?$U!Vr~8YA&rv(nn@k9W5q
z8dK?yM_u=zIT@=_FF-%sOlW-PYyIF@PW(tTrT1@YuwxYUF2twQdl83!@4(Ym?t#w|
z7YQwIBGHFybUaBsMf|D?$8O?YVx%AAccf5_6aS0-iHC?1LdW|=TVjJM95I}yFXRGW
zjrZTIj(drC8*nG(e-q8A`{O%ADrFDq_=xCDyr%izrl4if!57h4O5AHV`bCW#dVqS-
zb^;5CP~uxc$3Ws?U&;N^9@Y|i27W*ETn)9#U(5vVr~iNO9kr+op!8>}^Q*x3nl-fg
z1YBd~CFV$Mp)%LDv9`{*h&V!YAzIV-cbq}gr92pQY$IMKeB(#Z(U%xRG@|hpqCe$f
z_%5O27U7{yZ^}603bB~r3+?+5b)atr<sn2j$~xX40x7pcUVGnPRG*-Z=ZL8qzbl1j
zhzo>{#&)q@nYW3tL^ImLu(S2m!zAk02pye>G@>u@Ch_~Rg+hJKy@AJxZ-`}tj()zM
z%s-35qeL(#b|kv{I{43Me4HpI?xQ`M2(Z2yloKeo!Fkvff5S0EOQIX`2=O0c7NJ95
zzw1OZRXDyP8hN=e+gEkJYF6}dh@a`i0M5xEbmS6#lsEcnyxTaLs6*ROq6P6e^;JX_
zp`$l#IySjDcOmn3?#OU!6qo)`ZooxB)VtfoJ*}?^^>*qbX3~~HtR_P3yz`VhQ65Ij
zraYYpv%V0@MMNqQPedz^Wb15+b!dE*7)Uu7b?hRt?3`H2KM===L~EnyI}Y+QhbScG
z5?>NK2ptEA;hg_3U(Nk2t2j~X(44|!L=R4wg8PX%L?-oV*oO$9+@8?U7VjpK2>qXd
zjt^XXpXG3C`-!&o#5v-7>mQBD#CyaU;x6sKj@tMg{)3oA^rSw*`i@f9alec2XEc3J
zSbd$Dk5{ccAMYk!vbtzWyhX&>ebwgmx5^7tZW7h0w<7*Y`5x<w!bmG`r~NbHETQAC
zE>1fArIc&pDQk<Re3J4)t2Z&l&qSs6e~&c|wgJklKAQSHRu*a0``I}u)Q4MN1FT70
zwt5cd?4vvcKg5;R{vv)syl!>zyk68lQF!_fjd_&E6CpO3y2|x~BaUcAY$Ym)h9wtb
z*ZP+{*=K5a^vwK%S(EY$Ju@bFrsvO^JELHVXMFygNqPB&B_}(a2>U-y3a<S>p2Q)>

delta 7487
zcmYk>3w+P@9>?+Tj1AjtW;V0ozu9J(%Qkm&8Fs;#Ylg(SspFDd)9_bTx)>EZQaYv-
zqH;`<C4_QID&?e(D1{JmEW~kM?|r}P^n3K#^Yi`we!uVa_xo+t)xAFR_WF2_hgK~%
z9K(H#iN;ekjro*(eO=WWbArl5Jc$#rW&>kt;Y{@4Qy7SAF#<PZbv)$CM=^);Ma;#t
zhQ@^A0t_(5YgUj%QLzqv@e@?v2T%>3M1Q=F;po%Ic2Ey%Q;tCzGN~Ab-B1G@g1Y}6
zq;FGz>SvkrT@0sx^EruTeg^AfHILPUYN#`+p+3&Lu^Qz^QRnAkFfKw3bOmaLt5Nk^
zu|MudtxRN$H5UEo-!v!D5~g4Rc5~(XQ4LN(jl2N00!y(5zK!gb*@8207iuLs$J&mw
zP}dJb{xK8zF%q9gP2d80m0Tgwh_9n&6xi69$ry!N;)SRImY`<z7HVMIT>TzQqWlGh
z;BCyrkT|=t!%zd8irS*N=!?a1tiNWkj0z28mAl|g)C{+y&hJA#6Gu=3_yr5`2Ku2l
z-kyIFQz<V;)gMN6d=w+`N8}%KiyzvG#tE!{J(48Wy%}bpmTVGgMdo8BzJxq~<|OJy
z)5Ml*pod~2YNdLko|TcPm7Ibaz~dN%3o#j&qw(P_@sdm<|18m%jhNAt{laV52?sE$
z(fBOp;W_Mpy_#ERqd(=%sFnE;HIPH7tvG>tb}pkP7{oql0v%8j@}`pnkc>f%d^~Ce
z3XvDWyo|cA3~S;s^uwP}TXY_)Vma!*KU{ri3tNsxtz;^y<4p8mE;4YhnM9%nA3^Q0
z7u8WQ24acxEoAl0R@A^wI(=H&atvx|(_MKAYUYbk6L<%CLChi4z%OB4z5h2zYEco=
z%08WqP%~+RTFSl{jH6ur1gt~35H+J0k=-*Zkr&A9M|E()o&O!xo@s5{i$G1VDeCz%
zZAdiJk*E<r;4Ub{5Xy^C11Z5^+=v?RN2u56bJP}o<vfXc+Ap9w@@H9eJ`}am4P7}N
zz1o{(61|tbP!H2^)QIy@9X^6;=qc1d7o)zEC8!lBLv77&)cxmBD|7|bu78R(8uhj%
zqbATNh4l|28BT>79*bImshEV%p&HzV8qgjL#qUr9yNFtW+o%Eh^73mywNMXb1nRnI
z)IgF@E0ONb_e*8{3#b@Gg>F2A9z2Tb=o<FMfHrpNhN3#U6E%ae7=qJL1D%i6aFIJ-
zj9T(lSO?ePeYoA#$9vn_6G^C%c6SbN^<z*onTmSIW};T?RZPPTsDWR=+F0(+S8vAy
zMmZc+-yJpJL8yV|qbBHmkVG?@g&M$o^x#rd$6HXZ%{Ej=-=ntb464DasQaq6H)bw|
zq1r1(bzFiP@J7^Iu>*Deep~M~$J_;HP<vC3TB<61=5#|isv!@mp%hdH-BAPSiyBxS
zYC!p}ev)%GYNpSi?t2B*&l+r|_kR<Ke*b^(yop+($c}dJVo(hvVqNTvkvP!Rk3)4l
z2Q}a#S6+&}DZhdFcnSOAAinEaSb`aP|Id(QV$06P4900V1^1z5-i3{pxu})NM|C(2
zwUmXZ87;wz*An9>m!a-EfqDpkL#@Dd48y8j*ngdfB+(LjP%~_bYN#9P{0L0Jd`!S4
z7=dM|0ep#Cu^&;-%sJG6E};f|6QeMstNlVIVJ_v|uB^X4nJcK!`~H#hBC6r&Zg$U;
zP#ttab<hJffGp=|S3d)_1+$Po&6BA6b~_JZ70O4jtq-qxH?MuIg3|3@x9w0%`#O4X
z6Y3%R3f18csFk|m%Dz49U$;@H89jh{R<@v4-~ejoM^PWDE2tIz9o1ftx2GLpJcd)z
z0@Xn;)ZX<&H8dKvXX8)<oQrB;5jMcpsE+nHPomnph0z$+%Wi41GY8d<cPxn-n(kbP
z`hvaTE?AG+iZawv9zf0TOIQCh_NQEq8hA#AwLj|F8HQTHyHL;0I9GlFX^+4ENi_1+
zs1ff%?cp)h(|QVL;6>C*jLozInu5B19>(HJI1;yEHH^%%HbM<J9yQ|*I2p6Bw%-4(
zBpTsC)J(rYe?05zFQXpL|DwM2&9m+6nuc21d8mPvptfi|`r=O11oof?bl9E$8a2Ul
zI#2)RDv2HneJwPAa4f_G^uu+i^BXZ0_qzI<sE&R6*bh=L##3&J)iD?AVIDTahfyoG
z9JL~)=w-Fc$0Q9gsIR>-2~}>39vp&t7^k70mHDWpT!8`jHtN&76_ar<8Xw*goJRUb
zj{W2IVLpGuD97=@@Xa%``m_F{N#3I(4<mSo`1+bj&b6qm_yL3Q7t}y*ptd4#fPHov
zU^B`cQ8T|6HGv5jfD2Fqe-X6;8?X_6GJy5hg{P^giGBm^lGnx>l<Q$tj78np#MO6o
z<!sbajz)Dn89i8l8u)V57Op~V;W|`5JF()K^Sb04OyI=NsF4K?vbJ#c!({3wxbh0r
zTeBTCfp0MeZ=ePqJ=k`bfZD1w)Wg{qHIXq`8@)3~w6ssV6U(p;<qfDA?Z!m>6!n^w
zqdJHjV$U~5HJF5IuqSGULs1hNgPQ4l)PR?`^BXWk?|&JIZajz@$Z^z&e?`4Uw@`cN
zGt?S{k(47*9i_VZuBfH%<H`dul=3JH!%3(uc>*=yA`I61zluZ+Z9<K7JL<RJLDUMI
zM$P0Bs)2|*><TqPHJs|qM!jyMP!pJrdMlnlwYwO#0wtJ)AD}<|o3kY0co{X~>bxUb
zi73<xG)E1v6>318P!DBK)OFdYf#ji9YJxjI6ALKMLEU!)J?P7;rhekk%QwWdC(+V9
zhU(}k)C?9Qdt_ck&Ab%#B`b61ccSh)jCJrR-iPO0{lMY2J`Xj}@y=PUe!+0oUo$D8
zLJ!&Ns3kju{E=e5LybIggndS0QRmxWQ|#gD$D;;32Q|<l)C`MJ6Iz2BKq-1~7pmV=
zBUpdEHfO0&M*$=4UWK6=j6vPl8s}nnRD(OQ;-N(i=s4=FIFGu%+|~QtY0rnDwk8&}
zQY}%}_wbUap&V30ccD5Mk9ufkpaxcm8c>m|U+!Fsn(1cLefv-y9l>UJ0;4ftlr<5x
zLK&#7^Y$ZA14FPbj>Slv?dq4JI(`#1;`d#77xt$71?FS)UG}frIhaNHAZB3LX#3l8
z1oG)HD{%^5MJDbw500@bP=H#RB2<SfQA@c2HKQF^9}i+2o<^-)AiZlQ4N)r)k9r$g
zyZQ{&3g)0DI26^+xQg>${zxQAp`r*Aa0f=<Y19C2qn0fAZu`(gpav9;8gL>;VH(C_
z9_C_!D<43;@4q^u?y>D=V-WqDJQ8(qKkBKRh#J5Y=d-T<HPjZY!7jKFb>AiDHLOC}
z+*|S6*K{Ne^Wk;ILZTOWE37;kQ1;%Wbf~fhn^39aZA-<^Y**LCsY?CQ(O@f&g(R7k
z*Hu<xETR2=*wyuS4&~a@+W%JWrZ$||O6Z}gJa)NcR%HeLKtyp*d%R5?BeWg$h!+Wc
zfOJ%M?JD0%{F8{GPS1>1sS`1o{>@^NIO4BI8!j9{#dKGB9{0GsD(BM3Un644|Bda4
z_T+KIFXYY9L+m5ZBy@D5TzLeMFQc$o`+v#RwsoGtR4(XG@OO!6i4*W4;wr(f2{V?^
z-v31Wi_oF>T}QIz&!6?V|5-|**qHd4{3NlSQ2!>G%8jW12cTn>#rRRytMoDvLcR#M
z6TU<uQF-Wlp+nyhUVF2Gc#!B!=;KpNOeJ&-pq<BXFOlFw|G$x}B=R`Xh&Vy6qYrrs
zQI|MKxf?FPhUi1|C9g#^B6R2#JWKFB`t#6Rq@x|zR~}<XI=Dh>&A%Qe-=`v+=&B2e
zf4B<<lj}F&T0&p5Z-{u}1>!%%5n>n-&2=@f4hEu*a$*{BoyevBW9)&I#|Dy$|Nd85
zA^Q<ex{6JhP4wla&s|*>`S0WxiC>AiL@;$3#GT~5h{~fQbvniqODZz^W3|ig;5_r^
zPa~oxg(TE3p$0@Qp`$7BJ@F0^&o!y2qlh>~d_)W;bPVLYKEXqXaB>|@ET#<W5`BnI
zT^)GMJbtbrvWOgF5OI`fN&^AJcjWgH5#)DcckF>Ws*%scal|J?70PME{p8OPI<{EM
zaMZu^>$pa|NwoH1{`E=jA^sp*5Kj;~4qMFE&TaUa%M)qHpGYVEPTi}-4&rHIHt{2&
zW3<Jb!-+&sH-Mq!7l;{J|A9m>q2qC)fas}$JHEvnZmfon5_O2)ls$Nv(D4%S2=S!~
z9K$$&%cd1SNB$-EBkxM25Z)v%Tuw3suizU*9uY(ACcYvbAdVAX5S7P#l3Ls|2b-ae
zrGziJCZ*#B(SdS$Mall?=dN{CUen!Wo!yE3lwTpLyZRQ?KSTaJ5$UdZi~PUDAj-9g
zmgM=wIzmTd;=PKD?}qbT=LcAWd;W%{+Wh7uuM;K2hr|IQkPAwOr!S~ldOqX6(9(zU
P`~pkky6>#^|Kk4u*!B)3

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index 475d49f9..5713516c 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -598,6 +598,9 @@ msgstr "Network Devices"
 msgid "Mobile Data Settings"
 msgstr "Mobile Data Settings"
 
+msgid "Properties of network devices"
+msgstr "Properties of network devices"
+
 msgid "Device"
 msgstr "Device"
 
@@ -613,6 +616,9 @@ msgstr "Device type"
 msgid "Fixed name"
 msgstr "Fixed name"
 
+msgid "Change"
+msgstr "Change"
+
 msgid "Settings for Mobile Data Devices"
 msgstr "Settings for Mobile Data Devices"
 
diff --git a/templates/networking.php b/templates/networking.php
index 98309b5b..f497cb28 100755
--- a/templates/networking.php
+++ b/templates/networking.php
@@ -154,7 +154,7 @@
                                    echo '<input type="hidden" class="form-control" id="int-type-'.$dev["name"].'" value="'.$dev["type"].'" >'."\n";
                                    echo '</td>'."\n";
                                    echo '<td>';
-                                   if (! $isStatic) echo '<a href="#" class="btn btn-secondary intsave" data-opts="'.$dev["name"].'" data-int="netdevices">Change</a>';
+                                   if (! $isStatic) echo '<a href="#" class="btn btn-secondary intsave" data-opts="'.$dev["name"].'" data-int="netdevices">' ._("Change").'</a>';
                                    echo "</td>\n";
                                    echo "</tr>\n";
                                  }

From 6c674537bb779d3a4cfe5b38c342f406b3e4bcf1 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 20 Apr 2021 15:19:00 +0100
Subject: [PATCH 172/300] WIP: txpower feature

---
 app/js/custom.js               |  5 +++++
 config/defaults.json           |  3 +++
 includes/functions.php         |  7 ++++---
 includes/hostapd.php           |  6 ++++--
 installers/raspap.sudoers      |  1 +
 templates/hostapd/advanced.php | 12 ++++++++++++
 6 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index d5c1abe5..3523fc56 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -120,6 +120,11 @@ $(document).on("click", "#gen_wpa_passphrase", function(e) {
     $('#txtwpapassphrase').val(genPassword(63));
 });
 
+// Enable Bootstrap tooltips
+$(function () {
+  $('[data-toggle="tooltip"]').tooltip()
+})
+
 function genPassword(pwdLen) {
     var pwdChars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
     var rndPass = Array(pwdLen).fill(pwdChars).map(function(x) { return x[Math.floor(Math.random() * x.length)] }).join('');
diff --git a/config/defaults.json b/config/defaults.json
index faab15b6..67948d0d 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -49,6 +49,9 @@
       "AllowedIPs": ["10.8.2.0/24"],
       "PersistentKeepalive": [ "15" ]
     }
+  },
+  "txpower": {
+    "dbm": [ "auto", "30", "20", "17", "10", "6", "3", "1", "0" ]
   }
 }
 
diff --git a/includes/functions.php b/includes/functions.php
index 2f1c502b..a3ffbf45 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -152,15 +152,16 @@ function getDefaultNetValue($svc,$iface,$key)
  * Returns default options for the specified service
  *
  * @param string $svc
+ * @param string $key
  * @return object $json
  */
-function getDefaultNetOpts($svc)
+function getDefaultNetOpts($svc,$key)
 {
     $json = json_decode(file_get_contents(RASPI_CONFIG_NETWORK), true);
     if ($json === null) {
         return false;
     } else {
-        return $json[$svc]['options'];
+        return $json[$svc][$key];
     }
 }
 
@@ -774,4 +775,4 @@ function preg_only_match($pat,$haystack) {
 function qr_encode($str)
 {
     return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);
-}
\ No newline at end of file
+}
diff --git a/includes/hostapd.php b/includes/hostapd.php
index e364dd15..b87b1e67 100755
--- a/includes/hostapd.php
+++ b/includes/hostapd.php
@@ -25,6 +25,7 @@ function DisplayHostAPDConfig()
     ];
     $arrSecurity = array(1 => 'WPA', 2 => 'WPA2', 3 => 'WPA+WPA2', 'none' => _("None"));
     $arrEncType = array('TKIP' => 'TKIP', 'CCMP' => 'CCMP', 'TKIP CCMP' => 'TKIP+CCMP');
+    $arrTxPower = getDefaultNetOpts('txpower','dbm');
     $managedModeEnabled = false;
     exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
     sort($interfaces);
@@ -102,6 +103,7 @@ function DisplayHostAPDConfig()
             "selectedHwMode",
             "arrSecurity",
             "arrEncType",
+            "arrTxPower",
             "arrHostapdConf"
         )
     );
@@ -306,13 +308,13 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
         $ip_address.= (!preg_match('/.*\/\d+/', $ip_address)) ? '/'.mask2cidr($netmask) : null;
 
         if ($bridgedEnable == 1) {
-            $config = array_keys(getDefaultNetOpts('dhcp'));
+            $config = array_keys(getDefaultNetOpts('dhcp','options'));
             $config[] = PHP_EOL.'# RaspAP br0 configuration';
             $config[] = 'denyinterfaces eth0 wlan0';
             $config[] = 'interface br0';
             $config[] = PHP_EOL;
         } elseif ($wifiAPEnable == 1) {
-            $config = array_keys(getDefaultNetOpts('dhcp'));
+            $config = array_keys(getDefaultNetOpts('dhcp','options'));
             $config[] = PHP_EOL.'# RaspAP uap0 configuration';
             $config[] = 'interface uap0';
             $config[] = 'static ip_address='.$ip_address;
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 93389d4d..355fd8eb 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -32,6 +32,7 @@ www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] up
 www-data ALL=(ALL) NOPASSWD:/sbin/ip -s a f label wlan[0-9]
 www-data ALL=(ALL) NOPASSWD:/sbin/ifup *
 www-data ALL=(ALL) NOPASSWD:/sbin/ifdown *
+www-data ALL=(ALL) NOPASSWD:/sbin/iw
 www-data ALL=(ALL) NOPASSWD:/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/enablelog.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/disablelog.sh
diff --git a/templates/hostapd/advanced.php b/templates/hostapd/advanced.php
index f7c9ee93..579e166c 100644
--- a/templates/hostapd/advanced.php
+++ b/templates/hostapd/advanced.php
@@ -1,3 +1,4 @@
+<?php echo '<pre>' . var_export($arrTxPower, true) . '</pre>'; ?>
 <div class="tab-pane fade" id="advanced">
   <h4 class="mt-3"><?php echo _("Advanced settings"); ?></h4>
     <div class="row">
@@ -52,6 +53,17 @@
         </p>
       </div>
     </div>
+    <div class="row">
+      <div class="form-group col-md-6">
+        <label for="cbxtxpower"><?php echo _("Transmit power (dBm)") ?></label>
+        <i class="fas fa-question-circle" data-toggle="tooltip" data-placement="right" title="<?php echo _("dBm is an abbreviation for decibel relative to one milliwatt. It is a unit of level used to indicate that a power ratio is expressed in decibels (dB) with reference to one milliwatt (mW)."); ?>"></i>
+        <?php
+          SelectorOptions('txpower', $arrTxPower, 'auto', 'cbxtxpower');
+        ?>
+        <small id="txpower_help" class="text-muted"><?php echo _("Sets the txpower option for the AP interface and the configured country."); ?></small>
+      </div>
+    </div>
+
     <div class="row">
       <div class="form-group col-md-6">
         <label for="max_num_sta"><?php echo _("Maximum number of clients") ?></label>

From 643afe09e8905c98f7b34dd8a1ec3a36b3d19802 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 20 Apr 2021 17:53:09 +0100
Subject: [PATCH 173/300] Set txpower w/ iw, persist value in UI

---
 includes/hostapd.php           | 18 +++++++++++++++++-
 templates/hostapd/advanced.php |  3 +--
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/includes/hostapd.php b/includes/hostapd.php
index b87b1e67..8ed66946 100755
--- a/includes/hostapd.php
+++ b/includes/hostapd.php
@@ -32,6 +32,10 @@ function DisplayHostAPDConfig()
 
     exec("iw reg get | awk '/country / { sub(/:/,\"\",$2); print $2 }'", $country_code);
 
+    $cmd = "iw dev ".$_SESSION['ap_interface']." info | awk '$1==\"txpower\" {print $2}'";
+    exec($cmd, $txpower);
+    $txpower = intval($txpower[0]);
+
     if (!RASPI_MONITOR_ENABLED) {
         if (isset($_POST['SaveHostAPDSettings'])) {
             SaveHostAPDConfig($arrSecurity, $arrEncType, $arr80211Standard, $interfaces, $status);
@@ -62,7 +66,7 @@ function DisplayHostAPDConfig()
     }
 
     exec('cat '. RASPI_HOSTAPD_CONFIG, $hostapdconfig);
-    exec('iwgetid '. $_POST['interface']. ' -r', $wifiNetworkID);
+    exec('iwgetid '. $_POST['interface'].' -r', $wifiNetworkID);
     if (!empty($wifiNetworkID[0])) {
         $managedModeEnabled = true;
     }
@@ -90,6 +94,17 @@ function DisplayHostAPDConfig()
     if (!isset($arrConfig['country_code']) && isset($country_code[0])) {
         $arrConfig['country_code'] = $country_code[0];
     }
+    // set txpower with iw if value is non-default ('auto')
+    if (isset($_POST['txpower']) && ($_POST['txpower'] != 'auto')) {
+        $sdBm = $_POST['txpower'] * 100;
+        exec('sudo /sbin/iw dev '.$_POST['interface'].' set txpower fixed '.$sdBm, $return);
+        $status->addMessage('Setting transmit power to '.$_POST['txpower'].' dBm.', 'success');
+        $txpower = $_POST['txpower'];
+    } elseif ($_POST['txpower'] == 'auto') {
+        exec('sudo /sbin/iw dev '.$_POST['interface'].' set txpower auto', $return);
+        $status->addMessage('Setting transmit power to '.$_POST['txpower'].'.', 'success');
+        $txpower = $_POST['txpower'];
+    }
 
     echo renderTemplate(
         "hostapd", compact(
@@ -104,6 +119,7 @@ function DisplayHostAPDConfig()
             "arrSecurity",
             "arrEncType",
             "arrTxPower",
+            "txpower",
             "arrHostapdConf"
         )
     );
diff --git a/templates/hostapd/advanced.php b/templates/hostapd/advanced.php
index 579e166c..447623f8 100644
--- a/templates/hostapd/advanced.php
+++ b/templates/hostapd/advanced.php
@@ -1,4 +1,3 @@
-<?php echo '<pre>' . var_export($arrTxPower, true) . '</pre>'; ?>
 <div class="tab-pane fade" id="advanced">
   <h4 class="mt-3"><?php echo _("Advanced settings"); ?></h4>
     <div class="row">
@@ -58,7 +57,7 @@
         <label for="cbxtxpower"><?php echo _("Transmit power (dBm)") ?></label>
         <i class="fas fa-question-circle" data-toggle="tooltip" data-placement="right" title="<?php echo _("dBm is an abbreviation for decibel relative to one milliwatt. It is a unit of level used to indicate that a power ratio is expressed in decibels (dB) with reference to one milliwatt (mW)."); ?>"></i>
         <?php
-          SelectorOptions('txpower', $arrTxPower, 'auto', 'cbxtxpower');
+          SelectorOptions('txpower', $arrTxPower, $txpower, 'cbxtxpower');
         ?>
         <small id="txpower_help" class="text-muted"><?php echo _("Sets the txpower option for the AP interface and the configured country."); ?></small>
       </div>

From 14b6a72105ee4affce1a26cc0ea06f1ef4cfe0d8 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 20 Apr 2021 20:00:40 +0100
Subject: [PATCH 174/300] Add text-muted to tooltip, revise placement + text

---
 templates/hostapd/advanced.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/templates/hostapd/advanced.php b/templates/hostapd/advanced.php
index 447623f8..f331734b 100644
--- a/templates/hostapd/advanced.php
+++ b/templates/hostapd/advanced.php
@@ -55,11 +55,11 @@
     <div class="row">
       <div class="form-group col-md-6">
         <label for="cbxtxpower"><?php echo _("Transmit power (dBm)") ?></label>
-        <i class="fas fa-question-circle" data-toggle="tooltip" data-placement="right" title="<?php echo _("dBm is an abbreviation for decibel relative to one milliwatt. It is a unit of level used to indicate that a power ratio is expressed in decibels (dB) with reference to one milliwatt (mW)."); ?>"></i>
+        <i class="fas fa-question-circle text-muted" data-toggle="tooltip" data-placement="auto" title="<?php echo _("dBm is a unit of level used to indicate that a power ratio is expressed in decibels (dB) with reference to one milliwatt (mW). 30 dBm is equal to 1000 mW, while 0 dBm equals 1.25 mW."); ?>"></i>
         <?php
           SelectorOptions('txpower', $arrTxPower, $txpower, 'cbxtxpower');
         ?>
-        <small id="txpower_help" class="text-muted"><?php echo _("Sets the txpower option for the AP interface and the configured country."); ?></small>
+        <small id="txpower_help" class="text-muted"><?php echo _("Sets the <code>txpower</code> option for the AP interface and the configured country."); ?></small>
       </div>
     </div>
 
@@ -67,7 +67,7 @@
       <div class="form-group col-md-6">
         <label for="max_num_sta"><?php echo _("Maximum number of clients") ?></label>
         <input type="text" id="max_num_sta" class="form-control" name="max_num_sta" placeholder="2007" value="<?php echo $arrConfig["max_num_sta"] ?>" aria-describedby="max_num_sta_help">
-        <small id="max_num_sta_help" class="text-muted"><?php echo _("Configures the max_num_sta option of hostapd. The default and maximum is 2007. If empty or 0, the default applies.") ?></small>
+        <small id="max_num_sta_help" class="text-muted"><?php echo _("Configures the <code>max_num_sta</code> option of hostapd. The default and maximum is 2007. If empty or 0, the default applies.") ?></small>
       </div>
     </div>
     <div class="row">

From 3ee38e6abe2dd62f8887a735c75e75a822225f29 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 20 Apr 2021 20:01:25 +0100
Subject: [PATCH 175/300] Update en_US locale w/ new messages + compile .mo

---
 locale/en_US/LC_MESSAGES/messages.mo | Bin 25717 -> 26387 bytes
 locale/en_US/LC_MESSAGES/messages.po |  13 +++++++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index cd410c69d72f88d6f60dfe8efed0ca700e0a7c49..f51f7c62d77de2fcf26b546fbdae30f2fa79006b 100644
GIT binary patch
literal 26387
zcmeI4dw^V3eaCMI5VE`pkMKUhknBQsvq_Lg2qC-KY_cJ{S+X0#(|C90?(Q`+bBB5C
zW{GGhD1t8#wWwePp=vFP*kbVo*oqack6J5Qsjs47u~1933fg|Y=bSq;n`B$9|IXlV
zKll93z32SS>vtaa#(zF)|91rZUNI{OPJ)LV90cFs`lVx}4T23P2SF?Bg9TWEhru5}
z1D}V7z#~ryg5%&R@E~}$4_^p35#9zj!+YRS@C8U#!JJcr;6ykN&W1~&vR(m|ULTwT
zLwGEVq0-+CkAyctrSl$mH2eUReV>MU{!0)OgC9ZVGs`%h43*w_P~{$kC&0Yt8=%s8
zKU6vocs>pfApAq9_^09F@Rv|_&RO8fcQ};(G&lg4L)m?u=gsgy!nZ-y-@D-=_yMo~
zir0S=D%~GK+5b~0yAM1q2<F0*VGCRgC*g9a`uH=b{2zq6|1rq_f+zWN1q@#1%5kOV
z2voa_LzQb6d@Z~gs-9aGIy+B-O1BNluJgRU3oao%0FQvXU@v?VRQ-Mf%C6_3+UX@Y
z8y<POv;P>VdNok-i=fJPK2-VELG_D4sQgFa4R8Xg9$)nF`%#H22+xPoZ-UBq2p$i&
zLv9VGpxWb4;C%Q&cm{kFs=l6us*l-=T{(`0blKo4sOMho!>@ye@I6rV^m(ZM@-3)(
zd=4uA-@-#-OKT7;gY#i9D+o5iDwh|v(Z}GUa2u>(%u4uWxE;<pGYBq)WAI$~i07~1
z9Ky?~eAUZJC_6SnwZoNA{U#4pzMG)z{|l({d<Gs2zYAse(@^CP+Jk^06C4M1-#M@a
zUIGt<AyoT}!~J0i>bXg;e~S;_4pomIh06DH(7-Q2+5Ie3dM`k=?~73R9NFRfn`axO
zNrJPX?7GVHTF*P7>h&`|{2Wxd4`1r+KNB)^f{jpi=b-YNfQP|1LG`=$K$YWusCxVY
zJRE-8>z{%12nU_6JV!${<;hUvs~0N$*vFTl(t9;jdbdH9?_Q|#+z$_d--5FDUwpg@
za|Gdop`JSl%8m{wdsjn^pMI$JyV&z8sD2(p<#WB)zXhtE-|fS9LAA?$Q00CEsy)65
zW$%+v`Mm&@&i>1torgpD$&;Yk^Bkyhtbuxd461$-sC2LQyd7$s-3Mj=WAIS;O{nt!
z2&(+gL%Lva2!mMZod;!47d#4H3T4+0sPgZEvhTG}_S_8BA8&)Y?{+9VJ_uD$pYicu
zgu4iT1!{iSc$Ry992&w`L*@52*az>0s=w!;^7{o;IcB}wwbKz$_AY=2z&5D(rBKhU
zhV$S$7{SZD{$a0w49ec`c>dJue+^Zh!_Id7Y#vm-t%9rIMyPV%2#<uf`1reF8{zxC
z{yR|iJPT##i%{j8eU2;7u~7LhfLq}*XyA=d`F{{<{M-kX-&dj9?Fp!KpMrY+1-KjT
zkCRe8y$)KtpzOXIYJA)eb^j;5{&CMIpxWujQ1$h5sQV8*&!uw&R63_YrQZo<$N5lp
zZGf`pVy}OtXCA7&*FZh@W~h8_hiAZhpysKsdOizPPjhj?YQH0)o}UkofoH<wVVBom
z0hMn7%HC^z_(s@A_?<9>--rFM`}`nS4{w3%;1jSHo<gGz!3dV&Ls0eCeu3kKQ1x;#
zRDKaW8djj{^CqZry$hZI?}ZEDBT(r)1y!D3Le;}>p`M?++UZY$s>joz%Gm*xPLGe@
z4wn-ig^S?3;BoK~sQjORs<)@1`pxrD_WUQ5-Lo!q<NO#Xf4K~9hQmI557hYog69iR
z=`L8~+I<;R`WM0n;d-ciehX#C>@LR>q4X=D+T&bEQG;%%=XZO)0q#fm7Wnd6_zl=f
z_>0|cz58>hdJfmR@lb^7Z?{6__g<*_deDa-hMNd~3#wcTdtAS%K-I&I@I-hUoDDw;
zRnH%XO7DwM_Wb}J3!i~XU!6qlHy0|M6QSB|F_e9)pq{@7o(wZk`CR9DCscY5!IR+E
zpxX6ko(IwSl+Meb(pm1g5gtHz#K(_AwZ|lsoi{>_i?@3H-Ee^L15kF)TJP8b4<tMf
zs{T%Zi{N6fAMpCEa1QzrDEnUpW%ui$+VM`Pe)|D92_Jx}k25wnyUvEXzZa^1T?Maz
zyP?YQUC$pv+5I$BxnG2@g)IzL)$`3zcHRM1-Veb!@FA~%6fPnB6{vaoMM#l@LpHkl
z9fGo}2-QxnhHCFyVGDc*ls)f*ivLqM7k&!1z|TYVi?2cD|6_Oq`~_4!?z+gu{}Eh4
z_;x7$m*K(i8&Lk~d+>DlD|iq*mCiXIw!$-D7gT-apz7m#sB*j$o&ukQdhR73J^<%s
z2rq=Hr*%;MWgApICQ$jm1|AA;hRfjXFkpN=4y#;#iB9qW>|&5?gD*f_W3Xw^t#@yP
zmlFO7WC{q@T<kan)ea9p)ypU0k??V-cK9w-zxf$d`Q~nM_MZh+o(rJtyAsOoaj5d|
zhNr?mhPv+)um%1jRK5NHs(qe@`@^3@J@-qmKWxZ_=fk7WFNLbNZfM{|P<H2_(yKtV
z?=Gl(ZiR=yJ3K!G7ZH9C%C09pf8%-bu&dV#pyCs#a=#VI{tv?i@Np=+pM}cr7f|hV
z$X3_yPJ}8)CsaMIhpN}hygr8W2=9g}&)Z=uyc24CJqDHjGd})5pwfE@D!qA^xbmG2
zRh~|$a&CjNH|yhfL$%)<p`N<~%8rjf+51_j@$+|3?e}%hC!zZJGf?$7o6e;8!=UQ<
z1Rq`i)h_MuXt)NdJ+{JQ;Z;!iRiM(j0m{y|Lix!%pvwOVsB%04_54qu>gPGAbZ66P
z#rbePY=^SH7iv6gg-SOARsJGe0^bCc-a}CKJPKv+6Hs>jD^&SkgtG6yq3mh7%=O24
zQ1{J;%D)w=9xm|leQ+1y0jT-maj55?h6esSRDMTY?$#@(L)BjbmEQzZIj)0hr(2-x
zy$i~ZeaOdu6zaLpLe<OXVFbVJ^%q{@^u18_UherSufGOre7yy#pWOykZ=Z%Ng@VVS
z?4EO_>nBG*#h(V-V5iq#4rOl+%FbO-<+~oLJnw|c|1L;Z4L$}9oO6}SzZGiyv_s{$
z8LHhbg-SPqdcFd8!yBN|J>V7IE@<t78Xuid_pkK&jh>f6wbLk6eU+f@e?8PVxCJVm
zyP?v*AIgqTLD}`UQ1*P?>%Z^$GpO?Z8tS=2x4V4i!!rmkgeSqxo;j#`x(TZNZiRaO
zc6bc@FgzYU>h=EwmG8en+4~zGp7ToAe~yJA`d7k!_&K;99)WTlycG7r_rf9g6fDE@
zMqIh?^L!YpUcL^M-&0Wi`vs`_oSSjwIv$=t_;k1su7Rq*2&z1jQ1$Q{sON9;`u9TB
z<GoPj{0LM!f8*o72bUB6F<b<X&$@YI4OIS@Le<+i+#eR9+OrB}_jT|@_zrj){21H}
z|G|eBGB`B;*Lzl=(!C3+-9HAE{=@J=_yxE>e9fq{<9g5cK<PgY)gFHZFMywedOjF)
zJP7Vb@CY~y9?PGNNR?~Z)%aUO;7<^>%fBK!kR0--$b3Y<S2+Z0l$igW2@fN@A96O=
zpY-~*gs(zckT0S;AHE)TL;apaFe}*V!?=v#zmb!Xmw6qRd;Q*w=C8bV9aQ`3CqKH5
z=l%_<5B?l!Lr!Q&YbD{IBKplouRfCgX8ZfJFZc+`)8Mo44y5RBx)&ab{?k63hkvYV
z|Lj}6zSD<S6Q1(AIq1H_^#_sryzWErW5}N)OZ+pf@I8cYL4JiSBCI}}{@&*=R-%7<
zs)Xv#?a1lK5yYJU^;17oAJgvzhu|T27WZh3zufCmoPz#N0>4Jy>y<ad4<jcNcNsht
zc@fd?3Uocl>Bs|wueDmni07g39O6C)zv^`<F6N?_IQ>pR79)ocu1LYJ$00b$-?NGE
zW`F%Qu3v^6KzJ$Ccwm|g-h}k|d$<f1bNwj%wgUWaKt6zML0*g8jSM0B{WWqN_df%F
zf_wr=f8X#ITj6ZvF63<P)vp77&s_!+p2AJYKQ@GQDZe(C`+w&3yWm=67#+jc&V$Er
zt$A0!-N=6;pF&=V97x<w*bbK=*K_?3h<+CkUW#;a{ZGh3uJwBh@*Ctb!q>qi$O^9i
z86Jmh;`%}OPUPcA`ui>y*C2oC6^lIo3!de#Q+(ZDd=?%>dL!^ksClOs>Eiko@KPvW
z{Su<ze>m8A?s2Yvh+KfIN46tRBfmxT`x4TP9Efxx`Yk8Dzk@N7K^7vnB3B^`h|}*4
z4nZ5?=ehoSAHEVkhp?Qp=Qa!A0mv^A{cdvz?uY$6dj@hLvIWs^IWmbv$ie7d1D`<B
zUk4XQqrU?F$Sc<qJ{<XX!t-Fs>xKOZ|B(;B+f(oA3S9pM@-^hokn_;3Mvh1JBYY72
z3LHlC`xoRfWET31k#o5oghwL!U5#wCSFG9KD)i^WZy}d+{bl%m=@I=7Mphu-L=xm8
z?zsfnhUoVNB#WGf7-Y!nxeWdWF@y);K!g4lgfB#HNAz3f5Ip7iMtBeM8Dx&veIH(g
z{4FvUnTI@r==W-519A>>F8ORg-o^Egku#8o5&h0Ye-u0w{=jPLf8N36>ySa@qsWPf
zej#!Raw5;%D8;Ig)qR5#XPIbcm@np{m8+JHtTvq;_CGTcX2+9qr6ZH%gH`29DJhJt
z9!M&>%ZJRib%Q3%WTJA}6qC46DVwlZjKY!$%VzQBVpLe%VYY<jV%MO_CQ;cGl8VVx
zOQon#$xWGZwOC9_Xp%x9%2eXQn5iU6GvNOIFk`y1*%E0J956#sMR$}<Yk!iB@+KQi
z#F@wxi^a~iplc+lR(wuDmosQk2AP2{ADLDX;3l$|2wAJ77e*FdLfV;Jj74?53(Kz2
zc&u6qD{)e|&<u~qWiuJ)at5O+A%<7RBa@KEM6uBBpD9Nr+0~IIrb2}cDJ6xylUS9Z
zM60JKv}&nUn(669rf0+2L6eKZazwRcO?NKI>>v-W!(t^WnZCia)@n6ITvlQ*x)Ns^
zlCaupk=BgDyy+Pjve`u?>0QNV^Krox!*Y2tDP>Kyn5F)d*hE;!G+gkUYn`AgmrEw2
zEOuaD4vPvrVUr%BW|VZXsHU&oU#Ud-V%qkuT8B4p3A*;7-ximm_0_P10sDv@Pb%eN
zLM!eg&e!c;aY@naD>KwH=SAd9SrJvssY>T4P~Eok1YOgD4aN8RQGcW9k1FFyHs}t^
zamM|v-`pLAbV)<ErYgf+&>dIkn^9mpK`t&=8g4Dc*)f`dft06n1>MubhMpW1!jW8*
z?J&Jb$!uVt7c^ADg4%8gDMe-~sg_KMkrkB|GqQbO7^8Eq9o%X*C1KWH4AX$YT6KtA
zur?}HVp|ycXJY`X?Qoekrp#!Zi-NV|VPPx<qb$n1Ktbt^CrKHr%!oR=En~5iOvG7w
zQY}tiin3~`NNoqR>FY_aHYH=}Wu|VPX)RVqatwzZ(NvphjXK6Uj2nn<BzI&=6+Z~u
zR#I7+9EN0740qR}T;+Tvx7u`cbQpz}+F&|xE8$p~igL!t@btRY^<CUbvyPrpDn$4}
zHHg1$r5VcOVv6HQ0spmisM}QN8BvL`-sW$SGpdYJH$`rYGu0e^cbw5N8I~f`-?f$&
zv!j@F3nt7>hEruTLR~UK>6Mg)^h{Zej??h>%3{hHtW9zWRoUnOO|NaNMiou$gHhS0
z=Bg$i?%ZCe=C?DN)7nTF;&k0)l(B=lNVlV*apI$4HCM5{j;G>$HLtF@ytDJ14%0Vk
z<Qk?7{j+n4O}}<OP9%<0zi#TFFg<oYuoh`DK{K4B(aPEm18y%Ts^g?usFbG6T8)h~
zAct%6RfZ9@G?EJoJCt)}GBFvdH6+av$-CLBKGM7bpB7GpaZXLR$Gp<u{V{}rMDt|h
zaxoW9VdY4K!=xbOo8%k1xu!~r8y9f1*6DlyX|G*ZuN#5u4&=VmdoW}w=+R$;ix_1<
znlP_2qb!e)B=Vs>VI?%xa>&rDUs6qlxRR)w1wFoT*3((&JPKnC^S8BB?MS01uCf@M
zD$5iDg=(^sUV(1K(t;|4XQv&^j3$1D;O4L}WhTetN>na}%;l{XWn1gvNV&~+3w2WE
zW#pbZFd`S>@*MW4=v3<l@bqf;(>Fsw6-xtG3t5Ji64ZR{VJcHau48H}G8>{?F3-?m
zc#*Yj{hqjN8`$-88j+bX$!w<uw}+V>zO(bZy^AV#tz4f>>=axr2R(&yJ}h57-NbZy
zWnE-fFr(F+TG8Liu#n}YYN22or>?H45_?B#Rji5EPWkF|Bdi#*hH((>)N(DJh}1Jk
zBqo4*l+IFR&Zk0>d>HGAn#awBRDU}6_au{roLv7pJAb&<#Ha>}mPdAO8l^GQ=w95-
z2z8^LGUV1Do2@TMZ>VKcPBp%R)gn@TE*TqB(S63n2xsrFz3cZOx(suMb2+w)@}#rV
zj~m8vJP}u>I@0H@?cPVlqnh~4WXS5#uU)a7m9jO+Xqc6vtE(&l%XDUzy4f<$3ICvV
znC-F&29(T1T&h&VoEZyCBMdSvtvgJ2TB*(rjD@<Dh8Zm}`182Jm}U49*3=jnF?!V$
z6@**L%*HgG%^|GfEVP)TcBj&&S;9It3b}QOEqgw`hNm>2%k^oYVB0@5S?d?*5HYP?
zt1=qz|Ehp^tdQWlG-}-tE8G17BRIn}M2tFUxfo?w0g#!W@og8(_%*B1O!)idT8=1!
zYMnYS;q=v$<P=<6mTO~(9IY=^56@NA!*f%<(x++@jc?E}S5EMKBo@<(^%bxd*DhTa
zJa#?gbNM|?#wAcu4Rb2FFu<J2IX5-chRHtDrGN}#%@5Rd+PZr=k(nN4sZyFMvN`dN
zA3vL6eQ%f8p{d|Mq8v3<nT(=B+QHRJGU-&FH5yv`?i-l)|4rYHF{M0{;TomRvHCSa
zx_J0shbtD<AM~s5nI4qWvXvu`H!N4bu8`HJt?!zov0K@6!a{-TS7%`>;}^*3hA3E9
zD&Yaj;e--l3CAvJN3A05%3r<Ju5!~=Ua)Rwl&RX*@SRazOj}t7N~uD0k!_Bt#H@mQ
z8L4z@lCW_m>zw{HJ$sJ5)y`Q{gvRY#!(%>vl7U)ZMD)fx$xMX|*b?Agf?n(B3Yn>3
z11oO(#|#bi^=N31l$ZoE%nZSXbau8^U4ukVpR06(SEqB8R5qvdV#fJqgWuL|!2K~D
zI@CJ1U)40UpIvmM`&Ya2s09kRYk5r?-)|!9l4WUms=PGABv)Qa69#=V+~z0Z8RNsO
zogik6AE(GHd}oZ0i`H4klNNSDz%X{lGd_{-HD|Jzb=-{4P88&qXN;bt502TbcAvVx
zozZJorXfR8@bUJjr6D+^*}lviRc=s*Ib2Z|f6OYPK~0C*TT?AI++oLFTwvQ9s|v}}
z?wI_^QQ{NRuDH+Ll&(|jdmCnJ7Jc%?Ijv*&yix75=PegSQL!t>R1$1rk6P7QIlV~7
zjYdC9^gY$(V3Q7M%&^AsrZ^w7fc5^tADFpOP5q>kDYvoZxR^BqOOrs`Yk8Gjo!7E>
zD`Y3*ESo*;L@LBF@tZ-;&irM4D~rOfb<#zO)70lrh2@b98~b9l60lR0m~@!*Hyph6
z`#l-Exe=To+c!V)2mMh#VFR_5y<+_`%XOv1!9{;Eq8zlZXuLLV%R5b#p6j73RK^+M
zo_h}Q0bhIRKF^1#qF^AJtesI!3#eDwMG2!mGad}YnH|>Y3?$x?^b`>%uC>dQHsQ5t
zFyJ;@0$6u29GB3G6xUE`b>&cXL>;p~Ebpi*;|7;f+a;339=X*{Lg`PNb4<hj+-+K*
zevs-4wYk6wFyi3Du8*dSR!V-+(ohz+GzvDm1J9IuI%*#+b?T@G`v%nPLw)@mBd}{6
z9J(kN#IE9aiSBJLbu<_ZYBjDurlBtmvW&n5uqWh{B`VUf8A*e&*}|SnyN<wi;lYwU
zmeoOwveH5+-N7{;*X(^l!vlV%pYeo-TN(~%6iU|y?tEsjgcIfTL~FFs+6Z-L%jJOB
zN|H%(fuE_jX};tPp?)fC2O&<U@dg#DuJVW6tW)cSVX~WI4rQ5Yhd3qX*kh*iv5sI%
zG?H+zxh2X(RG{haPA@tConrG`4-T>mi7HZzvX>i&EF#_C)L$twpU@6lB2Mb%l^O=m
z7B)6`{w!<gC}T#e1@<BMOSxyir|mFn$0N3L?2_y~eyZpA$SqWg<3+!S^G|F~Q(?1U
zkF-^uGW&4Bo}xD%W2d_GgjHc23MWK%OB`&WBFx&Z#>xz|BC&t!hc|w8yUb3dE0#AN
z;0)oe>vb`tvoX6ey?6`5g##dare;q*eJ8|E;}dkI<aQpE*e#-iAr^8a`ReqdAzdHk
z4ittswBYe{c%?4JEk&#^ZtX~TiO@z$_Ri37{N(1Fnnt}O;s&NLdccr9?3`W?PQ_|C
zjjbIu;$*R!f#ufMm7PTn=}YNQ@cTZuiH~$<9M>jw?F{UQthq&M!ycY>kc)pMqbD0&
zzDa%b(0DQ#=ubM4QJ1@xU8|wCYx%W0E7FFJJE|2s{SUEmVq)8bJIe(=aJ8QgeNgWz
z3S*UV8?9vP!%97sjqy0AR~#C)uI*}Th~#vs(Sd}&)A4TD;5#zm9<HN)J{z#q;cZZ3
zKX#hb-MWz8G`Oq!%LNxs7w|5W_I($cq$hN`=TzMKL?oS74}F96E4r8lELG~_>>9*}
z+)`|)!iJ%47XfD$7mZdm>?-UNb(@G$f2b|{$O@IWvOf6*Lk)*mW~+N~WYS4|nh%|R
zYgu)PFR9f@V>+BX@_w-~GS4YF1JEs$9k8vo(DyOMxlmQ$Kr*=?)vDv!otO@_Tnx3b
z=d9>e>5Ql#+lQS~!LUYTeasK*0L+gi{9)M-Hs?loi&_{>2OPsdby%zL+C*(VLI(-&
zJ0+56m%B*Q(cp9=n*0jwTEV7XHa#Wr)%ZK+kR8tyZ8B*Neu(}7skuX=G(BJP-_NQ-
z(q4)<x1acfQkfj<{KFc7nPR5O&N6A*BfH<FqAHwY=2&p33%CS12Gj|=FWyq8EF{y_
zY1eXYnhsKT(thorR|9K%_G)UI9sBx;m;|-z8rH$@XvAyybOF(*N!Jior+v$y<_h<a
zf_CaKt=aB;TQKZSlWOyf-c#{%ZfTKC+E#ZyOp9kZJZJi=+1n7M%@b2D%PQ|->ceSk
zVMjs3vf(l7MFQtcSg=oWx!1evGD>@R!q&u|*aYc?T?`b{HFZsE-}q?t&r1ROzA4z&
zH6X9LZLrHO!QE1Kuf@f=Hodb~G%hZ-g|YP~=~P;?UH!s(HoYwjwnZb9Q*SHHNX!^!
z^wPo0je30;p>X^9t$o3^xHq<c{KB~Ly7r3KE>1VN(~?>(`rWCGOIyjF^}E%Y-h=pe
z`qOXmS~J3D75<$G7TRg9)rYnG<JGWPJXs94<K#FMPZu`P;x<fdI9p0{nf_{H2LCsc
zeg5VD^!`0_$_%k`y5Uq#Hmq+)g7l<@E-YWqTQJ^vX;G5X!b3-W_RNiz(OY@W;>KAg
z^O{xTz;KWrCweT}SyZEOFT*d(p*N?`e4Uc*ZgXqMQp6DBu$1Q$4jp*4$fqOmWLT+~
z*8H}%4zr@ucner{v+UuvWu2X!CckZo-ion*b~o7AvRT%#{N==T1X*kfQV*IQsHC&g
zo_arH26lZ_>y7~nHfi)Cr@;^HW2&;NQ!KM9Vz)2q2-3{b#5t*9tMn=cd3#^B{Sxi^
zlEO+^+_9{MeFlBGy}vvbXWP50W99bYWTolWcQlvB`FzBY9FCRqg4{J}aLpL+J#zZ+
zXm!ir=Js^E*v@V|TFKkt<;&VTSG0GYYdX(c+1Ys}mDbs^DJ)mot<TDZ9DMyAIiyE7
z?ZbQpv(k`~TYBrQ|MsmzE&YA{>lzEy*~0Qgo7#3AA+O}c{Lac!PV3{s`PLUO&Mw$G
z+}nO`{XXw-+c|ztwB=iA&K-#>EzR$*n%`gH!1kKMn%`fU+T5_OZ?@9i$ey2iu@T`o
zN1x;E@xj#|!P@j#(>K4r@}FVpvmA~Y^i5Xt`>W>nSIzIQn%`eFzrWI_TCDiBNlcf%
zJ<ad0^v0+8{Z;e(tNNRP=J!|Zl>fiqN7W8bn%`g9f4P$$imlVTsOI-q&F`=L$8Qa9
zccy*Dm7eO&6yN;*ilfN%xX>O4_SN3<vbfn>)BOHQ?+csXU%7uclD@i4-|aWQziNJe
z)%^ad`TZ52BsIUk(rd!>qpRlkSIzIQn%`gfe`t|@Y1RDx%Ab<_?_YQ|zrRZV?>6@F
i5nS{8EB>`^^ZTpxpDs4PziNJe)%^ZSpF;<n)cg-a+atCB

delta 7556
zcmaLbdwkDjAII@)Y;1GbY?vMJGc$9T!!(4=oW>mHoWl~cq!h{d5I=6+NJuD!Qd3E3
z#a7&PQw|ZT>2TkYLveSMAyYSXuidZrz8{ar{n!0{^zpo|>-+s)*XO#f@AtdkqjjGI
z{Q6;l|6D}ila3=Nz_~cQ9_m~%<&Wy9)w$sM&Lv?8PQetci7%iJ-^A+pDMsNr494HA
zUXJ~#M>TM6Al{7;ScKJ_^SdJyVrlpsE8`W^*rlirLmE0)6&qn)Y=#;j18ZRx(vi!-
z+BgxF;KQi<A476*TT$ceH_u{S#&<U<Xy)NQ=VCC~?1Snk57p5$a|H%b&qtkq1;cPR
zD$ygT85X13FJLxaLnYp=k!N45!uW0|1ufxdOvH&gfvc_kNmR%As2RM9T8YCLf@hIk
zb3fp0yoOqlN%39+vryMBMgDWo@=p%FkABT0uCX_xcvR*|sF`)fY1kLF)O%5h7Ncf%
z29?+)Yrl>ysRtymn%D|6u`6nYm!cBeirT6-5?KGr6b{j#8GMLJ=ySW^6l#W-?febY
zvr)N;mq0W=LcJMk#R^d8-@<ly+}g`g16N^rqcH+$axD{Cf9=T-8tP#VHpdyLCEJ2p
zk+(4uk0Q^d3vcS(*BVvth&~*FTB$jxXJ!RzCG$}U?8F+l7u(`-KLr=yTp7-!_-B%H
zyKqJ`I>V-9(+T}J7T>{<7}J75ak{w!t5W|CwKXNEM9NTG5yrmg+3}$!*abCl|3nI!
z!Bnh<kE1f*gj#_@<OOlZP}g0=Pz*`-mb^A<i()Ylo1pG%ZtdNy-Ve2s<52_8M4#UO
zg%p(e7OaBXP<vQ_8t4#K$71sgvJ37fRAS++JlmLqP)j@2>iMXdA3#mu9P)y=G7QoC
z->|heU^A@AiLR)pGaEINJk(Oo!!TTF?VB-@dLe2?N08lfCs421P1MT7weij;qWWu%
z>Ms*R8Q+bhpc&<%X1W5E@djOhg&2<eP&XE17@kKZ{0r(W(zLaOfo3@BX^%to)85*<
zp;meT`gOxF3fh}-sF_bkZOL*}#%oXmZbNmn8<pq*)EBcDwE`DW6DdXAACuy(P&}&N
z_GUlS+cqwR_16sM(oh4JqdI;HwE|nQCBBF1@DeJa>llI6c*&Jm1Jnw%LM51jN+=EW
zP-dd8>xW7t2Q~4j?O1<Z@GuSYaWU$TMH#At*xS7KIsr9cFU-P`s3put4Y(aOks=Jo
zgQ$eRz#u$h=P#h{`voKMhM&R&3e{7+6Vp&9=AtrQWj<@|ucH#)k9yb+qgL(;cEK`K
z;+@)i&q@!}`QgYX#pPN1DpbP$Efkb#0cwVCqh@pzmB1J1!*5Xo2X*jXpHS35Em2#R
zit4aC>b}9a2y;>WUBFscf=Z|yc{}{B2A?tA5QRF?)J#R~Q4iFL3`D(7d8m#iqptU(
z23Unk<Y`o5FQF1Du=c&?G1Np)VyNE#ixf1_uh<*|ZukCLwKTI(D|8QP@1~$Sn2B|8
zIY#4i*1iWd@NrbaUs?TI%%Wb3xtPXxeSqHoEfjiV3HHL&&fXuJ`8bsN0i2F?*<j6l
zg}E8EG6kps51>}^Q`Cgcqh8MvOu*nY@BU=eM7pA1OP5KZHV(EE_n?+=GHQmiP#vwb
z^V=|mdI2Wld5pr~bT0uPYQ@^1o|%rQgwjw6XJIUkNoW1_shms0K-`R~UqZe2VO>4D
zpk{U-YR~7Q23Up~;Biy}>&+e3eh9S%N0A)e=cxN?Wq3ws_?@dnLn9he16U?ZqCUEt
z_iJ|vYH6>b4+FY;4_Q2Fz}Bdh>TUHw*q{2ns0qD=dRBsZcq>p3HS+|lj2V6kTH>Cl
z4o9OhoQ8FA9%_ImP<y`-wUj$hTeb(4;K!)@&tQGLjv6SUr)Mive|<3yb5UFBUucDA
zP#qPaIyz{cMt#9b?fgyDRs{2;D$#nV8TwG|?JygApb}qeZbChDFQQ)4*N|t&@AlY<
zukFP5sE$ifGx!6Qc~qvim#t6_ZAYAqJy0w1E-HZ|sOwK+JYL2etkv6_$YgUmM(F*Y
zOF=VViPLZsYN>1X@iO(HI!?x_m}c$0P!H)4)HmOcjOEs#miQzpvFoU<(#u~N>YyeN
zjX{j>5-8|`<`{xqQ5R&Po{eFs1Sa7lI1j5}xt*`l*ZZ{_hiV^$8h8XoV;(la1sIH5
zu^#R~{jPK$P|%WHMeSwPe%?%CumSa4)QyX*{wVsWzk*t+qo`-*G-@SFu^Lw5RnY5N
z6Wd}Ox&WRJoJn!u0M>sOg%1XJzjo*F<nR%6CvYrQ8|eMoy&w5HyF+FfYAf0g@>V7t
zl}I*fE5@Ooorh2pT!osz9@K>PqZ0gP5bLkZFVUbC2psJFn2beT*cn4{G-_!lU<f{d
zfjA3w-+XIdYxT{jl`KRJd>DOLj7t0}s=ph43fkjx)IfEH*h6O~V<PRHup#D}i_I6X
zE$#cQUW%G|<WO${t+5gHY*gY?QRB@+ZIyow1wDLQP%|mQT6i48@T|3$U?laxVcv}D
zVG{L5sMoA7YJkahem1JVMX3HZpeDE-HK8J`uJ`{m1!erBT@X0j+ru!_jXqQ&DX5IQ
zqh6!Is68BR=AxeV$*6&rS^HYlQa@+)moS3*POPo>{}2W3$thIE=TQURKy?&+hqon>
zs86O3wWpm?GwF%C|9;d8O~=}}%-oE6-FBiTa18ZUoWkmi?|z`56}XNqF?@vAVH(z@
z-V2rSov6efM6G}ymEaOoLaR{^<p$Jsn^B4EK&{k%JO44xr~VoG^~WN6q}Ra%=%YRp
zHQ-aoH^yy8Enz8Yz~50b2^!^XRc+J?G{GQDMxAemy01HGWwLMrj<NQGqga2PI7Wjq
zK4)G=wf~8lQN(EPVT(d7T?X=_#$}^s{ut_6S#RfG#%9!uto<A+p{uAw%TW`on#1~Q
zMlm^F0!`3IJry<Z9jMnQ2Q|<F<f(N_Q5~*BC7zFqa2Kk-c6WLSrK1uagnB#fLS28a
zwa@WeVJT{l)}v<rJnDub)XeswIy!+G;2bKEpHPYYhDxa1+G~#S&c~u=nuNNqGisbn
zY>xgR6yhi>FgK!>Xg6x_-a~b880+9EjK(Y09&(pAa2zV(7FJKiEb2Wm7gyr|yo$Xs
zeQd>#UB6pOA(MuWa41HO^M374M9uuPS%O-ba@0&C=~YV^kD5^m#$Y-o;3(An3sDnU
zgIa+NsJ9}&qMiNUO+ibz4>iLhsE*E7T)=k#Q>d3?BBqS@{$`9qCGZex#TKKUnMY9x
ztwtrh5o56c<M9{{#1hpR-=*bw@BKJ)6{_QRP<wt1HNcms0lvW~{LU=1_BwZaTM&b3
zoKHaAH{P6tm8eg{0Ng~R67C!Q!?BF`iD<;xPt;(?DC(VwPpS7H4y|h&9qI2z>1pB|
zp#@DMdU2JGCx~^#@2YU@B5o%}a=txQ!vA1j;$EVV(D5$Onpm$2M=aOrlQ^%U#tUy&
z)?bc2R1$2!9hCn~G^HMhZxLyfeW>FDq9^eRaf8r0=-?CRmJqjFKfkGwLr+W(+K%Hi
zBAob+(9xfGNPjtQ9c?K*PH5L}9eR?6TIFwMA|1A~ay82RDF4;!eETcjt9n+y2UlBp
zu{jc(sm#5tZjIlG`U2uG(V1w;$$#L3L`}+rQO8!|#flP-CGEY50YrV;ULyKZ9)@q*
zHP_Kcn_i7^#6@Be!6&)m%j0jy$>mgr5M3$jc#R0A+y;5kD}F<LggTxf9w539PZ4Jc
z9S!VWy(4cDV~HlT)xu78t~Mr9zf9=psQpi;(3^N&Ep}|iI$V4ej}hMzO9>r)JStwk
zg_J|Nu04@q?H}T!L;-OJ?SqIQJ6DBrBIQ;%2fGBY{(n*!Lo_G45)Tu95HkoJ`rch3
znyA9@HBnz3SJb@Em=!BH$iJCHKd#9lbmS5Nls8n=c$sk$QNvH;P@);}1q~~SazaN>
z+H`F6aE+0C-Ay9G+Qj+)Dc9wm5b7CrZ+AP_ka`=PBc{@pMXVzH;dbE}Djg{gBW6;b
zLe#QzVU+WUG$MhBAyVvIbF4xAWuiajP}H%L7--kTQT~xQN+ekuMIC;3fPZs{>BMZ}
zD`GpLV?QyR8-A{+c^_gGClXDGM~H5mzaRGzvxsc!ld%^OM7b@Yqcz?}Boq3d1UlZk
z_5MduiLl0BD6b_>6F(3-MiVK-JH$z%v0Ymozo-6B;y$7~^$~XN2z4EIdQ|)y!@0+-
zzD8<4ClHrZ;h0O@M!cYk9gXk}BHlVybD))<qkN61OuYs1FUlS4Tr@^mc^mDY5vK?p
zfA?_yOfD#*QWZ~FV;tp=DbKfhLsR@plo7jC;TUWK6nj-SntBH-i*)LJ?3z^S!|hyM
ztg886u!bBi+Dmx|zK<)c{dxS7c-89SS>i9mld9N}hj$ZUHkg`A^bbco(Sq1QloIuH
zO_%ZMS%V6*>-VctZF26Mu~TMF9y@(TZsE?xOCk$bboe=_a7Eg_N`>VaF~R@m{JQdt
G_5TH!Cm{U*

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index 5713516c..a321f2b7 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -528,8 +528,8 @@ msgstr "Hide SSID in broadcast"
 msgid "Maximum number of clients"
 msgstr "Maximum number of clients"
 
-msgid "Configures the max_num_sta option of hostapd. The default and maximum is 2007. If empty or 0, the default applies."
-msgstr "Configures the max_num_sta option of hostapd. The default and maximum is 2007. If empty or 0, the default applies."
+msgid "Configures the <code>max_num_sta</code> option of hostapd. The default and maximum is 2007. If empty or 0, the default applies."
+msgstr "Configures the <code>max_num_sta</code> option of hostapd. The default and maximum is 2007. If empty or 0, the default applies."
 
 msgid "Beacon interval"
 msgstr "Beacon interval"
@@ -549,6 +549,15 @@ msgstr "Close"
 msgid "Enable this option to log <code>hostapd</code> activity."
 msgstr "Enable this option to log <code>hostapd</code> activity."
 
+msgid "Transmit power (dBm)"
+msgstr "Transmit power (dBm)"
+
+msgid "Sets the <code>txpower</code> option for the AP interface and the configured country."
+msgstr "Sets the <code>txpower</code> option for the AP interface and the configured country."
+
+msgid "dBm is a unit of level used to indicate that a power ratio is expressed in decibels (dB) with reference to one milliwatt (mW). 30 dBm is equal to 1000 mW, while 0 dBm equals 1.25 mW."
+msgstr "dBm is a unit of level used to indicate that a power ratio is expressed in decibels (dB) with reference to one milliwatt (mW). 30 dBm is equal to 1000 mW, while 0 dBm equals 1.25 mW."
+
 #: includes/networking.php
 msgid "Summary"
 msgstr "Summary"

From 6ac7642c335d69d22eb66a6c0c4c01a0b99d4a4f Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 23 Apr 2021 12:45:28 +0100
Subject: [PATCH 176/300] Update release version

---
 README.md             | 4 +++-
 includes/defaults.php | 2 +-
 index.php             | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index ba9ff12d..64174d88 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/TCJKWT4.png)
-[![Release 2.7.2](https://img.shields.io/badge/release-v2.7.2-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.7.3](https://img.shields.io/badge/release-v2.7.3-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.
 
@@ -33,6 +33,8 @@ The following features are currently available exclusively to sponsors. A tangib
 ✅ Night mode toggle  
 ✅ Restrict network to static clients  
 ✅ [WireGuard support](https://docs.raspap.com/wireguard/)  
+✅ [Set AP transmit power](https://docs.raspap.com/ap-basics/#transmit-power)  
+✅ Mobile data client support  
 ⚙️ Traffic shaping (in progress)  
 
 Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/RaspAP/raspap-insiders/discussions) and let us know!
diff --git a/includes/defaults.php b/includes/defaults.php
index 34e08378..1c87e4a5 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.7.2',
+  'RASPI_VERSION' => '2.7.3',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
diff --git a/index.php b/index.php
index 60c6088b..4f79b062 100755
--- a/index.php
+++ b/index.php
@@ -14,7 +14,7 @@
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.7.2
+ * @version 2.7.3
  * @link    https://github.com/raspap/raspap-insiders/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/

From e4995314f0ddd16771af03ea466ec723fa72f514 Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Fri, 23 Apr 2021 14:39:05 +0200
Subject: [PATCH 177/300] Update banner img

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 64174d88..8d2c15f4 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-![](https://i.imgur.com/TCJKWT4.png)
+![](https://i.imgur.com/FRU1tXF.png)
 [![Release 2.7.3](https://img.shields.io/badge/release-v2.7.3-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.

From 422ce9dd3bbcfb6919c4ade4c7f32ffff6b5a183 Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Fri, 23 Apr 2021 18:04:11 +0200
Subject: [PATCH 178/300] Fix unknown device type for  mobile modems (ppp)

---
 includes/get_clients.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/get_clients.php b/includes/get_clients.php
index d322c423..094cb8bf 100644
--- a/includes/get_clients.php
+++ b/includes/get_clients.php
@@ -184,7 +184,7 @@ function getClientType($dev) {
             $type=preg_only_match("/DEVTYPE=(\w*)/i",$udevadm);
         }
     }
-    if (empty($type) || array_search($type, $_SESSION["net-device-name-prefix"]) === false) {
+    if (empty($type) || $type == "none" || array_search($type, $_SESSION["net-device-name-prefix"]) === false) {
         // no device type yet -> get device type from device name 
         if (preg_match("/^(\w+)[0-9]$/",$dev,$nam) === 1) $nam=$nam[1];
         else $nam="none";

From 9f38f64c3d41f5d1c5738feb084db7ede1cdcb84 Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Fri, 23 Apr 2021 19:01:03 +0200
Subject: [PATCH 179/300] Add auto YES to apt-get in order to avoid abort
 during installation

---
 installers/install_feature_clients.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installers/install_feature_clients.sh b/installers/install_feature_clients.sh
index fa5f5852..e1a6ca92 100644
--- a/installers/install_feature_clients.sh
+++ b/installers/install_feature_clients.sh
@@ -19,7 +19,7 @@ function _install_feature_clients() {
     _install_log "Install $name"
 
     _install_log " - required packages for mobile data clients"
-    sudo apt-get install wvdial socat bc || _install_status 1 "Unable to install dependencies for $name"
+    sudo apt-get -y install wvdial socat bc || _install_status 1 "Unable to install dependencies for $name"
 
     _install_log " - copy configuration files and scripts"
     # Move scripts 

From 29c4c5a833e4fcd164885cc531fcb9e20df7a4b1 Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Sat, 24 Apr 2021 11:11:48 +0200
Subject: [PATCH 180/300] Fix default device name numbering in UDEV rule

---
 ajax/networking/save_net_dev_config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ajax/networking/save_net_dev_config.php b/ajax/networking/save_net_dev_config.php
index 57c4c30f..be2c04dd 100644
--- a/ajax/networking/save_net_dev_config.php
+++ b/ajax/networking/save_net_dev_config.php
@@ -67,7 +67,7 @@ if (isset($_POST['interface'])) {
             }
             // create new entry
             if ( ($type != $newtype) || !empty($name) ) { // new device type or new name
-                if (empty($name)) $name = $prefix."*";
+                if (empty($name)) $name = $prefix."%n";
                 if (!empty($mac)) $rule = preg_replace("/\\\$MAC\\\$/i", $mac, $rulenew);
                 if (!empty($vid)) $rule = preg_replace("/\\\$IDVENDOR\\\$/i", $vid, $rule);
                 if (!empty($pid)) $rule = preg_replace("/\\\$IDPRODUCT\\\$/i", $pid, $rule);

From 9d132bee3a00b34247921fda1ce1d6045ebcafe1 Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Sat, 24 Apr 2021 11:17:25 +0200
Subject: [PATCH 181/300] Fix naming of hilink devices

---
 config/client_config/80-raspap-net-devices.rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/client_config/80-raspap-net-devices.rules b/config/client_config/80-raspap-net-devices.rules
index 0ccb49a1..33e6584c 100644
--- a/config/client_config/80-raspap-net-devices.rules
+++ b/config/client_config/80-raspap-net-devices.rules
@@ -1,3 +1,3 @@
-SUBSYSTEM=="net", ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="12d1", ATTRS{idProduct}=="14db", NAME="hilink0",  TAG+="systemd", ENV{SYSTEMD_WANTS}="start start_huawei_hilink.service"
+SUBSYSTEM=="net", ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="12d1", ATTRS{idProduct}=="14db", NAME="hilink%n",  TAG+="systemd", ENV{SYSTEMD_WANTS}="start start_huawei_hilink.service"
 
 

From 97b2a091455727ab6b3c212de84c26d30219dc1b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 May 2021 23:37:52 +0000
Subject: [PATCH 182/300] Bump hosted-git-info from 2.8.8 to 2.8.9

Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.8 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.8.8...v2.8.9)

Signed-off-by: dependabot[bot] <support@github.com>
---
 yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index fc411a7a..0605ff2f 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2010,9 +2010,9 @@ homedir-polyfill@^1.0.1:
     parse-passwd "^1.0.0"
 
 hosted-git-info@^2.1.4:
-  version "2.8.8"
-  resolved "https://registry.yarnpkg.com/hosted-git-info/-/hosted-git-info-2.8.8.tgz#7539bd4bc1e0e0a895815a2e0262420b12858488"
-  integrity sha512-f/wzC2QaWBs7t9IYqB4T3sR1xviIViXJRJTWBlx2Gf3g0Xi5vI7Yy4koXQ1c9OYDGHN9sBy1DQ2AB8fqZBWhUg==
+  version "2.8.9"
+  resolved "https://registry.yarnpkg.com/hosted-git-info/-/hosted-git-info-2.8.9.tgz#dffc0bf9a21c02209090f2aa69429e1414daf3f9"
+  integrity sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==
 
 http-errors@1.7.3:
   version "1.7.3"

From 45cbbea78c172569abe2121a061f32c1eba3e2ca Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 May 2021 00:04:42 +0000
Subject: [PATCH 183/300] Bump lodash from 4.17.20 to 4.17.21

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.20 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>
---
 yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index fc411a7a..028e2357 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2584,9 +2584,9 @@ lodash.templatesettings@^4.0.0:
     lodash._reinterpolate "^3.0.0"
 
 lodash@^4.0.0, lodash@^4.17.10, lodash@^4.17.15, lodash@~4.17.10:
-  version "4.17.20"
-  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.20.tgz#b44a9b6297bcb698f1c51a3545a2b3b368d59c52"
-  integrity sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==
+  version "4.17.21"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
+  integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
 
 loud-rejection@^1.0.0:
   version "1.6.0"

From 613cd6bae8ede03ec41e1c13fe3ebfc51498e3dd Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Wed, 19 May 2021 21:04:31 +0200
Subject: [PATCH 184/300] Add Huawei Hilink API Cleanup mobile data scripts

---
 config/client_config/huawei_hilink_api.sh   | 482 ++++++++++++++++++++
 config/client_config/info_huawei.sh         |  58 +--
 config/client_config/info_huawei_hilink.sh  |  94 ++--
 config/client_config/onoff_huawei_hilink.sh | 109 +----
 4 files changed, 582 insertions(+), 161 deletions(-)
 create mode 100644 config/client_config/huawei_hilink_api.sh

diff --git a/config/client_config/huawei_hilink_api.sh b/config/client_config/huawei_hilink_api.sh
new file mode 100644
index 00000000..c4402a6e
--- /dev/null
+++ b/config/client_config/huawei_hilink_api.sh
@@ -0,0 +1,482 @@
+#!/bin/bash
+#
+# Huawei Hilink API
+# =================
+# - communication with Hilink devices via HTTP
+# - send a standard http request with a xml formatted string to the device (default IP 192.169.8.1)
+# - Howto:
+#   o "source" this script in your own script from the command line
+#   o if host ip/name differs, set "host=192.168.178.1" before calling any function
+#   o if the device is locked by a password, set user="admin"; pw="1234secret"
+#     _login is called automaticallcall
+#     Password types 3 and 4 are supported
+#   o if the SIM is requiring a PIN, set "pin=1234"
+#   o connect device to network: _switchMobileData ON  ( or 1 )
+#   o disconnect device: _switchMobileData OFF  ( or 0 )
+#   o get informations about the device: _getDeviceInformation and _getStatus and _getNetProvider
+#     all functions return XML formatted data in $response.
+#   o Check if device is connected: "if _isConnected; then .... fi"
+#   o $response can be parsed by calling _valueFromResponse 
+#     e.g "_valueFromResponse msisdn" to get the phone number after a call to _getDeviceInformation
+#
+#
+# Usage of functions 
+#     - call the function with parameters (if required)
+#     - return code: 0 - success; 1 - failed
+#     - $status: status information (OK, ERROR)
+#     - $response: xml response to be parsed for the required information
+#
+#
+# required software: curl, base64, sha256sum, sed
+#
+#
+# zbchristian 2021
+#
+
+# Initialization procedure
+# ========================
+#
+# host=$host_default    # ip address of device
+# user="admin"          # user name if locked (default admin)
+# pw="1234Secret"       # password if locked 
+# pin="1234"            # PIN of SIM
+# _initHilinkAPI        # initialize the API
+#
+# Termination
+# ===========
+# cleanup the API before quitting the shell 
+# _closeHilinkAPI  (optional: add parameter "save" to save the session/token data for subsequent calls. Valid for a few minutes.)
+
+host_default="192.168.8.1"
+save_file="/tmp/hilink_api_saved.dat"
+save_age=60
+header_file="/tmp/hilink_login_hdr.txt"
+
+# initialize
+function _initHilinkAPI() {
+    if [ -z "$host" ]; then host=$host_default; fi
+    if ! _hostReachable; then return 1; fi
+    if [ -f $save_file ]; then # found file with saved data
+        _getSavedData
+        age=$(( $(date +%s) - $(stat $save_file  -c %Y) ))
+        if [[ $age -gt $save_age ]]; then 
+            rm -f $save_file
+            _logout
+            _sessToken
+        fi
+    fi
+    if [ -z "$sessID" ] || [ -z "$token" ]; then _sessToken; fi
+    _login
+    return $?
+}
+
+function _getSavedData() {
+    if [ -f $save_file ]; then  # restore saved session data
+        dat=$(cat $save_file)
+        sessID=$(echo "$dat" | sed -nr 's/sessionid: ([a-z0-9]*)/\1/ip')
+        token=$(echo "$dat" | sed -nr 's/token: ([a-z0-9]*)/\1/ip')
+        tokenlist=( $(echo "$dat" | sed -nr 's/tokenlist: ([a-z0-9 ]*)/\1/ip') )
+    fi
+}
+
+# Cleanup
+# parameter: "save" - will store sessionid and tokens in file
+function _closeHilinkAPI() {
+    if [ -z "$host" ]; then host=$host_default; fi
+    if ! _hostReachable; then return 1; fi
+    rm -f $save_file
+    [ ! -z "$1" ] && opt="${1,,}"
+    if [ ! -z "$opt" ] && [ "$opt" = "save" ]; then
+        echo "sessionid: $sessID" > $save_file
+        echo "token: $token" >> $save_file
+        echo "tokenlist: ${tokenlist[@]}" >> $save_file
+    fi
+    _logout
+    tokenlist=""
+    sessID=""
+    token=""
+    return 0
+}
+
+# get status (connection status, DNS, )
+# parameter: none
+function _getStatus() {
+    if _login; then
+        if _sendRequest "api/monitoring/status"; then
+            if [ ! -z "$1" ]; then _valueFromResponse "$1"; fi
+        fi
+        return $?
+    fi
+    return 1
+}
+
+function _isConnected() {
+    conn=$(_getStatus "connectionstatus")
+    status="NO"
+    if [ ! -z "$conn" ] && [ $conn -eq 901 ]; then
+        status="YES"
+        return 0
+    fi
+    return 1
+}
+
+# get device information (device name, imei, imsi, msisdn-phone number, MAC, WAN IP ...)
+# parameter: name of parameter to return
+function _getDeviceInformation() {
+    if _login; then 
+        if _sendRequest "api/device/information"; then
+            if [ ! -z "$1" ]; then _valueFromResponse "$1"; fi
+        fi
+        return $?
+    fi
+    return 1
+}
+
+# get net provider information 
+# parameter: name of parameter to return 
+function _getNetProvider() {
+    if _login; then 
+        if _sendRequest "api/net/current-plmn"; then
+            if [ ! -z "$1" ]; then _valueFromResponse "$1"; fi
+        fi
+        return $?
+    fi
+    return 1
+}
+
+# get signal level
+# parameter: name of parameter to return
+function _getSignal() {
+    if _login; then
+        if _sendRequest "api/device/signal"; then
+            if [ ! -z "$1" ]; then _valueFromResponse "$1"; fi
+        fi
+        return $?
+    fi
+    return 1
+}
+
+function _getAllInformations() {
+    if _getDeviceInformation; then _keyValuePairs; fi
+    if _getSignal; then _keyValuePairs; fi
+    if _getNetProvider; then _keyValuePairs; fi
+}
+
+# get status of mobile data connection
+# parameter: none
+function _getMobileDataStatus() {
+    if _login; then
+        if _sendRequest "api/dialup/mobile-dataswitch"; then
+                status=$(_valueFromResponse "dataswitch")
+                if [ $? -eq 0  ] && [ ! -z "$status" ]; then echo "$status"; fi
+        fi
+        return $?
+    fi
+    return 1
+}
+
+
+# PIN of SIM can be passed either as $pin, or as parameter
+# parameter: PIN number of SIM card
+function _enableSIM() {
+#SimState:
+#255 - no SIM,
+#256 - error CPIN, 
+#257 - ready,
+#258 - PIN disabled,
+#259 - check PIN,
+#260 - PIN required,
+#261 - PUK required
+    if [ ! -z "$1" ]; then pin="$1"; fi
+    if ! _login; then return 1; fi
+    if _sendRequest "api/pin/status"; then
+        simstate=`echo $response | sed  -rn 's/.*<simstate>([0-9]*)<\/simstate>.*/\1/pi'`
+        if [[ $simstate -eq 257  ]]; then status="SIM ready"; return 0; fi
+        if [[ $simstate -eq 260  ]]; then 
+        status="PIN required"
+            if [ ! -z "$pin" ]; then _setPIN "$pin"; fi
+        return $?
+    fi
+        if [[ $simstate -eq 255  ]]; then status="NO SIM"; return 1; fi
+    fi
+    return 1
+}
+
+# obtain session and verification token - stored in vars $sessID and $token 
+# parameter: none
+function _sessToken() {
+    tokenlist=""
+    token=""
+    sessID=""
+    response=$(curl -s http://$host/api/webserver/SesTokInfo -m 5 2> /dev/null)
+    if [ -z "$response" ]; then echo "No access to device at $host"; return 1; fi
+    status=$(echo "$response" | sed  -nr 's/.*<code>([0-9]*)<\/code>.*/\1/ip')
+    if [ -z "$status" ]; then
+        token=`echo $response | sed  -r 's/.*<TokInfo>(.*)<\/TokInfo>.*/\1/'`
+        sessID=`echo $response | sed  -r 's/.*<SesInfo>(.*)<\/SesInfo>.*/\1/'`
+        if [ ! -z "$sessID" ] &&  [ ! -z "$token" ]; then 
+            sessID="SessionID=$sessID"
+            return 0
+        fi
+    fi
+    return 1
+}
+
+# unlock device (if locked) with user name and password
+# requires stored user="admin"; pw="1234secret";host=$host_default 
+# parameter: none
+function _login() {
+    if _loginState; then return 0; fi    # login not required, or already done
+    _sessToken
+    # get password type
+    if ! _sendRequest "api/user/state-login"; then return 1; fi
+    pwtype=$(echo "$response" | sed  -rn 's/.*<password_type>([0-9])<\/password_type>.*/\1/pi')
+    if [ -z "$pwtype" ];then pwtype=4; fi   # fallback is type 4
+    if [[ ! -z "$user" ]] && [[ ! -z "$pw" ]]; then
+        # password encoding
+        # type 3 : base64(pw) encoded
+        # type 4 : base64(sha256sum(user + base64(sha256sum(pw)) + token))
+        pwtype3=$(echo -n "$pw" | base64 --wrap=0)
+        hashedpw=$(echo -n "$pw" | sha256sum -b | sed -nr 's/^([0-9a-z]*).*$/\1/ip' )
+        hashedpw=$(echo -n "$hashedpw" | base64 --wrap=0)
+        pwtype4=$(echo -n "$user$hashedpw$token" | sha256sum -b | sed -nr 's/^([0-9a-z]*).*$/\1/ip' )
+        encpw=$(echo -n "$pwtype4" | base64 --wrap=0)
+        if [ $pwtype -ne 4 ]; then encpw=$pwtype3; fi
+        xmldata="<?xml version='1.0' encoding='UTF-8'?><request><Username>$user</Username><Password>$encpw</Password><password_type>$pwtype</password_type></request>"
+        xtraopts="--dump-header $header_file"
+        rm -f $header_file
+        _sendRequest "api/user/login"
+        if [ ! -z "$status" ] && [ "$status" = "OK" ]; then 
+            # store the list of 30 tokens. Each token is valid for a single request
+            tokenlist=( $(cat $header_file | sed -rn 's/^__RequestVerificationToken:\s*([0-9a-z#]*).*$/\1/pi' | sed 's/#/ /g') )
+            _getToken
+            sessID=$(cat $header_file  | grep -ioP 'SessionID=([a-z0-9]*)')
+            if [ ! -z "$sessID" ] &&  [ ! -z "$token" ]; then
+               return 0 
+            fi
+        fi
+    fi
+    return 1
+}
+
+# logout of hilink device
+# parameter: none
+function _logout() {
+    if _loginState; then 
+        xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><Logout>1</Logout></request>"
+        if _sendRequest "api/user/logout"; then 
+            tokenlist=""
+            sessID=""
+            token=""
+			login_enabled=""
+        fi
+        return $?
+    fi
+    return 1
+}
+
+# parameter: none
+function _loginState() {
+	status="OK"
+	if [ -z "$login_enabled" ]; then _checkLoginEnabled; fi
+	if [ $login_enabled -eq 1 ]; then return 0; fi # login is disabled
+	_sendRequest "api/user/state-login"
+	state=`echo "$response" | sed  -rn 's/.*<state>(.*)<\/state>.*/\1/pi'`
+	if [ ! -z "$state" ] && [ $state -eq 0 ]; then       # already logged in
+		return 0
+	fi
+	return 1
+}
+
+function _checkLoginEnabled() {
+    if _sendRequest "api/user/hilink_login"; then
+		login_enabled=0
+		state=$(echo $response | sed  -rn 's/.*<hilink_login>(.*)<\/hilink_login>.*/\1/pi')
+		if [ ! -z "$state" ] && [ $state -eq 0 ]; then       # no login enabled
+			login_enabled=1
+		fi
+	else
+		login_enabled=""
+	fi
+}
+
+# switch mobile data on/off  1/0
+# if SIM is locked, $pin has to be set
+# parameter: state - ON/OFF or 1/0
+function _switchMobileData() {
+    if [ -z "$1" ]; then return 1; fi
+    _login
+    mode="${1,,}"
+    [ "$mode" = "on" ] && mode=1
+    [ "$mode" = "off" ] && mode=0
+    if [[ $mode -ge 0 ]]; then
+        if _enableSIM "$pin"; then
+            xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><dataswitch>$mode</dataswitch></request>"
+            _sendRequest "api/dialup/mobile-dataswitch"
+            return $?
+        fi
+    fi
+    return 1
+}
+
+# parameter: PIN of SIM card
+function _setPIN() {
+    if [ -z "$1" ]; then return 1; fi
+    pin="$1"
+    xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><OperateType>0</OperateType><CurrentPin>$pin</CurrentPin><NewPin></NewPin><PukCode></PukCode></request>"
+    _sendRequest "api/pin/operate"
+    return $?
+}
+
+# Send request to host at http://$host/$apiurl
+# data in $xmldata and options in $xtraopts
+# parameter: apiurl (e.g. "api/user/login")
+function _sendRequest() {
+    status="ERROR"
+    if [ -z "$1" ]; then return 1; fi 
+    apiurl="$1"
+    ret=1
+    if [ -z "$sessID" ] || [ -z "$token" ]; then _sessToken; fi 
+    if [ -z "$xmldata" ];then
+        response=$(curl -s http://$host/$apiurl -m 10 \
+                     -H "Cookie: $sessID")
+    else 
+        response=$(curl -s -X POST http://$host/$apiurl -m 10 \
+                    -H "Content-Type: text/xml"  \
+                    -H "Cookie: $sessID" \
+                    -H "__RequestVerificationToken: $token" \
+                    -d "$xmldata" $xtraopts 2> /dev/null)
+        _getToken
+    fi
+    if [ ! -z "$response" ];then 
+        response=$(echo $response | tr -d '\012\015') # delete newline chars 
+        status=$(echo "$response" | sed  -nr 's/.*<code>([0-9]*)<\/code>.*/\1/ip') # check for error code
+        if [ -z "$status" ]; then
+            status="OK"
+            response=$(echo "$response" | sed  -nr 's/.*<response>(.*)<\/response>.*/\1/ip')
+            [ -z "$response" ] && response="none"
+            ret=0
+        else
+            status="ERROR $status"
+        fi
+    else
+        status="ERROR"
+    fi
+    if [[ "$status" =~ ERROR ]]; then _handleError; fi
+    xtraopts=""
+    xmldata=""
+    return $ret
+}
+
+# handle the list of tokens available after login
+# parameter: none
+function _getToken() {
+    if [ ! -z "$tokenlist" ] && [ ${#tokenlist[@]} -gt 0 ]; then
+        token=${tokenlist[0]}       # get first token in list
+        tokenlist=("${tokenlist[@]:1}") # remove used token from list
+        if [ ${#tokenlist[@]} -eq 0 ]; then
+            _logout     # use the last token to logout
+        fi
+	else
+		_sessToken		# old token has been used - need new session
+    fi
+}
+
+# Analyse $status for error code
+# return error text in $status
+function _handleError() {
+    txt=$(_getErrorText)
+    if [ -z "$code" ]; then return 1; fi
+    ret=0
+    case "$code" in
+        101|108003|108007)
+            ret=1
+            status="$txt"
+            ;;
+        108001|108002|108006)
+            ret=1
+            status="$txt"
+            ;;
+        125001|125002|125003)
+            _sessToken
+            ret=0
+            ;;
+        *)
+            ;;
+    esac
+    return "$ret"
+}
+
+declare -A err_hilink_api
+err_hilink_api[101]="Unable to get session ID/token"
+err_hilink_api[108001]="Invalid username/password"
+err_hilink_api[108002]=${errors[108001]}
+err_hilink_api[108006]=${errors[108001]}
+err_hilink_api[108003]="User already logged in - need to wait a bit"
+err_hilink_api[108007]="Too many login attempts - need to wait a bit"
+err_hilink_api[125001]="Invalid session/request token"
+err_hilink_api[125002]=${errors[125001]}
+err_hilink_api[125003]=${errors[125001]}
+
+# check error and return error text
+# status passsed in $status, or $1
+function _getErrorText() {
+    err="$status"
+    code="0"
+    if [ ! -z "$1" ]; then err="$1"; fi
+    if [ -z "$err" ]; then return 1; fi
+    errortext="$err"
+    if [[  "$err" =~ ERROR\ *([0-9]*) ]] && [ ! -z "${BASH_REMATCH[1]}" ]; then
+        code=${BASH_REMATCH[1]}
+        if [ ! -z "$code" ] && [ ! -z "${err_hilink_api[$code]}" ]; then 
+            errortext="${err_hilink_api[$code]}"
+        fi
+    fi
+    echo $errortext
+    return 0
+}
+
+function _hostReachable() {
+    avail=`timeout 0.5 ping -c 1 $host | sed -rn 's/.*time=.*/1/p'`
+    if [ -z "$avail" ]; then return 1; fi
+    return 0;
+}
+
+# helper function to parse $response (xml format) for a value 
+# call another function first!
+# parameter: tag-name
+function _valueFromResponse() {
+    if [ -z "$response" ] || [ -z "$1" ]; then return 1; fi
+    par="$1"
+    value=$(echo $response | sed  -rn 's/.*<'$par'>(.*)<\/'$par'>.*/\1/pi')
+    if [ -z "$value" ]; then return 1; fi   
+    echo "$value"
+    return 0
+}
+
+# list all keys of the current xml response
+function _keysFromResponse() {
+    if [ -z "$response" ]; then return 1; fi
+    echo $response | grep -oiP "(?<=<)[a-z_-]*(?=>)"
+    return 0
+}
+
+# return all key=value pairs of the current xml response
+function _keyValuePairs() {
+    if [ -z "$response" ]; then return 1; fi
+    echo $response | sed -n 's/<\([^>]*\)>\(.*\)<\/\1>[^<]*/\1=\"\2\"\n/gpi'
+    return 0
+}
+
+host=$host_default
+user="admin"
+pw=""
+token=""
+tokenlist=""
+sessID=""
+xmldata=""
+xtraopts=""
+response=""
+status=""
+pwtype=-1
+ 
diff --git a/config/client_config/info_huawei.sh b/config/client_config/info_huawei.sh
index bcdf8e37..475767fe 100644
--- a/config/client_config/info_huawei.sh
+++ b/config/client_config/info_huawei.sh
@@ -12,43 +12,43 @@
 # zbchristian 2020
 #
 opt="device"
-if [ ! -z $1 ]; then opt=${1,,}; fi
+if [ ! -z "$1" ]; then opt=${1,,}; fi
 type="hilink"
-if [ ! -z $2 ]; then type=${2,,}; fi
+if [ ! -z "$2" ]; then type=${2,,}; fi
 
-path=`dirname $0`
-if [[ $type == "hilink" ]]; then
+path=$(dirname "$0")
+if [ "$type" = "hilink" ]; then
   connect="192.168.8.1"
-  if [ ! -z $3 ]; then connect=$3; fi
+  if [ ! -z "$3" ]; then connect=$3; fi
   script="$path/info_huawei_hilink.sh"
 else
   connect="/dev/ttyUSB2"
-  if [ ! -z $3 ]; then connect=$3; fi
+  if [ ! -z "$3" ]; then connect=$3; fi
   script="$path/info_huawei_modem.sh"
 fi
-res=`$script $opt $connect`
+res=$($script $opt $connect)
 
 # some results require special treatment
 case $opt in
 
 #  manufacturer)
-#    if [[ $res == "none" ]]; then res="Huawei"; fi
+#    if [ "$res" = "none" ]; then res="Huawei"; fi
 #    ;;
 
 #  device)
-#    if [[ ! $res == "none" ]]; then res="Huawei $res"; 
+#    if [ ! "$res" = "none" ]; then res="Huawei $res"; 
 #    else res="Huawei"; fi
 #    ;;
 
   mode)
-    if [[ ! $res == "none" ]]; then
-      if [[ $type == "hilink" ]]; then
-        if [[ $res == "LTE" ]]; then res="4G"
-        elif [[ $res == "WCDMA" ]]; then  res="3G";
+    if [ ! "$res" = "none" ]; then
+      if [ "$type" = "hilink" ]; then
+        if [ "$res" = "LTE" ]; then res="4G"
+        elif [ "$res" = "WCDMA" ]]; then  res="3G";
         else res="2G"; fi
       else
-        if [[ $res == 7 ]]; then res="4G"
-        elif [[ $res < 7 ]] && [[ $res > 2 ]] ; then  res="3G";
+        if [ $res -eq 7 ]; then res="4G"
+        elif [ $res -lt 7 ] && [ $res -gt 2 ] ; then  res="3G";
         else res="2G"; fi
       fi
     fi
@@ -56,45 +56,45 @@ case $opt in
 
   signal)
   # return signal strength/quality in %
-    if [[ $type == "hilink" ]]; then
+    if [ "$type" = "hilink" ]; then
      # signal request tries to get RSRQ value
      # try to get RSRQ (4G), EC/IO (3G) or RSSI (2G) value
-     if [[ $res == "none" ]]; then res=`$script "ecio"`; fi
-     if [[ ! $res == "none" ]]; then 
+     if [ "$res" = "none" ]; then res=$($script "ecio"); fi
+     if [ ! "$res" = "none" ]; then 
        # for rsrq and ecio assume: -3dB (100%) downto -20dB (0%)
        qual=${res//dB/}
        if [[ ! "$qual" =~ [-0-9\.]* ]]; then qual=-100; fi
        qual=$(bc <<< "scale=0;res=$qual-0.5;res/1") # just round to next integer 
-       if [[ $qual -le -20 ]]; then qual=0; 
-       elif [[ $qual -ge -3 ]]; then qual=100; 
+       if [ $qual -le -20 ]; then qual=0; 
+       elif [ $qual -ge -3 ]; then qual=100; 
        else  qual=$(bc <<< "scale=0;res=100.0/17.0*$qual+2000.0/17.0;res/1"); fi
      else
       # try rssi: >-70dBm (100%) downto -100dBm (0%)
-      res=`$script "rssi"`;
-      if [[ ! $res == "none" ]]; then
-        if [[ $res =~ [-0-9\.]* ]]; then res="-120 dBm"; fi
+      res=$($script "rssi");
+      if [ ! "$res" = "none" ]; then
+        if [[ ! $res =~ [-0-9\.]* ]]; then res="-120 dBm"; fi
         qual=${res//dBm/}
         qual=$(bc <<< "scale=0;res=$qual+0.5;res/1") # just round to next integer 
-        if [[ $qual -le -110 ]]; then qual=0;
-        elif [[ $qual -ge -70 ]]; then qual=100; 
+        if [ $qual -le -110 ]; then qual=0;
+        elif [ $qual -ge -70 ]; then qual=100; 
         else  qual=$(bc <<< "scale=0;res=2.5*$qual+275;res/1"); fi
       fi
      fi
     else
      # modem returns RSSI as number 0-31 - 0 = -113dB (0%), 1 = -111dB, 31 = >=51dB (100%)
      qual=$(bc <<< "scale=0;res=$res*3.5+0.5;res/1")
-     if [[ $qual -gt 100 ]]; then res=100; fi
+     if [ $qual -gt 100 ]; then res=100; fi
     fi
-    if [[ ! "$res" == "none" ]]; then res="$res (${qual}%)"; fi
+    if [ ! "$res" = "none" ]; then res="$res (${qual}%)"; fi
     ;;
-    
+
   operator)
     # check if operator/network is just a 5 digit number -> extract network name from table
     if [[ $res =~ ^[0-9]{5}$ ]]; then
       mcc=${res:0:3}
       mnc=${res:3:2}
       op=$(cat $path/mcc-mnc-table.csv | sed -rn 's/^'$mcc'\,[0-9]*\,'$mnc'\,(.*\,){4}(.*)$/\2/p')
-      if [[ ! -z $op ]]; then res="$op ($res)"; fi
+      if [ ! -z "$op" ]; then res="$op ($res)"; fi
     fi
    ;;
 
diff --git a/config/client_config/info_huawei_hilink.sh b/config/client_config/info_huawei_hilink.sh
index 0bae3ecf..d3b20541 100644
--- a/config/client_config/info_huawei_hilink.sh
+++ b/config/client_config/info_huawei_hilink.sh
@@ -1,49 +1,75 @@
 #!/bin/bash
-# Infosramtion about HUAWEI hilink (router) modem
-# -----------------------------------------------
+# Information about HUAWEI hilink (router) modem
+# ----------------------------------------------
 # get info about the device and signal
 # parameter: $1 - see opts list below
 #            $2 - host ip address for API calls (optional)
 # returns the value of the parameter, or "none" if not found or empty
 #
+# All device informations are buffered for 5 secs to speed up subsequent calls
+#
 # zbchristian 2020
 
-opts=("device"     "imei" "imsi" "telnumber" "ipaddress"    "mode"     "signal" "rssi" "rsrq" "rsrp" "sinr" "ecio" "operator")
-
-# xml tags to extract information from
-tags=("devicename" "imei" "imsi" "msisdn"    "wanipaddress" "workmode" "rsrq"   "rssi" "rsrq" "rsrp" "sinr" "ecio" "fullname")
-iurl=( 0            0      0      0          0              0          1        1      1      1      1      1      2)
-# api urls
-urls=("api/device/information" "api/device/signal" "api/net/current-plmn") 
+if [ -z "$1" ]; then echo "none"; exit; fi
 
 host="192.168.8.1"
-if [ ! -z $2 ]; then host=$2; fi
 
-avail=`timeout 0.5 ping -c 1 $host | sed -rn 's/.*time=.*/1/p'`
-if [[ -z $avail ]]; then echo "none"; exit; fi
+status="no option given"
+if [ ! -z "$2" ]; then host="$2"; fi
 
-idx=-1
-opt=${opts[0]}
-if [ ! -z $1 ]; then opt=$1; fi
+opt="${1,,}"
+result="none"
+if [ "$opt" = "connected" ]; then
+  source /usr/local/sbin/huawei_hilink_api.sh
+  if ! _initHilinkAPI; then echo "none"; exit; fi
+  result=$(_getMobileDataStatus)
+  _closeHilinkAPI
+else
+  info_file="/tmp/huawei_infos_$host.dat"
+  if [ -f "$info_file" ]; then
+    age=$(( $(date +%s) - $(stat $info_file -c %Y) )) 
+    if [[ $age -gt 5 ]]; then rm -f $info_file; fi
+  fi
 
-for i in "${!opts[@]}"; do
-  if [[ ${opts[$i]} == $opt ]]; then idx=$i; fi
-done
-if [[ $idx == -1 ]];then echo "none"; exit; fi 
+  if [ -f "$info_file" ]; then
+     infos=$(cat $info_file)
+  else
+     source /usr/local/sbin/huawei_hilink_api.sh
+     if ! _initHilinkAPI; then echo "none"; exit; fi
+     infos=$(_getAllInformations)
+    _closeHilinkAPI
+     if [ ! -z "$infos" ]; then echo "$infos" > /tmp/huawei_infos_$host.dat; fi
+  fi
 
-par=${tags[$idx]}
-iu=${iurl[$idx]}
-
-url="http://$host/${urls[$iu]}"
-# echo "Found option $opt at index $idx - tag $par url $url "
-
-
-info=""
-if [ ! -z $url ]; then info=`curl -s $url`; fi
-
-result=`echo $info | sed  -rn 's/.*<'"$par"'>(.*)<\/'"$par"'>.*/\1/pi'`
-
-if [ -z "$result" ]; then result="none"; fi
-
-echo $result
+  case "$opt" in
+    device|devicename)
+      key="devicename"
+      ;;
+    ipaddress|wanipaddress)
+      key="wanipaddress"
+      ;;
+    mode)
+      key="workmode"
+      ;;
+    telnumber)
+      key="msisdn"
+      ;;
+    imei|imsi|rssi|rsrq|rsrp|sinr|ecio)
+      key="$opt"
+      ;;
+    signal)
+      key="rsrq"
+    ;;
+    operator|fullname)
+      key="fullname"
+    ;;
+    *)
+      key=""
+    ;;
+  esac
+  if [ -z "$key" ]; then result="none"; fi
+  result=$(echo "$infos" | sed -rn 's/'$key'=\"([^ \s]*)\"/\1/ip')
+  if [ -z "$result" ]; then result="none"; fi
+fi
+echo -n "$result"
 
diff --git a/config/client_config/onoff_huawei_hilink.sh b/config/client_config/onoff_huawei_hilink.sh
index 18b1a016..65587d01 100644
--- a/config/client_config/onoff_huawei_hilink.sh
+++ b/config/client_config/onoff_huawei_hilink.sh
@@ -8,89 +8,12 @@
 #          -h 192.168.8.1       - host ip address
 #          -p 1234              - PIN of SIM card
 #          -c 0/1               - connect - set datamode off/on
-# required software: curl, base64
+# required software: curl, base64, sha256sum
 #
-# TODO: implement login into API - currently the login has to be disabled!
-#
-# zbchristian 2020
+# zbchristian 2021
 
-# obtain session and verification token
-function _SessToken() {
-  SesTok=`sudo curl -s http://$host/api/webserver/SesTokInfo -m 5 2> /dev/null`
-  if [ -z "$SesTok" ]; then exit; fi
-
-  token=`echo $SesTok | sed  -r 's/.*<TokInfo>(.*)<\/TokInfo>.*/\1/'`
-  sesinfo=`echo $SesTok | sed  -r 's/.*<SesInfo>(.*)<\/SesInfo>.*/\1/'`
-}
-
-function _login() {
-# ----------------------- THIS DOES NOT WORK ------------------------------------------
-# login to web api
-  _SessToken
-
-  if [[ ! -z $user ]] && [[ ! -z $pw ]]; then
-    # password encoding
-    # type 3 : base64(pw) encoded
-    # type 4 : base64(sha256sum(user + base64(sha256sum(pw)) + token))
-    pwtype3=$(echo $pw | base64 --wrap=0)
-    hashedpw=$(echo -n "$pw" | sha256sum -b | cut -d " " -f1 | base64 --wrap=0)
-    pwtype4=$(echo -n "$user$hashedpw$token" | sha256sum -b | cut -d " " -f1 | base64 --wrap=0)
-    apiurl="api/user/login"
-    xmldata="<?xml version='1.0' encoding='UTF-8'?><request><Username>$user</Username><Password>$pwtype4</Password><password_type>4</password_type></request>"
-#    xmldata="<?xml version='1.0' encoding='UTF-8'?><request><Username>$user</Username><Password>$pwtype3</Password><password_type>3</password_type></request>"
-    xtraopts="--dump-header /tmp/hilink_login_hdr.txt"
-    _sendRequest
-    # get updated session cookie
-    sesinfo=$(grep "SessionID=" /tmp/hilink_login_hdr.txt | cut -d ':' -f2 | cut -d ';' -f1)
-    token=$(grep "__RequestVerificationTokenone" /tmp/hilink_login_hdr.txt | cut -d ':' -f2)
-echo "Login Cookie $sesinfo"
-echo "Login Token $token"
-  fi
-# ------------------------------ DO NOT USE THE LOGIN CODE ----------------------------------
-}
-
-function _switchMobileData() {
-# switch mobile data on/off
-  if [[ $datamode -ge 0 ]]; then
-    xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><dataswitch>$datamode</dataswitch></request>"
-    apiurl="api/dialup/mobile-dataswitch"
-    _sendRequest
-  fi
-}
-
-function _enableSIM() {
-#SimState:
-#255 - no SIM,
-#256 - error CPIN,
-#257 - ready,
-#258 - PIN disabled,
-#259 - check PIN,
-#260 - PIN required,
-#261 - PUK required
-   status=`curl -s http://$host/api/pin/status -m 10`
-   state=`echo $status | sed  -rn 's/.*<simstate>(.*)<\/simstate>.*/\1/pi'`
-   if [[ $state -eq 257  ]]; then echo "Hilink: SIM ready"|systemd-cat; return; fi
-   if [[ $state -eq 260  ]]; then echo "Hilink: Set PIN"|systemd-cat; _setPIN; fi
-}
-
-function _setPIN() {
-  if [[ ! -z $pin ]]; then
-    xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><OperateType>0</OperateType><CurrentPin>$pin</CurrentPin><NewPin></NewPin><PukCode></PukCode></request>"
-    apiurl="api/pin/operate"
-    _sendRequest
-  fi
-}
-
-function _sendRequest() {
-  result=""
-  if [[ -z $xmldata ]]; then return; fi 
-  result=`curl -s http://$host/$apiurl -m 10 \
-           -H "Content-Type: application/xml"  \
-           -H "Cookie: $sesinfo" \
-           -H "__RequestVerificationToken: $token" \
-           -d "$xmldata" $xtraopts 2> /dev/null`
-  xtraopts=""
-}
+# include the hilink API
+source /usr/local/sbin/huawei_hilink_api.sh
 
 # handle options
 
@@ -98,8 +21,8 @@ host="192.168.8.1"
 pin=""
 user=""
 pw=""
-datamode=-1
-connect=-1
+datamode=""
+
 while getopts ":c:h:l:m:p:" opt; do
   case $opt in
     h) if [[ $OPTARG =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then host="$OPTARG"; fi
@@ -109,7 +32,7 @@ while getopts ":c:h:l:m:p:" opt; do
     l) if [[ $OPTARG =~ ^[0-9a-zA-Z]*:.*$ ]]; then
          user=$(echo "$OPTARG" | cut -d':' -f1);
          pw=$(echo "$OPTARG" | cut -d':' -f2);
-	   fi
+       fi
     ;;
     c) if [[ $OPTARG == "1" ]]; then datamode=1; else datamode=0; fi
     ;;
@@ -118,21 +41,11 @@ done
 
 echo  "Hilink: switch device at $host to mode $datamode" | systemd-cat
 
-# check if device is reachable
-avail=`timeout 0.5 ping -c 1 $host | sed -rn 's/.*time=.*/1/p'`
-if [[ -z $avail ]]; then 
-  echo "Hilink: no link to host" | systemd-cat
-  exit 
-fi
+status="usage: -c 1/0 to disconnect/disconnect"
+if [ -z "$datamode" ] || [ ! _initHilinkAPI ]; then echo "Hilink: failed - return status: $status"; exit; fi
 
-token=""
-Sesinfo=""
-xmldata=""
-xtraopts=""
-result=""
+if ! _switchMobileData "$datamode"; then echo "Hilink: could not switch the data mode on/off . Error: ";_getErrorText; fi
 
-_SessToken
-_enableSIM
-_switchMobileData	# check and perform enable/disable mobile data connection
+if ! _closeHilinkAPI; then echo -n "Hilink: failed - return status: $status . Error: ";_getErrorText; fi
 
 

From a58845ed9eb7a6585d5b132de7fb6b5ef3dbcc2d Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Thu, 20 May 2021 09:37:20 +0200
Subject: [PATCH 185/300] Update common.sh

---
 installers/common.sh | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index e3733427..4988c113 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -583,12 +583,10 @@ function _configure_networking() {
 # Add sudoers file to /etc/sudoers.d/ and set file permissions
 function _patch_system_files() {
 
-    # Create sudoers if not present
-    if [ ! -f $raspap_sudoers ]; then
-        _install_log "Adding raspap.sudoers to ${raspap_sudoers}"
-        sudo cp "$webroot_dir/installers/raspap.sudoers" $raspap_sudoers || _install_status 1 "Unable to apply raspap.sudoers to $raspap_sudoers"
-        sudo chmod 0440 $raspap_sudoers || _install_status 1 "Unable to change file permissions for $raspap_sudoers"
-    fi
+    # Create sudoers
+    _install_log "Adding raspap.sudoers to ${raspap_sudoers}"
+    sudo cp "$webroot_dir/installers/raspap.sudoers" $raspap_sudoers || _install_status 1 "Unable to apply raspap.sudoers to $raspap_sudoers"
+    sudo chmod 0440 $raspap_sudoers || _install_status 1 "Unable to change file permissions for $raspap_sudoers"
 
     # Add symlink to prevent wpa_cli cmds from breaking with multiple wlan interfaces
     _install_log "Symlinked wpa_supplicant hooks for multiple wlan interfaces"

From b99752c4cd9931fe64d42d705068b796d1553900 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Fri, 21 May 2021 14:57:14 +0200
Subject: [PATCH 186/300] Implement login for Hilink devices

---
 ajax/networking/save_net_dev_config.php     |  28 ++--
 config/client_config/info_huawei.sh         |  11 +-
 config/client_config/info_huawei_hilink.sh  | 136 +++++++++++---------
 config/client_config/onoff_huawei_hilink.sh |  46 +++----
 config/config.php                           |   1 +
 includes/get_clients.php                    |  31 +++--
 templates/networking.php                    |   2 +-
 7 files changed, 132 insertions(+), 123 deletions(-)

diff --git a/ajax/networking/save_net_dev_config.php b/ajax/networking/save_net_dev_config.php
index be2c04dd..a95baa50 100644
--- a/ajax/networking/save_net_dev_config.php
+++ b/ajax/networking/save_net_dev_config.php
@@ -14,19 +14,26 @@ require_once '../../includes/functions.php';
 if (isset($_POST['interface'])) {
     $int = $_POST['interface'];
     $cfg = [];
-    $file = $int.".ini";
+    $file = $RASPI_MOBILEDATA_CONFIG;
     $cfgfile="/etc/wvdial.conf";
     if ( $int == "mobiledata") {
         $cfg['pin'] = $_POST["pin-mobile"];
         $cfg['apn'] = $_POST["apn-mobile"];
         $cfg['apn_user'] = $_POST["apn-user-mobile"];
         $cfg['apn_pw'] = $_POST["apn-pw-mobile"];
+        $cfg['router_user'] = $cfg['apn_user'] ;
+        $cfg['router_pw'] = $cfg['apn_pw'] ;
         if (file_exists($cfgfile)) {
             if($cfg["pin"] !== "") exec('sudo /bin/sed -i  "s/CPIN=\".*\"/CPIN=\"'.$cfg["pin"].'\"/gi" '.$cfgfile);
             if($cfg["apn"] !== "") exec('sudo /bin/sed -i "s/\"IP\"\,\".*\"/\"IP\"\,\"'.$cfg["apn"].'\"/gi" '.$cfgfile);
             if($cfg["apn_user"] !== "") exec('sudo /bin/sed -i "s/^username = .*$/Username = '.$cfg["apn_user"].'/gi" '.$cfgfile);
             if($cfg["apn_pw"] !== "") exec('sudo /bin/sed -i "s/^password = .*$/Password = '.$cfg["apn_pw"].'/gi" '.$cfgfile);
         }
+		if (write_php_ini($cfg, RASPI_MOBILEDATA_CONFIG)) {
+			$jsonData = ['return'=>0,'output'=>['Successfully saved mobile data settings']];
+		} else {
+			$jsonData = ['return'=>1,'output'=>['Error saving mobile data settings']];
+		}
     } else if ( preg_match("/netdevices/",$int)) {
         if(!isset($_POST['opts']) ) {
             $jsonData = ['return'=>0,'output'=>['No valid data to add/delete udev rule ']];
@@ -75,26 +82,9 @@ if (isset($_POST['interface'])) {
                 if (!empty($rule)) exec('echo \''.$rule.'\' | sudo /usr/bin/tee -a '.$udevfile);
             }
             $jsonData = ['return'=>0,'output'=>['Settings changed for device '.$dev. '<br>Changes will only be in effect after reconnecting the device'  ] ];
-            echo json_encode($jsonData);
-            return;
         }
     } else {
-        $ip = $_POST[$int.'-ipaddress'];
-        $netmask = mask2cidr($_POST[$int.'-netmask']);
-        $dns1 = $_POST[$int.'-dnssvr'];
-        $dns2 = $_POST[$int.'-dnssvralt'];
-
-        $cfg['interface'] = $int;
-        $cfg['routers'] = $_POST[$int.'-gateway'];
-        $cfg['ip_address'] = $ip."/".$netmask;
-        $cfg['domain_name_server'] = $dns1." ".$dns2;
-        $cfg['static'] = $_POST[$int.'-static'];
-        $cfg['failover'] = $_POST[$int.'-failover'];
-    }
-    if (write_php_ini($cfg, RASPI_CONFIG.'/networking/'.$file)) {
-        $jsonData = ['return'=>0,'output'=>['Successfully Updated Network Configuration']];
-    } else {
-        $jsonData = ['return'=>1,'output'=>['Error saving network configuration to file']];
+        $jsonData = ['return'=>1,'output'=>['Unknown network configuration']];
     }
 } else {
     $jsonData = ['return'=>2,'output'=>'Unable to detect interface'];
diff --git a/config/client_config/info_huawei.sh b/config/client_config/info_huawei.sh
index 475767fe..540ede98 100644
--- a/config/client_config/info_huawei.sh
+++ b/config/client_config/info_huawei.sh
@@ -5,28 +5,31 @@
 # $2 : (optional) type - hilink or modem (default: hilink)
 # $3 : (optional) for hilink: ip address of the device (default: 192.168.8.1)
 #                 for modem: tty interface for communication (default: /dev/ttypUSB2)
+# $4 : more options can be added for Hilink devices ('-u user -P password -p pin'). These are passed to the corresponding script 
 #
 # requires: bc
 # calls the scripts info_huawei_hilink.sh and info_huawei_modem.sh (same path as this script)
 #
 # zbchristian 2020
 #
+path=$(dirname "$0")
 opt="device"
 if [ ! -z "$1" ]; then opt=${1,,}; fi
 type="hilink"
 if [ ! -z "$2" ]; then type=${2,,}; fi
 
-path=$(dirname "$0")
+parms=""
 if [ "$type" = "hilink" ]; then
-  connect="192.168.8.1"
-  if [ ! -z "$3" ]; then connect=$3; fi
+  connect="-h 192.168.8.1"
+  if [ ! -z "$3" ]; then connect="-h $3"; fi
+  if [ ! -z "$4" ]; then parms="$4"; fi
   script="$path/info_huawei_hilink.sh"
 else
   connect="/dev/ttyUSB2"
   if [ ! -z "$3" ]; then connect=$3; fi
   script="$path/info_huawei_modem.sh"
 fi
-res=$($script $opt $connect)
+res=$($script $opt $connect $parms)
 
 # some results require special treatment
 case $opt in
diff --git a/config/client_config/info_huawei_hilink.sh b/config/client_config/info_huawei_hilink.sh
index d3b20541..345c1fe5 100644
--- a/config/client_config/info_huawei_hilink.sh
+++ b/config/client_config/info_huawei_hilink.sh
@@ -1,75 +1,93 @@
 #!/bin/bash
-# Information about HUAWEI hilink (router) modem
-# ----------------------------------------------
+# Information about HUAWEI hilink
+# -------------------------------
 # get info about the device and signal
-# parameter: $1 - see opts list below
-#            $2 - host ip address for API calls (optional)
+# parameter: $1 - "connected", "device", "ipaddress", "mode", "signal"  (see case statement below)
+#            -u,--user - username
+#            -P,--password - password
+#            -p,--pin - SIM pin
+#            -h,--host - host ip address for API calls (optional)
 # returns the value of the parameter, or "none" if not found or empty
 #
 # All device informations are buffered for 5 secs to speed up subsequent calls
 #
-# zbchristian 2020
+# zbchristian 2021
+
+function _setAPIParams() {
+	if [ ! -z "$hostip" ]; then host="$hostip"; fi
+	if [ ! -z "$username" ]; then user="$username"; fi
+	if [ ! -z "$password" ]; then pw="$password"; fi
+	if [ ! -z "$simpin" ]; then pin="$simpin"; fi
+}
 
 if [ -z "$1" ]; then echo "none"; exit; fi
-
-host="192.168.8.1"
-
-status="no option given"
-if [ ! -z "$2" ]; then host="$2"; fi
-
 opt="${1,,}"
+shift
+while [ -n "$1" ]; do
+    case "$1" in
+        -u|--user) 		username="$2"; shift ;;
+        -P|--password) 	password="$2"; shift ;;
+        -p|--pin) 		simpin="$2"; shift ;;
+        -h|--host) 		hostip="$2"; shift ;;
+    esac
+    shift
+done
+
+status="no valid option given"
 result="none"
 if [ "$opt" = "connected" ]; then
-  source /usr/local/sbin/huawei_hilink_api.sh
-  if ! _initHilinkAPI; then echo "none"; exit; fi
-  result=$(_getMobileDataStatus)
-  _closeHilinkAPI
-else
-  info_file="/tmp/huawei_infos_$host.dat"
-  if [ -f "$info_file" ]; then
-    age=$(( $(date +%s) - $(stat $info_file -c %Y) )) 
-    if [[ $age -gt 5 ]]; then rm -f $info_file; fi
-  fi
-
-  if [ -f "$info_file" ]; then
-     infos=$(cat $info_file)
-  else
-     source /usr/local/sbin/huawei_hilink_api.sh
-     if ! _initHilinkAPI; then echo "none"; exit; fi
-     infos=$(_getAllInformations)
+    source /usr/local/sbin/huawei_hilink_api.sh
+    if ! _initHilinkAPI; then echo "none"; exit; fi
+    _setAPIParams
+    result=$(_getMobileDataStatus)
     _closeHilinkAPI
-     if [ ! -z "$infos" ]; then echo "$infos" > /tmp/huawei_infos_$host.dat; fi
-  fi
+else
+    info_file="/tmp/huawei_infos_$host.dat"
+    if [ -f "$info_file" ]; then
+        age=$(( $(date +%s) - $(stat $info_file -c %Y) )) 
+        if [[ $age -gt 5 ]]; then rm -f $info_file; fi
+    fi
 
-  case "$opt" in
-    device|devicename)
-      key="devicename"
-      ;;
-    ipaddress|wanipaddress)
-      key="wanipaddress"
-      ;;
-    mode)
-      key="workmode"
-      ;;
-    telnumber)
-      key="msisdn"
-      ;;
-    imei|imsi|rssi|rsrq|rsrp|sinr|ecio)
-      key="$opt"
-      ;;
-    signal)
-      key="rsrq"
-    ;;
-    operator|fullname)
-      key="fullname"
-    ;;
-    *)
-      key=""
-    ;;
-  esac
-  if [ -z "$key" ]; then result="none"; fi
-  result=$(echo "$infos" | sed -rn 's/'$key'=\"([^ \s]*)\"/\1/ip')
-  if [ -z "$result" ]; then result="none"; fi
+    if [ -f "$info_file" ]; then
+        infos=$(cat $info_file)
+    else
+        source /usr/local/sbin/huawei_hilink_api.sh
+        if ! _initHilinkAPI; then echo "none"; exit; fi
+		_setAPIParams
+        infos=$(_getAllInformations)
+        _closeHilinkAPI
+        if [ ! -z "$infos" ]; then echo "$infos" > /tmp/huawei_infos_$host.dat; fi
+    fi
+
+    case "$opt" in
+        device|devicename)
+          key="devicename"
+          ;;
+        ipaddress|wanipaddress)
+          key="wanipaddress"
+          ;;
+        mode)
+          key="workmode"
+          ;;
+        telnumber)
+          key="msisdn"
+          ;;
+        imei|imsi|rssi|rsrq|rsrp|sinr|ecio)
+          key="$opt"
+          ;;
+        signal)
+          key="rsrq"
+        ;;
+        operator|fullname)
+          key="fullname"
+        ;;
+        *)
+          key=""
+        ;;
+      esac
+      if [ -z "$key" ]; then result="none"; fi
+      result=$(echo "$infos" | sed -rn 's/'$key'=\"([^ \s]*)\"/\1/ip')
+      if [ -z "$result" ]; then result="none"; fi
 fi
 echo -n "$result"
 
diff --git a/config/client_config/onoff_huawei_hilink.sh b/config/client_config/onoff_huawei_hilink.sh
index 65587d01..2ee413d2 100644
--- a/config/client_config/onoff_huawei_hilink.sh
+++ b/config/client_config/onoff_huawei_hilink.sh
@@ -1,42 +1,30 @@
 #!/bin/bash
 # connect/disconnect Huawei mobile data stick in Hilink mode (e.g. E3372h)
 # ========================================================================
-# - send xml formatted string via HTTP API to stick
-# - Requires session and verification token, which is obtained by an API call
 #
-# options: -l "user":"password" - login data - DOES NOT WORK YET 
-#          -h 192.168.8.1       - host ip address
-#          -p 1234              - PIN of SIM card
-#          -c 0/1               - connect - set datamode off/on
+# options: -u, --user       - user name (default "admin")
+#          -P, --password   - password
+#          -h, --host       - host ip address (default 192.168.8.1)
+#          -p, --pin        - PIN of SIM card
+#          -c, --connect    - connect 0/1 to set datamode off/on
+#
 # required software: curl, base64, sha256sum
 #
 # zbchristian 2021
 
-# include the hilink API
+# include the hilink API (defaults: user=admin, host=192.168.8.1)
 source /usr/local/sbin/huawei_hilink_api.sh
 
-# handle options
-
-host="192.168.8.1"
-pin=""
-user=""
-pw=""
 datamode=""
-
-while getopts ":c:h:l:m:p:" opt; do
-  case $opt in
-    h) if [[ $OPTARG =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then host="$OPTARG"; fi
-    ;;
-    p) if [[ $OPTARG =~ ^[0-9]{4,8} ]]; then pin="$OPTARG"; fi
-    ;;
-    l) if [[ $OPTARG =~ ^[0-9a-zA-Z]*:.*$ ]]; then
-         user=$(echo "$OPTARG" | cut -d':' -f1);
-         pw=$(echo "$OPTARG" | cut -d':' -f2);
-       fi
-    ;;
-    c) if [[ $OPTARG == "1" ]]; then datamode=1; else datamode=0; fi
-    ;;
-  esac
+while [ -n "$1" ]; do
+    case "$1" in
+        -u|--user)      user="$2"; shift ;;
+        -P|--password)  pw="$2"; shift ;;
+        -p|--pin)       if [[ $2 =~ ^[0-9]{4,8} ]]; then pin="$2"; fi; shift ;;
+        -h|--host)      host="$2"; shift ;;
+        -c|--connect)   if [ "$2" = "1" ]; then datamode=1; else datamode=0; fi; shift ;;
+    esac
+    shift
 done
 
 echo  "Hilink: switch device at $host to mode $datamode" | systemd-cat
@@ -44,7 +32,7 @@ echo  "Hilink: switch device at $host to mode $datamode" | systemd-cat
 status="usage: -c 1/0 to disconnect/disconnect"
 if [ -z "$datamode" ] || [ ! _initHilinkAPI ]; then echo "Hilink: failed - return status: $status"; exit; fi
 
-if ! _switchMobileData "$datamode"; then echo "Hilink: could not switch the data mode on/off . Error: ";_getErrorText; fi
+if ! _switchMobileData "$datamode"; then echo -n "Hilink: could not switch the data mode on/off . Error: ";_getErrorText; fi
 
 if ! _closeHilinkAPI; then echo -n "Hilink: failed - return status: $status . Error: ";_getErrorText; fi
 
diff --git a/config/config.php b/config/config.php
index 8003a320..87b17830 100755
--- a/config/config.php
+++ b/config/config.php
@@ -28,6 +28,7 @@ define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
 define('RASPI_ACCESS_CHECK_DNS', 'one.one.one.one');
 define('RASPI_CLIENT_CONFIG_PATH', '/etc/raspap/networking/client_udev_prototypes.json');
+define('RASPI_MOBILEDATA_CONFIG', '/etc/raspap/networking/mobiledata.ini');
 define('RASPI_CLIENT_SCRIPT_PATH', '/usr/local/sbin');
 
 // Constant for the 5GHz wireless regulatory domain
diff --git a/includes/get_clients.php b/includes/get_clients.php
index 094cb8bf..11a74e94 100644
--- a/includes/get_clients.php
+++ b/includes/get_clients.php
@@ -128,23 +128,26 @@ function getClients($simple=true)
                 $cl["device"][$i]["operator"] = $res[0];
                 break;
             case "hilink":
+				$pin=$user=$pw="";
+				getMobileLogin($pin,$pw,$user);
+				$opts=$pin.' '.$user.' '.$pw;
                 unset($res);
                 //              exec("ip link show $dev 2> /dev/null | grep -oP ' UP '",$res);
                 exec("ifconfig -a | grep -i $dev -A 1 | grep -oP '(?<=inet )([0-9]{1,3}\.){3}'", $apiadd);
                 $apiadd = !empty($apiadd) ? $apiadd[0]."1" : "";
                 unset($res);
-                exec("$path/info_huawei.sh mode hilink $apiadd", $res);
+                exec("$path/info_huawei.sh mode hilink $apiadd \"$opts\" ", $res);
                 $cl["device"][$i]["mode"] = $res[0];
                 unset($res);
-                exec("$path/info_huawei.sh device hilink $apiadd", $res);
+                exec("$path/info_huawei.sh device hilink $apiadd \"$opts\" ", $res);
                 if ($res[0] != "none" ) {
                     $cl["device"][$i]["model"] = $res[0];
                 }
                 unset($res);
-                exec("$path/info_huawei.sh signal hilink $apiadd", $res);
+                exec("$path/info_huawei.sh signal hilink $apiadd \"$opts\" ", $res);
                 $cl["device"][$i]["signal"] = $res[0];
                 unset($ipadd);
-                exec("$path/info_huawei.sh ipaddress hilink $apiadd", $ipadd);
+                exec("$path/info_huawei.sh ipaddress hilink $apiadd \"$opts\" ", $ipadd);
                 if (!empty($ipadd) && $ipadd[0] !== "none" ) {
                     $cl["device"][$i]["connected"] = "y";
                     $cl["device"][$i]["wan_ip"] = $ipadd[0];
@@ -153,7 +156,7 @@ function getClients($simple=true)
                     $cl["device"][$i]["wan_ip"] = "-";
                 }
                 unset($res);
-                exec("$path/info_huawei.sh operator hilink $apiadd", $res);
+                exec("$path/info_huawei.sh operator hilink $apiadd \"$opts\" ", $res);
                 $cl["device"][$i]["operator"] = $res[0];
                 break;
             case "phone":
@@ -194,6 +197,15 @@ function getClientType($dev) {
     return $type;
 }
 
+function getMobileLogin(&$pin,&$pw,&$user) {
+	if (file_exists(($f = RASPI_MOBILEDATA_CONFIG))) {
+		$dat = parse_ini_file($f);
+		$pin = (isset($dat["pin"]) && preg_match("/^[0-9]*$/", $dat["pin"])) ? "-p ".$dat["pin"] : "";
+		$user = (isset($dat["router_user"]) && !empty($dat["router_user"]) ) ? "-u ".$dat["router_user"] : "";
+		$pw = (isset($dat["router_pw"]) && !empty($dat["router_pw"]) ) ? "-P ".$dat["router_pw"] : "";
+	}
+}
+
 function loadClientConfig()
 {
     // load network device config file for UDEV rules into $_SESSION
@@ -271,12 +283,9 @@ function setClientState($state)
             preg_match("/^([0-9]{1,3}\.){3}/", $connected, $ipadd);
             $ipadd = $ipadd[0].'1'; // ip address of the Hilink api
             $mode = ($state == "up") ? 1 : 0;
-            $pin="";
-            if (file_exists(($f = RASPI_CONFIG."/networking/mobiledata.ini"))) {
-                $dat = parse_ini_file($f);
-                $pin = (isset($dat["pin"]) && preg_match("/^[0-9]*$/", $dat["pin"])) ? $dat["pin"] : "";
-            }
-            exec('sudo '.RASPI_CLIENT_SCRIPT_PATH.'/onoff_huawei_hilink.sh -c '.$mode.' -h '.$ipadd.' -p '.$pin);
+            $pin=$user=$pw="";
+			getMobileLogin($pin,$pw,$user)
+            exec('sudo '.RASPI_CLIENT_SCRIPT_PATH.'/onoff_huawei_hilink.sh -c '.$mode.' -h '.$ipadd.' '.$pin.' '.$user.' '.$pw);
             break;
         case "ppp":
             if ($state == "up") {
diff --git a/templates/networking.php b/templates/networking.php
index f497cb28..578495e0 100755
--- a/templates/networking.php
+++ b/templates/networking.php
@@ -81,7 +81,7 @@
 			  </div>
 			</div>
           </div>
-          <?php $arrMD = file_exists(($f = RASPI_CONFIG."/networking/mobiledata.ini")) ? parse_ini_file($f) : false;
+          <?php $arrMD = file_exists(($f = RASPI_MOBILEDATA_CONFIG)) ? parse_ini_file($f) : false;
                 if ($arrMD==false) { $arrMD=[]; $arrMD["pin"]=$arrMD["apn"]=$arrMD["apn_user"]=$arrMD["apn_pw"]=$arrMD["router_user"]=$arrMD["router_pw"]=""; }
           ?>
           <div role="tabpanel" class="tab-pane fade in" id="netdevices">

From 26a50993b997160634dc8aee8ec341f19ce9d7df Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Fri, 21 May 2021 22:07:04 +0200
Subject: [PATCH 187/300] Fix hilink login

---
 config/client_config/huawei_hilink_api.sh  |  8 +++----
 config/client_config/info_huawei_hilink.sh | 26 ++++++++++++----------
 includes/get_clients.php                   |  2 +-
 3 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/config/client_config/huawei_hilink_api.sh b/config/client_config/huawei_hilink_api.sh
index c4402a6e..5c9fd809 100644
--- a/config/client_config/huawei_hilink_api.sh
+++ b/config/client_config/huawei_hilink_api.sh
@@ -232,6 +232,7 @@ function _login() {
     if ! _sendRequest "api/user/state-login"; then return 1; fi
     pwtype=$(echo "$response" | sed  -rn 's/.*<password_type>([0-9])<\/password_type>.*/\1/pi')
     if [ -z "$pwtype" ];then pwtype=4; fi   # fallback is type 4
+	ret=1
     if [[ ! -z "$user" ]] && [[ ! -z "$pw" ]]; then
         # password encoding
         # type 3 : base64(pw) encoded
@@ -251,12 +252,11 @@ function _login() {
             tokenlist=( $(cat $header_file | sed -rn 's/^__RequestVerificationToken:\s*([0-9a-z#]*).*$/\1/pi' | sed 's/#/ /g') )
             _getToken
             sessID=$(cat $header_file  | grep -ioP 'SessionID=([a-z0-9]*)')
-            if [ ! -z "$sessID" ] &&  [ ! -z "$token" ]; then
-               return 0 
-            fi
+            if [ ! -z "$sessID" ] &&  [ ! -z "$token" ]; then ret=0; fi
         fi
+        rm -f $header_file		
     fi
-    return 1
+    return $ret
 }
 
 # logout of hilink device
diff --git a/config/client_config/info_huawei_hilink.sh b/config/client_config/info_huawei_hilink.sh
index 345c1fe5..24145bef 100644
--- a/config/client_config/info_huawei_hilink.sh
+++ b/config/client_config/info_huawei_hilink.sh
@@ -14,35 +14,37 @@
 # zbchristian 2021
 
 function _setAPIParams() {
-	if [ ! -z "$hostip" ]; then host="$hostip"; fi
-	if [ ! -z "$username" ]; then user="$username"; fi
-	if [ ! -z "$password" ]; then pw="$password"; fi
-	if [ ! -z "$simpin" ]; then pin="$simpin"; fi
+    if [ ! -z "$hostip" ]; then host="$hostip"; fi
+    if [ ! -z "$username" ]; then user="$username"; fi
+    if [ ! -z "$password" ]; then pw="$password"; fi
+    if [ ! -z "$simpin" ]; then pin="$simpin"; fi
 }
 
 if [ -z "$1" ]; then echo "none"; exit; fi
 opt="${1,,}"
 shift
+hostip="192.168.8.1"
 while [ -n "$1" ]; do
     case "$1" in
-        -u|--user) 		username="$2"; shift ;;
-        -P|--password) 	password="$2"; shift ;;
-        -p|--pin) 		simpin="$2"; shift ;;
-        -h|--host) 		hostip="$2"; shift ;;
+        -u|--user)      username="$2"; shift ;;
+        -P|--password)  password="$2"; shift ;;
+        -p|--pin)       simpin="$2"; shift ;;
+        -h|--host)      hostip="$2"; shift ;;
     esac
     shift
 done
 
 status="no valid option given"
 result="none"
+hostip="192.168.8.1"
 if [ "$opt" = "connected" ]; then
     source /usr/local/sbin/huawei_hilink_api.sh
-    if ! _initHilinkAPI; then echo "none"; exit; fi
     _setAPIParams
+    if ! _initHilinkAPI; then echo "none"; exit; fi
     result=$(_getMobileDataStatus)
     _closeHilinkAPI
 else
-    info_file="/tmp/huawei_infos_$host.dat"
+    info_file="/tmp/huawei_infos_${hostip}_${id -u}.dat"
     if [ -f "$info_file" ]; then
         age=$(( $(date +%s) - $(stat $info_file -c %Y) )) 
         if [[ $age -gt 5 ]]; then rm -f $info_file; fi
@@ -52,11 +54,11 @@ else
         infos=$(cat $info_file)
     else
         source /usr/local/sbin/huawei_hilink_api.sh
+        _setAPIParams
         if ! _initHilinkAPI; then echo "none"; exit; fi
-		_setAPIParams
         infos=$(_getAllInformations)
         _closeHilinkAPI
-        if [ ! -z "$infos" ]; then echo "$infos" > /tmp/huawei_infos_$host.dat; fi
+        if [ ! -z "$infos" ]; then echo "$infos" > $info_file; fi
     fi
 
     case "$opt" in
diff --git a/includes/get_clients.php b/includes/get_clients.php
index 11a74e94..279fbef8 100644
--- a/includes/get_clients.php
+++ b/includes/get_clients.php
@@ -284,7 +284,7 @@ function setClientState($state)
             $ipadd = $ipadd[0].'1'; // ip address of the Hilink api
             $mode = ($state == "up") ? 1 : 0;
             $pin=$user=$pw="";
-			getMobileLogin($pin,$pw,$user)
+			getMobileLogin($pin,$pw,$user);
             exec('sudo '.RASPI_CLIENT_SCRIPT_PATH.'/onoff_huawei_hilink.sh -c '.$mode.' -h '.$ipadd.' '.$pin.' '.$user.' '.$pw);
             break;
         case "ppp":

From 29547b52e1d4a7a2c7d708acb911bea525e912a9 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sun, 23 May 2021 09:04:08 +0200
Subject: [PATCH 188/300] Use Hilink API

---
 config/client_config/info_huawei.sh        |  2 +-
 config/client_config/info_huawei_hilink.sh | 10 +++++-----
 config/client_config/switchClientState.sh  |  8 +++++---
 3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/config/client_config/info_huawei.sh b/config/client_config/info_huawei.sh
index 540ede98..fe6c27a1 100644
--- a/config/client_config/info_huawei.sh
+++ b/config/client_config/info_huawei.sh
@@ -47,7 +47,7 @@ case $opt in
     if [ ! "$res" = "none" ]; then
       if [ "$type" = "hilink" ]; then
         if [ "$res" = "LTE" ]; then res="4G"
-        elif [ "$res" = "WCDMA" ]]; then  res="3G";
+        elif [ "$res" = "WCDMA" ]; then  res="3G";
         else res="2G"; fi
       else
         if [ $res -eq 7 ]; then res="4G"
diff --git a/config/client_config/info_huawei_hilink.sh b/config/client_config/info_huawei_hilink.sh
index 24145bef..32b27954 100644
--- a/config/client_config/info_huawei_hilink.sh
+++ b/config/client_config/info_huawei_hilink.sh
@@ -21,7 +21,7 @@ function _setAPIParams() {
 }
 
 if [ -z "$1" ]; then echo "none"; exit; fi
-opt="${1,,}"
+property="${1,,}"
 shift
 hostip="192.168.8.1"
 while [ -n "$1" ]; do
@@ -47,7 +47,7 @@ else
     info_file="/tmp/huawei_infos_${hostip}_${id -u}.dat"
     if [ -f "$info_file" ]; then
         age=$(( $(date +%s) - $(stat $info_file -c %Y) )) 
-        if [[ $age -gt 5 ]]; then rm -f $info_file; fi
+        if [[ $age -gt 10 ]]; then rm -f $info_file; fi
     fi
 
     if [ -f "$info_file" ]; then
@@ -58,10 +58,10 @@ else
         if ! _initHilinkAPI; then echo "none"; exit; fi
         infos=$(_getAllInformations)
         _closeHilinkAPI
-        if [ ! -z "$infos" ]; then echo "$infos" > $info_file; fi
+        if [ ! -z "$infos" ]; then echo -n "$infos" > $info_file; fi
     fi
 
-    case "$opt" in
+    case "$property" in
         device|devicename)
           key="devicename"
           ;;
@@ -84,7 +84,7 @@ else
           key="fullname"
         ;;
         *)
-          key=""
+          key="device"
         ;;
       esac
       if [ -z "$key" ]; then result="none"; fi
diff --git a/config/client_config/switchClientState.sh b/config/client_config/switchClientState.sh
index 4d8abbf2..acdd2892 100644
--- a/config/client_config/switchClientState.sh
+++ b/config/client_config/switchClientState.sh
@@ -7,8 +7,10 @@
 
 # get webroot
 webroot=$(cat /etc/lighttpd/lighttpd.conf | sed -rn 's/server.document-root\s*=\s*\"(.*)\"\s*$/\1/p')
-if [ -z "$webroot" ] || [ ! -d "$webroot" ]; then
-  exit
+webuser=$(cat /etc/lighttpd/lighttpd.conf | sed -rn 's/server.username\s*=\s*\"(.*)\"\s*$/\1/p')
+if [ -z "$webroot" ] || [ ! -d "$webroot" ] || [ -z "$webuser" ]; then 
+    echo "$0 : Problem to obtain webroot directory and/or web user - exit" | systemd-cat 
+    exit
 fi
 cd $webroot
 
@@ -21,7 +23,7 @@ fi
 
 [ -z "$state" ] && exit
 
-php << _EOF_
+sudo -u $webuser php << _EOF_
 <?php
 require_once("includes/config.php");
 require_once("includes/get_clients.php");

From 1e0a64d4608d15af3ce14948a4b1d01b4814559f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 27 May 2021 00:53:00 +0000
Subject: [PATCH 189/300] Bump browserslist from 4.7.0 to 4.16.6

Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.7.0 to 4.16.6.
- [Release notes](https://github.com/browserslist/browserslist/releases)
- [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md)
- [Commits](https://github.com/browserslist/browserslist/compare/4.7.0...4.16.6)

Signed-off-by: dependabot[bot] <support@github.com>
---
 yarn.lock | 55 ++++++++++++++++++++++++++++++-------------------------
 1 file changed, 30 insertions(+), 25 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index 4cad17aa..ed917733 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -566,13 +566,15 @@ browser-sync@^2.26.7:
     yargs "6.4.0"
 
 browserslist@^4.7.0:
-  version "4.7.0"
-  resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.7.0.tgz#9ee89225ffc07db03409f2fee524dc8227458a17"
-  integrity sha512-9rGNDtnj+HaahxiVV38Gn8n8Lr8REKsel68v1sPFfIGEK6uSXTY3h9acgiT1dZVtOOUtifo/Dn8daDQ5dUgVsA==
+  version "4.16.6"
+  resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.16.6.tgz#d7901277a5a88e554ed305b183ec9b0c08f66fa2"
+  integrity sha512-Wspk/PqO+4W9qp5iUTJsa1B/QrYn1keNCcEP5OvP7WBwT4KaDly0uONYmC6Xa3Z5IqnUgS0KcgLYu1l74x0ZXQ==
   dependencies:
-    caniuse-lite "^1.0.30000989"
-    electron-to-chromium "^1.3.247"
-    node-releases "^1.1.29"
+    caniuse-lite "^1.0.30001219"
+    colorette "^1.2.2"
+    electron-to-chromium "^1.3.723"
+    escalade "^3.1.1"
+    node-releases "^1.1.71"
 
 bs-recipes@1.3.4:
   version "1.3.4"
@@ -642,10 +644,10 @@ camelcase@^5.0.0:
   resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-5.3.1.tgz#e3c9b31569e106811df242f715725a1f4c494320"
   integrity sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==
 
-caniuse-lite@^1.0.30000989, caniuse-lite@^1.0.30000998:
-  version "1.0.30000999"
-  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30000999.tgz#427253a69ad7bea4aa8d8345687b8eec51ca0e43"
-  integrity sha512-1CUyKyecPeksKwXZvYw0tEoaMCo/RwBlXmEtN5vVnabvO0KPd9RQLcaAuR9/1F+KDMv6esmOFWlsXuzDk+8rxg==
+caniuse-lite@^1.0.30000998, caniuse-lite@^1.0.30001219:
+  version "1.0.30001230"
+  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001230.tgz#8135c57459854b2240b57a4a6786044bdc5a9f71"
+  integrity sha512-5yBd5nWCBS+jWKTcHOzXwo5xzcj4ePE/yjtkZyUV1BTUmrBaA9MRGC+e7mxnqXSA90CmCA8L3eKLaSUkt099IQ==
 
 caseless@~0.12.0:
   version "0.12.0"
@@ -837,6 +839,11 @@ color-support@^1.1.3:
   resolved "https://registry.yarnpkg.com/color-support/-/color-support-1.1.3.tgz#93834379a1cc9a0c61f82f52f0d04322251bd5a2"
   integrity sha512-qiBjkpbMLO/HL68y+lh4q0/O1MZFj2RX6X/KmMa3+gJD3z+WwI1ZzDHysvqHGS3mP6mznPckpXmw1nI9cJjyRg==
 
+colorette@^1.2.2:
+  version "1.2.2"
+  resolved "https://registry.yarnpkg.com/colorette/-/colorette-1.2.2.tgz#cbcc79d5e99caea2dbf10eb3a26fd8b3e6acfa94"
+  integrity sha512-MKGMzyfeuutC/ZJ1cba9NqcNpfeqMUcYmyF1ZFY6/Cn7CNSAKx6a+s48sqLqyAiZuaP2TcqMhoo+dlwFnVxT9w==
+
 combined-stream@^1.0.6, combined-stream@~1.0.6:
   version "1.0.8"
   resolved "https://registry.yarnpkg.com/combined-stream/-/combined-stream-1.0.8.tgz#c3d45a8b34fd730631a110a8a2520682b31d5a7f"
@@ -1171,10 +1178,10 @@ ee-first@1.1.1:
   resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d"
   integrity sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=
 
-electron-to-chromium@^1.3.247:
-  version "1.3.277"
-  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.277.tgz#38b7b297f9b3f67ea900a965c1b11a555de526ec"
-  integrity sha512-Czmsrgng89DOgJlIknnw9bn5431QdtnUwGp5YYiPwU1DbZQUxCLF+rc1ZC09VNAdalOPcvH6AE8BaA0H5HjI/w==
+electron-to-chromium@^1.3.723:
+  version "1.3.739"
+  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.739.tgz#f07756aa92cabd5a6eec6f491525a64fe62f98b9"
+  integrity sha512-+LPJVRsN7hGZ9EIUUiWCpO7l4E3qBYHNadazlucBfsXBbccDFNKUBAgzE68FnkWGJPwD/AfKhSzL+G+Iqb8A4A==
 
 emoji-regex@^7.0.1:
   version "7.0.3"
@@ -1309,6 +1316,11 @@ es6-weak-map@^2.0.1:
     es6-iterator "^2.0.3"
     es6-symbol "^3.1.1"
 
+escalade@^3.1.1:
+  version "3.1.1"
+  resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.1.1.tgz#d8cfdc7000965c5a0174b4a82eaa5c0552742e40"
+  integrity sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==
+
 escape-html@~1.0.3:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988"
@@ -2915,12 +2927,10 @@ node-pre-gyp@^0.12.0:
     semver "^5.3.0"
     tar "^4"
 
-node-releases@^1.1.29:
-  version "1.1.34"
-  resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-1.1.34.tgz#ced4655ee1ba9c3a2c5dcbac385e19434155fd40"
-  integrity sha512-fNn12JTEfniTuCqo0r9jXgl44+KxRH/huV7zM/KAGOKxDKrHr6EbT7SSs4B+DNxyBE2mks28AD+Jw6PkfY5uwA==
-  dependencies:
-    semver "^6.3.0"
+node-releases@^1.1.71:
+  version "1.1.72"
+  resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-1.1.72.tgz#14802ab6b1039a79a0c7d662b610a5bbd76eacbe"
+  integrity sha512-LLUo+PpH3dU6XizX3iVoubUNheF/owjXCZZ5yACDxNnPtgFuludV1ZL3ayK1kVep42Rmm0+R9/Y60NQbZ2bifw==
 
 node-sass@^4.8.3:
   version "4.14.1"
@@ -3786,11 +3796,6 @@ semver-greatest-satisfied-range@^1.1.0:
   resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7"
   integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==
 
-semver@^6.3.0:
-  version "6.3.0"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d"
-  integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==
-
 semver@^7.3.2:
   version "7.3.2"
   resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.2.tgz#604962b052b81ed0786aae84389ffba70ffd3938"

From 083e19d631dbbc87fb662900622b51db709a091d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 5 Jun 2021 10:16:35 +0100
Subject: [PATCH 190/300] Update About page insiders logo

---
 app/img/insiders.png | Bin 4122 -> 7949 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/app/img/insiders.png b/app/img/insiders.png
index b29574f747ee8e91a9331bdf14cd7b36554bc086..6ad27f35e857da0d80e0ec2842480f21f15be33b 100644
GIT binary patch
literal 7949
zcmd6McUY6nwr|i63q=$K5d<O#(wjseLQn{uP(nf#FhGESgp$xDp!6n1dJ*X)H0jb+
zL<9t+1e6w$4r-L%xnZCE?Q{3@+<nf!H-EgDcV+ciYclhjNCQ0$W(H0M006+Or3r-t
z0CZ&9xbfT>+LN$TXhZwDhF3Gi8@bx!y-^-$z<oPc8#GYM1?7N-qfvIg?%ilb0N^wq
z24RXfh3SHAU0ozlCp;29E^ahw06<aM#|>rcjK%|P&<+@^5+Aj>oezkyQ{poL!K7er
zs%S@yrk@Ae$WISp>*s8%V8^En0V?`{X$oA>cofjb<q;MK_EF;dhh8vkd_tDw1O9^r
z@2tf4Urw3A41lVx9%vv)LQ33L>W&ofj<kgIZCN=vIWeG&l(dwjl#HabjJUKM__hpK
zN(%VT4<F5%hn+nb4pslBE!vwBpCcac29}ic_V$+WzAfSE;UFokprCM~Lq<lN#vzXL
z#o|#u;#eI2-x{E3oUI4O4Ucif0#7ueY+OC@N_;d=|0@I+w|}X{;{KT?TEZlKP;Qda
z5>h82{mlr2{m-l}F8|`j;o<22_V@p(7>Dq6LrcQZI9E>(TiV3g^PiY<1FL$VQFvDm
zgsbbLzq4rI=!$p6Il8(5RgFME7|IrdJ$e5JKMV%e!s75KtSwp#s>DarAc4Wyfz_p@
zp=wf46&0wul(e*(ih>kWUPV>m4iu`Qc3)ab>Tg-7tF5OC8jJs1*6zP$RsW;xNh!Fv
z(JVvJ9vCmQow|ps3-BKygE9Zv7lr?*@1L@E|Jj%O|4~+w=8WXY#Qt9s{WpnLJtxC|
zl`ZY%Uxkmx(yHBqR@RjyjTiuc>xmZhKEh}GN48~*(OCAIfz7T@QcP0!I{>HYRGSNQ
zc+wsX3H@a3uU@Gi7h>9f1uxKM8d6_@AnrB5t6h-ykQ3<AGoK;$0)i~1Z3U;i8dkdO
zgAGebyrnV)`th<H;7?+de!R?^FKylfjSwD1p8aX(eZPghX$lMXS6l0e?O8X%VqjYZ
z$}EM}pFyLM?k5XCya??9rw0J;kxr-xy8oF3D4+@bJJ<hC0wQUu|6TBZB>{-10D#(r
zzlwn^51PGPmU@y!?+V_!6@IkSrHoBaPdCGGglP&s-(AcJJd%@a-5AoB*8u=D*_`5g
z=l38x--7kE)3NFCtl3!^<3a*^bv-U(y{tGK?)$q?#^V-JrK`O+_>i&xIxYBEMHXI&
z?t@l8kbpo&V#3k_mmKyH;rF+<4G3A1kn$)WPh9&Eh1zm^d$L&hFf&=yq~HAx9U$Im
zE-fqTdduV8wPzL$SZ4d0uOqGg+ilju2DcK7jfAeW3AZoyxlGi<-0V-dmkeP|fjb?%
z^`(w@8ylPTk-0f_qX^e?z18&N5m4uZfyHL|URnsCq!K|(wkIUQ;ObbVD-k<Xmp=&C
zT<N8HdV4F+m7N9v$)BY_AduVq+PpqY59VT!kEc$zPT-$o^X+8PH&)1{#axHXpl?J2
zp_{tHwZ-U88);l;6dOx}E9GdWKl^T_8<Gwf#X)ilDMZ`b7cCxcQ;zMnR>(gu%VC*d
zdV1Kzu^F!3L^|_}^*wjz4~&j@cDKE~etdEF9eANcErJX0Ine=#PumrJegktCqNf{i
z4);LIq>YDOTN8P)mzF&8))3w%V+rkno8-WWYIN^Sg_Ek<dFM}UZCLM8KKip*s<9l#
zom@FuZsEOCYJIq(<v|C4(x(VN;&<BXWg+|yHu*(qKMqh<U-3e?z<5^sGUdjO_r}_f
z7(Gq_fJn#moWmauITjUdL+X6my|Na1bq0*O2U`v80WY!u0K+GP?JhQ6UiCVg*=Hc9
zZzlTr>4{DO!la_<4NFC5X5*B93CPiAJ~ZXy;<{5)cSG>?T#;mgJw?>!=Vx^kdsd;-
zc_rogJ&<ZEHp2SgH>EQ>vMfSWOY$Jslz^2;`LQC?%|>g3+{Q2Es(bqWqZ`r5r=8WL
zDfoD&-a9D~V@zK2zB?}-`vhO7qt&E}e(uAb5_3)Bov#O_XC4xRlH{)d07UidyrkR>
zl8{regwsO#<NJ^X{I;_vu>ZXnty?&K5v7$3@Mt~bS|`N@kr3yTjw#?o^*kvOb}==$
zREi#vDmFyvm3}DRWDPamz2-zuYq3k}Y9(qlU^qy`JRmld&+;?m!1TS?CwiK%{Bguz
zclZmPdg947S4HoLZI*LJ-(;lyaKqzD!8v3*$xQf@`lREvdQ(^u1C5-oXK0Qn-+#E$
z2^8TsB=?#Bk_54zC9c0E8t!M;ukWo^7O%E?AME^LGHD2C*&25i-gPr5LLCm#r+=99
z9XRud*T{34Cv`t#R{Kn_)YKPxqPit%!Imfy1yWkTb%-$gn4jst`;*<I!KIornWebY
z%9t%Hc&)VqZfr~U6<L>~vC^`gr;BKL<85l7yaKP&UPtJ3duVPpbZ0t>*<4zQ1iNmR
zZg1S7B{(lU3ce0z`(cMrtkg}(X2<UDD4jW04>J_kp8<{<>RpDiWd!m+BmR=g=ehdH
z2<a)Vqpx3%JDa&yV%<t=Q%mDy^V+XvrWM3RbyD6H-;D93uoNO1DgOKAdxiE3A%zVA
zF`>pMO*~@As4PTGVSnGi9#IQ_8J&-Ge!GES4~$?k%c-Y3C$Mo6<@^(E85zqY-A#^~
zoC#4$vY&O4hFUO$y!1Ooe}Y!M=W-EhW@#6+k_s(Yoeg!250!4Ij=-jhOtVevF`!o=
zOS|p17cyg{H8|o$pzQwIF-m!38SS=x2b6h@nuCUM^;^5s{JUS3SJ}SbK9o+VJu8YL
zM?`D}JvP9!d`E8{1QA$()t`$w-FuvmNqUC8WlK72g=0+lvga^unPefN(Pk&4Q6<8%
zbhhw`-j1x34L2^*l#XVLg&gC|A|oSeRlA}%7Fe3f3a@WA?)*WgC)h!tMK6-HhtN44
z7#nIxIxSMoy;Su+qX4ztKwGHc^oE>|?9whIV3<d~6+E#cs<xFlOqxPVPu8=w1k#F5
zU1nhUu3F;cds2$PgG;HGDwd^U*=S9mvQa>~N|17%EG!c16~T}ii7Zitbh-;qx!NyP
zoVr(w(uTb^bUq>#GBC=Be!&@wCMwAxmwbsT%43-C30JDITjHQYR?;cJMWTAvQ!B&n
zSL_vY7TpJ|A?lb;YmoKk6DId{nNHKZi!@_TpCMqwzqmkAom~qfeN9_H!QGa-_LK;9
zZA3)4On^<Hz>&S>BzqO|NHZjpVD102?$WN5*sw&^?|Mgtbct?R0<GR_T&B-%?qd%3
z>wdB3vpei)Dw7Voy?*cNb%!I!y<g`cg00q=R#)=ay`K}HfTP<U*0}o$f#qdE0_~#Z
zalWxf$_9P(hiQYm5?8m@Xsf{W-V~AmJ*NL`i4&g6AUsrT`~gZbiJ-$Ei3ZX}vYmBt
zus<WD*N22@S)FZC6}v_Qx49{AIRVCgN`srBh+ii5+~R)pv!$O%RNi~PF9T222-K44
zxTM~qWzqn8^Qc8&+o7fVX)U`gp%<3p?8&nYKByS4c;IV5zhj}3<~jnBH`Nf?gghTy
zBzy{|=rzup1zaFQo*6HW^{fjj`+w<hB@OTnQO2m!6z;(s?y<3jN4HFV#EXoil1yLk
z1hcLfGze@l3BF%=@w!#baNolPu5CPy09{p<>6METonn=^345dAbOjiFGk4y<;4M{x
z(&7&#5UfjAXIDOM;Q8r&*@P{nc!uZ?s?KZ)|8zUJHZyGLBqAb_&;0n2X|bvfaJaVZ
z3{en*HPM~({*fBDZ(ic~v(gaNgRs&OpS~<{>iU+?C;q*({me<q+NMJ8k?Zo~t0Iju
z2EyOdhSKIYgj}OywR8@C8o(bV4lZZK=<;@tk*{PtZ9Ve}UAb)`Mnpu7ROe5UwNP@G
z!fTyDmS(D{%Qlx)%2QT-#XF5d{MzVqN5LOj=^lYzkH0iX^*ipD6CPQ?1=b}Wd`ooD
z;EMnDI=o~@mr<qMexyq=25|!j2f+-**ww6xUJFGGFn>_XVKP{pTP;KqJUN`iA7jl0
zh!s?Jn+XQho3>$x-siqr-l#5xu%BA=ylsAaaKe|Dv0mm$qh+SzhhcH!2Vj@uz05uq
z3E%qbTK@Bi;pfQu9zS`UgAl0YLMJU^kL<0&CS2W(I~yO*)xEsB<Ecqv^lD|&m)lCJ
zHi$S2DE34xIxx3Bh`(bbmBW6-2pV&2cghR}agKa?$v@)t!&)J3_Zsnz$lE{Qu1U(7
zToD<RnADO{to&|El2aSd?zISnJf_tCu<f}3@?H~sAuCpt&+wK}!i<_>d%8ZkRuaLc
zNivvNy+PtmrXQ8AJjAf^Kb~UvfZMBD^CvqrtPHS>$%g^YtwK+~>xl{tXb>LsGb)=n
zDpW#*c(D2MSyZ_;D_zedy@}nq)Vhp~3hNJ7&DkpnkD4^&Ubc5S*Oo;kZ7*Jjhq|c|
zWt5ulNI=q8SaG{)97}h8_!pZ?Fz$-bvKcvYCBr;)Sj&*pE}_)uwDJndAl%Q=<@SQR
z@>cVeg|pWg=5*DbWDd3a8}Lq4U&Zb{Xk?avcll_`$4HG*YR0IJL$<YEy7SRsUmIQI
zOT6p~;wyN@NWkH>9*?|9{;Ag!Y8m^MBJO9en}cPL$?p!?5+Ph4-kl<bX(f_)5uB1d
zam`o@tAO9>byGI4B!wB^BzmRaAAjP`cd)ibYC2?}wklE)db>=NUF5zqF%g8w&Kt3{
z;=e9_6DcfDJd-2l-JZfedY&cWGhIW86>l_{S`2m0&o5P&W8H0BIPW<<PiPg&I-6dI
zfKIL~{pK`0d;+GV|8a8(vwY@1Y1>w_sJYss1}?)HFB>tRr|op}nwu>)wznq+k{>Ds
zR5(T{2*W{ATAP*TdpUkZM}z}y;%y|e!Ag|b)|;ClD@0)TYfW51=Te7+>^wE=(ZWOX
z>|2e{ckl#^>aZT3?w8JA6`dZR;}mn_X4I-)VcHTtzPgqR8Gc$2ZduXmbJ<rS>2y-O
zQ-sgPQUV7L54-izT56|B+Zx-SwO+|+JDFuzS-oiNuEypiwsNm)MKS83OOdJS0$SVS
z!h&)?Vl|9QZe=EYmQGcf0A+Z56&#*fBx{*EvAsCm+Y*?cM_6|(8dS{f^doh%N7{=#
zDTjvW?fyDdC<$jqhwN<(>qkox{zTijxfzt1R;d&WWB!CnKE6M<?#rSl4vRHBj`HhY
z-XgpISv<5XtS!<}tP>PI<Ihw@loNbG;1hoFLr47&!eMG|$soc$bp7c$VHWGzkwwpP
zBYo0~{U!XPv!`BV>Ltw12(}Ls(KibBTP@I^!tLh>smGUt5FMc?j(VtVRcPv3=vAwW
zw8KN~;>#vAQVMsjxlIRy>W?M;h`K5FgwK7=D=4&#V10#lM6Bp+o`pJ5UG_BDR(y2l
zHcb6A%Aqp)N{S~bE@k4C>XoUHqvaNSeV_05EZVkiTKEcs%~X@8&FW}*^t8@R)~!`1
zt_DrAZ1nd?301{LZMBz^m+Q_b@b2+Q*0~?odpRbV^Bg{iGot$fD?aoujrGk#6D97q
zqoeZZh+zzDp%<8$zaAFX8NBmcH9^AK!%&g10H(jZAGY*Ss(L#XYc5a=?{2h!e|p~m
zGQxj&`BWk?Xz({qbf%)5CL4I;)Q1)8cOl^zNi|Q6jMq1eZ+>LxjaX&Sl8Am*jHlQY
z59*<I)mkH@7dupbH(t1yGA#XUZ)7_faf72|x5UWE$TQQ&b*gDzXv(8tJlJ63ng05P
z?6z6xS$4N4JZ7ZKVk20sqEFxD*&81l9Cj$N2-V;ysOxl#u%MuzQ(NHSp66I7a0DPQ
zTrHoT{Z=8>aXTh1x>}MR6TbZvm^BkbrNC$8Uusv5F=>LXmk`J~#|MkiR_#82@@NM(
zyvwQS77^hvV<~x}D#zu1SlCuJ{&8EZ>D~N$#pi^%f~N3M2g*?fZ8$EeqKqe!UZ$ZJ
zh$=24BHG$7UE2@qUkB{hr)6iewI9q&cBbEU__2HkTSooKs^nfUetrqVfyJSbZ@mmD
zFoBQwcQ)*L@IG}R3OdA}*Sk?gj&<|6m}!@Z&eGDdUQ^Pt$xeA--owk9lnM%pmOb<`
zrz;*^MdI!bOJwp4PH-=Uv^8It!@ti^Vp&ogqr!8IEHAzo#R$Sf-$WzDP2`o7T=c8{
z@FA8=x6Zo;_;t*efP!GS?2Gggi{~cqo$sE_=tQgIN5D~t+#1QEuB9trh`IPxH!J?n
z{N@$Q0Pe8oh)Vb5i6&Fcnq6!QUDejA<I&@hqA4IUsGr@rh%PdFOzzZKM`W3m#pR(U
zm8<C`Y{XOeSEgt<{R4i+LtdK#dyRNTw>Bf20CgYhm-*N0)bm&}o@fKICCBpp+&-S4
zap``C;;w7sAiuo{k(##ugMMn2`<!Ke!_hjK3g>|o6-`F~CVN<jr-F)?W;)L>D7+u%
z3=c3DC>>tUCVk2#8@;~3uq_~`DruY%NcYa<BeAIQIS;?FaR;69+LU27wFM!YWXf^_
z30O)xrMFo}%5?C*MpSqg67XA?g7)NXPvvUhJ-=G=uz=y>w2Gb@^F+x0Naj4pr5`u<
zE$I|OuRh3oT#`-ITPYzgbC%kF=htKdfF+#Re&NhhXGh&<CFrrAQ5&_mwso0eP*TG)
zRT5zE;wmKd)Gy#WbLi+yYx$g*zKthWJYMQiS1f`q&+v`#efdpKX30O3$Xh7-LJS$h
zYcwaKzpKZb#fAHFGZt|Jv9XH}_VCQ-N?BleOee>FCB1QKTpZZ<bk;EOK9|BM9h(s4
z;R`3IFy+TjYshQSm}M*~t+S}TSBA+jOFZHiM??H705Rt#1ROLOoskRgl#wi}%;+ne
zL_YTo<o?5gI}3DW6Y{P2uzDV0^0FGGU{%10B#tK(-Z<J^DcjlE$_Wu-*Dk6Pk$c6%
z^@TK2RcA0zmA2CyuA(TA)9>yS+#h-&VFf!AaIM8F@ls)P#fVM&Z-P;9$#eGzZB+pz
z?I5L>b1Bs-Nw|pTa-qh)udcHG()ML=CvQ9C*gJ3JK<DN7`M)rmH;aWu37@j3$aMQ0
zY>=p)Cw$}*qa?#(Cb$l9&3Dr|MbDm00jFnaJ90E&Ah7L*<@+WCO=?*$q^L0_2r(l~
zpC6`~omjO)RV=OwUScu0lIiZ-p1jQ722Jq0ha5#c=eHBqFFSA0rb_y}pb2snf2OE(
z>$zrK&6g>=xuv^)M`cDg<%izM@+zafduCekX=7EJ3AL&a+F4f?9@~OY%eJSSxx9`U
z*DGDu++5TM=0o-=q?YXAFLy0(8rxZ2!$lV9)ea%bw|(VHN*Q<KsYwRmr;`@rMQY7R
zYO2bkTA@*0DrCz1z&rR$2I{c*m9|^Z!v)G8bQArg*;Q1mEbIA|dG>(V>zlp`^VMH>
z?Ok<WZtu37!x~kC>+}0QA_G5QT$Y(=`<mSMX>#nvjZupy8aM0r)=9gmgY7?`v8&??
ze38AL?`IvzK^f~3hAYH*d5O4p@Z`wLdZA5z`Whux{1f=#W<U6A$%}zS3EFXqMBS^K
zkcskh_oIzP^FHx|DZbBoHXS4x7U_BPLVq5MtRwh&i7Rb`Ygr>C;ga=AB*QSthe8<0
z+if_EL8ztYH(l&s9zPN=bkgocM%q@oS=R}cnpl`iB)yu%x&>(RR*nxavUL$});53G
z6~=vvJ7*yISMF$)(rh(mx5;jUFxn*8ykT2@h}`Ea;PRnXlH^NP-86ZujTf7pk%RVu
zotti@z?jDJvQR|s=|T~9ZE^xBl=o5Y%9vQ$xcwFws>z>MH(1eY9w7%T+f|vGHE|f}
ztC{zvvO~l~OGc}bDV{^K)Z)wo7<n?lCq3i)DssUof#kUBSTvOPjOxa5oIiBH<w?r)
z;(l)W<>muf9{p0(e0crLY*ufE3VGYo(s<+D>aBo-o(F2^+|h?6AlR>B*86w!_XwBb
zH{Cq9RqkS|A5xx4-D5jjzyPr^M>5`fUC{GZC%N(xQ9`5kTev~jQ;&EEL+JxYhu%xh
zu`Xd2U-Si5ZC&K)%~~nxK@SpJU9LDerg}q332}(tbwuBS(R7(3L)e{<_PQFDW;u-1
zDge(aT|il%y0o_D0D^sd&$mJy`lW}!!&aE-w(kz}FdrKDOS2@Z!>|1yO6aO(rj$yK
z(_Eo>3M%xX=vg6ho*yj0u#GyAs8QOLvb0~_dw6IbWZR^Ltt?TN>N<~1%U-)*bnPmt
z;X!14mswk8|NXcwB4InNql#!))ErO&C|Q36(~ng60^KNm_UA$L*sS<W3&dTttJuyD
zvCVI?aCh*%`wIrs&|DV|_C7Bcl%HSIcC6g=&dy9n_}iA>@Sqh5kgZM5YfM=xWW<{&
z%vCcQVV(a1W&53NRk`!ldr-pFZhC4(!1wd+JHKaqs!MyfL8&nj8Xx?eg0+Ry>!Zf=
z#U&kQ?7*G{g)cG^D%@jMd`6arYwkx7Ht=b+K8k#eqjd&(oK(BF2;CaP<ZMfjh|&s2
zZ~owIt3ADrxf=zXo<w$QcDeFRu$@cFYaf9l>+hF8gd{oHbkmULi?WVKvEX%nZ;Qyi
z5hWxudms%w>k*EScQTJz4n{oBQ@0j9!T&V1kV|j1#UF>WVpxh<PcS(vk{>wMkj;kF
z=G8H*SvXX`$v+Y}ck}cKSQyb|!!0e<Rc(TZ!VsO@In9$m;m5`j2Nr~0w?|v(cvc#=
zV;aIaSc+J4#8&jm_NAdXiqK|NP(DK%RE>i}*P}5982h5i%f{EV+1F+Ix?k4r4z{PT
znRI+~ZY%B|Zf*89>0LM4KC8W|&aps3mhvR_0$x5xX~&)=9Pd*CSEjrvhrRpT)XL=0
z<A$}}mc-843@t^8?~%}CN3lOkgZXa;+B3wrBJvXRW;~Uz#;I4^6^wHQ3bCrY8@?ee
zBzk#!`==Z2ZRY0YcGIxxqpok?zA1Td(;(%G9=mJvKV92)7fNL~1C(OAuHM%5?{_NY
zPu9IwU?JX5H1w^itfb~#;0EIpOK5+S)w=Un<k$0g50?sGF(7m8O8CfmhhH8=HHeLP
zAnxA2y*@>QbxkDW*J)V|i(g(|CTE2fszz?+$3a#Wb!o|GzA@3@vL7$FR+w)p#z1c9
zNk0KNRgU)7bB?=vrl%`$f+^}H6Ai9`n~jSv_O1KR0PuWFh_yH677e3E19zzh<R8Ij
zUCiV(VRyUdJr2EpO`17yd>9)6nUU_kdNkd#%WGGN8hx<v_~kS2jxgrq28V$c-c8NT
z>0=Bu%+P%HLo8P?wf*?$8Iee2reWheNix>fG}xXPGW=|{plw~pdT;3YM7>Mqw;!hg
zwHKn5|B8TR-kE|E4;rpG2h#9z+*pM*#e;^u*R4^X&?1~As8y}_7u0s2K7qXs$}Acr
zZVgi*hX?EJMu7wU{a)yruQj}cotdo(+I_)v8_wa|(c!-S$B1<<ov(IGG@-iL<)1&Z
zCmL~!Y{@;9M8R26lZu0lg}zKux6eHY_S51z1^SA{$HrOE)V)K4@(;%<EcbI`9F4Yr
zO>@5%<{ziIK^5s9Wi3ZmSxEzE1zGa&;X`2YP|W~j|HYm^4eocavH9*I@U^?UJJ$kU
zy-lSYzu-C8$gZfUQ0V6b1Sw1H$=Q?;%ml`0CmAN<-LA)5H93dO4zw$xlPj6O81{z$
of4?^R_sgY!xGlzVEcphI)_9>^!Tm!7EdYR)njW-5<>Ax+1MuOIod5s;

literal 4122
zcmai%c{Cf?+s9KH)Kavyl%|*t+SFFH#yZ++sU=Kei>0KfHDXC<g=#H>qCct>MOq|c
z7hA<rRl<;JsaQi*?fVv6@R~EfcY4m8_nh~id+zx@_xV20x%c_weqy0!xB0lmxB&nF
zpV6J0mH@zs{^R{SE{@|hY$x9Z0N|f6y7?O{czBU90v{Q?$axP<50QX~=5QN;-xmT1
zPxOJ2veSIQKTZ)P&45xu-(Ujfz%`hkwvb;{%F<aX@^0m?NQWkryrO%XNZ`<z-a*h1
zBseV04DfjV&{Yud7zza7xd8@3009y}5_UqL$o7{M2?lV%|B`;jkENgS<CMSS$I^fE
z|4#XD{=Y2$@;{ENj5o_a@#f^@e4U=u)z#(9n%QJBF}^f5(=`@r^mX@aZ#P%JlR@Bf
z-Gp8$I@FOXV(&S}LUlC{7aR|U4aCek@0}xkN!iiv*zLF_R=iDDl7uZFw^8wJ4)yVp
zI>YOe)^j(AY(&_;ZDHwRFQ4;6o3*P>g#P)jb{sGgxL+6cW@NdSLC5FwO2Q}?@>=s)
z3Jw5f$MSdsuxgUgj80qjSKUkQM-FZw2BuV<dZ|0d{T1{BM*Ns%(2_H6;*aaxb>ILY
z?oa$6h!1>V!|}o?;ZFKuc~aU*$vLv3K|}i*No6G=x!9<5;~;FR=V<l*mARRUFXHSb
z09+9);edj`@qPU^I?uUhNL=pdRTyuA*o&b=^@*0TUC#B`Gs5~Zvf!<eTkDgR8Q`(}
zq~Gz}lCXV+Q4U|rDW1jez@5%zr=M^2*TrH!4K-I;(O*&FJ)SbyA^v2Ew{G&KRNqmD
zxbG^b)f%*e`Zy!OtobXG)$H-^?#@9Ox;UHNmGX#y>?X{AqWkNlQp5^2JX^g`y)k@>
zp6=U<<vv^3+KDMYL@Q<I;_(mwNzJX#2KZBGm%JmOKpTJizDLLJd|aDIEiTwT9+8JD
zNYj-Qc<xO^!yz_n?PY~mq#y~<_H;`Q$DK6wXe~NCr)?m&miG|w;uIZi*2WEn1Ab1*
zKa-TZZ%^PBa&UA^>?OS2Tm$cJ)jZhPTyx(`9~&FfT@DueFfP&F+`O!C&Dk%yc`_h9
z+crLJTM{Q$%-Z%I-#AC`5+(Qqfg(NjuPPiFK}t3X<eI^k?&XiGKHFd+SbW8MXL4jK
z7&OY51Q&c~=r{YaL#N?W_U?fu)^o@g_s5+A&y7n!QUr=cf-rJ(+u7}NqCXmf>ek=c
zW@RVMZJON0<Sjf~I9*#;-0H90xkH)2#V5pkjtCEJ!JMVH>_$U}HeVUpGbhCknUZC+
zc307YwZQ5|1;yG;vIy|dZHKkLgNp%<FyO33mC{VA8fx$q{PMJ?Dd&39^FJmYRZn3R
zeaCc+^^R)hcj_vX56Vq%H@OICwQpBEZ60#Th(5oeXXIIbm)0BIH76{g6_>QFC{WN^
zcbY?5_Yl|m>p>!RZexU7+-`;Ltz`Ogz?FB5k_FHPYxKO;=!uagU@O9wKcKGGP|Tu=
zkR)jN2Oh-i+@x2mz60L?K{O7|wpD15d)!wF$Fk~9jcabx=B7?6@7I3UqY~ps9Uf!?
zBJx|6KAiQ}DM(2L9}oON>}0;=z7<k-^&IwXYT;P6=i;ESSOBFa@S+}U)X!sN6ZF!D
zU(*L;VI;EU9>HC0w&9TDB?-evq<Stc&W{>61?IUzrumHyA|T_;y7@%*g{r~?DJvo+
zz3G;C5!sTVc9I}Iz3ayrA!brP=&Vt|J!IgzqdL@(sp#zyZaeqffPk^gCFz)I6=%Mo
z_PzYHN?Q=sqs~mN@Z}ungdIMhX{$(;FV}Dt+paHEjQnPav-Td_<m2(?qNNRg^!6A|
z<mpBXJ{Iq{Xl!dehmcQthMXq=)qY$==4;uWU5&@oLUeMXz?<qe)(lxav&wYTAX~G7
zpXKeHqt$G5%Up0;->V$gz>bvs(^!F{<&dn}MyxN|cIvhLx#=~jPK{QLupT2u|NR!v
zC7G&tJ|CA0YPl||8Pyd*)_sPbzC^37hR`^^q0JsNbq)QY)iv06&35Q=XzjV)B!@-0
zNU--xaYw#@)VJ^XD(2@=T0_6U$fU2CZ-mTv^U5v!B+PV&w$UY`Hdr7SPi`RTe!6S3
z%x_dperw&>Q^@ikxoNXJ7uaZ2X|60D8CN$yG~q?sBlC@GUMcrY^q+oYSI)pS8$x{T
zc_|NRBqXW)slLPf9T`o$CdmdDx}wt89N^^UMsk$hHHZ)b_mwDU#e#z6g@SosZa{`_
zX2qy?mQki_3wgUv&M$CF;a-p(3#5nbWzC^yNac<D$x?wSeI7GbziY0%stSGQ2DB25
zn(^-G!)ADo=|F~ROh4YkU4D1_O}F8_)HtOg2JVYASAQutA|5p<yxQ1SahBZR*FAgF
z-H7>^>nWR4N>KMgS&hQi;3Xuz;kD{LWipr=pFI9*OAGXIatxl}HJA{ZzLBX<#8i^Q
z&teFX63`27Cgt>%g73mddG}R62gz#U%Lne_T<SosurK)qiZ%IEP;G2aSdBsIL&!eV
zf+n9a-0h{o+?hE|SlNDQRTxjsQ4e|W{=S>(I2BYA`zL;njVjMs&w(Gll_XvBWav{M
zb$pHV?P9EHw7f&9ZJ&-;$K!L<5f-yX#iIq1k!r7IkZP6Tx|q!B`tFf1Dwyog0h0KL
zOz|Oiy(e`Q#GxHq^;b89Pg>Env+040*2G>>%v#M&(*ckhj_SapRcDxED~2^k*%kDO
z4S%d+Ut*>>)k2q&i_PZL;|T$}GcZby=Y<ys(!AFlGu2qzs!JA>E^RzGao`zrDOy8r
z1aj#vA)wueITpKu?Je9@bD<Qok->Sk>@wGj){iK+mlReaE6T-pyt>q8Bf;XY%jU}0
z4T<=u?`s<kUamK&Ow}>d{LW#e^jmb)1NvKxy3u+PT2XEGVe>WA;y9BBTeEXcYh?9?
zp6NQ(BEJ!2FIuK<Kcd+kvH%Yqw-rxhRDX`iUSev;`z$NDKUKK!<g$tx**H~(2N5%2
zWqu??Y!oo;0iStsJDyY>L75(g0+%;<M-73NE!X1H_TQr9buKv&4fu=tZ*f{zu{Fj`
zK)gSD-;W}7wP3Vt?hIkn8Nb-@BUO*S)^_<uf~&M_WD${rzc&bK!1(BI9-WOwKP^><
z7eS+hIlcC{K%;8x2hG?5x2xUaqss>6O=fZYpDT!VkI=lsvBsYd{TdTxV@9RhqUE&X
z;0u{e*(R1x=MtZydN=v%H|Kn`N7Sn*zeOZP-9;sHjQ(j(WQ!ujs3QXXpHyeWXBc*R
zKBDl52PCbXDc$%ryo2_Mvxw3BxzS8vG2^QLezQQaVJking9VK^{D&{0FIc`23bgyu
zLYu?|#b*_2`nTw+R#R-X+ns*2FIhY2T(uz@V71;sRavr~&6{o#?kC-&4vM1XJ}7F!
zbr(h$xMDjp9X)6oDh-RE!%K_~RZI5kf<{#ctv(QUbN5=xF9TJWbvoKWXiu;h6#%IV
zh}hyMKN|=esN@EEjh!-@amYmBxesQ)8R*{!EkGVlcv+L#imp(s$OY(JxR57y;^RAX
zJ0jXZ=z$lfy03Bi6l1tViUK6yxSxXRJz6+kK!L^~-q5Z7Sx?nvwH)`8%_*sID1B4$
zrW40KSvFPu3QH2NY>+u$*4UTjX`6U#R3ej*{X%Fp$X;uo1ne6W3Ey@#i~^S{hNSJj
z7;6+WuP0sFycke`exUjb4BvcO9M)#$?^x#l?v_0KzV=0puHddz8F&YZ&l7w6@t~nQ
z|E$2Q-OMdE_Jd6*=RjJQr6#ML)2J0CUzFa0OeiXE4TS98%m?MIZ4gXP_0I;F!4L2s
zLxmfKY%M0UJm*X2U%j8$FxBCyiN=VqZ4rO-F(a}atu*MtW<yt!X_Ronqk7;d((GPB
zP2tH&zxZmaMD#oD9}P=|iwUQ`tLRD77^xSgm+DRG+I#LN$m<A_-Zzn=EQ(c{+x$R6
zEN>0`^c8|JZjc%(#9Lf`4V~6s7&G7!Wmi=R^3^QdHaY~X<<tz#o^sC6ZEE*8Y!bnH
z^v_$Sh6s%~Opvt0m|n>^+S-kQup(c}(@RQrh05kgS?wgmez=StCZA^gWb)Tei9621
zw-Li>0yZJ)bzu@S>LxR3`MbPQfemiEa-&}@PDHPoA7MnP%-=sDL>64n5CRyG5TTp_
zQ&c)#hVg!%@n`f68~&BP-OM)3_JDD9NL`igx|%?H$R)2rScHRSC-J#q#r4ym!@k~0
z@D(-XFOFJkHYLKZqHhtJv~wg}o|o_tjT%Cjc?EN!CUFcFPB1%@-gz0x?y~s-sU$L#
zj&K)9+wcFAg^OFbtO#v|G|ztLhZ7B2`-5py!}<x^4vZps_M$(gavibCUs2M8>nB?j
ziuPLbq$VfYTX`s4J1e!9M*FUX;<*=9pj6XWonq`>Up#t*g%&clFTm433DDKGY)+Cj
z7%9=k$tfU?`Kls4D?B%!$kP?M&Wn+`CNny|-x{*pLgW!`k@^oCM?I+FJp-^vc)<o_
z7kzdaLhsa$-dx}Sdin_xib~_wB^C<evxqk{84aJeY0QIzYXB-bZPX|kXYZTx`IXLB
zfr6B*_oWSj|M}!T2)d9+do7aHvx-G2Ps?Yy+AT;PpFcXQ7^|shaS$ECvPa`WO)9Cf
zrOM$_Caw7@+ZB!S!w!}%x)NeFE#=oadwP26r;CAse$e@ViTcvK-5crfvHlm=bJWrC
z*`Pnt)FP>pI97JCp5~9cyjezwo~mbQZoC8C$n+dP<{a`YDJNL7TWL4MaJ@cA@QLT}
z^kdulZW-^z20QYXv(sp_+Fo8qMW4ddb7LVpFh^$<=Z2<{ozfls(Ff-d5(m@i|BHA(
z5pMWH5GjOb_M2p(A6mW5Bw1ph%1n-XHs{y_N?W5!gxkx~BtGJ=Li8ffe_n!C@2ii$
zyS3`#-2gDCo;)qj)+MG-q$7O=ZRp3sMSkH3S3XIYm%vKpndPe*WEG6esMvf0IXt2!
zfQcGo1BWcs`q(=<Mk8Y<{9ik-PrkH>9|13ANU}3ONvj%cNk72|R+c5_Y(F?hdJOeZ
z+Wy^#*#F42U0hP4%@~s|`UjhSKFPAAIs+urk2zliJCRB<PPL&$>u1SDE#6&J=Fra{
zZZxjem)5#di9IhaEC4O!hU4v&@2B-BXA>eGqWIVi;6yh4Nm15`{}*`w0pg#x^>5()
p2V?$bqyNkD-;BLTJvu20NO&FMQPO9qaLoJwqg!S-OAYQl`5%A`?8^WE


From eed50706d9148ed42bc15867be35db4ea626478c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 5 Jun 2021 12:20:58 +0100
Subject: [PATCH 191/300] Fixup template merge from upstream master

---
 templates/openvpn.php | 59 -------------------------------------------
 1 file changed, 59 deletions(-)

diff --git a/templates/openvpn.php b/templates/openvpn.php
index 40e084e8..4e0adaba 100755
--- a/templates/openvpn.php
+++ b/templates/openvpn.php
@@ -46,65 +46,6 @@
 
             <?php echo $buttons ?>
           </form>
-              <div class="tab-pane active" id="openvpnclient">
-                <h4 class="mt-3"><?php echo _("Client settings"); ?></h4>
-                <div class="row">
-                  <div class="col">
-                    <div class="row mb-2">
-                      <div class="col-lg-12 mt-2 mb-2">
-                        <div class="row ml-1">
-                          <div class="info-item col-xs-3"><?php echo _("IPv4 Address"); ?></div>
-                          <div class="info-value col-xs-3"><?php echo htmlspecialchars($public_ip, ENT_QUOTES); ?><a class="text-gray-500" href="https://ipapi.co/<?php echo($public_ip); ?>" target="_blank" rel="noopener noreferrer"><i class="fas fa-external-link-alt ml-2"></i></a></div>
-                        </div>
-                      </div>
-                    </div>
-                      <div class="row">
-                     <div class="form-group col-lg-12">
-                      <label for="code"><?php echo _("Username"); ?></label>
-                        <input type="text" class="form-control" name="authUser" value="<?php echo htmlspecialchars($authUser, ENT_QUOTES); ?>" />
-                      </div>
-                    </div>
-                    <div class="row">
-                      <div class="form-group col-lg-12">
-                        <label for="code"><?php echo _("Password"); ?></label>
-                        <input type="password" class="form-control" name="authPassword" value="<?php echo htmlspecialchars($authPassword, ENT_QUOTES); ?>" />
-                      </div>
-                    </div>
-                    <div class="row">
-                      <div class="form-group col-lg-12">
-                        <div class="custom-file">
-                          <input type="file" class="custom-file-input" name="customFile" id="customFile">
-                          <label class="custom-file-label" for="customFile"><?php echo _("Select OpenVPN configuration file (.ovpn)"); ?></label>
-                        </div>
-                      </div>
-                    </div>
-                  </div><!-- col-->
-                  <div class="col-sm">
-                      <a href="https://go.nordvpn.net/aff_c?offer_id=15&aff_id=36402&url_id=902"><img src="app/img/no-trace-200x200.png" class="float-left mb-3 mt-3"></a>
-                  </div>
-                </div><!-- main row -->
-              </div>
-              <div class="tab-pane fade" id="openvpnlogoutput">
-                <h4 class="mt-3"><?php echo _("Client log"); ?></h4>
-                <div class="row">
-                  <div class="form-group col-md-8">
-                    <?php
-                        echo '<textarea class="logoutput"></textarea>';
-                    ?>
-                  </div>
-                </div>
-              </div>
-              <?php if (!RASPI_MONITOR_ENABLED) : ?>
-                  <input type="submit" class="btn btn-outline btn-primary" name="SaveOpenVPNSettings" value="Save settings" />
-                  <?php if ($openvpnstatus[0] == 0) {
-                      echo '<input type="submit" class="btn btn-success" name="StartOpenVPN" value="Start OpenVPN" />' , PHP_EOL;
-                    } else {
-                      echo '<input type="submit" class="btn btn-warning" name="StopOpenVPN" value="Stop OpenVPN" />' , PHP_EOL;
-                    }
-                  ?>
-              <?php endif ?>
-              </form>
-            </div>
         </div><!-- /.card-body -->
       <div class="card-footer"><?php echo _("Information provided by openvpn"); ?></div>
     </div><!-- /.card -->

From 43e9a093c4385bfd67ac21daf9689b9622f24ded Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 6 Jun 2021 20:47:30 +0100
Subject: [PATCH 192/300] Add RASPI_OPENVPN_CLIENT_PATH

---
 config/config.php     | 2 +-
 includes/defaults.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/config.php b/config/config.php
index 8003a320..44a46076 100755
--- a/config/config.php
+++ b/config/config.php
@@ -18,9 +18,9 @@ define('RASPI_DHCPCD_CONFIG', '/etc/dhcpcd.conf');
 define('RASPI_WPA_SUPPLICANT_CONFIG', '/etc/wpa_supplicant/wpa_supplicant.conf');
 define('RASPI_HOSTAPD_CTRL_INTERFACE', '/var/run/hostapd');
 define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant');
+define('RASPI_OPENVPN_CLIENT_PATH', '/etc/openvpn/client/');
 define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
-define('RASPI_OPENVPN_SERVER_CONFIG', '/etc/openvpn/server/server.conf');
 define('RASPI_WIREGUARD_PATH', '/etc/wireguard/');
 define('RASPI_WIREGUARD_CONFIG', RASPI_WIREGUARD_PATH.'wg0.conf');
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
diff --git a/includes/defaults.php b/includes/defaults.php
index 1c87e4a5..cba04a1b 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -23,9 +23,9 @@ $defaults = [
   'RASPI_WPA_SUPPLICANT_CONFIG' => '/etc/wpa_supplicant/wpa_supplicant.conf',
   'RASPI_HOSTAPD_CTRL_INTERFACE' => '/var/run/hostapd',
   'RASPI_WPA_CTRL_INTERFACE' => '/var/run/wpa_supplicant',
+  'RASPI_OPENVPN_CLIENT_PATH' => '/etc/openvpn/client/',
   'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf',
   'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf',
-  'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf',
   'RASPI_WIREGUARD_PATH' => '/etc/wireguard/',
   'RASPI_WIREGUARD_CONFIG' => RASPI_WIREGUARD_PATH.'wg0.conf',
   'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc',

From 55995c797c7c3d81d9d9b9f58c1b06bbcdacce2b Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 6 Jun 2021 20:48:23 +0100
Subject: [PATCH 193/300] Update template, remove affilate link

---
 templates/openvpn/general.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/templates/openvpn/general.php b/templates/openvpn/general.php
index 39573ce6..9398884e 100644
--- a/templates/openvpn/general.php
+++ b/templates/openvpn/general.php
@@ -64,9 +64,7 @@
          </div>
       </div> <!-- col -->
     </div><!-- col-8 -->
-    <div class="col-sm-auto">
-      <a href="https://go.nordvpn.net/aff_c?offer_id=15&aff_id=36402&url_id=902"><img src="app/img/no-trace-200x200.png" class="float-left mb-3 mt-3"></a>
-    </div>
+    <div class="col-sm-auto"></div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | general tab -->
 

From 234f22117f34c48a928fdf4354fe0bf5cb589418 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 6 Jun 2021 20:49:09 +0100
Subject: [PATCH 194/300] Remove file_move_config (deprecated)

---
 includes/functions.php | 22 ----------------------
 1 file changed, 22 deletions(-)

diff --git a/includes/functions.php b/includes/functions.php
index 0b1a11c4..93c609a3 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -270,28 +270,6 @@ function file_get_meta($filename, $pattern)
     }
 }
 
-/**
- * Renames an openvpn client config with the 'filename' header comment
- *
- * @param string file
- * @return boolean
- */
-function file_move_config($file)
-{
-    if(file_exists($file)) {
-        $file_data = file_get_contents($file);
-        preg_match('/^#\sfilename\s(.*)/i', $file_data, $matched);
-        $renamed = pathinfo($file, PATHINFO_DIRNAME).'/'.
-            $matched[1] .'_'.pathinfo($file, PATHINFO_FILENAME).'.'.
-            pathinfo($file, PATHINFO_EXTENSION);
-        if (!file_exists($renamed)) {
-            $return = system("sudo mv $file $renamed", $return);
-        } else {
-            return false;
-        }
-    }
-}
-
 /**
  * Callback function for array_filter
  *

From 1647aa3c737f182e54d6c175b6502d46349525ce Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 6 Jun 2021 20:50:20 +0100
Subject: [PATCH 195/300] Refactor config handling w/ symbolic links

---
 includes/openvpn.php | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/includes/openvpn.php b/includes/openvpn.php
index c5b00d1c..711c1c45 100755
--- a/includes/openvpn.php
+++ b/includes/openvpn.php
@@ -53,7 +53,7 @@ function DisplayOpenVPNConfig()
         $authUser = current($auth);
         $authPassword = next($auth);
     }
-    $clients = preg_grep('/client.(conf)$/', scandir(pathinfo(RASPI_OPENVPN_CLIENT_CONFIG, PATHINFO_DIRNAME)));
+    $clients = preg_grep('/_client.(conf)$/', scandir(pathinfo(RASPI_OPENVPN_CLIENT_CONFIG, PATHINFO_DIRNAME)));
 
     $logEnable = 0;
     if (!empty($_POST) && !isset($_POST['log-openvpn'])) {
@@ -158,36 +158,34 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
             throw new RuntimeException('Unable to move uploaded file');
         }
 
-
         // Good file upload, update auth credentials if present
-        $prepend = '# filename '.pathinfo($file['name'], PATHINFO_FILENAME) .PHP_EOL;
         if (!empty($authUser) && !empty($authPassword)) {
             $auth_flag = 1;
             // Move tmp authdata to /etc/openvpn/login.conf
             $auth.= $authUser .PHP_EOL . $authPassword .PHP_EOL;
             file_put_contents($tmp_authdata, $auth);
-            file_prepend_data($tmp_authdata, $prepend);
-            file_move_config(RASPI_OPENVPN_CLIENT_LOGIN);
             chmod($tmp_authdata, 0644);
-            system("sudo cp $tmp_authdata " . RASPI_OPENVPN_CLIENT_LOGIN, $return);
+            $client_auth = RASPI_OPENVPN_CLIENT_PATH.pathinfo($file['name'], PATHINFO_FILENAME).'_login.conf';
+            system("sudo cp $tmp_authdata $client_auth", $return);
+            system("sudo rm ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
+            system("sudo ln -s $client_auth ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
             if ($return !=0) {
                 $status->addMessage('Unable to save client auth credentials', 'danger');
             }
         }
 
-        // Prepend filname tag to .ovpn client config
-        file_prepend_data($tmp_ovpnclient, $prepend);
-
         // Set iptables rules and, optionally, auth-user-pass
         exec("sudo /etc/raspap/openvpn/configauth.sh $tmp_ovpnclient $auth_flag " .$_SESSION['ap_interface'], $return);
         foreach ($return as $line) {
             $status->addMessage($line, 'info');
         }
 
-        // Copy tmp client config to /etc/openvpn/client
-        file_move_config(RASPI_OPENVPN_CLIENT_CONFIG);
+        $client_ovpn = RASPI_OPENVPN_CLIENT_PATH.pathinfo($file['name'], PATHINFO_FILENAME).'_client.conf';
         chmod($tmp_ovpnclient, 0644);
-        system("sudo cp $tmp_ovpnclient " . RASPI_OPENVPN_CLIENT_CONFIG, $return);
+        system("sudo cp $tmp_ovpnclient $client_ovpn", $return);
+        system("sudo rm ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
+        system("sudo ln -s $client_ovpn ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
+
         if ($return ==0) {
             $status->addMessage('OpenVPN client.conf uploaded successfully', 'info');
         } else {

From 1b7074f693f4e2603c8a1f214241a7cc34ad6375 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 6 Jun 2021 20:51:13 +0100
Subject: [PATCH 196/300] Revise openvpn log output method

---
 installers/openvpnlog.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installers/openvpnlog.sh b/installers/openvpnlog.sh
index 96e79e2d..d933d669 100755
--- a/installers/openvpnlog.sh
+++ b/installers/openvpnlog.sh
@@ -1,3 +1,3 @@
 #!/bin/bash
 touch /tmp/openvpn.log
-grep -m 100 openvpn /var/log/syslog | sudo tee /tmp/openvpn.log
+journalctl |grep -m 200 openvpn | sudo tee /tmp/openvpn.log

From cca50c35920c8669a624c742667311fc21faeaf1 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 6 Jun 2021 20:53:21 +0100
Subject: [PATCH 197/300] Update raspap.sudoers w/ /usr/bin/ln -s

---
 installers/raspap.sudoers | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 0886a2ac..260a45fc 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -20,9 +20,9 @@ www-data ALL=(ALL) NOPASSWD:/bin/systemctl start openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl enable openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl disable openvpn-client@client
-www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf
-www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/authdata /etc/openvpn/client/login.conf
-www-data ALL=(ALL) NOPASSWD:/bin/mv /etc/openvpn/client/*.conf /etc/openvpn/client/*.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/*.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/authdata /etc/openvpn/client/*.conf
+www-data ALL=(ALL) NOPASSWD:/usr/bin/ln -s /etc/openvpn/client/*.conf /etc/openvpn/client/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/openvpn/client/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/dnsmasq.d/090_*.conf

From 83c6e17970039898d7fc14ecb540341c164b6ab8 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 6 Jun 2021 20:55:43 +0100
Subject: [PATCH 198/300] Refactor openvpn activate cfg ajax

---
 ajax/openvpn/activate_ovpncfg.php | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)

diff --git a/ajax/openvpn/activate_ovpncfg.php b/ajax/openvpn/activate_ovpncfg.php
index 2a8542a9..235f01eb 100644
--- a/ajax/openvpn/activate_ovpncfg.php
+++ b/ajax/openvpn/activate_ovpncfg.php
@@ -5,21 +5,14 @@ require_once '../../includes/functions.php';
 
 if (isset($_POST['cfg_id'])) {
     $ovpncfg_id = $_POST['cfg_id'];
-    $ovpncfg_path = pathinfo(RASPI_OPENVPN_CLIENT_CONFIG, PATHINFO_DIRNAME).'/';
-    $ovpncfg_files = $ovpncfg_path .$ovpncfg_id.'_*.conf';
+    $ovpncfg_client = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_client.conf';
+    $ovpncfg_login = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_login.conf';
 
-    // move currently active profile
-    $meta = file_get_meta(RASPI_OPENVPN_CLIENT_CONFIG,'#\sfilename\s(.*)');
-    $ovpncfg_client = $ovpncfg_path .$meta.'_client.conf';
-    $ovpncfg_login = $ovpncfg_path .$meta.'_login.conf';
-    exec("sudo mv ".RASPI_OPENVPN_CLIENT_CONFIG." $ovpncfg_client", $return);
-    exec("sudo mv ".RASPI_OPENVPN_CLIENT_LOGIN." $ovpncfg_login", $return);
-
-    // replace with selected profile
-    $ovpncfg_client = $ovpncfg_path .$ovpncfg_id.'_client.conf';
-    $ovpncfg_login = $ovpncfg_path .$ovpncfg_id.'_login.conf';
-    exec("sudo mv $ovpncfg_client ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
-    exec("sudo mv $ovpncfg_login ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
+    // remove existing client config +login and symbolically link the selected one
+    system("sudo rm ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
+    system("sudo ln -s $ovpncfg_client ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
+    system("sudo rm ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
+    system("sudo ln -s $ovpncfg_login ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
 
     // restart service
     exec("sudo /bin/systemctl stop openvpn-client@client", $return);

From 5f7df3accb9d211cf69a01d214f1ff0c0fb63692 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 8 Jun 2021 20:16:34 +0100
Subject: [PATCH 199/300] Update release version

---
 README.md             | 2 +-
 includes/defaults.php | 2 +-
 index.php             | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 8d2c15f4..29bc5925 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/FRU1tXF.png)
-[![Release 2.7.3](https://img.shields.io/badge/release-v2.7.3-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.7.4-beta](https://img.shields.io/badge/release-2.7.4beta-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.
 
diff --git a/includes/defaults.php b/includes/defaults.php
index cba04a1b..6db85dd5 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.7.3',
+  'RASPI_VERSION' => '2.7.4-beta',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
diff --git a/index.php b/index.php
index 4f79b062..71f91430 100755
--- a/index.php
+++ b/index.php
@@ -14,7 +14,7 @@
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.7.3
+ * @version 2.7.4-beta
  * @link    https://github.com/raspap/raspap-insiders/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/

From e62bb9c04e70d175e0e0301f941346ff1f8f7cf0 Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Sat, 12 Jun 2021 14:28:09 +0200
Subject: [PATCH 200/300] Fix display of active openvpn config

---
 templates/openvpn/configs.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/templates/openvpn/configs.php b/templates/openvpn/configs.php
index dc624c63..a7955739 100644
--- a/templates/openvpn/configs.php
+++ b/templates/openvpn/configs.php
@@ -7,6 +7,10 @@
           <br><small class="text-muted"><?php echo _("Activating a configuraton will restart the <code>openvpn-client</code> service.") ?></small>
         </p>
         <div class="openvpn-configs js-openvpn-configs-container">
+          <?php
+                exec("readlink ".RASPI_OPENVPN_CLIENT_CONFIG." | xargs basename", $ret);
+                $conf_default =  empty($ret) ? "none" : $ret[0];
+          ?>
           <?php foreach ($clients as $client) :
                 if ($client == "client.conf") {
                     $label = file_get_meta(RASPI_OPENVPN_CLIENT_CONFIG,'#\sfilename\s(.*)');

From f721c08dc9e7ba559d3ebb5e69b1630a07642251 Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Sat, 12 Jun 2021 14:29:37 +0200
Subject: [PATCH 201/300] Fix openvpn activation of configuration

---
 app/js/custom.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index b834aa30..4ba0436b 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -291,7 +291,7 @@ $('#ovpn-confirm-delete').on('show.bs.modal', function (e) {
 });
 
 $('#ovpn-confirm-activate').on('click', '.btn-activate', function (e) {
-    var cfg_id = $(this).data('recordId');
+    var cfg_id = $(this).data('record-id');
     $.post('ajax/openvpn/activate_ovpncfg.php',{'cfg_id':cfg_id},function(data){
         jsonData = JSON.parse(data);
         $("#ovpn-confirm-activate").modal('hide');

From a963c0564f2a407ae70821b748ca9a556bb11139 Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Sat, 12 Jun 2021 14:36:03 +0200
Subject: [PATCH 202/300] Correct displayed configuration name

---
 templates/openvpn/configs.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/templates/openvpn/configs.php b/templates/openvpn/configs.php
index a7955739..dad4a795 100644
--- a/templates/openvpn/configs.php
+++ b/templates/openvpn/configs.php
@@ -12,14 +12,14 @@
                 $conf_default =  empty($ret) ? "none" : $ret[0];
           ?>
           <?php foreach ($clients as $client) :
-                if ($client == "client.conf") {
-                    $label = file_get_meta(RASPI_OPENVPN_CLIENT_CONFIG,'#\sfilename\s(.*)');
+                if ($client == $conf_default) {
                     $btn_class = "active";
                 } else {
-                    $label = preg_replace('/_client$/','',pathinfo($client, PATHINFO_FILENAME));
-                    $client = $label;
                     $btn_class = "disabled";
-                }?>
+                }
+                $label = preg_replace('/_client$/','',pathinfo($client, PATHINFO_FILENAME));
+                $client = $label;
+          ?>
             <div class="row mt-2" id="openvpn-client-row-<?php echo htmlspecialchars($client, ENT_QUOTES); ?>" >
               <div class="col-md-6 col-xs-4">
                 <label><?php echo htmlspecialchars($label, ENT_QUOTES); ?></label>

From 4bfbfc40f1130bf787f91d5938bbde6a43223b6d Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Sat, 12 Jun 2021 16:19:31 +0200
Subject: [PATCH 203/300] Remove determination of the default config

---
 templates/openvpn/configs.php | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/templates/openvpn/configs.php b/templates/openvpn/configs.php
index dad4a795..c3e578ee 100644
--- a/templates/openvpn/configs.php
+++ b/templates/openvpn/configs.php
@@ -7,10 +7,6 @@
           <br><small class="text-muted"><?php echo _("Activating a configuraton will restart the <code>openvpn-client</code> service.") ?></small>
         </p>
         <div class="openvpn-configs js-openvpn-configs-container">
-          <?php
-                exec("readlink ".RASPI_OPENVPN_CLIENT_CONFIG." | xargs basename", $ret);
-                $conf_default =  empty($ret) ? "none" : $ret[0];
-          ?>
           <?php foreach ($clients as $client) :
                 if ($client == $conf_default) {
                     $btn_class = "active";

From 4c79f1f362ae54103a40e2888b31bcb4ae93b56d Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Sat, 12 Jun 2021 16:21:20 +0200
Subject: [PATCH 204/300] Insert determination of the default config

---
 includes/openvpn.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/includes/openvpn.php b/includes/openvpn.php
index 711c1c45..67084df4 100755
--- a/includes/openvpn.php
+++ b/includes/openvpn.php
@@ -54,6 +54,8 @@ function DisplayOpenVPNConfig()
         $authPassword = next($auth);
     }
     $clients = preg_grep('/_client.(conf)$/', scandir(pathinfo(RASPI_OPENVPN_CLIENT_CONFIG, PATHINFO_DIRNAME)));
+    exec("readlink ".RASPI_OPENVPN_CLIENT_CONFIG." | xargs basename", $ret);
+    $conf_default =  empty($ret) ? "none" : $ret[0];
 
     $logEnable = 0;
     if (!empty($_POST) && !isset($_POST['log-openvpn'])) {
@@ -79,7 +81,8 @@ function DisplayOpenVPNConfig()
             "public_ip",
             "authUser",
             "authPassword",
-            "clients"
+            "clients",
+            "conf_default"
         )
     );
 }

From e07774c09b3c28a95f91162b71b61dea4978fd67 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 12 Jun 2021 20:08:12 +0100
Subject: [PATCH 205/300] Update fr_FR locale translations, thx @yolateng0

---
 locale/fr_FR/LC_MESSAGES/messages.mo | Bin 19293 -> 25707 bytes
 locale/fr_FR/LC_MESSAGES/messages.po | 173 ++++++++++++++++++++++++++-
 2 files changed, 169 insertions(+), 4 deletions(-)

diff --git a/locale/fr_FR/LC_MESSAGES/messages.mo b/locale/fr_FR/LC_MESSAGES/messages.mo
index 2c4e8bfef1cc938d6d8964c7cd7776953dfda039..c86cdd43b8a39d2e4fac7592ed57c8b7366ab716 100644
GIT binary patch
literal 25707
zcmcJX34k3{neU4oA|L{a?8VxNrn|F1AYrr9oscG5n@)(}Xso`sy1U5jTbEn+cBjMO
zL&b4)+z}ky=edyJJaH7A!Sz8qDn7?ipZh4H2s7g{!}u6++<3qLS*q&x0*dclJ^in9
z>eN}k?R@78_Z@ri%>lm)4+w%&!0#Rr1n=hgZO5rJ2o|420+)bwa2t3ucsF<?_+{{L
z@O$71;6vah@OR)=aO25Aa4h&%@G0O2K>i<mj6Vl~-vFNueh1X|4}*t+hclRGfX9Gp
zzYBaCxC~S~Yr*5eEuh9z0rh<oJQaKuNK?T+ho1q}-u)o|4<6+YLky0mvalCaJ6C{e
z=PHNSf`^cQrF;K6@TuhA0cxBd05!jly7GI$E#$uqYTS!Yv$z~Ql>8b{>(&RJ3vO}w
zHmLSq3ToW10yW<Efow_eNpKPPIdBU6DyVh1;&eNnE5YZJ9|bkudmMfq)cC#xYJNWe
zo8ZHs*0U1Y@w7qHzstW0Tp9$yo55qi&w%T}uY+2@Q_iscuLiXb>p<=2)u6`tLQvyK
z-1`*NJZ^OFUkhsAZw0lUcYrs7p9Zx~183Uz8^M+2Bk)A<X7C*F4p8g+b?}+sec-de
zM?tOInP=H~uLd>lO(07a+yv^o54rru!I1oSK&{8GLGAxhXWR8U2h=*B2Ob4J2V4$r
z0fPgA;0CbG<4YLShrma{o#5?k?i%pGt{~V2UIIQ3d^>m{_zQ=<i|x9PgIb3MsBzo?
zYTe%miXPq#YW$xDHJ<xGjq}H#=6m3hAYe;_6G7Em4Qd^q2Oa_L0uKfgQ1$Ds{N*nH
zI#6`-KJakxE-(b|0S^No0M*`4K<(SlLGAP5EV}6VIENv~)PrtN<Js=8<?v0Q*6&W2
ze+bn44t=&A_n9Ch5cGjZfE7^vO@N}`mw}?UH-ehSZJ^fcQ=r!G%b-Np{h;RY2*?rz
zzXc(U;9Q7W?GA!^KMbm!KLOQF1}*|$4r(5+2ag2*7SuRD1M2<#p!Vk{puYPJsQ!=c
zw&Oevd<yw)hpR!+?>bQ5?{ekWfLhl{Q0sg>sPViURK2%>M}oJ3l2dnr8uvefs{bv}
z%oo(UJmT<(9ybo~D9XD*wQ~`ud29d~a!>`;&Kp4Wdn+h9_#k)?I0I@Np94idUj;SK
zZ-VOYpFz#@H}3u6y+Lpt`J+IM^Oax-z7bTr9|i}(&w`rwG0SZGCxAzjKNHltE(bNP
zwV>q46`<Y^f%<M2sCkdN{9c!T3HVgXZ+7@zSN;)D<G&XaJ$wn&x;zSA3?2eeYP@Sf
z?dL{N?_U5y>cMVTelw_X+y-iV9|bk9Pk~yeuYl_RyP*2}DJXjW4^ZtNx5DnjDc}v{
zmw-<LZwJ-iCqU8X7eKZ1HCO&4hd&3k-V%zM|B;~ThoIVd7N~YE1~r~5K<)buQ2md9
z8vkxrzSrR^K-GT}sP^9pO3uIE;paik_d!tW|1<Dd@DWh_dDwZDzE1^JegUX{t^hT@
zt6aVU4w7$z5%>vkGkDthL2x-(1J{9fg6qLwfx}?mDtHsT8Pq(FxWMAc;Bn-;LG{-M
zYTbswv%wdEs{e9O<9;)!dA<WY9^CKBKLu)i{vLcf_$5&M_9Kub4;}+g09PQq)&3Qr
z*6C_c{f~m;tG%G)%q`$n@Gh4>VzuSBr4FwG)y|)R+OJzct?zq4(am3j>hEtH-s{SL
z0BSuS0xtm{2K8MJ%0{>fJP^E8$U`5vnEU`l{(5i%)H?kR)VPnL5q)<CcoMh-+yD-M
zJHXd~$AAxjTE|B~wRh;H_Pbv2RPq;qqL&@6ya}51aQRz6(ZxGJGcQo`=3ekb@P1JJ
z{|eN;J^eDfj%z@*{{m3^avdmsdV?$fF!)UJUja4FAA_fXzXsLrNzbw4JP*`-F9ubA
z2-G?xpxWKz@~;IO<lhd8K926Q`+OFtb?SBb3qZ-weo*_@041kh3}ONVH-e{ww}axp
zFM#Uro8XP$L!j1k_gdTk^<b6!O`z!Xm!SH44AgiJ>$m-cpyX>0sPWwns{K!cs{ch$
z^zk)tC3qjGc^^A~jswpHHSU*z`tF0E_UV)0LEyJR(e?L0@yWk}X5T^4>!C2G#`6sD
zSzs@yeY_gH3A`56I1Yh%&jODEmxIee?QaEK0=^hj|NB7E%|}4-*;he*cgW>-pO=6d
z_ePK{4fcUr?|%W$27du|fhR+>+V6f)^Lc^GPlFowO`z!S-5^UJd=$Lw0M;3NDftVp
zK&OHq2PeS4*hpL8e}QA*C7Y08;Cn%h<1vt~gUdEsx$z26>->69>-8Q`>+(?$5f}Ue
zsCgc^#g5~2@LcjMz%#(BK<(FcU^jRNcqsTiQ2X#BhyM<$onL|4rxUi?`JV-<osFQ%
zCqRvJ8axcV%i-PN(d6$1)$X@I?ZX2O9|jkb|1GHY&K<J2!QnNa=JRTozZ(>PJ^+T`
z0nfGjcP1!0Tn`$41GWB%%l|2;{kqxZ?*O%4p9e+P-v>3mM?kIfW8ibZ%ePrR|8r35
zb1N8v?*hfgcY{ZP-vn2I4}!;lrwrS5?FQBE^Fj493QAsF2WlQ~0iOo`9jJBug2Qis
z8t)ImW5M4zeCl>P&oe=-^HNajd!EbpgU6HK2=;<60yXZ}gHHwD42myq14Xy@fTHXB
zK(%uaLRj-T7Ca6NL5=e~5K$Ry1J&;vz%KAsQ2TZ_D1LqbR6qX=9t=JTJ{|lGcszLQ
zm3IHTK)pW?yb)XtYX3e3YCN9@)&I}H=Ya?8wCi&<sP;!ejdK#zxNijY{Y{|e`*u+M
zz6U%U{1~Wl&VbsF2f=f}he6Hn1Uk{aoewSt*Ml109&jmmJ*f4%9Yo{=p9R&<kua(G
z9@IXa53U9`fX@V93Z4MI71TIC3~F5WfU5s3@EPDwK&|V6S6hBq1Zo~DL5*t-coVo0
z)I7cqif#^gzFmjoK&{sqpvun&PX;dswO$oa{br!(?3FHmGpKcZKPbMu3sirfb>-g#
zHO>cJ`7gnf$RB}_)O^kcHU5?0$>0^B)?*aZy5H#VHK5kx7VsSK4p92)>!9TCe}ek%
z#246oya3d?^?_T!tH2oC2VM>y{X&aZI(!GXk@AN?mNHne%la)|4QhM`zsRo7$)M=4
z7d#Oh0JSbJ1kVRspyqo!sQG=;;TJ)b{}ZV8{teVR9}?O9I01Y%`PJYc7=w~)cYxZL
zZ-H9(pSt`n!6oF69Kpu~t^!-&7^w2^f)|2^R;>KH4AefhK<(F!py=g|py>21p!$0!
zsCD~1sQ&H;j{tuPZUBD)YQC3M?f&clweK$k4*+=`{F&a9^m{ewem(Hhcl!NL^A}wM
z{wL{WqyzZ)jo_W6ACmMtNDcD)7t%RA|8KBQ1^kwh-eaDuJk;YiTwbu0`kL<w@OYB;
z=9%DXz2x_CQm6-h?<I+6&*HskM0_pYd^Y*L;1W>3!@z^VH=CUOa|Hm21YdJy&jl}_
z-hre?c>Z4`t#d+pAL*}2`W?ahcY}w5?*uO*eU|hvNx!;<;LpLAlRilrc4dcvq9N`3
zcS)}x-A!6dTmJ;=H$?g^={ckik|s&NBmIJOH1!?=MSt3~#{liM`0MAS50msekaQ^N
z5bFFFcrf@H@Kln1n@D4%x03#b^cB)iNK>TQzt@%u*71B2ZJkXL&GnQ1lJo=8Eu@c;
zL~HZ?R#Ny<(r-xjxC+-gtU3G#P%`G}v|s+6LjHLaY$N?6X}t9EE}lQ-^5;2hIeZ;>
zWT~xxb>$nuHtCzB+etmtc^3FC(y2T@AABmf6C5Gw_wS@duC1T){1l#F1TJ%Bf5-FZ
zNXL=?9*8)~e{XkBH-g9T{)GGu`jY4KTpRz!^U0*|l-{52o|jWc{CpcJB7NGGKa2AF
z-17^-XORCQD4C_-C`s~6GVepAzbEN;xP{<V;3r7u@|}LaCN)S+(wUU~AJG5S@UWHi
z64DORy`&$Jjw9)})<W<X4h11?WG=tT^>Hcr_mi$B9Z5Qc^mWqNq<4^xrCt~Kr=-oK
zt4R92!Gbxj54z{e!3#+TkuD+qt@5s)n|Z#0^fS_xB>g@>nlVqvN^rnE|96K+fhY6*
zP2iVZ*)PHKU7M#l)T;+b&n8WieoXSeGkAEh%WMa)Bi%|m-F-X3^YNr_lb%M|nc!zg
zDe09Y|2xCg-$%iJBVA0oo^%xD9|86I6=@~;6()z>1-_otO*)3uL+Wzv{0GlfQaAax
zfV)Y1Nc#N`3&DQy3-0+WhljiG|AhQsxw3D8=a5d|U9T&95PTcy0@8_;zsZ&N^86+D
z{8exZ=?>C0q$Q;9lk{7qKNpW&Iyf|WUKsC*CK|PP&BeVVmxjxF%>TlXs5+izt)5Cc
z5nP<LnrVIP(k*FAwOlUTxo#+oDwR0P!bY0ZTUi)28gbMNqb%&&+KB62J>j+}YxE6;
z)iln+dfEyr?PfEsw`$X2)^0S?CM9XT9#>jPeJpIHYBQkz=BN_(RjW<f4*EvYcFQ#s
z^igv%YQ_0OsE)22+7ec32@MzJHm~MKld*O)Y9(p?vT*x&l7&-AtrpUDE296_cpRp*
zG1;hhyKl0%Ihj=A9^aV87L{5`>vNm9xRO@mOFJ97xYrbho$bZpz=r;zuog#I%<QV+
z+FDxKO&>f*jaJ+Y2Z#LR!{NB4rBS`AQpliNNu|_;DQ!2{lsK9Q2eu5G?&7A(?fO+G
zl6u&PvTQ1CR>O9q%KE9X$*5i_J@B3Ht5!>=;ws~y-x?#T^Mz@8n3Yk}jfQqGuit9L
z6AizGc3HP?-4^uCQ@%54#+SFFCIgt~?ReVC8Y#Ot&pWrabKa$maK6qcUbrt_F4PsT
z@}AldN1f$1#1r&&WJ}X`<)f}*xH)c(r`2F>lqD7Wx2U`}jv&bpc3~-_TCg^0L7Q=4
zh@h5aty0xyQXOL(;D-r_D_Gl^5256^9*xxEYEQU6ZH61**LpM&hf!U7x0IIRa5`-_
z!zLUQH@jd^M+;*RcmL3ia8nvp&BJy!Fz6RS)PnxF*-Ff0pwDuKQ5$yY;Hhvlsl`G6
zcvK&YVXt_?X6kBaJWVr(6OM?&&Ey)*bTX+zLisyM873(nQL*9TaB#psZA!=dW2G2Z
zxVX_Cslf-k<LM>g;<#t5C$t=BS-7XtY&q^*vW8Wv)EG!r<F~cWt+g&vbC-raJw2gv
zy(a59wiS(KtdJdy2JWA8nz!#HOIqX1uz@H^D(xE5Zye&Dikfk_xv!rEH%u5-qIwwB
zrlRRA9AQOZFo=o~N%~~kGkD(BRlkfj=uc}Y3sRO};d-;y<sx>-W#i1WHWBUFRc}x1
zf(;>LNxd)~h1$tCAQW~etj42JyVf#vLiJ>#Jt1ORv257|J>lSJC}y4xp{Qj`O_O<j
z*glE1Fji(W{()GM(hNdUoRaOSUT3L@B5l`O&FQdT)ax@6iQz;WLT4dHYEgZ+dTLFj
zVTF~8XroDUR!tPV;0lmB(PWg=MD?>Ie@Q+wXGonLs3uvX7ELp%kr<K2!09)gDAA*I
z64OiS2tp&4orE*bmL`iqAY20pSYL;MOa}w{8^Xk+uuK?DXwDR7<0Gl0+(5)Ww6ka|
zE<M7}^`w<HCG-c}W?T+EKp)C88Wg1&srHS1P3>aAMViYr6wNXjwN!_4(BUj0xXRN|
zIGQ>cPUWaR9ZroWtvG8$l{j2%ATz5Tjbuv<8Hf(mS119}!ysxgLdn9ch4!VE(>j;k
zDOjjo3(E$#>(#Wb1{0Pi4mZTL+61fsyU>r>>VYIPyJ;Dd9Yay2m0fJtuBfuxF(luc
zTCAtt(n7Wyjo8kDfqFI(W!H9&$7?&R4P&T`wrkolR~4GqFq`dq-RwkBoEN30h96ZT
zJ!mwrC~O1;UJc=|c#n*rWHJ^R&`3gt;!!B0jS6P==|q(1i(C%YBG%fg;(>IkUXvtV
zXT-Tx?xW%gSt~|WjIwk7^?Jm|2x}v<7`EoXR>SDNLf%d0OB^-jFMN3|9UIfsUB`_W
z5$v9wKz2Fk14(Y>iJ?cnwBvM40^=r=No%^te{aU_1W+<6Jrqtwb#KUN?AV`XK%sc5
z8DHDRBFms$49IGR<Utt7EHd<&GJs|{nKWDNs1}Yz%@H_C25V2a)-S5%`LRe<*_hEL
zoIZh^OE7MiVyQB~7*^F*v`AFRP>yV!=^<((8Dv|ry3>AZmSR@M5mlF(xlbf}`AX_l
z3R!yF?0*zijSzq!5_UUZGB)pt79bg`rwA&ssO6{3SmCg11+~H(5op$kD=1_-a|+my
zV8xk`q4d)q)@v3s1+6-3-bA8nHzWb<US>HD(W4QZqVQT<6keNli$0xe5oh8@wJb%@
z(OAMR76z$oUE419hcQoFFMq(05eY0*Nk`HP3}%O1vwA0IlX=@^f-td^0c-7dca9KQ
z=u-@c=5&Lzf|K$H)e7dev3R4fh5U$XtW;|%j_dx&BPywQ)m#n5TJzHeLwmCA8y-{3
z3k_UcY6Yt^0K9?oxa`V^iVvMJywHadT4r%1@wQJlB&Dk2+TswS5_3TG+KB>0zlepC
zg|k=v`6O7kC$6;3$~wXlxnN^R?lxPzZg7GKTM2gNdbkb}Ww_>DShWJYqa1U7Zm|`-
z45xfDDt+eOPr-DB_Q%9VJ_PHHq^eh@gAEw6=1(|0JUAfU9BCrOD~R@BgV&|zsc(qa
zoytZPT(MU+D$;tGPxP>$!r0)BNgI$~=rapBbvhfQv;oFM@aI8eC*+wr@>XJx-E+3N
zF)(_w>8!VcmdbkTaVr>HpqkU93%-x4M#3-n-cjX(?~{g+w#k$MBheWcr_BYw@MpJ$
zMvT?9;J1@?3DyN)PeFKN=IA;o`ZX#!e+o+-(t>**Zqa@g*<q>c3?-A53Zojbq>4br
z3@8;tFmp@V4O@dvk#sShlhl2s<K$qSzX_7Znvcb)0=<eYCaGDIc{#hHHez;_jd9%Q
zt0DA*O&sppGGYCL=L*g)lUUBPi?d*pyc^+map|UHBEhaiI;PFt-eF{UmWA+Yk7}F*
zo{M(JhzN8pl@PgZ+4Y!N_3Bho<(Q=dLW_5(=x_+%k$WtTf)qHb#G4bgq|kKA>%bav
zB5t%>fzD{27dDriPMh7ah?CR^qKXrgQ_sQXcp~LYvx5^_@mS@#)#S9lIjy(GVM&Lx
zd2)+g1({r1;;Gyz(~;4(8?_HxR>p%ZNoBW@3R}`phlv0zSet`C+p4nCOp3zc_J}BD
zbCm7Q3k~5IpBOv01@pqu5xK236qR!nbz}+$o*mTIIyO?wf!$aT)1hn$r`F3#&lnHE
zR_mejI9n3B*DCgsaA<gAFvK_-<4wpY7?N44KVfOBhtQ|65+@;?0C5Alfl!B%a2qF5
zncsn-kfEk=7s^kdO_asp&n;zd!dwReA2^k_paX#_CI5kPUP)T_!B8`8rIoZ6I7PNo
z>V&g#;g2*_4A+(`XxK%O^O9nc6~jd>OrveE$PAA#Cywt6d1iWoZShEoOKn?RiCLm>
z^IHFi=W&`tVUZoe;Er1=80FY94q`9azn<asaw27=x5c=6#nvS%-WF$^{CH*6aoM%$
z%e>c3dH4k%ggKW5+ZbZl-&dYyAgyZt6z&3NVl6l7VC9Ok%U~EuRE%<14i{q{J$D-v
ziOaz_YK%9`5db2{QNA^Qp+9TM1;bb%O^G4@P-@q`3R^ODhB+oP2T#E?SK3=6W)}CP
zIF^_Ano)?u!-`V(E#{-~nGMS%XK#j$AFOj7Y!N1zf17)uhR4&XK!3cjWK!2Hzh0z%
z-HPkwCXjhgjdsiEl3~nfgy$w$w-zX)?+VhA6~H-Y9M1#}pvC=tOG+>C9F*B4`n`N?
zQHet;(JTf*8{&X3lZh?y0>kFy+_g`IKiB5HVP|umv}|sQg<fXA(;N$lsWR!E!J*=b
z9h3#cLfLmld%2v|*266f$zoh&?67z!kE&#CnlFkm@x~3Q5Xr%C$tz)PSj^dcR-G?X
z?pDe#CnlmM6l$#@3t`y?aYdH<wFFzzsWV*tPy}IYY`Grn8|E`xGP@!#m6gRt+%p|)
z7s(b(v0ZKochbd)nay&=!WFq-wCBux$#P|3EYKbrp1&oU=oUZuc67M1=NkH}cguR=
z;B0SOU;&AFw~W7M57qHX!!+YtajfG{#!sR(d$jlMJ*iRE)9z-BD|PaZYGrC{8P|A!
z#3mq07h3EpHnDN6{5}iS!rN5iRHN;&4dSek)6-3_*A~{(&SFnmb3I~S?a5o)KQL#j
zO?UVlCKDQzNw8h+xzU&_NU!_KC0_lRGTE#{+=4ZO?e=(|%iJB-NymoD_(iXv)g7M~
zEU}}$yDrvB{7E3#VeZ`=VBbygIOozXqtF~}F)z*8IPecf<2Af(mX{hwy7RRfw|%g4
zsL$AN)^?hsIxjR0ty)=Dojc<ZMy~spa3q1V;3>#13rgj>sttA~>l0@_m7ntqDr4Ym
zuxHbJDcljkyz^^lT%-2nE+4VGk?gGEO2ZK@f1N*>K^cv)*yUs6Du~0bsYbL5t&S7X
ztKhh62}3L$-+eEgp5O%p(L&>MSC^fHws6bPdKUKEdujD#@|$%T;?KppiVeJM@#jD<
zZ)cZtAs`(P7)@Rf7XDI|$bnqqENkR+@VzleAX{SuRn5gsPvATAjdQ@nZoLMk?jEdm
zUnwIyt*;5O!y8d!5mq0B(7ibuORC*#+hbYx_H<3SR`=;wCleDft^{Po2>HD}`<yWx
zt~JFGT)JpzYqvMgyE)6mYq)b-vAlcPs_x}0!sV;iEL*u~Q<Sy34F}dD&gy?a<NgrZ
zy`78jH6ebQdS#sUti81cfAFsL+ZJse+`O)s*7BZZi~2dTA?>^6yjl~s;ytZi{DevU
zBEuq(>?J$4ukXIFsON-8H;%7V7WkU*!jYu4Xb5M2RO^<TC|eWO8z!4wvf`r9K3=l8
z9$p$QUvkl+=XLit(<wgfc1xYF@0>T?g9B^Am8;LcaM|+GXXQziir1qd*Mz-XgW!JX
z)fHnc?v3lab`1A!>fg0_-SBYV<?DufaV+URD(h*avpzPxEnl{%6dHn1`F%n|I2A-q
zyve2TkWEN>7Z+0P!pxu9mnpnMK_cA#a7Ut}8)Shc(UrClKCP?>7{Nu+U;~jwl~$We
zBkT=oBmb~z&AxEiTr)8l^>~lW*2yGN>qYR0Bv>5G+#r*sk#eYxooCiYbs*ULjN)qI
zM&}N@GM*s*yoI-k0h>S*HC^p$>q4%>xJQG`>}SeNZUNMQ#HXB;X-6bUPw=E0vZ}DN
zIj1Ijh$(3Av9~W8=4ck^4umb$Bv}<s$sC`#VVl`UR0vb=ii|)vx6G<So=6iIu+1u5
zV}b)ba$|?bC8@c~9ofTdYx%9w6a*FM%#W*4F*mk#oF2MNHQI+O4dYzpo&+g8vp?ul
zv<bLvX8%}C)TfJFl_<2u>{TWsUAHjJB%9f<Q;SrR@5qIrB%>zyL}Sv%L1D!_gLTk#
zq7k^gaVsKAeLLjCRM6LRUgtVs;Yw|<;OFn6%Wac?+XY?B+-}xlR^LCo;nw2aydCG?
z&gnCMlXvF>Qheaa>`k8)mlABA*{{G9)}Ra5HGwVphXY*2NAk23tEq)DWk%EBRfNh%
z@Ur06voS2ez|4N+o=k=a<<{{n7kx=L8e;;QpdBJu8W0NGzlpp5j*<|aE+$VVXZH7C
zak1ZYROjlh+BH6NC-<%RuWDTiXMqDVuJhu(hQ`h2LddxAaRYG|XIM23CsSzNM!dAS
z7a=gEDaL3^4(OUzG_PnE6%hgx^wsO_8q%OYcd!tCP&{+B$Hgr}@*;xibcli?^krrr
z-p>Ar1Gb`Da6)m#!7VUTVub2fORCE{%}*<4Yw>EYDtf*eXIbOs7>mWF0)w=gJh(#b
zaCUduVu;?MwYXB7*>62$a0gK_um%@*Mu5*ckrlx);Tr2nLP%(yR_Z)abc`hfZnHL-
z$y8xOJF2XM2#T>w6}TF(eOzI>5)g*%jpNdjBYe+I8Oi`*-%8tvre+qxO1dH?prMVp
z2xs1<{hye*T{lO$T<ZzeV|}n_#F^Bz$LpO)pSxdWK_1lLCPO;qxEa22HxoVKrYMB?
zwR>7mBnz=KEfJ-UoDl)r(3#-`HN>}EbrU(mAm{lo>q7t4B)<qRlqQUm8jE9H`I3hH
z{*j3)<05Hjwn6le7|6J@M9_*Rs;01@T_N9hHAXvB;N(hcW*=+Zu_+XyPt}g;weVL-
zLvs6WS1t3Juv7o)3YEwef^RbJ&e<aq^a8=Ev80;@xKS_Bg$Z~Nqc*T3nU}<ewzw{>
z%1Xkza-umg&mpd3s7%rGgbsKC3a6;dv*QT#whnfTJQTgC6O|~aBx)NeM%ZJpqm|IP
zml9gHdfjT7Hr->eD)!AVXcxDS^H&|>_(f=eBw>jbBnLGU!^c{g4e~~GPT5c`S7AnN
zVZlJ(Sdm14l=#5L@wCx`#PMWpqA4V(5ez<V$05|!ibe=E6WJ~iC9+UPU`n$anaOqV
zsII4)c$gZECbuvhR*q#wzs03Gtbikcd){>!?`QTqxtgHR_G6-D+WVf4UFwYN(PCsq
zoYSS1CO&v(PDqch$u<Oiik?!42W!hAuLX-0>Jcs|=u~?&;39R1w237TwC`51D9#5%
zGY|2pcZofn-8h=oQ8eN&S(AAk)sR(bgiW<8-ZQgbH_-SCwrHcF74|l*$UfBemTg+H
znKTw5j;K!!%?JobPGTwD02LuYd880bGQbHx5rc*u)8G@Dg8)$zJnR0{+A+F6o}fv)
z#aXa@W<LU7cVc5~be~kHT|Y4kqhwqaB6Q=D4<fG=aa2YMh1ybx#)&{JytVf7#(1ld
zsBbhDwwiy_)rX45(DZbUKRJIF<&0<<u6U#MOgaYZI6SYSa2z`vtu%9p>)g6B1}tqx
z8ma#TOF~3nmJTjhn@V=leo6^WeWr;-g!e*s(PATyRG<yjT_F;bCz-USQ?t(|!c=_`
zj3lxYOB#0TLIbcE+G}VQUN><`NL3pfvx!%3)k+&^<R!=GES?x)->3uOB1T%62~_i;
zNIqbRKFwV1!G|NX4yi;)8O;OPo6jxXyTB!;BeGtqtJYRJtuB1jlCh`Fmnmb0mHGVI
zcG^m+#LQc6_(RvvdN<AbIn8bYm#%Fm^lz1eSSLe<D0YcObe2>>+lruLUp&>p5}tx)
zZ{Z|b1;Y--zIWC(61Sg9PBNj+Z8R-g%~B{jjiS&~MO2g4&F<Y$q2rf&YO(qNW1~$N
zl9{n1Jj36XDLaYLo{Ri^_Rb+mGaq(*JR&O7P6+~Y#2K}?v>AamH7RG{n6r_QG+nvl
zCuCQ3{Um|Lj{4qaF@PawtES-%nVGYstE7*Yp}vjI0b5ZrP6VgnK_k+nZ6!0IC9B7L
z6qGbuJ{6hnOhP>0u?hbl`ayN68{e`O)m)iLU=~8d7@xVkv--(ddhT#NKMg*vB<eV-
z=Vx?7%j`=azmhl{4}(_Fs2+FZ)rprkSP%XXtSrtO4mEg4&_L_7oO|7&#-572c_NdP
z1-9p%iPF(KKnKe;Vbq2tOt~g3d6~117A007m9Zg$b+|ETtcw2%n*>TkNaPLV+IDue
zuHq!?^zrN(Sm|X2jl?bw(|QO3BSR~iH)_w+x9WouQBL8-m_m#Mc@Wmje&ih{n*xF}
zBG`3=Bg}z9ZM}`if<W;;j1ssgU0xh1^O&p->tG)JFH25AT90EPlv@2`6}t1BGdkR3
z91opQ%WbU57BrI+i%iCHW))#Qc|4awX?66p%NQ;k(KV~0-^_)Z^4{x(YdD^IoZ%4J
z1@R_RO9ir~rD5lUcFh`^_p>bAvHUFyznvT4HLHWd<{Zo~ZaSL7bCSO>6eXLxC>oXp
z#f>p!C>|?b<jsk<u0iu#=8;FFsAYX2#&<N|3uAiu^C2XSQqWjX_e_}w<D&_7bQ~$X
zc~(AoQBSATD8wCvA;rJ#YvX*8fx|9HJ&(}@?U;kilW$;ir0Lf&Z{R}?GlB71m;FSR
z>G99w<ndM>6GsOZu1kpp)$nplPN<|7n4mIe5gN}jM?G{=rX!zJzxOtDS{Q+iFO&61
zyVyR?JtUc|B88icHKWG3Hc$nMJu_#349UpQx%?nB7QZ_GMyKR#v1M_7BE>#1imzmn
z=m6^vtn<9q(U!)IDdVl@oU;i`>v)FnMs#d&F=~v^O;;Yi2^s34RT5G^^A}-aFh!!)
zaH(OsJ5j?rnCv#YlE_S4F|24=Y#Yx(-M-kPH^vIW*5mvG-BePPiM#}IFv8dw$IB*)
zi(NGp^K*A!yV803%?XizXxH&dk!_wx?K`F}Nv|D}!=c;nysKsU!lhykjS$op+zn(E
zEJ?1f&QY%3Ij4Eb<QLOiDlJ$+i)DyJ=1gw=>A1iU{4T2x*Jatv47SdSe|sXW<LW<-
z)-myMCN_@2V1w-wZK5P*Q6&o39Jdt63D4vFmLCTB1To7IZv*ARp~Mij`<Q?^2?M^x
zf8boij=mnprC17=!==d9qk2p;-f7(7TZDH?aY3cXIa~`aXpRUo`%j1G9R5v!92XS2
z-u0E{E3@}UGE%JzSX)<2$y_9<$OO{K?s+0dZx4ZO&M=CbJXd0l9+uCE+uF)MT!R&w
z@yu;)dE6kFB1>g=Ojk%<(&>?7rSU1LG}j624d*6Ay0oI>wOIs<8&5Lbj3ghGs+S!G
zHeAviVatP8H5-ucFXpg%jTD7-u{V+1B^S6zoP)Qym@x-$m^`Np)Q~&6+Hk#1&h#>F
z$;d1a#DG9rE<LY^J%qdWORn=m--*kTwHGLWua4!5;cEPygz*{U-I}}3gJsNebC`1M
zO+)BbzVVTKSeFXrlR9OuOC1>5QM~m=I%g{X!EkZBVjL`)bB*as&*{c~_KvhL5BBT$
zQc}+8u+AnqjJ3wirNKH*vD2oLOfi7{`SO;$9A0~ri#jxAegrka#~jt1Q_XshjBaCX
z6dfqb+J^_iq<D3V%|WQKk@gUz{<)2mTxlSWM*${MP{LTBwfHx0^Gb@2h(V;pHTsVR
z%(-`1AY!n%bC9FfFvdcZKHzU={l@qM5ueFEEZ!I9UQy<vE=slLa!XO$#`G1Yxrn0*
z_bO1G!=3kSpaXPHmrYnMU8{@MyiVD8bX&rRz4j>j)Ew-N@w%9TE86QL-&`Hcl(`eg
z>)P?#gOg#2k~+;Dr1Fi^jN!l84%Wz-tDSF$xz;y_7DXW%67RI4p)mg<7pnfa>R#A?
zrx({Hn$K`^F|<GLd)6d;BE70Q3!mgrJbR`MeROaYtYVo|w}SGfI>%y!?~R;2`&)6;
z5o`miVM}+)31}nVE^a0lZVo%5Bis?uX*-%5?YKZcj*1_zmpQ?O^EKrTgMV~8|F6dL
zd$cn<+;P5XJ@HORY8SzcPk!|w0<H%5F9S%4I@+<Vbp|;u6#HnMZ=HVp+><(oyaqUC
z^baUN#B_<6jLPwk&PXv=5~IcuT$n1Ig>Ael610*D<_(@1`>!g>hcj-XOmJi{I6;Vw
zxg3&bsY9*nSY{$V#JoOEa%a-LKC!1(-BTG`n|pX2Nbr8<cRI7P!``7=#GVY~c4l$A
zgZW~;JtbG!+!7fivko@)8ZEy7lv7M(pet5RGNo%)&a$Bku*8I#6=xAD1k-#(bd%!c
z5YyHOx=?+tTG?R)dELQ6*AnCO3m2~?3Uf(G(T7tp5j{G5N;kXvQlc|4+4Ud2L8`Et
zKGMS3My9M&loiWA*u8$ReCD?I!Dy}g;BA5@>s`9!HB&dPf|9Fvjy+|gEmgl%OG2Ex
zBON^KrM}uK#ZHBblMc$US8uG>0wJB{`IrvNeRb$3HmH+3a><LH(0{K3Yq0Hhltv1Y
z>z{quSbSKn*QxK^KEN_KlyFa&y~uNY)wMVcb_XWf(@9jLiLeyp3(^^d^OCHC(&eKQ
zb#oj>_Rdb{sw|L)#r{J?-3pg31Un4Y1(lRMKGvW%L3uH8n!)^o@oGNsy^lln!T$xQ
C?Ae<D

delta 6089
zcmZwJ33!cH9>?)>V~N<;s7T~m6A>Z=6(xxfJ3$piD~%wNNHh|yrM+$KTAjA1mg*QS
z)m7R~Z_!dpE!9OA%M_(iTBeMmi>lJj_m}sWXP!RuK7RLe&U^2D&w2mnyf@D6^&Ma4
z3w%|#;!?xm^BEI~EvgtZhIV{yoi%1f17l+GDJ;PEuqGyk8&e%qu`Uk6YB(MnV?I{E
zg~(UTBiInvU?^@z{sqi?yfUUaf_3mD*2kYv1BLM|eeot<bm8{SfyhV9WQ@Rob0z9~
z8<2ly7cZ6Ym^*(GYtg@ip^R^QH+gpuhI%6s2V*>HVzZocQFpuqbq6a^6Iz3s$Tkea
zLs%8dP!&0gy6$DvL@GD(td2#DZ|c&}ozFuJupBkObFRN0<LSSRT9wnNrTPUmKz(js
z74xG8?t~gB)t%2kO>B&NKL@oWQ!${K&8IOJmtkdW%x!UP(+peUEvQP|g>jgNy5nW2
zwJ*gC+>T8!l-bEv=*Qlu8=Qz#-Q0^>qQ@ese<F?5oG@&<&+!eK`=g8*iSxM1&3GJD
zk??4*lub|<Y=;^s6;+8lQ3K?mCO8NAXIAo}&uvEC;1N_sPDBTcsYv52C-j92?v2WR
zuU{K=hcT!MBqRS!Ixm{g1k?rdQ6-&*TEa!nW!Q@TTIAB^L+4p%)j(4oCEkcbePAq7
zMKc>U;}xixZbA*P168^&P-}h~HSyn26{*|It56H9M?VQQ@xB;~Ly>=GCNH{fU=<C0
z;04r$UPoQ%ebi<;g1Vz`P!qf4-mlTz8z>qzp#;<t^l<h^?V;OH*O}_h&q7sf0aC$$
zd6b3*UWWQ$DQdvCko{<Oqb7I)Rr2ppcXkO?fl4hrBd~lTScCIDP}doVn)qmp#}d?a
z)?m1v|CecKjdx%LJcydeVbmR+!isnSHIbjtkJnM(Yr-R<J4!@-?`G6Q(ov7=Fw}tA
zSPAn`@86A;8Q(lWLwB@5C-7<4UxRu)H@f~F)I^S=*0KzBr&ZWtnpik$>7r5R6R|a>
zxbwNFfoGv6v={@rgC}Tc=Ic-czK$AbJF>6LZqxv0P$j*H8t6J|pjt8BW{N`fW1O8(
z6--Cn;1JZN%SL^FN(}Ya7XqBn1eTx%Sb-XFo$J5q+=BYtUetvTpnf{aoYydvek00L
z8JnVRFc$UnbVF^*q3(QMEcI7O?&pMNwglB*j#>CT_QopIaX1b}&3ujXP1K$3L4EHi
zvMtPa?){o^-bDPUiN~NeZ3lP0Pk=@hP7Frv_L0~Di%`F0>rhLw6?Mn^Py-%8?dtQ$
z6KTTQP+p8j^=G5Lw;EO9*HD$&idx#;sOtwlbd8hljjI^O8-Jj_5XLhj>tF~rLNy|h
z;+Uv*{ElM=ssdl2CU_dP`>&!ZRxQDO9(BD8<X1jm2Gh_Q=DRl*q3-N)*Dpn_;Re+2
z#9q`ImZ2*4E9#Exw=ch->4IA85w4$y{N*)^ur{ti{jvtJ{O|vM8k+G@)Ca#u-AQPo
zccE}pKOU!IH`E%g$7;9(RpNbE3BN?1O!GDBCq0z)td23L>m*?vOveU#{zuTzZp}lL
zrU+-@Ow>S^Q5UGz(R=?U)DroTe<qHXdUywFb&61*UyZ8ddelVsVpTkdnm`$r|NXy2
zLwD{=^8UU@pi12vEsjM^>>{e<SC9>E>UHu4>W<9O^hbV`&3&lfjc0Kz?!*-IclMr+
z@fbsYUT4-{Ygx((&Gda#{}iU-bxiS*F2;OHKfr$mrr?mS-UYX!o}TMi4=X2ocNT%#
zQ}I|A`yszoW-MxAbC7#B>yoK|TN+0=p(P0I=9Q?Xvk~e-El?#)L(O~;>Ov*%{BqPC
zu0>Vql=B>F&3{BKNysgpwNOt_WPpY))Z019xd^GUdByclAdia)>F)jU@uT)Y8fxhV
zpzd^n>)(T_<YTV?GKSONiS_X)YA*yX(C9<sDyCx39^PXz2UU?L(T`7K1AGUy+xKH_
zJb|j<C2WGxlpzXxpf=f9ROJesGf@+pk4!jVp79zch`OUas1kmLD&1k%KZBb21>})8
z6;r(lCSfi5-7o?NU}Kz!`YC=0b)6Sb6W@s1E4wg?@y%fxOx|2Z4csZsTjTDirO844
zzhD7spodXw`84XM^hMOfOHl)ELJe>Xb>|mR-@AsIK=q#9gd#AE@l9(QDs@LxiIY*g
zIuo1XXw+KG!d5sRRpL_QH^zK~n#gt3^B<D#RUiTNy#c7t--g;F#mEC=7GOY|X9o@a
zF*u4U)eoqN_<DI?Xo%W8ai|KVp>}US)WnNWdtnA@!i!OBzaDkR+g$%+)Y5!~s>sz|
z)L#Qt<!`J?<wy17QD5wdDs?7mfN}18f$Pskt@#qv#9u^BbQ5ZzPf&M$7FE$I8J=}e
zHy)8e{ae!L$cbnijm>ce>WiyTYr6$iq1~8+$5BsBIxnN~Vbs9iqSpQzYO~hv>+SZI
z*ol4$Y6(hE6J8i_jpgo*=TR4W8&$&3unnHXepr*2SR92K=s{HFmb(74*qZ(ZY>#DF
zjJ5lF=jWkH{~D^ofp=+y(%6R;@epc&qo_NsFu)t2F^18PK`l`tR>3}4zC`Gw|1QZU
zI<}KzYH(<oHj?v1OZf;{spmg|#t?EB(Q$@+Nq!@`a4Gpa(d2Y!@V}62L=)A~muUGW
ztHbe3`K$L*1g*$;vWfifaYE0(j>|;rqGL80LB^=VvD?G^8($#v$^Gt}e(~0jX09(r
zkvqvYa)jJUbhPj&-#@?7_ED}$8lT73+(G_Dej$~}Nuoo0pbe=)J|{ZHk#nRinMexB
zR`TcLc6UNM{W}u>rw^>A9|*dW2mbWt2Kp}&ZK5o)k334=BRV3<P%@WTvYhD9rhKKm
z#bb%zy7n&o#<g$of!05S-jD8#9;Hmu!S%&$guPgP=#gAX^lW!8Kf{xPQ^-`;FL74J
z-$@d=#hrT#bIB~?tvs*y(z!}*9ADFThkWQx=yB9Bopd2@kmIBi=|*($gK4gpxA<QT
zK0#`b2gwXlMs(avz91dRC*(fOVlz2QP7xh1lYf$B<b865^dUXSjpI`qt6Zlk_9jod
z{$KGTNpt;!IG7~6{%5$B93=riFNtIU=|yz3_AuY$1TvNkBaagumq_#SmiO!VD(%Mz
zKLO@2`I!7nP7@tf$=&1ua^sjrW8jTd*mC16R&(uz*wwYyImNSN2kESiJ2IS&od3Xw
z$Z&Fj#1I{MWDp5chvT^$&wouiFOk>DezKl~5*<&G0+LTwkeMWvyha+5ViHH%k@}<p
z`5V#kJULX};>E}R86buHK^`XkQhC`+=8${Hn`9)ZMRa`RVHV>~vWNUc7Ll*W54L5*
zR{Koj=WJ%=VEYb<iRy0`MZICCH_5g`qZ`^?(RJ;W=rY@+X^PEidd@Cu*3VvPw%KlJ
z{y=a<i%~w?yw%UPdTeW35Zf}iJ+{9u*dVT*FPPJ&t<Sz4-#Ykv{2^bhT>r3~>ABN#
z3kytUVNtPNn2=)Yv|nmBw$HTbiD&F99TM!>4)cS7j@5kjU{aR-s8gyP*14Ch+9kt|
z?{ZJ@e3x{eUEFn|ZI?W+XNR_l9sG$&$sLob4$PWX-1gR@tb%FzS;d7#$^IFIG;#_i
zwf9dhE}l9qIU!+EZt>)jyV_+JPD%Lho55d_<3jAI?w{BXdgR#QDgErWl(9A`^*1{;
zZMx0t8Cx?Wr)bK~mrQzLNq$aAk!_oP)z0lTB6z%4d!NnD7#7^05$>~>`>YFY>-&T+
zc%XkfpA8+<-99oXE*LWSgfDo0NEctQ@6c5~8#z2BIBWRqkXwiCe95bUKQp(y3?{Rv
zu(&Y0Fh9o(%bGSdEz>_TcVezz70SxZ_fN?2rxzAX%$-zHlvS+K{htrn(Ib!9j8P8;
zYmDyUvt_prv?*gsgMW-EQ5kF71LJ1e<99^aj5{-I#qqb>;_+*PU9<N2Y;pEOw&}QV
JJ7Plke*o!@^2PuF

diff --git a/locale/fr_FR/LC_MESSAGES/messages.po b/locale/fr_FR/LC_MESSAGES/messages.po
index 5fa5f4f3..fb11cb2c 100644
--- a/locale/fr_FR/LC_MESSAGES/messages.po
+++ b/locale/fr_FR/LC_MESSAGES/messages.po
@@ -3,8 +3,8 @@ msgstr ""
 "Project-Id-Version: raspap\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2021-02-12 14:34\n"
-"Last-Translator: yolateng0 https://github.com/yolateng0\n"
+"PO-Revision-Date: 2021-06-12 19:03\n"
+"Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "Language-Team: French\n"
 "Language: fr_FR\n"
 "MIME-Version: 1.0\n"
@@ -19,13 +19,13 @@ msgstr ""
 
 #: index.php
 msgid "RaspAP Wifi Configuration Portal"
-msgstr "RaspAP Wifi Portail de Configuration"
+msgstr "RaspAP Configuration de Portail Wifi"
 
 msgid "Toggle navigation"
 msgstr "Basculer la navigation"
 
 msgid "RaspAP Wifi Portal"
-msgstr "RaspAP Wifi Portail"
+msgstr "RaspAP Portail Wifi"
 
 msgid "Dashboard"
 msgstr "Tableau de bord"
@@ -361,6 +361,27 @@ msgstr "Journaliser les requêtes DHCP"
 msgid "Log DNS queries"
 msgstr "Journaliser les requêtes DNS"
 
+msgid "Restrict access"
+msgstr "Accès restreint"
+
+msgid "Limit network access to static clients"
+msgstr "Limiter l'accès au réseau aux clients baux statiques"
+
+msgid "Enable this option if you want RaspAP to <b>ignore any clients</b> which are not specified in the static leases list."
+msgstr "Activer cette option si tu veux que RaspAP <b>ignore les clients</b> qui ne sont pas spécifiés dans la liste des baux statiques."
+
+msgid "This option adds <code>dhcp-ignore</code> to the dnsmasq configuration."
+msgstr "Cette option ajoute <code>no-resolv</code> à la configuration dnsmasq."
+
+msgid "Clients with a particular hardware MAC address can always be allocated the same IP address."
+msgstr "Les clients avec une adresse MAC identifiée peuvent toujours être alloués à la même adresse IP."
+
+msgid "This option adds <code>dhcp-host</code> entries to the dnsmasq configuration."
+msgstr "Cette option ajoute <code>no-resolv</code> à la configuration Dnsmasq."
+
+msgid "This toggles the <code>gateway</code>/<code>nogateway</code> option for this interface in the DHCPCD configuration."
+msgstr "Cela bascule l'option <code>gateway</code>/<code>nogateway</code> pour cette interface dans la configuration de DHCPCD."
+
 #: includes/hostapd.php
 msgid "Basic"
 msgstr "De base"
@@ -676,6 +697,66 @@ msgstr "Essai de démarrage d'openvpn"
 msgid "Attempting to stop openvpn"
 msgstr "Essai d'arrêt d'openvpn"
 
+msgid "Configurations"
+msgstr "Configuration"
+
+msgid "Currently available OpenVPN client configurations are displayed below."
+msgstr "Les configurations des fichiers OpenVPN actuellement disponibles sont affichées ci-dessous."
+
+msgid "Activating a configuraton will restart the <code>openvpn-client</code> service."
+msgstr "L'activation d'une configuration redémarrera le service <code>openvpn-client</code>."
+
+msgid "Delete OpenVPN client"
+msgstr "Supprimer le fichier client OpenVPN"
+
+msgid "Delete client configuration? This cannot be undone."
+msgstr "Supprimer ce fichier ? Opération irréversible."
+
+msgid "Activate OpenVPN client"
+msgstr "Activer le fichier OpenVPN"
+
+msgid "Activate client configuration? This will restart the openvpn-client service."
+msgstr "L'activation d'une configuration redémarrera le service openvpn-client."
+
+msgid "Activate"
+msgstr "Activer"
+
+msgid "Cancel"
+msgstr "Annuler"
+
+msgid "Enable this option to log <code>openvpn</code> activity."
+msgstr "Activer cette option pour enregistrer l'activité <code>openvpn</code>."
+
+msgid "Authentification Method"
+msgstr "Méthode d'identification"
+
+msgid "Username and password"
+msgstr "Nom d'utilisateur et mot de passe"
+
+msgid "Certificates"
+msgstr "Certificats"
+
+msgid "Enter username and password"
+msgstr "Entrez votre nom d'utilisateur et votre mot de passe"
+
+msgid "Certificates in the configuration file"
+msgstr "Certificats dans le fichier de configuration"
+
+msgid "RaspAP supports certificates by including them in the configuration file."
+msgstr "RaspAP prend en charge les certificats en les incluant dans le fichier de configuration."
+
+msgid "Signing certification authority (CA) certificate (e.g. <code>ca.crt</code>): enclosed in <code>&lt;ca> ... &lt;/ca></code> tags."
+msgstr "Certificat d'autorité de certification (CA) de signature (par exemple <code>ca.crt</code>) : joint dans <code>&lt;ca> ... &lt;/ca></code> balises."
+
+msgid "Client certificate (public key) (e.g. <code>client.crt</code>): enclosed in <code>&lt;cert> ... &lt;/cert></code> tags."
+msgstr "Certificat client (clé publique) (par exemple <code>client.crt</code>) : inclus dans <code>&lt;cert> ... &lt;/cert></code> balises."
+
+msgid "Private key of the client certificate (e.g. <code>client.key</code>): enclosed in <code>&lt;key> ... &lt;/key></code> tags."
+msgstr "Clé privée du certificat client (par exemple <code>client.key</code>) : entourée de balises <code>&lt;clé> ... &lt;/key></code>."
+
+msgid "Configuration File"
+msgstr "Fichier de configuration"
+
 #: includes/torproxy.php
 msgid "TOR is not running"
 msgstr "TOR n'est pas en cours d'exécution"
@@ -799,3 +880,87 @@ msgstr "Une adresse IP personnalisée non valide a été trouvée sur la ligne "
 msgid "Invalid custom host found on line "
 msgstr "Un Host personnalisée non valide a été trouvée sur la ligne "
 
+msgid "Tunnel settings"
+msgstr "Paramètres du tunnel"
+
+msgid "Enable server"
+msgstr "Activer le serveur"
+
+msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
+msgstr "Active cette option pour chiffrer le trafic en créant un tunnel entre RaspAP et les pairs configurés."
+
+msgid "This option adds <code>wg0.conf</code> to the WireGuard configuration."
+msgstr "Cette option ajoute <code>wg0.conf</code> à la configuration de WireGuard."
+
+msgid "Local public key"
+msgstr "Clé publique locale"
+
+msgid "Local Port"
+msgstr "Port local"
+
+msgid "IP Address"
+msgstr "Adresse IP"
+
+msgid "DNS"
+msgstr "DNS"
+
+msgid "Peer"
+msgstr "Pair"
+
+msgid "Enable peer"
+msgstr "Activer le pair"
+
+msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and this peer."
+msgstr "Active cette option pour chiffrer le trafic en créant un tunnel entre RaspAP et ce pair."
+
+msgid "This option adds <code>client.conf</code> to the WireGuard configuration."
+msgstr "Cette option ajoute <code>client.conf</code> à la configuration de WireGuard."
+
+msgid "Peer public key"
+msgstr "Clé publique du pair"
+
+msgid "Endpoint address"
+msgstr "Adresse de terminaison"
+
+msgid "Allowed IPs"
+msgstr "Adresses IP autorisées"
+
+msgid "Persistent keepalive"
+msgstr "Keepalive persistant"
+
+msgid "Display WireGuard status"
+msgstr "Afficher le statut WireGuard"
+
+msgid "Enable this option to display an updated WireGuard status."
+msgstr "Activer cette option pour afficher un statut WireGuard mis à jour."
+
+msgid "Scan this QR code with your client to connect to this tunnel"
+msgstr "Scannez ce code QR avec votre client pour vous connecter à ce tunnel"
+
+msgid "or download the <code>client.conf</code> file to your device."
+msgstr "ou téléchargez le fichier <code>client.conf</code> sur votre appareil."
+
+msgid "Download"
+msgstr "Télécharger"
+
+msgid "Start WireGuard"
+msgstr "Démarrer WireGuard"
+
+msgid "Stop WireGuard"
+msgstr "Arrêter WireGuard"
+
+msgid "Information provided by wireguard"
+msgstr "Informations fournies par WireGuard"
+
+msgid "Attempting to start WireGuard"
+msgstr "Tentative de démarrage de WireGuard"
+
+msgid "Attempting to stop WireGuard"
+msgstr "Tentative d’arrêt de WireGuard"
+
+msgid "WireGuard configuration updated successfully"
+msgstr "Configuration de WireGuard mise à jour avec succès"
+
+msgid "WireGuard configuration failed to be updated"
+msgstr "La configuration WireGuard n'a pas pu être mise à jour"
+

From 815e4639a1bcd20e8c8c12a268490fe6e9db1db7 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 15 Jun 2021 16:03:45 +0100
Subject: [PATCH 206/300] Update release version

---
 README.md             | 2 +-
 includes/defaults.php | 2 +-
 index.php             | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 29bc5925..cf2d990e 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/FRU1tXF.png)
-[![Release 2.7.4-beta](https://img.shields.io/badge/release-2.7.4beta-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.7.4](https://img.shields.io/badge/release-2.7.4-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.
 
diff --git a/includes/defaults.php b/includes/defaults.php
index 6db85dd5..280d1c3e 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.7.4-beta',
+  'RASPI_VERSION' => '2.7.4',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
diff --git a/index.php b/index.php
index 71f91430..0f9bb7a6 100755
--- a/index.php
+++ b/index.php
@@ -14,7 +14,7 @@
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.7.4-beta
+ * @version 2.7.4
  * @link    https://github.com/raspap/raspap-insiders/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/

From bcff66d14fd97d6131cc291205aae0089666f9a5 Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Tue, 15 Jun 2021 18:05:36 +0200
Subject: [PATCH 207/300] Update issue templates

---
 .github/ISSUE_TEMPLATE/feature_request.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md

diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
new file mode 100644
index 00000000..bbcbbe7d
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

From 6f353b331ff493c34789dbee8937bec085836316 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Jun 2021 14:55:24 +0000
Subject: [PATCH 208/300] Bump postcss from 7.0.18 to 7.0.36

Bumps [postcss](https://github.com/postcss/postcss) from 7.0.18 to 7.0.36.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/7.0.18...7.0.36)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index ed917733..c30bcf3a 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3383,9 +3383,9 @@ postcss-value-parser@^4.0.2:
   integrity sha512-LmeoohTpp/K4UiyQCwuGWlONxXamGzCMtFxLq4W1nZVGIQLYvMCJx3yAF9qyyuFpflABI9yVdtJAqbihOsCsJQ==
 
 postcss@^7.0.17, postcss@^7.0.18:
-  version "7.0.18"
-  resolved "https://registry.yarnpkg.com/postcss/-/postcss-7.0.18.tgz#4b9cda95ae6c069c67a4d933029eddd4838ac233"
-  integrity sha512-/7g1QXXgegpF+9GJj4iN7ChGF40sYuGYJ8WZu8DZWnmhQ/G36hfdk3q9LBJmoK+lZ+yzZ5KYpOoxq7LF1BxE8g==
+  version "7.0.36"
+  resolved "https://registry.yarnpkg.com/postcss/-/postcss-7.0.36.tgz#056f8cffa939662a8f5905950c07d5285644dfcb"
+  integrity sha512-BebJSIUMwJHRH0HAQoxN4u1CN86glsrwsW0q7T+/m44eXOUAxSNdHRkNZPYz5vVUbg17hFgOQDE7fZk7li3pZw==
   dependencies:
     chalk "^2.4.2"
     source-map "^0.6.1"

From 0625fcc5ef4ac2e6e085628df059b3028eda5034 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <zeitnitz@uni-wuppertal.de>
Date: Fri, 18 Jun 2021 14:04:56 +0200
Subject: [PATCH 209/300] Add raspap_helpers.sh

---
 config/client_config/huawei_hilink_api.sh     | 281 ++++++++++--------
 config/client_config/info_huawei_hilink.sh    |  12 +-
 config/client_config/onoff_huawei_hilink.sh   |  28 +-
 config/client_config/raspap_helpers.sh        |  51 ++++
 ...k.service => start_huawei_hilink@.service} |   2 +-
 config/client_config/switchClientState.sh     |  36 ---
 config/client_udev_prototypes.json            |   4 +-
 installers/raspap.sudoers                     |   1 -
 8 files changed, 233 insertions(+), 182 deletions(-)
 create mode 100644 config/client_config/raspap_helpers.sh
 rename config/client_config/{start_huawei_hilink.service => start_huawei_hilink@.service} (76%)
 delete mode 100644 config/client_config/switchClientState.sh

diff --git a/config/client_config/huawei_hilink_api.sh b/config/client_config/huawei_hilink_api.sh
index 5c9fd809..6dc439f4 100644
--- a/config/client_config/huawei_hilink_api.sh
+++ b/config/client_config/huawei_hilink_api.sh
@@ -6,15 +6,16 @@
 # - send a standard http request with a xml formatted string to the device (default IP 192.169.8.1)
 # - Howto:
 #   o "source" this script in your own script from the command line
-#   o if host ip/name differs, set "host=192.168.178.1" before calling any function
-#   o if the device is locked by a password, set user="admin"; pw="1234secret"
-#     _login is called automaticallcall
-#     Password types 3 and 4 are supported
-#   o if the SIM is requiring a PIN, set "pin=1234"
+#   o if hilink_host ip/name differs, set "hilink_host=192.168.178.1" before calling any function
+#   o if the device is locked by a password, set hilink_user="admin"; hilink_password"1234secret"
+#     _login is called automatically
+#     only password type 4 is supported
+#   o if the SIM is requiring a PIN, set "hilink_pin=1234"
 #   o connect device to network: _switchMobileData ON  ( or 1 )
 #   o disconnect device: _switchMobileData OFF  ( or 0 )
 #   o get informations about the device: _getDeviceInformation and _getStatus and _getNetProvider
 #     all functions return XML formatted data in $response.
+#   o _getAllInformations: returns all available informations as key/value pairs (outputs text) 
 #   o Check if device is connected: "if _isConnected; then .... fi"
 #   o $response can be parsed by calling _valueFromResponse 
 #     e.g "_valueFromResponse msisdn" to get the phone number after a call to _getDeviceInformation
@@ -29,6 +30,7 @@
 #
 # required software: curl, base64, sha256sum, sed
 #
+# ToDo: improve error handling
 #
 # zbchristian 2021
 #
@@ -36,65 +38,73 @@
 # Initialization procedure
 # ========================
 #
-# host=$host_default    # ip address of device
-# user="admin"          # user name if locked (default admin)
-# pw="1234Secret"       # password if locked 
-# pin="1234"            # PIN of SIM
-# _initHilinkAPI        # initialize the API
+# hilink_host=192.168.8.1       # ip address of device
+# hilink_user="admin"           # user name if locked (default admin)
+# hilink_password="1234Secret"  # password if locked 
+# hilink_pin="1234"             # PIN of SIM
+# _initHilinkAPI                # initialize the API
 #
 # Termination
 # ===========
 # cleanup the API before quitting the shell 
 # _closeHilinkAPI  (optional: add parameter "save" to save the session/token data for subsequent calls. Valid for a few minutes.)
+#
+# BE AWARE, THAT THE API USES SOME GLOBAL VARIABLES : hilink_host, user, password, pin, response, status
+# USE THESE ONLY TO COMMUNICATE WITH THE API.
+# DO NOT USE THE VARIABLE PRE_FIX "hilink_" FOR YOUR OWN VARIABLES
+#
 
-host_default="192.168.8.1"
-save_file="/tmp/hilink_api_saved.dat"
-save_age=60
-header_file="/tmp/hilink_login_hdr.txt"
+hilink_host_default="192.168.8.1"
+hilink_save_file="/tmp/hilink_api_saved.dat"
+hilink_save_age=60
+hilink_header_file="/tmp/hilink_login_hdr.txt"
 
 # initialize
 function _initHilinkAPI() {
-    if [ -z "$host" ]; then host=$host_default; fi
+    local age
+    if [ -z "$hilink_host" ]; then hilink_host=$hilink_host_default; fi
     if ! _hostReachable; then return 1; fi
-    if [ -f $save_file ]; then # found file with saved data
+    if [ -f $hilink_save_file ]; then # found file with saved data
         _getSavedData
-        age=$(( $(date +%s) - $(stat $save_file  -c %Y) ))
-        if [[ $age -gt $save_age ]]; then 
-            rm -f $save_file
+        age=$(( $(date +%s) - $(stat $hilink_save_file  -c %Y) ))
+        if [[ $age -gt $hilink_save_age ]]; then 
+            rm -f $hilink_save_file
             _logout
             _sessToken
         fi
     fi
-    if [ -z "$sessID" ] || [ -z "$token" ]; then _sessToken; fi
+    if [ -z "$hilink_sessID" ] || [ -z "$hilink_token" ]; then _sessToken; fi
     _login
     return $?
 }
 
 function _getSavedData() {
-    if [ -f $save_file ]; then  # restore saved session data
-        dat=$(cat $save_file)
-        sessID=$(echo "$dat" | sed -nr 's/sessionid: ([a-z0-9]*)/\1/ip')
-        token=$(echo "$dat" | sed -nr 's/token: ([a-z0-9]*)/\1/ip')
-        tokenlist=( $(echo "$dat" | sed -nr 's/tokenlist: ([a-z0-9 ]*)/\1/ip') )
+    local dat
+    if [ -f $hilink_save_file ]; then  # restore saved session data
+        dat=$(cat $hilink_save_file)
+        hilink_sessID=$(echo "$dat" | sed -nr 's/sessionid: ([a-z0-9]*)/\1/ip')
+        hilink_token=$(echo "$dat" | sed -nr 's/token: ([a-z0-9]*)/\1/ip')
+        hilink_tokenlist=( $(echo "$dat" | sed -nr 's/tokenlist: ([a-z0-9 ]*)/\1/ip') )
     fi
 }
 
 # Cleanup
 # parameter: "save" - will store sessionid and tokens in file
 function _closeHilinkAPI() {
-    if [ -z "$host" ]; then host=$host_default; fi
+    local opt
+    if [ -z "$hilink_host" ]; then hilink_host=$hilink_host_default; fi
     if ! _hostReachable; then return 1; fi
-    rm -f $save_file
+    rm -f $hilink_save_file
     [ ! -z "$1" ] && opt="${1,,}"
     if [ ! -z "$opt" ] && [ "$opt" = "save" ]; then
-        echo "sessionid: $sessID" > $save_file
-        echo "token: $token" >> $save_file
-        echo "tokenlist: ${tokenlist[@]}" >> $save_file
+        echo "sessionid: $hilink_sessID" > $hilink_save_file
+        echo "token: $hilink_token" >> $hilink_save_file
+        echo "tokenlist: ${hilink_tokenlist[@]}" >> $hilink_save_file
     fi
     _logout
-    tokenlist=""
-    sessID=""
-    token=""
+    hilink_tokenlist=""
+    hilink_sessID=""
+    hilink_token=""
     return 0
 }
 
@@ -111,6 +121,7 @@ function _getStatus() {
 }
 
 function _isConnected() {
+    local conn
     conn=$(_getStatus "connectionstatus")
     status="NO"
     if [ ! -z "$conn" ] && [ $conn -eq 901 ]; then
@@ -176,7 +187,7 @@ function _getMobileDataStatus() {
 }
 
 
-# PIN of SIM can be passed either as $pin, or as parameter
+# PIN of SIM can be passed either as $hilink_pin, or as parameter
 # parameter: PIN number of SIM card
 function _enableSIM() {
 #SimState:
@@ -187,14 +198,15 @@ function _enableSIM() {
 #259 - check PIN,
 #260 - PIN required,
 #261 - PUK required
-    if [ ! -z "$1" ]; then pin="$1"; fi
+    local simstate
+    if [ ! -z "$1" ]; then hilink_pin="$1"; fi
     if ! _login; then return 1; fi
     if _sendRequest "api/pin/status"; then
-        simstate=`echo $response | sed  -rn 's/.*<simstate>([0-9]*)<\/simstate>.*/\1/pi'`
+        simstate=$(echo $response | sed  -rn 's/.*<simstate>([0-9]*)<\/simstate>.*/\1/pi')
         if [[ $simstate -eq 257  ]]; then status="SIM ready"; return 0; fi
         if [[ $simstate -eq 260  ]]; then 
-        status="PIN required"
-            if [ ! -z "$pin" ]; then _setPIN "$pin"; fi
+            status="PIN required"
+            if [ ! -z "$hilink_pin" ]; then _setPIN "$hilink_pin"; fi
         return $?
     fi
         if [[ $simstate -eq 255  ]]; then status="NO SIM"; return 1; fi
@@ -202,20 +214,20 @@ function _enableSIM() {
     return 1
 }
 
-# obtain session and verification token - stored in vars $sessID and $token 
+# obtain session and verification token - stored in vars $hilink_sessID and $token 
 # parameter: none
 function _sessToken() {
-    tokenlist=""
-    token=""
-    sessID=""
-    response=$(curl -s http://$host/api/webserver/SesTokInfo -m 5 2> /dev/null)
-    if [ -z "$response" ]; then echo "No access to device at $host"; return 1; fi
+    hilink_tokenlist=""
+    hilink_token=""
+    hilink_sessID=""
+    response=$(curl -s http://$hilink_host/api/webserver/SesTokInfo -m 5 2> /dev/null)
+    if [ -z "$response" ]; then echo "No access to device at $hilink_host"; return 1; fi
     status=$(echo "$response" | sed  -nr 's/.*<code>([0-9]*)<\/code>.*/\1/ip')
     if [ -z "$status" ]; then
-        token=`echo $response | sed  -r 's/.*<TokInfo>(.*)<\/TokInfo>.*/\1/'`
-        sessID=`echo $response | sed  -r 's/.*<SesInfo>(.*)<\/SesInfo>.*/\1/'`
-        if [ ! -z "$sessID" ] &&  [ ! -z "$token" ]; then 
-            sessID="SessionID=$sessID"
+        hilink_token=$(echo $response | sed  -r 's/.*<TokInfo>(.*)<\/TokInfo>.*/\1/')
+        hilink_sessID=$(echo $response | sed  -r 's/.*<SesInfo>(.*)<\/SesInfo>.*/\1/')
+        if [ ! -z "$hilink_sessID" ] &&  [ ! -z "$hilink_token" ]; then 
+            hilink_sessID="SessionID=$hilink_sessID"
             return 0
         fi
     fi
@@ -223,38 +235,39 @@ function _sessToken() {
 }
 
 # unlock device (if locked) with user name and password
-# requires stored user="admin"; pw="1234secret";host=$host_default 
+# requires stored hilink_user="admin"; hilink_password"1234secret";hilink_host=$hilink_host_default 
 # parameter: none
 function _login() {
+    local ret encpw pwtype pwtype3 hashedpw pwtype4 
     if _loginState; then return 0; fi    # login not required, or already done
     _sessToken
     # get password type
     if ! _sendRequest "api/user/state-login"; then return 1; fi
     pwtype=$(echo "$response" | sed  -rn 's/.*<password_type>([0-9])<\/password_type>.*/\1/pi')
     if [ -z "$pwtype" ];then pwtype=4; fi   # fallback is type 4
-	ret=1
-    if [[ ! -z "$user" ]] && [[ ! -z "$pw" ]]; then
+    ret=1
+    if [[ ! -z "$hilink_user" ]] && [[ ! -z "$hilink_password" ]]; then
         # password encoding
         # type 3 : base64(pw) encoded
         # type 4 : base64(sha256sum(user + base64(sha256sum(pw)) + token))
-        pwtype3=$(echo -n "$pw" | base64 --wrap=0)
-        hashedpw=$(echo -n "$pw" | sha256sum -b | sed -nr 's/^([0-9a-z]*).*$/\1/ip' )
+        pwtype3=$(echo -n "$hilink_password" | base64 --wrap=0)
+        hashedpw=$(echo -n "$hilink_password" | sha256sum -b | sed -nr 's/^([0-9a-z]*).*$/\1/ip' )
         hashedpw=$(echo -n "$hashedpw" | base64 --wrap=0)
-        pwtype4=$(echo -n "$user$hashedpw$token" | sha256sum -b | sed -nr 's/^([0-9a-z]*).*$/\1/ip' )
+        pwtype4=$(echo -n "$hilink_user$hashedpw$hilink_token" | sha256sum -b | sed -nr 's/^([0-9a-z]*).*$/\1/ip' )
         encpw=$(echo -n "$pwtype4" | base64 --wrap=0)
         if [ $pwtype -ne 4 ]; then encpw=$pwtype3; fi
-        xmldata="<?xml version='1.0' encoding='UTF-8'?><request><Username>$user</Username><Password>$encpw</Password><password_type>$pwtype</password_type></request>"
-        xtraopts="--dump-header $header_file"
-        rm -f $header_file
+        hilink_xmldata="<?xml version='1.0' encoding='UTF-8'?><request><Username>$hilink_user</Username><Password>$encpw</Password><password_type>$pwtype</password_type></request>"
+        hilink_xtraopts="--dump-header $hilink_header_file"
+        rm -f $hilink_header_file
         _sendRequest "api/user/login"
         if [ ! -z "$status" ] && [ "$status" = "OK" ]; then 
             # store the list of 30 tokens. Each token is valid for a single request
-            tokenlist=( $(cat $header_file | sed -rn 's/^__RequestVerificationToken:\s*([0-9a-z#]*).*$/\1/pi' | sed 's/#/ /g') )
+            hilink_tokenlist=( $(cat $hilink_header_file | sed -rn 's/^__RequestVerificationToken:\s*([0-9a-z#]*).*$/\1/pi' | sed 's/#/ /g') )
             _getToken
-            sessID=$(cat $header_file  | grep -ioP 'SessionID=([a-z0-9]*)')
-            if [ ! -z "$sessID" ] &&  [ ! -z "$token" ]; then ret=0; fi
+            hilink_sessID=$(cat $hilink_header_file  | grep -ioP 'SessionID=([a-z0-9]*)')
+            if [ ! -z "$hilink_sessID" ] &&  [ ! -z "$hilink_token" ]; then ret=0; fi
         fi
-        rm -f $header_file		
+        rm -f $hilink_header_file
     fi
     return $ret
 }
@@ -263,12 +276,12 @@ function _login() {
 # parameter: none
 function _logout() {
     if _loginState; then 
-        xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><Logout>1</Logout></request>"
+        hilink_xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><Logout>1</Logout></request>"
         if _sendRequest "api/user/logout"; then 
-            tokenlist=""
-            sessID=""
-            token=""
-			login_enabled=""
+            hilink_tokenlist=""
+            hilink_sessID=""
+            hilink_token=""
+            hilink_login_enabled=""
         fi
         return $?
     fi
@@ -277,41 +290,44 @@ function _logout() {
 
 # parameter: none
 function _loginState() {
-	status="OK"
-	if [ -z "$login_enabled" ]; then _checkLoginEnabled; fi
-	if [ $login_enabled -eq 1 ]; then return 0; fi # login is disabled
-	_sendRequest "api/user/state-login"
-	state=`echo "$response" | sed  -rn 's/.*<state>(.*)<\/state>.*/\1/pi'`
-	if [ ! -z "$state" ] && [ $state -eq 0 ]; then       # already logged in
-		return 0
-	fi
-	return 1
+    local state
+    status="OK"
+    if [ -z "$hilink_login_enabled" ]; then _checkLoginEnabled; fi
+    if [ $hilink_login_enabled -eq 1 ]; then return 0; fi # login is disabled
+    _sendRequest "api/user/state-login"
+    state=`echo "$response" | sed  -rn 's/.*<state>(.*)<\/state>.*/\1/pi'`
+    if [ ! -z "$state" ] && [ $state -eq 0 ]; then       # already logged in
+        return 0
+    fi
+    return 1
 }
 
 function _checkLoginEnabled() {
+    local state
     if _sendRequest "api/user/hilink_login"; then
-		login_enabled=0
-		state=$(echo $response | sed  -rn 's/.*<hilink_login>(.*)<\/hilink_login>.*/\1/pi')
-		if [ ! -z "$state" ] && [ $state -eq 0 ]; then       # no login enabled
-			login_enabled=1
-		fi
-	else
-		login_enabled=""
-	fi
+        hilink_login_enabled=0
+        state=$(echo $response | sed  -rn 's/.*<hilink_login>(.*)<\/hilink_login>.*/\1/pi')
+        if [ ! -z "$state" ] && [ $state -eq 0 ]; then       # no login enabled
+            hilink_login_enabled=1
+        fi
+    else
+        hilink_login_enabled=""
+    fi
 }
 
 # switch mobile data on/off  1/0
-# if SIM is locked, $pin has to be set
+# if SIM is locked, $hilink_pin has to be set
 # parameter: state - ON/OFF or 1/0
 function _switchMobileData() {
+    local mode
     if [ -z "$1" ]; then return 1; fi
     _login
     mode="${1,,}"
     [ "$mode" = "on" ] && mode=1
     [ "$mode" = "off" ] && mode=0
     if [[ $mode -ge 0 ]]; then
-        if _enableSIM "$pin"; then
-            xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><dataswitch>$mode</dataswitch></request>"
+        if _enableSIM "$hilink_pin"; then
+            hilink_xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><dataswitch>$mode</dataswitch></request>"
             _sendRequest "api/dialup/mobile-dataswitch"
             return $?
         fi
@@ -321,31 +337,33 @@ function _switchMobileData() {
 
 # parameter: PIN of SIM card
 function _setPIN() {
+    local pin
     if [ -z "$1" ]; then return 1; fi
     pin="$1"
-    xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><OperateType>0</OperateType><CurrentPin>$pin</CurrentPin><NewPin></NewPin><PukCode></PukCode></request>"
+    hilink_xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><OperateType>0</OperateType><CurrentPin>$pin</CurrentPin><NewPin></NewPin><PukCode></PukCode></request>"
     _sendRequest "api/pin/operate"
     return $?
 }
 
-# Send request to host at http://$host/$apiurl
-# data in $xmldata and options in $xtraopts
+# Send request to host at http://$hilink_host/$apiurl
+# data in $hilink_xmldata and options in $hilink_xtraopts
 # parameter: apiurl (e.g. "api/user/login")
 function _sendRequest() {
+    local ret apiurl
     status="ERROR"
     if [ -z "$1" ]; then return 1; fi 
     apiurl="$1"
     ret=1
-    if [ -z "$sessID" ] || [ -z "$token" ]; then _sessToken; fi 
-    if [ -z "$xmldata" ];then
-        response=$(curl -s http://$host/$apiurl -m 10 \
-                     -H "Cookie: $sessID")
+    if [ -z "$hilink_sessID" ] || [ -z "$hilink_token" ]; then _sessToken; fi 
+    if [ -z "$hilink_xmldata" ];then
+        response=$(curl -s http://$hilink_host/$apiurl -m 10 \
+                     -H "Cookie: $hilink_sessID")
     else 
-        response=$(curl -s -X POST http://$host/$apiurl -m 10 \
+        response=$(curl -s -X POST http://$hilink_host/$apiurl -m 10 \
                     -H "Content-Type: text/xml"  \
-                    -H "Cookie: $sessID" \
-                    -H "__RequestVerificationToken: $token" \
-                    -d "$xmldata" $xtraopts 2> /dev/null)
+                    -H "Cookie: $hilink_sessID" \
+                    -H "__RequestVerificationToken: $hilink_token" \
+                    -d "$hilink_xmldata" $hilink_xtraopts 2> /dev/null)
         _getToken
     fi
     if [ ! -z "$response" ];then 
@@ -363,28 +381,29 @@ function _sendRequest() {
         status="ERROR"
     fi
     if [[ "$status" =~ ERROR ]]; then _handleError; fi
-    xtraopts=""
-    xmldata=""
+    hilink_xtraopts=""
+    hilink_xmldata=""
     return $ret
 }
 
 # handle the list of tokens available after login
 # parameter: none
 function _getToken() {
-    if [ ! -z "$tokenlist" ] && [ ${#tokenlist[@]} -gt 0 ]; then
-        token=${tokenlist[0]}       # get first token in list
-        tokenlist=("${tokenlist[@]:1}") # remove used token from list
-        if [ ${#tokenlist[@]} -eq 0 ]; then
+    if [ ! -z "$hilink_tokenlist" ] && [ ${#hilink_tokenlist[@]} -gt 0 ]; then
+        hilink_token=${hilink_tokenlist[0]}       # get first token in list
+        hilink_tokenlist=("${hilink_tokenlist[@]:1}") # remove used token from list
+        if [ ${#hilink_tokenlist[@]} -eq 0 ]; then
             _logout     # use the last token to logout
         fi
-	else
-		_sessToken		# old token has been used - need new session
+    else
+        _sessToken      # old token has been used - need new session
     fi
 }
 
 # Analyse $status for error code
 # return error text in $status
 function _handleError() {
+    local ret txt
     txt=$(_getErrorText)
     if [ -z "$code" ]; then return 1; fi
     ret=0
@@ -407,20 +426,21 @@ function _handleError() {
     return "$ret"
 }
 
-declare -A err_hilink_api
-err_hilink_api[101]="Unable to get session ID/token"
-err_hilink_api[108001]="Invalid username/password"
-err_hilink_api[108002]=${errors[108001]}
-err_hilink_api[108006]=${errors[108001]}
-err_hilink_api[108003]="User already logged in - need to wait a bit"
-err_hilink_api[108007]="Too many login attempts - need to wait a bit"
-err_hilink_api[125001]="Invalid session/request token"
-err_hilink_api[125002]=${errors[125001]}
-err_hilink_api[125003]=${errors[125001]}
+declare -A hilink_err_api
+hilink_err_api[101]="Unable to get session ID/token"
+hilink_err_api[108001]="Invalid username/password"
+hilink_err_api[108002]=${hilink_err_api[108001]}
+hilink_err_api[108006]=${hilink_err_api[108001]}
+hilink_err_api[108003]="User already logged in - need to wait a bit"
+hilink_err_api[108007]="Too many login attempts - need to wait a bit"
+hilink_err_api[125001]="Invalid session/request token"
+hilink_err_api[125002]=${hilink_err_api[125001]}
+hilink_err_api[125003]=${hilink_err_api[125001]}
 
 # check error and return error text
 # status passsed in $status, or $1
 function _getErrorText() {
+    local err code errortext
     err="$status"
     code="0"
     if [ ! -z "$1" ]; then err="$1"; fi
@@ -428,8 +448,8 @@ function _getErrorText() {
     errortext="$err"
     if [[  "$err" =~ ERROR\ *([0-9]*) ]] && [ ! -z "${BASH_REMATCH[1]}" ]; then
         code=${BASH_REMATCH[1]}
-        if [ ! -z "$code" ] && [ ! -z "${err_hilink_api[$code]}" ]; then 
-            errortext="${err_hilink_api[$code]}"
+        if [ ! -z "$code" ] && [ ! -z "${hilink_err_api[$code]}" ]; then 
+            errortext="${hilink_err_api[$code]}"
         fi
     fi
     echo $errortext
@@ -437,8 +457,10 @@ function _getErrorText() {
 }
 
 function _hostReachable() {
-    avail=`timeout 0.5 ping -c 1 $host | sed -rn 's/.*time=.*/1/p'`
-    if [ -z "$avail" ]; then return 1; fi
+    local avail
+    avail=$( timeout 0.5 ping -c 1 $hilink_host | sed -rn 's/.*time=.*/1/p' )
+    if [ -z "$avail" ]; then status="ERROR: Not reachable"; return 1; fi
+    status="OK"
     return 0;
 }
 
@@ -446,6 +468,7 @@ function _hostReachable() {
 # call another function first!
 # parameter: tag-name
 function _valueFromResponse() {
+    local par value
     if [ -z "$response" ] || [ -z "$1" ]; then return 1; fi
     par="$1"
     value=$(echo $response | sed  -rn 's/.*<'$par'>(.*)<\/'$par'>.*/\1/pi')
@@ -468,15 +491,15 @@ function _keyValuePairs() {
     return 0
 }
 
-host=$host_default
-user="admin"
-pw=""
-token=""
-tokenlist=""
-sessID=""
-xmldata=""
-xtraopts=""
+hilink_token=""
+hilink_tokenlist=""
+hilink_sessID=""
+hilink_xmldata=""
+hilink_xtraopts=""
+hilink_host=$hilink_host_default
+hilink_user="admin"
+hilink_password=""
+hilink_pin=""
 response=""
 status=""
-pwtype=-1
- 
+ 
\ No newline at end of file
diff --git a/config/client_config/info_huawei_hilink.sh b/config/client_config/info_huawei_hilink.sh
index 32b27954..c98ee9fe 100644
--- a/config/client_config/info_huawei_hilink.sh
+++ b/config/client_config/info_huawei_hilink.sh
@@ -14,10 +14,10 @@
 # zbchristian 2021
 
 function _setAPIParams() {
-    if [ ! -z "$hostip" ]; then host="$hostip"; fi
-    if [ ! -z "$username" ]; then user="$username"; fi
-    if [ ! -z "$password" ]; then pw="$password"; fi
-    if [ ! -z "$simpin" ]; then pin="$simpin"; fi
+    if [ ! -z "$hostip" ]; then hilink_host="$hostip"; fi
+    if [ ! -z "$username" ]; then hilink_user="$username"; fi
+    if [ ! -z "$password" ]; then hilink_password="$password"; fi
+    if [ ! -z "$simpin" ]; then hilink_pin="$simpin"; fi
 }
 
 if [ -z "$1" ]; then echo "none"; exit; fi
@@ -44,7 +44,7 @@ if [ "$opt" = "connected" ]; then
     result=$(_getMobileDataStatus)
     _closeHilinkAPI
 else
-    info_file="/tmp/huawei_infos_${hostip}_${id -u}.dat"
+    info_file="/tmp/huawei_infos_${hostip}_$(id -u).dat"
     if [ -f "$info_file" ]; then
         age=$(( $(date +%s) - $(stat $info_file -c %Y) )) 
         if [[ $age -gt 10 ]]; then rm -f $info_file; fi
@@ -75,7 +75,7 @@ else
           key="msisdn"
           ;;
         imei|imsi|rssi|rsrq|rsrp|sinr|ecio)
-          key="$opt"
+          key="$property"
           ;;
         signal)
           key="rsrq"
diff --git a/config/client_config/onoff_huawei_hilink.sh b/config/client_config/onoff_huawei_hilink.sh
index 2ee413d2..cd050016 100644
--- a/config/client_config/onoff_huawei_hilink.sh
+++ b/config/client_config/onoff_huawei_hilink.sh
@@ -5,6 +5,7 @@
 # options: -u, --user       - user name (default "admin")
 #          -P, --password   - password
 #          -h, --host       - host ip address (default 192.168.8.1)
+#          -d, --devname    - device name (IP is extracted using default route)
 #          -p, --pin        - PIN of SIM card
 #          -c, --connect    - connect 0/1 to set datamode off/on
 #
@@ -12,24 +13,37 @@
 #
 # zbchristian 2021
 
-# include the hilink API (defaults: user=admin, host=192.168.8.1)
+# include the hilink API (defaults: hilink_user=admin, hilink_host=192.168.8.1)
 source /usr/local/sbin/huawei_hilink_api.sh
 
+# include the raspap helper functions
+source /usr/local/sbin/raspap_helpers.sh
+
 datamode=""
+devname=""
 while [ -n "$1" ]; do
     case "$1" in
-        -u|--user)      user="$2"; shift ;;
-        -P|--password)  pw="$2"; shift ;;
-        -p|--pin)       if [[ $2 =~ ^[0-9]{4,8} ]]; then pin="$2"; fi; shift ;;
-        -h|--host)      host="$2"; shift ;;
+        -u|--user)      hilink_user="$2"; shift ;;
+        -P|--password)  hilink_password="$2"; shift ;;
+        -p|--pin)       if [[ $2 =~ ^[0-9]{4,8} ]]; then hilink_pin="$2"; fi; shift ;;
+        -h|--host)      hilink_host="$2"; shift ;;
+        -d|--devname)   devname="$2"; shift ;;
         -c|--connect)   if [ "$2" = "1" ]; then datamode=1; else datamode=0; fi; shift ;;
     esac
     shift
 done
 
-echo  "Hilink: switch device at $host to mode $datamode" | systemd-cat
+if [ ! _loginState ] && [ -z "$hilink_password" ] || [ -z "$hilink_pin" ]; then _getAuthRouter; fi
 
-status="usage: -c 1/0 to disconnect/disconnect"
+if [ ! -z "$devname" ]; then # get host IP for given device name
+    gw=$(ip route list |  sed -rn "s/default via (([0-9]{1,3}\.){3}[0-9]{1,3}).*dev $devname.*/\1/p")
+    if [ -z "$gw" ]; then exit; fi  # device name not found in routing list -> abort 
+    hilink_host="$gw"
+fi
+
+echo  "Hilink: switch device at $hilink_host to mode $datamode" | systemd-cat
+
+status="usage: -c 1/0 to disconnect/connect"
 if [ -z "$datamode" ] || [ ! _initHilinkAPI ]; then echo "Hilink: failed - return status: $status"; exit; fi
 
 if ! _switchMobileData "$datamode"; then echo -n "Hilink: could not switch the data mode on/off . Error: ";_getErrorText; fi
diff --git a/config/client_config/raspap_helpers.sh b/config/client_config/raspap_helpers.sh
new file mode 100644
index 00000000..a20ba309
--- /dev/null
+++ b/config/client_config/raspap_helpers.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+# 
+# Helper functions to extract informations from RaspAP config/settings
+#
+# zbchristian 2021
+#
+# get the values of a RaspAP config variable
+# call: _getRaspapConfig RASPAP_MOBILEDATA_CONFIG
+
+raspap_webroot="/var/www/html"
+
+function _getWebRoot() {
+    local path
+    path=$(cat /etc/lighttpd/lighttpd.conf | sed -rn "s/server.document-root \s*= \"([^ \s]*)\"/\1/p")
+    if [ ! -z "$path" ]; then raspap_webroot="$path"; fi
+    if [ -z "$path" ]; then return 1; else return 0; fi
+}
+
+# expand an RaspAP config variable utilizing PHP
+function _getRaspapConfig() {
+    local conf var
+    raspap_config=""
+    var="$1"
+    if [ ! -z "$var" ]; then 
+        if ! _getWebRoot; then return 1; fi
+        conf="$raspap_webroot/includes/config.php"
+        if [ -f "$conf" ]; then
+            conf=$(php -r 'include "'$conf'"; echo '$var';' 2> /dev/null)
+            if [ ! -z "$conf" ] && [ -d ${conf%/*} ]; then raspap_config="$conf"; fi
+        fi
+    fi
+    if [ -z "$raspap_config" ]; then return 1; else return 0; fi
+}
+
+# Username and password for mobile data devices is stored in a file (RASPAP_MOBILEDATA_CONFIG)  
+function _getAuthRouter() {
+    local mfile mdata pin user pw
+    if ! _getRaspapConfig "RASPI_MOBILEDATA_CONFIG"; then return 1; fi
+    mfile="$raspap_config" 
+    if [ -f $mfile ]; then      
+        mdata=$(cat "$mfile")
+        pin=$(echo "$mdata" | sed -rn 's/pin = ([^ \s]*)/\1/ip')
+        if [ ! -z "$pin" ]; then raspap_pin="$pin"; fi
+        user=$(echo "$mdata" | sed -rn 's/router_user = ([^ \s]*)/\1/ip')
+        if [ ! -z "$user" ]; then raspap_user="$user"; fi
+        pw=$(echo "$mdata" | sed -rn 's/router_pw = ([^ \s]*)/\1/ip')
+        if [ ! -z "$pw" ]; then raspap_password="$pw"; fi
+        return 0
+    fi
+    return 1
+}
diff --git a/config/client_config/start_huawei_hilink.service b/config/client_config/start_huawei_hilink@.service
similarity index 76%
rename from config/client_config/start_huawei_hilink.service
rename to config/client_config/start_huawei_hilink@.service
index 19d775d0..b735b1b1 100644
--- a/config/client_config/start_huawei_hilink.service
+++ b/config/client_config/start_huawei_hilink@.service
@@ -5,7 +5,7 @@ Description=Bring up HUAWEI mobile hilink device
 Type=oneshot
 RemainAfterExit=no
 ExecStart=/bin/sleep 15
-ExecStart=/usr/local/sbin/switchClientState.sh up
+ExecStart=/usr/local/sbin/onoff_huawei_hilink.sh -c 1 -d %i
 
 [Install]
 Alias=start_ltemodem.service
diff --git a/config/client_config/switchClientState.sh b/config/client_config/switchClientState.sh
deleted file mode 100644
index acdd2892..00000000
--- a/config/client_config/switchClientState.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/bash
-# start with "sudo"
-# parameters: up or on 
-#
-# switch client  state to UP
-# the actual code is in PHP
-
-# get webroot
-webroot=$(cat /etc/lighttpd/lighttpd.conf | sed -rn 's/server.document-root\s*=\s*\"(.*)\"\s*$/\1/p')
-webuser=$(cat /etc/lighttpd/lighttpd.conf | sed -rn 's/server.username\s*=\s*\"(.*)\"\s*$/\1/p')
-if [ -z "$webroot" ] || [ ! -d "$webroot" ] || [ -z "$webuser" ]; then 
-    echo "$0 : Problem to obtain webroot directory and/or web user - exit" | systemd-cat 
-    exit
-fi
-cd $webroot
-
-state=""
-if [ ! -z $1 ] && [[ $1 =~ ^(up|on|UP|ON)$ ]]; then
-  state="up"
-elif [ ! -z $1 ] && [[ $1 =~ ^(down|off|DOWN|OFF)$ ]]; then
-  state="down"
-fi
-
-[ -z "$state" ] && exit
-
-sudo -u $webuser php << _EOF_
-<?php
-require_once("includes/config.php");
-require_once("includes/get_clients.php");
-
- loadClientConfig();
- setClientState("$state");
-?>
-_EOF_
-
-
diff --git a/config/client_udev_prototypes.json b/config/client_udev_prototypes.json
index a147e776..bd49f419 100644
--- a/config/client_udev_prototypes.json
+++ b/config/client_udev_prototypes.json
@@ -39,10 +39,10 @@
      "type": "hilink",
      "type_info": "Huawei Hilink",
      "clientid": 4,
-     "comment": "Huawei mobile data device in router mode. Control via HTTP",
+     "comment": "Huawei mobile data device in router mode. Control via HTTP. Device is connecting via service",
      "name_prefix": "hilink",
      "default_ip": "192.168.8.1",
-     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\", ENV{raspapType}=\"hilink\", TAG+=\"systemd\", ENV{SYSTEMD_WANTS}=\"start start_huawei_hilink.service\" "
+     "udev_rule": "SUBSYSTEM==\"net\", ACTION==\"add\", SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"$IDVENDOR$\", ATTRS{idProduct}==\"$IDPRODUCT$\", NAME=\"$DEVNAME$\", ENV{raspapType}=\"hilink\", TAG+=\"systemd\", ENV{SYSTEMD_WANTS}=\"start start_huawei_hilink@hilink%n.service\" "
     },
     {
      "type": "phone", 
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 355fd8eb..fc692e1c 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -53,7 +53,6 @@ www-data ALL=(ALL) NOPASSWD:/usr/local/sbin/onoff_huawei_hilink.sh *
 www-data ALL=(ALL) NOPASSWD:/bin/sed -i * /etc/wvdial.conf
 www-data ALL=(ALL) NOPASSWD:/bin/sed -i * /etc/udev/rules.d/80-raspap-net-devices.rules
 www-data ALL=(ALL) NOPASSWD:/usr/bin/tee -a /etc/udev/rules.d/80-raspap-net-devices.rules
-www-data ALL=(ALL) NOPASSWD:/usr/local/sbin/switchClientState.sh *
 www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl * wg-quick@wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg

From 8f702a2a559fa22eea9859465146e330e20106a0 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <zeitnitz@uni-wuppertal.de>
Date: Fri, 18 Jun 2021 17:27:11 +0200
Subject: [PATCH 210/300] Correct Hilink authentication and service

---
 config/client_config/80-raspap-net-devices.rules | 2 +-
 config/client_config/onoff_huawei_hilink.sh      | 9 +++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/config/client_config/80-raspap-net-devices.rules b/config/client_config/80-raspap-net-devices.rules
index 33e6584c..ddec8203 100644
--- a/config/client_config/80-raspap-net-devices.rules
+++ b/config/client_config/80-raspap-net-devices.rules
@@ -1,3 +1,3 @@
-SUBSYSTEM=="net", ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="12d1", ATTRS{idProduct}=="14db", NAME="hilink%n",  TAG+="systemd", ENV{SYSTEMD_WANTS}="start start_huawei_hilink.service"
+SUBSYSTEM=="net", ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="12d1", ATTRS{idProduct}=="14db", NAME="hilink%n",  TAG+="systemd", ENV{SYSTEMD_WANTS}="start start_huawei_hilink@hilink%n.service"
 
 
diff --git a/config/client_config/onoff_huawei_hilink.sh b/config/client_config/onoff_huawei_hilink.sh
index cd050016..9b3f8413 100644
--- a/config/client_config/onoff_huawei_hilink.sh
+++ b/config/client_config/onoff_huawei_hilink.sh
@@ -33,14 +33,19 @@ while [ -n "$1" ]; do
     shift
 done
 
-if [ ! _loginState ] && [ -z "$hilink_password" ] || [ -z "$hilink_pin" ]; then _getAuthRouter; fi
-
 if [ ! -z "$devname" ]; then # get host IP for given device name
     gw=$(ip route list |  sed -rn "s/default via (([0-9]{1,3}\.){3}[0-9]{1,3}).*dev $devname.*/\1/p")
     if [ -z "$gw" ]; then exit; fi  # device name not found in routing list -> abort 
     hilink_host="$gw"
 fi
 
+if [ -z "$hilink_password" ] || [ -z "$hilink_pin" ]; then 
+    _getAuthRouter
+    if [ ! -z "$raspap_user" ]; then hilink_user="$raspap_user"; fi
+    if [ ! -z "$raspap_password" ]; then hilink_password="$raspap_password"; fi
+    if [ ! -z "$raspap_pin" ]; then hilink_pin="$raspap_pin"; fi
+fi
+
 echo  "Hilink: switch device at $hilink_host to mode $datamode" | systemd-cat
 
 status="usage: -c 1/0 to disconnect/connect"

From ab9e9ae8d4dd0540b3114a4ca5804aad63bcc7fa Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Sun, 20 Jun 2021 17:10:48 +0200
Subject: [PATCH 211/300] Update README.md

---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index cf2d990e..b371b9b1 100644
--- a/README.md
+++ b/README.md
@@ -27,13 +27,13 @@ As part of the initial rollout of Insiders, all previous one-time backers of Ras
 ## Exclusive features
 The following features are currently available exclusively to sponsors. A tangible side benefit of sponsorship is that Insiders are able to help steer future development of RaspAP. This is done through your Insiders access to discussions, feature requests, issues and pull requests in the private GitHub repository.
 
-✅ [Manage OpenVPN client configs](https://docs.raspap.com/openvpn/#multiple-client-configs)  
-✅ [OpenVPN certificate authentication](https://docs.raspap.com/openvpn/#certificate-authentication)      
+✅ [Manage OpenVPN client configs](https://docs.raspap.com/openvpn.html#multiple-client-configs)  
+✅ [OpenVPN certificate authentication](https://docs.raspap.com/openvpn.html#certificate-authentication)      
 ✅ OpenVPN service logging  
 ✅ Night mode toggle  
 ✅ Restrict network to static clients  
-✅ [WireGuard support](https://docs.raspap.com/wireguard/)  
-✅ [Set AP transmit power](https://docs.raspap.com/ap-basics/#transmit-power)  
+✅ [WireGuard support](https://docs.raspap.com/wireguard.html)  
+✅ [Set AP transmit power](https://docs.raspap.com/ap-basics.html#transmit-power)  
 ✅ Mobile data client support  
 ⚙️ Traffic shaping (in progress)  
 

From 8ae0fce366f287a33a6b18bf8e747ff08c121843 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 3 Jul 2021 23:01:35 +0100
Subject: [PATCH 212/300] Initial commit

---
 app/lib/uploader.php | 503 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 503 insertions(+)
 create mode 100644 app/lib/uploader.php

diff --git a/app/lib/uploader.php b/app/lib/uploader.php
new file mode 100644
index 00000000..e8a31b8e
--- /dev/null
+++ b/app/lib/uploader.php
@@ -0,0 +1,503 @@
+<?php
+
+/**
+ * Simple PHP upload class
+ *
+ * Adapted from aivis/PHP-file-upload-class
+ *
+ * @description File upload class for RaspAP
+ * @author      Bill Zimmerman <billzimmerman@gmail.com>
+ * @author      Aivis Silins
+ * @link        https://github.com/aivis/PHP-file-upload-class
+ * @license     https://github.com/raspap/raspap-webgui/blob/master/LICENSE
+ */
+
+class Upload
+{
+
+    /**
+     * Default directory persmissions (destination)
+     */
+    protected $default_permissions = 0750;
+
+    /**
+     * File post array
+     *
+     * @var array
+     */
+    protected $file_post = array();
+
+    /**
+     * Destination directory
+     *
+     * @var string
+     */
+    protected $destination;
+
+    /**
+     * Fileinfo
+     *
+     * @var object
+     */
+    protected $finfo;
+
+    /**
+     * Data about file
+     *
+     * @var array
+     */
+    public $file = array();
+
+    /**
+     * Max. file size
+     *
+     * @var int
+     */
+    protected $max_file_size;
+
+    /**
+     * Allowed mime types
+     *
+     * @var array
+     */
+    protected $mimes = array();
+
+    /**
+     * Temp path
+     *
+     * @var string
+     */
+    protected $tmp_name;
+
+    /**
+     * Validation errors
+     *
+     * @var array
+     */
+    protected $validation_errors = array();
+
+    /**
+     * Filename (new)
+     *
+     * @var string
+     */
+    protected $filename;
+
+    /**
+     * Internal callbacks (filesize check, mime, etc)
+     *
+     * @var array
+     */
+    private $callbacks = array();
+
+    /**
+     * Root dir
+     *
+     * @var string
+     */
+    protected $root;
+
+    /**
+     * Return upload object
+     *
+     * $destination    = 'path/to/file/destination/';
+     *
+     * @param  string $destination
+     * @param  string $root
+     * @return Upload
+     */
+    public static function factory($destination, $root = false)
+    {
+        return new Upload($destination, $root);
+    }
+
+    /**
+     *  Define root constant and set & create destination path
+     *
+     * @param string $destination
+     * @param string $root
+     */
+    public function __construct($destination, $root = false)
+    {
+        if ($root) {
+            $this->root = $root;
+        } else {
+            $this->root = $_SERVER['DOCUMENT_ROOT'] . DIRECTORY_SEPARATOR;
+        }
+
+        // set & create destination path
+        if (!$this->set_destination($destination)) {
+            throw new Exception('Upload: Unable to create destination. '.$this->root . $this->destination);
+        }
+        //create finfo object
+        $this->finfo = new finfo();
+    }
+
+    /**
+     * Set target filename
+     *
+     * @param string $filename
+     */
+    public function set_filename($filename)
+    {
+        $this->filename = $filename;
+    }
+
+    /**
+     * Check & Save file
+     *
+     * Return data about current upload
+     *
+     * @return array
+     */
+    public function upload($filename = false)
+    {
+        if($filename ) {
+            $this->set_filename($filename);
+        }
+
+        $this->set_filename($filename);
+        
+        if ($this->check()) {
+            $this->save();
+        }
+
+        // return state data
+        return $this->get_state();
+    }
+
+    /**
+     * Save file on server
+     * Return state data
+     *
+     * @return array
+     */
+    public function save()
+    {
+        $this->save_file();
+        return $this->get_state();
+    }
+
+    /**
+     * Validate file (execute callbacks)
+     * Returns TRUE if validation successful
+     *
+     * @return bool
+     */
+    public function check()
+    {
+        //execute callbacks (check filesize, mime, also external callbacks
+        $this->validate();
+
+        //add error messages
+        $this->file['errors'] = $this->get_errors();
+
+        //change file validation status
+        $this->file['status'] = empty($this->validation_errors);
+
+        return $this->file['status'];
+    }
+
+    /**
+     * Get current state data
+     *
+     * @return array
+     */
+    public function get_state()
+    {
+        return $this->file;
+    }
+
+    /**
+     * Save file on server
+     */
+    protected function save_file()
+    {
+        //create & set new filename
+        if(empty($this->filename)) {
+            $this->create_new_filename();
+        }
+
+        //set filename
+        $this->file['filename'] = $this->filename;
+
+        //set full path
+        $this->file['full_path'] = $this->root . $this->destination . $this->filename;
+            $this->file['path'] = $this->destination . $this->filename;
+
+        $status = move_uploaded_file($this->tmp_name, $this->file['full_path']);
+
+        //checks whether upload successful
+        if (!$status) {
+            throw new Exception('Upload: Failed to upload file.');
+        }
+
+        //done
+        $this->file['status'] = true;
+    }
+
+    /**
+     * Set data about file
+     */
+    protected function set_file_data()
+    {
+        $file_size = $this->get_file_size();
+        $this->file = array(
+        'status'            => false,
+        'destination'       => $this->destination,
+        'size_in_bytes'     => $file_size,
+        'size_in_mb'        => $this->bytes_to_mb($file_size),
+        'mime'              => $this->get_file_mime(),
+        'filename'          => $this->file_post['name'],
+        'tmp_name'          => $this->file_post['tmp_name'],
+        'post_data'         => $this->file_post,
+        );
+    }
+
+    /**
+     * Set validation error
+     *
+     * @param string $message
+     */
+    public function set_error($message)
+    {
+        $this->validation_errors[] = $message;
+    }
+
+    /**
+     * Return validation errors
+     *
+     * @return array
+     */
+    public function get_errors()
+    {
+        return $this->validation_errors;
+    }
+
+    /**
+     * Set external callback methods
+     *
+     * @param object $instance_of_callback_object
+     * @param array  $callback_methods
+     */
+    public function callbacks($instance_of_callback_object, $callback_methods)
+    {
+        if (empty($instance_of_callback_object)) {
+            throw new Exception('Upload: $instance_of_callback_object cannot be empty.');
+
+        }
+
+        if (!is_array($callback_methods)) {
+            throw new Exception('Upload: $callback_methods data type need to be array.');
+        }
+
+        $this->external_callback_object = $instance_of_callback_object;
+        $this->external_callback_methods = $callback_methods;
+    }
+
+    /**
+     * Execute callbacks
+     */
+    protected function validate()
+    {
+        //get curent errors
+        $errors = $this->get_errors();
+
+        if (empty($errors)) {
+
+            //set data about current file
+            $this->set_file_data();
+
+            //execute internal callbacks
+            $this->execute_callbacks($this->callbacks, $this);
+
+            //execute external callbacks
+            $this->execute_callbacks($this->external_callback_methods, $this->external_callback_object);
+        }
+    }
+
+    /**
+     * Execute callbacks
+     */
+    protected function execute_callbacks($callbacks, $object)
+    {
+        foreach($callbacks as $method) {
+            $object->$method($this);
+
+        }
+    }
+
+    /**
+     * File mime type validation callback
+     *
+     * @param object $object
+     */
+    protected function check_mime_type($object)
+    {
+        if (!empty($object->mimes)) {
+            if (!in_array($object->file['mime'], $object->mimes)) {
+                $object->set_error('Mime type not allowed.');
+            }
+        }
+    }
+
+    /**
+     * Set allowed mime types
+     *
+     * @param array $mimes
+     */
+    public function set_allowed_mime_types($mimes)
+    {
+        $this->mimes        = $mimes;
+        //if mime types is set -> set callback
+        $this->callbacks[]    = 'check_mime_type';
+    }
+
+    /**
+     * File size validation callback
+     *
+     * @param object $object
+     */
+    protected function check_file_size($object)
+    {
+        if (!empty($object->max_file_size)) {
+            $file_size_in_mb = $this->bytes_to_mb($object->file['size_in_bytes']);
+            if ($object->max_file_size <= $file_size_in_mb) {
+                $object->set_error('File exceeds maximum allowed size.');
+            }
+        }
+    }
+
+    /**
+     * Set max file size
+     *
+     * @param int $size
+     */
+    public function set_max_file_size($size)
+    {
+        $this->max_file_size = $size;
+        
+        //if max file size is set -> set callback
+        $this->callbacks[] = 'check_file_size';
+    }
+
+    /**
+     * Set File array to object
+     *
+     * @param array $file
+     */
+    public function file($file)
+    {
+        $this->set_file_array($file);
+    }
+
+    /**
+     * Set file array
+     *
+     * @param array $file
+     */
+    protected function set_file_array($file)
+    {
+        //checks whether file array is valid
+        if (!$this->check_file_array($file)) {
+            //file not selected or some bigger problems (broken files array)
+            $this->set_error('Please select file.');
+        }
+
+        //set file data
+        $this->file_post = $file;
+
+        //set tmp path
+        $this->tmp_name  = $file['tmp_name'];
+    }
+
+    /**
+     * Checks whether Files post array is valid
+     *
+     * @return bool
+     */
+    protected function check_file_array($file)
+    {
+        return isset($file['error'])
+        && !empty($file['name'])
+        && !empty($file['type'])
+        && !empty($file['tmp_name'])
+        && !empty($file['size']);
+    }
+
+    /**
+     * Get file mime type
+     *
+     * @return string
+     */
+    protected function get_file_mime()
+    {
+        return $this->finfo->file($this->tmp_name, FILEINFO_MIME_TYPE);
+    }
+
+    /**
+     * Get file size
+     *
+     * @return int
+     */
+    protected function get_file_size()
+    {
+        return filesize($this->tmp_name);
+    }
+
+    /**
+     * Set destination path (return TRUE on success)
+     *
+     * @param  string $destination
+     * @return bool
+     */
+    protected function set_destination($destination)
+    {
+        $this->destination = $destination . DIRECTORY_SEPARATOR;
+        return $this->destination_exist() ? true : $this->create_destination();
+    }
+
+    /**
+     * Checks whether destination folder exists
+     *
+     * @return bool
+     */
+    protected function destination_exist()
+    {
+        return is_writable($this->root . $this->destination);
+    }
+
+    /**
+     * Create path to destination
+     *
+     * @param  string $dir
+     * @return bool
+     */
+    protected function create_destination()
+    {
+        return mkdir($this->root . $this->destination, $this->default_permissions, true);
+    }
+
+    /**
+     * Set unique filename
+     *
+     * @return string
+     */
+    protected function create_new_filename()
+    {
+        $filename = sha1(mt_rand(1, 9999) . $this->destination . uniqid()) . time();
+        $this->set_filename($filename);
+    }
+
+    /**
+     * Convert bytes to MB
+     *
+     * @param  int $bytes
+     * @return int
+     */
+    protected function bytes_to_mb($bytes)
+    {
+        return round(($bytes / 1048576), 2);
+    }
+}
+

From b7a9c6254edfe88d23f2ebc07f2ae843d582a7b8 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 3 Jul 2021 23:03:14 +0100
Subject: [PATCH 213/300] Refactor w/ file upload class

---
 includes/openvpn.php | 78 ++++++++++++++++----------------------------
 1 file changed, 28 insertions(+), 50 deletions(-)

diff --git a/includes/openvpn.php b/includes/openvpn.php
index 67084df4..6243b603 100755
--- a/includes/openvpn.php
+++ b/includes/openvpn.php
@@ -3,6 +3,7 @@
 require_once 'includes/status_messages.php';
 require_once 'includes/config.php';
 require_once 'includes/wifi_functions.php';
+require_once 'app/lib/uploader.php';
 
 getWifiInterface();
 
@@ -87,6 +88,18 @@ function DisplayOpenVPNConfig()
     );
 }
 
+/* File upload callback object
+ *
+ */
+class validation {
+    public function check_name_length($object)
+    {
+		if (strlen($object->file['filename']) > 255) {
+			$object->set_error('File name is too long.');
+        }
+    }
+}
+
 /**
  * Validates uploaded .ovpn file, adds auth-user-pass and
  * stores auth credentials in login.conf. Copies files from
@@ -100,8 +113,10 @@ function DisplayOpenVPNConfig()
  */
 function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
 {
-    $tmp_ovpnclient = '/tmp/ovpnclient.ovpn';
-    $tmp_authdata = '/tmp/authdata';
+    define('KB', 1024);
+    $tmp_destdir = '/tmp/';
+    $tmp_ovpnclient = $tmp_destdir .'ovpn/ovpnclient.ovpn';
+    $tmp_authdata = $tmp_destdir .'ovpn/authdata';
     $auth_flag = 0;
 
     try {
@@ -110,61 +125,24 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
             throw new RuntimeException('Invalid parameters');
         }
 
-        // Parse returned errors
-        switch ($file['error']) {
-        case UPLOAD_ERR_OK:
-            break;
-        case UPLOAD_ERR_NO_FILE:
-            throw new RuntimeException('OpenVPN configuration file not sent');
-        case UPLOAD_ERR_INI_SIZE:
-        case UPLOAD_ERR_FORM_SIZE:
-            throw new RuntimeException('Exceeded filesize limit');
-        default:
-            throw new RuntimeException('Unknown errors');
-        }
+        $upload = Upload::factory('ovpn',$tmp_destdir);
+        $upload->set_max_file_size(64*KB);
+        $upload->set_allowed_mime_types(array('ovpn' => 'text/plain'));
+        $upload->file($file);
 
-        // Validate extension
-        $ext = pathinfo($file['name'], PATHINFO_EXTENSION);
-        if ($ext != 'ovpn') {
-            throw new RuntimeException('Invalid file extension');
-        }
+        $validation = new validation;
+        $upload->callbacks($validation, array('check_name_length'));
+        $results = $upload->upload();
 
-        // Validate MIME type
-        $finfo = new finfo(FILEINFO_MIME_TYPE);
-        if (false === $ext = array_search(
-            $finfo->file($file['tmp_name']),
-            array(
-                'ovpn' => 'text/plain'
-            ),
-            true
-        )
-        ) {
-            throw new RuntimeException('Invalid file format');
-        }
-
-        // Validate filesize
-        define('KB', 1024);
-        if ($file['size'] > 64*KB) {
-            throw new RuntimeException('File size limit exceeded');
-        }
-
-        // Use safe filename, save to /tmp
-        if (!move_uploaded_file(
-            $file['tmp_name'],
-            sprintf(
-                '/tmp/%s.%s',
-                'ovpnclient',
-                $ext
-            )
-        )
-        ) {
-            throw new RuntimeException('Unable to move uploaded file');
+        if (!empty($results['errors'])) {
+            throw new RuntimeException($results['errors'][0]);
         }
+        echo '<pre>' . var_export($results, true) . '</pre>';
+        #die();
 
         // Good file upload, update auth credentials if present
         if (!empty($authUser) && !empty($authPassword)) {
             $auth_flag = 1;
-            // Move tmp authdata to /etc/openvpn/login.conf
             $auth.= $authUser .PHP_EOL . $authPassword .PHP_EOL;
             file_put_contents($tmp_authdata, $auth);
             chmod($tmp_authdata, 0644);

From 8409c3e7d89a0d68bd2646cb03eb268504923ada Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 4 Jul 2021 10:46:00 +0100
Subject: [PATCH 214/300] Update sudoers ovpn actions

---
 installers/raspap.sudoers | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 260a45fc..2892c227 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -20,8 +20,7 @@ www-data ALL=(ALL) NOPASSWD:/bin/systemctl start openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl enable openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl disable openvpn-client@client
-www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/*.conf
-www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/authdata /etc/openvpn/client/*.conf
+www-data ALL=(ALL) NOPASSWD:/bin/mv /tmp/ovpn/* /etc/openvpn/client/*.conf
 www-data ALL=(ALL) NOPASSWD:/usr/bin/ln -s /etc/openvpn/client/*.conf /etc/openvpn/client/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/openvpn/client/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_*.conf

From 699f9ff3970666ef297471f7161269b234ca4223 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 4 Jul 2021 10:47:45 +0100
Subject: [PATCH 215/300] Bugfix + remove debug output

---
 includes/openvpn.php | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/includes/openvpn.php b/includes/openvpn.php
index 6243b603..7d4b2858 100755
--- a/includes/openvpn.php
+++ b/includes/openvpn.php
@@ -88,18 +88,6 @@ function DisplayOpenVPNConfig()
     );
 }
 
-/* File upload callback object
- *
- */
-class validation {
-    public function check_name_length($object)
-    {
-		if (strlen($object->file['filename']) > 255) {
-			$object->set_error('File name is too long.');
-        }
-    }
-}
-
 /**
  * Validates uploaded .ovpn file, adds auth-user-pass and
  * stores auth credentials in login.conf. Copies files from
@@ -115,8 +103,6 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
 {
     define('KB', 1024);
     $tmp_destdir = '/tmp/';
-    $tmp_ovpnclient = $tmp_destdir .'ovpn/ovpnclient.ovpn';
-    $tmp_authdata = $tmp_destdir .'ovpn/authdata';
     $auth_flag = 0;
 
     try {
@@ -137,17 +123,16 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
         if (!empty($results['errors'])) {
             throw new RuntimeException($results['errors'][0]);
         }
-        echo '<pre>' . var_export($results, true) . '</pre>';
-        #die();
 
         // Good file upload, update auth credentials if present
         if (!empty($authUser) && !empty($authPassword)) {
             $auth_flag = 1;
+            $tmp_authdata = $tmp_destdir .'ovpn/authdata';
             $auth.= $authUser .PHP_EOL . $authPassword .PHP_EOL;
             file_put_contents($tmp_authdata, $auth);
             chmod($tmp_authdata, 0644);
             $client_auth = RASPI_OPENVPN_CLIENT_PATH.pathinfo($file['name'], PATHINFO_FILENAME).'_login.conf';
-            system("sudo cp $tmp_authdata $client_auth", $return);
+            system("sudo mv $tmp_authdata $client_auth", $return);
             system("sudo rm ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
             system("sudo ln -s $client_auth ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
             if ($return !=0) {
@@ -161,9 +146,11 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
             $status->addMessage($line, 'info');
         }
 
+        // Move uploaded ovpn config from /tmp and create symlink
         $client_ovpn = RASPI_OPENVPN_CLIENT_PATH.pathinfo($file['name'], PATHINFO_FILENAME).'_client.conf';
+        $tmp_ovpn = $results['full_path'];
         chmod($tmp_ovpnclient, 0644);
-        system("sudo cp $tmp_ovpnclient $client_ovpn", $return);
+        system("sudo mv $tmp_ovpn $client_ovpn", $return);
         system("sudo rm ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
         system("sudo ln -s $client_ovpn ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
 
@@ -179,3 +166,16 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
         return $status;
     }
 }
+
+/* File upload callback object
+ *
+ */
+class validation {
+    public function check_name_length($object)
+    {
+        if (strlen($object->file['filename']) > 255) {
+            $object->set_error('File name is too long.');
+        }
+    }
+}
+

From 87352b8b42d88123d430e1fdd2d68fd128afba9f Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 4 Jul 2021 11:15:50 +0100
Subject: [PATCH 216/300] Update w/ namespace, fix configauth for client.conf

---
 includes/openvpn.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/includes/openvpn.php b/includes/openvpn.php
index 7d4b2858..598f0b03 100755
--- a/includes/openvpn.php
+++ b/includes/openvpn.php
@@ -111,7 +111,7 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
             throw new RuntimeException('Invalid parameters');
         }
 
-        $upload = Upload::factory('ovpn',$tmp_destdir);
+        $upload = \RaspAP\Uploader\Upload::factory('ovpn',$tmp_destdir);
         $upload->set_max_file_size(64*KB);
         $upload->set_allowed_mime_types(array('ovpn' => 'text/plain'));
         $upload->file($file);
@@ -128,7 +128,7 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
         if (!empty($authUser) && !empty($authPassword)) {
             $auth_flag = 1;
             $tmp_authdata = $tmp_destdir .'ovpn/authdata';
-            $auth.= $authUser .PHP_EOL . $authPassword .PHP_EOL;
+            $auth = $authUser .PHP_EOL . $authPassword .PHP_EOL;
             file_put_contents($tmp_authdata, $auth);
             chmod($tmp_authdata, 0644);
             $client_auth = RASPI_OPENVPN_CLIENT_PATH.pathinfo($file['name'], PATHINFO_FILENAME).'_login.conf';
@@ -141,15 +141,15 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
         }
 
         // Set iptables rules and, optionally, auth-user-pass
-        exec("sudo /etc/raspap/openvpn/configauth.sh $tmp_ovpnclient $auth_flag " .$_SESSION['ap_interface'], $return);
+        $tmp_ovpn = $results['full_path'];
+        exec("sudo /etc/raspap/openvpn/configauth.sh $tmp_ovpn $auth_flag " .$_SESSION['ap_interface'], $return);
         foreach ($return as $line) {
             $status->addMessage($line, 'info');
         }
 
         // Move uploaded ovpn config from /tmp and create symlink
         $client_ovpn = RASPI_OPENVPN_CLIENT_PATH.pathinfo($file['name'], PATHINFO_FILENAME).'_client.conf';
-        $tmp_ovpn = $results['full_path'];
-        chmod($tmp_ovpnclient, 0644);
+        chmod($tmp_ovpn, 0644);
         system("sudo mv $tmp_ovpn $client_ovpn", $return);
         system("sudo rm ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
         system("sudo ln -s $client_ovpn ".RASPI_OPENVPN_CLIENT_CONFIG, $return);

From 8cd2c59ca12a1d4845ed40871813eb27cf535be1 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 4 Jul 2021 11:16:21 +0100
Subject: [PATCH 217/300] Update w/ namespace

---
 app/lib/uploader.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/lib/uploader.php b/app/lib/uploader.php
index e8a31b8e..6e19d9e8 100644
--- a/app/lib/uploader.php
+++ b/app/lib/uploader.php
@@ -12,6 +12,8 @@
  * @license     https://github.com/raspap/raspap-webgui/blob/master/LICENSE
  */
 
+namespace RaspAP\Uploader;
+
 class Upload
 {
 
@@ -130,7 +132,7 @@ class Upload
             throw new Exception('Upload: Unable to create destination. '.$this->root . $this->destination);
         }
         //create finfo object
-        $this->finfo = new finfo();
+        $this->finfo = new \finfo();
     }
 
     /**

From de586e00249701fdd20f8d3d5f72b127271cc001 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 6 Jul 2021 22:18:43 +0100
Subject: [PATCH 218/300] Work in progress: WG server config panels

---
 app/js/custom.js         |  11 ++++-
 templates/wg/general.php | 102 +++++++++++++++++++++++++--------------
 2 files changed, 76 insertions(+), 37 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index 4ba0436b..ff0b303f 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -307,7 +307,6 @@ $('#ovpn-confirm-activate').on('shown.bs.modal', function (e) {
 });
 
 $('#ovpn-userpw,#ovpn-certs').on('click', function (e) {
-//    e.stopPropagation();
     if (this.id == 'ovpn-userpw') {
         $('#PanelCerts').hide();
         $('#PanelUserPW').show();
@@ -317,6 +316,16 @@ $('#ovpn-userpw,#ovpn-certs').on('click', function (e) {
     }
 });
 
+$('#wg-upload,#wg-manual').on('click', function (e) {
+    if (this.id == 'wg-upload') {
+        $('#PanelManual').hide();
+        $('#PanelUpload').show();
+    } else if (this.id == 'wg-manual') {
+        $('#PanelUpload').hide();
+        $('#PanelManual').show();
+    }
+});
+
 // Add the following code if you want the name of the file appear on select
 $(".custom-file-input").on("change", function() {
   var fileName = $(this).val().split("\\").pop();
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 06d09811..86eefe75 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -9,47 +9,77 @@
           <label class="custom-control-label" for="server_enabled"><?php echo _("Enable server") ?></label>
         </div>
         <p id="wg-description">
-          <small><?php echo _("Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers.") ?></small>
-          <small><?php echo _("This option adds <code>wg0.conf</code> to the WireGuard configuration.") ?></small>
+          <small><?php echo _("Enable this option to secure network traffic by creating an encrypted tunnel between RaspAP and configured peers.") ?></small>
         </p>
         </div>
+        <h5><?php echo _("Configuration Method"); ?></h5>
+        <div class="col-sm-12 mt-2 mb-2 form-check">
+          <input class="form-check-input" id="wg-manual" name="sel1" value="manual" data-toggle="" data-parent="#serversettings" data-target="#wgManual" type="radio" checked>
+          <label class="form-check-label"><?php echo _("Manual settings"); ?></label>
+        </div>
+        <div class="col-sm-12 mt-2 mb-2 form-check">
+          <input class="form-check-input" id="wg-upload" name="sel1" value="upload" data-toggle="" data-parent="#serversettings" data-target="#wgUpload" type="radio">
+          <label class="form-check-label"><?php echo _("Upload <code>wg0.conf</code> file"); ?></label>
+        </div>
 
-        <div class="row">
-          <div class="col-xs-3 col-sm-6">
-            <label for="code"><?php echo _("Local public key"); ?></label>
-          </div>
-          <div class="input-group col-md-12 mb-3">
-            <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
-            <div class="input-group-append">
-              <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
-              <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+        <div class="col-sm-12 ml-2">
+          <div class="panel-group" id="serversettings">
+            <div class="panel panel-default panel-collapse" id="PanelManual">
+              <div class="panel-heading">
+                <h5 class="panel-title"><?php echo _("Create a local WireGuard config"); ?></h5>
+                <p id="wg-description">
+                  <small><?php echo _("This option generates a new <code>wg0.conf</code> WireGuard configuration on this device.") ?></small>
+                </p>
+              </div>
+              <div class="panel-body">
+                <label for="code"><?php echo _("Local public key"); ?></label>
+                <div class="input-group col-md-12 mb-3">
+                  <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
+                  <div class="input-group-append">
+                    <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
+                    <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+                  </div>
+                </div>
+              </div>
+
+              <div class="form-group col-xs-3 col-sm-3">
+                <label for="code"><?php echo _("Local Port"); ?></label>
+                <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
+              </div>
+
+              <div class="form-group col-md-6">
+                <label for="code"><?php echo _("IP Address"); ?></label>
+                <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
+              </div>
+
+              <div class="form-group col-md-6">
+                <label for="code"><?php echo _("DNS"); ?></label>
+                <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" />
+              </div>
+            </div><!-- /.panel-body -->
+          </div><!-- /.panel -->
+
+          <div class="panel panel-default panel-collapse" id="PanelUpload">
+            <div class="panel-heading">
+              <h5 class="panel-title"><?php echo _("Upload a WireGuard config"); ?></h5>
+              <p id="wg-description">
+                <small><?php echo _("This option uploads an existing WireGuard <code>.conf</code> file to this device.") ?></small>
+              </p>
             </div>
-          </div>
-        </div>
-
-        <div class="row">
-          <div class="form-group col-xs-3 col-sm-3">
-            <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
-          </div>
-        </div>
-
-        <div class="row">
-          <div class="form-group col-md-6">
-            <label for="code"><?php echo _("IP Address"); ?></label>
-            <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
-          </div>
-        </div>
-
-        <div class="row">
-          <div class="form-group col-md-6">
-            <label for="code"><?php echo _("DNS"); ?></label>
-            <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" />
-          </div>
-        </div>
-
+            <div class="panel-body">
+              <div class="form-group">
+                <h5 class="panel-title"><?php echo _("Configuration File"); ?></h4>
+                <div class="custom-file">
+                 <input type="file" class="custom-file-input" name="wgFile" id="wgFile">
+                 <label class="custom-file-label" for="customFile"><?php echo _("Select WireGuard configuration file (.conf)"); ?></label>
+               </div>
+             </div>
+           </div><!-- /.panel-body -->
+          </div><!-- /.panel -->
+        </div><!-- /.panel-group -->
+      </div><!-- /.col -->
     </div>
-  </div><!-- /.row -->
+
 </div><!-- /.tab-pane | settings tab -->
 
 

From 84d5584150b556abbe03dbab57624da0b0562525 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 6 Jul 2021 23:10:10 +0100
Subject: [PATCH 219/300] Move file upload validation class to functions

---
 includes/functions.php | 25 +++++++++++++++++++++----
 includes/openvpn.php   | 12 ------------
 2 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/includes/functions.php b/includes/functions.php
index 93c609a3..b30ff825 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -721,13 +721,15 @@ function validateCidr($cidr)
 }    
 
 // Validates a host or FQDN
-function validate_host($host) {
+function validate_host($host)
+{
   return preg_match('/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i', $host);
 }
 
 // Gets night mode toggle value
 // @return boolean
-function getNightmode(){
+function getNightmode()
+{
     if ($_COOKIE['theme'] == 'lightsout.css') {
         return true;
     } else {
@@ -736,7 +738,8 @@ function getNightmode(){
 }	
 	
 // search array for matching string and return only first matching group
-function preg_only_match($pat,$haystack) {
+function preg_only_match($pat,$haystack)
+{
   $match = "";
   if(!empty($haystack) && !empty($pat)) {
     if(!is_array($haystack)) $haystack = array($haystack);
@@ -754,10 +757,24 @@ function qr_encode($str)
     return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);
 }
 
-function evalHexSequence($string) {
+function evalHexSequence($string)
+{
     $evaluator = function ($input) {
 	return hex2bin($input[1]);
     };
     return preg_replace_callback('/\\\x(..)/', $evaluator, $string);
 }
 
+/* File upload callback object
+ *
+ */
+class validation
+{
+    public function check_name_length($object)
+    {
+        if (strlen($object->file['filename']) > 255) {
+            $object->set_error('File name is too long.');
+        }
+    }
+}
+
diff --git a/includes/openvpn.php b/includes/openvpn.php
index 598f0b03..eae9c42d 100755
--- a/includes/openvpn.php
+++ b/includes/openvpn.php
@@ -167,15 +167,3 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
     }
 }
 
-/* File upload callback object
- *
- */
-class validation {
-    public function check_name_length($object)
-    {
-        if (strlen($object->file['filename']) > 255) {
-            $object->set_error('File name is too long.');
-        }
-    }
-}
-

From 1adaca1ea1cba242efa60cdd8963554339477650 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 6 Jul 2021 23:11:16 +0100
Subject: [PATCH 220/300] Set file upload as default wg config method

---
 app/js/custom.js         |  4 ++++
 templates/wg/general.php | 51 ++++++++++++++++++++--------------------
 2 files changed, 29 insertions(+), 26 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index ff0b303f..dc886d07 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -316,6 +316,10 @@ $('#ovpn-userpw,#ovpn-certs').on('click', function (e) {
     }
 });
 
+$(document).ready(function(){
+  $("#PanelManual").hide();
+});
+
 $('#wg-upload,#wg-manual').on('click', function (e) {
     if (this.id == 'wg-upload') {
         $('#PanelManual').hide();
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 86eefe75..34147aef 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -9,21 +9,40 @@
           <label class="custom-control-label" for="server_enabled"><?php echo _("Enable server") ?></label>
         </div>
         <p id="wg-description">
-          <small><?php echo _("Enable this option to secure network traffic by creating an encrypted tunnel between RaspAP and configured peers.") ?></small>
+          <small><?php echo _("Enable this option to secure network traffic by creating an encrypted tunnel between RaspAP and configured endpoints.") ?></small>
         </p>
         </div>
         <h5><?php echo _("Configuration Method"); ?></h5>
         <div class="col-sm-12 mt-2 mb-2 form-check">
-          <input class="form-check-input" id="wg-manual" name="sel1" value="manual" data-toggle="" data-parent="#serversettings" data-target="#wgManual" type="radio" checked>
-          <label class="form-check-label"><?php echo _("Manual settings"); ?></label>
+          <input class="form-check-input" id="wg-upload" name="sel1" value="upload" data-toggle="" data-parent="#serversettings" data-target="#wgUpload" type="radio" checked>
+          <label class="form-check-label"><?php echo _("File upload"); ?></label>
         </div>
         <div class="col-sm-12 mt-2 mb-2 form-check">
-          <input class="form-check-input" id="wg-upload" name="sel1" value="upload" data-toggle="" data-parent="#serversettings" data-target="#wgUpload" type="radio">
-          <label class="form-check-label"><?php echo _("Upload <code>wg0.conf</code> file"); ?></label>
+          <input class="form-check-input" id="wg-manual" name="sel1" value="manual" data-toggle="" data-parent="#serversettings" data-target="#wgManual" type="radio">
+          <label class="form-check-label"><?php echo _("Create manually"); ?></label>
         </div>
 
         <div class="col-sm-12 ml-2">
           <div class="panel-group" id="serversettings">
+
+            <div class="panel panel-default panel-collapse" id="PanelUpload">
+              <div class="panel-heading">
+                <h5 class="panel-title"><?php echo _("Upload a WireGuard config"); ?></h5>
+                <p id="wg-description">
+                  <small><?php echo _("This option uploads an existing WireGuard <code>.conf</code> file to this device.") ?></small>
+                </p>
+              </div>
+              <div class="panel-body">
+                <div class="form-group">
+                  <h5 class="panel-title"><?php echo _("Configuration File"); ?></h4>
+                  <div class="custom-file">
+                    <input type="file" class="custom-file-input" name="wgFile" id="wgFile">
+                    <label class="custom-file-label" for="wgFile"><?php echo _("Select WireGuard configuration file (.conf)"); ?></label>
+                  </div>
+                </div>
+              </div><!-- /.panel-body -->
+            </div><!-- /.panel -->
+
             <div class="panel panel-default panel-collapse" id="PanelManual">
               <div class="panel-heading">
                 <h5 class="panel-title"><?php echo _("Create a local WireGuard config"); ?></h5>
@@ -46,12 +65,10 @@
                 <label for="code"><?php echo _("Local Port"); ?></label>
                 <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
               </div>
-
               <div class="form-group col-md-6">
                 <label for="code"><?php echo _("IP Address"); ?></label>
                 <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
               </div>
-
               <div class="form-group col-md-6">
                 <label for="code"><?php echo _("DNS"); ?></label>
                 <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" />
@@ -59,27 +76,9 @@
             </div><!-- /.panel-body -->
           </div><!-- /.panel -->
 
-          <div class="panel panel-default panel-collapse" id="PanelUpload">
-            <div class="panel-heading">
-              <h5 class="panel-title"><?php echo _("Upload a WireGuard config"); ?></h5>
-              <p id="wg-description">
-                <small><?php echo _("This option uploads an existing WireGuard <code>.conf</code> file to this device.") ?></small>
-              </p>
-            </div>
-            <div class="panel-body">
-              <div class="form-group">
-                <h5 class="panel-title"><?php echo _("Configuration File"); ?></h4>
-                <div class="custom-file">
-                 <input type="file" class="custom-file-input" name="wgFile" id="wgFile">
-                 <label class="custom-file-label" for="customFile"><?php echo _("Select WireGuard configuration file (.conf)"); ?></label>
-               </div>
-             </div>
-           </div><!-- /.panel-body -->
-          </div><!-- /.panel -->
         </div><!-- /.panel-group -->
       </div><!-- /.col -->
-    </div>
+    </div><!-- /.row -->
 
 </div><!-- /.tab-pane | settings tab -->
 
-

From 8c3531e6d2bc24136c26e7f7336a35508854c793 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 6 Jul 2021 23:13:32 +0100
Subject: [PATCH 221/300] Work in progress: SaveWireGuardUpload()

---
 includes/wireguard.php | 55 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index c7f56cdd..0ce23353 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -12,6 +12,8 @@ function DisplayWireGuardConfig()
     if (!RASPI_MONITOR_ENABLED) {
         if (isset($_POST['savewgsettings'])) {
             SaveWireGuardConfig($status);
+        } elseif (is_uploaded_file( $_FILES["wgFile"]["tmp_name"])) {
+            SaveWireGuardUpload($status, $_FILES['wgFile']);
         } elseif (isset($_POST['startwg'])) {
             $status->addMessage('Attempting to start WireGuard', 'info');
             exec('sudo /bin/systemctl start wg-quick@wg0', $return);
@@ -79,6 +81,59 @@ function DisplayWireGuardConfig()
     );
 }
 
+/**
+ * Validates uploaded .conf file, adds iptables post-up and
+ * post-down rules.
+ *
+ * @param  object $status
+ * @param  object $file
+ * @return object $status
+ */
+function SaveWireGuardUpload($status, $file)
+{
+    define('KB', 1024);
+    $tmp_destdir = '/tmp/';
+    $auth_flag = 0;
+
+    try {
+        // If undefined or multiple files, treat as invalid
+        if (!isset($file['error']) || is_array($file['error'])) {
+            throw new RuntimeException('Invalid parameters');
+        }
+
+        $upload = \RaspAP\Uploader\Upload::factory('wg',$tmp_destdir);
+        $upload->set_max_file_size(64*KB);
+        $upload->set_allowed_mime_types(array('text/plain'));
+        $upload->file($file);
+
+        $validation = new validation;
+        $upload->callbacks($validation, array('check_name_length'));
+        $results = $upload->upload();
+
+        if (!empty($results['errors'])) {
+            throw new RuntimeException($results['errors'][0]);
+        }
+
+        // Good file upload, do any post-processing
+
+        // Set iptables rules
+
+        // Move uploaded .conf from /tmp to destination
+
+
+        if ($return ==0) {
+            $status->addMessage('WireGuard configuration uploaded successfully', 'info');
+        } else {
+            $status->addMessage('Unable to save WireGuard configuration', 'danger');
+        }
+        return $status;
+
+    } catch (RuntimeException $e) {
+        $status->addMessage($e->getMessage(), 'danger');
+        return $status;
+    }
+}
+
 /**
  * Validate user input, save wireguard configuration
  *

From c3b45a7915ab7db3643c166397e26fc496eb665b Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 7 Jul 2021 08:12:30 +0100
Subject: [PATCH 222/300] Update labels, add iptables rules toggle

---
 templates/wg/general.php | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index 34147aef..63cd9bf5 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -15,7 +15,7 @@
         <h5><?php echo _("Configuration Method"); ?></h5>
         <div class="col-sm-12 mt-2 mb-2 form-check">
           <input class="form-check-input" id="wg-upload" name="sel1" value="upload" data-toggle="" data-parent="#serversettings" data-target="#wgUpload" type="radio" checked>
-          <label class="form-check-label"><?php echo _("File upload"); ?></label>
+          <label class="form-check-label"><?php echo _("Upload file"); ?></label>
         </div>
         <div class="col-sm-12 mt-2 mb-2 form-check">
           <input class="form-check-input" id="wg-manual" name="sel1" value="manual" data-toggle="" data-parent="#serversettings" data-target="#wgManual" type="radio">
@@ -29,10 +29,23 @@
               <div class="panel-heading">
                 <h5 class="panel-title"><?php echo _("Upload a WireGuard config"); ?></h5>
                 <p id="wg-description">
-                  <small><?php echo _("This option uploads an existing WireGuard <code>.conf</code> file to this device.") ?></small>
+                  <small><?php echo _("This option uploads and installs an existing WireGuard <code>.conf</code> file on this device.") ?></small>
                 </p>
               </div>
               <div class="panel-body">
+
+                <div class="form-group col-sm-12">
+                  <div class="custom-control custom-switch">
+                    <?php $checked = $arrConfig['iptables_rules'] == 1 ? 'checked="checked"' : '' ?>
+                    <input class="custom-control-input" id="chxwgrules" name="wgRules" type="checkbox" value="1" <?php echo $checked ?> />
+                    <label class="custom-control-label" for="chxwgrules"><?php echo _("Apply iptables rules for AP interface"); ?></label>
+                    <i class="fas fa-question-circle text-muted" data-toggle="tooltip" data-placement="auto" title="<?php echo _("Recommended if you wish to forward network traffic from the wg0 interface to clients connected on the AP interface."); ?>"></i>
+                    <p id="wg-description">
+                      <small><?php printf(_("This option adds <strong>iptables</strong> <code>Postup</code> and <code>PostDown</code> rules for the configured AP interface (%s)."), $_SESSION['ap_interface']) ?></small>
+                    </p>
+                  </div>
+                </div>
+
                 <div class="form-group">
                   <h5 class="panel-title"><?php echo _("Configuration File"); ?></h4>
                   <div class="custom-file">
@@ -40,6 +53,8 @@
                     <label class="custom-file-label" for="wgFile"><?php echo _("Select WireGuard configuration file (.conf)"); ?></label>
                   </div>
                 </div>
+                <div class="row mb-2"></div>
+
               </div><!-- /.panel-body -->
             </div><!-- /.panel -->
 

From d7baf5492f32b91b7af8e52079f4714d4b6feffa Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 7 Jul 2021 22:58:50 +0100
Subject: [PATCH 223/300] Set toggle state from template var

---
 templates/wg/general.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index 63cd9bf5..00d840ac 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -36,7 +36,7 @@
 
                 <div class="form-group col-sm-12">
                   <div class="custom-control custom-switch">
-                    <?php $checked = $arrConfig['iptables_rules'] == 1 ? 'checked="checked"' : '' ?>
+                    <?php $checked = $optRules == 1 ? 'checked="checked"' : '' ?>
                     <input class="custom-control-input" id="chxwgrules" name="wgRules" type="checkbox" value="1" <?php echo $checked ?> />
                     <label class="custom-control-label" for="chxwgrules"><?php echo _("Apply iptables rules for AP interface"); ?></label>
                     <i class="fas fa-question-circle text-muted" data-toggle="tooltip" data-placement="auto" title="<?php echo _("Recommended if you wish to forward network traffic from the wg0 interface to clients connected on the AP interface."); ?>"></i>

From fbe1348e15f7f3f8c3cb771e3303eb9d55a6aec9 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 7 Jul 2021 22:59:51 +0100
Subject: [PATCH 224/300] Added sudoers mv /tmp/wg/*

---
 installers/raspap.sudoers | 1 +
 1 file changed, 1 insertion(+)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 2892c227..1d51eb49 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -48,6 +48,7 @@ www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasq_custom /etc/raspap/adblock/custom.txt
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/mv /tmp/wg-*.key /etc/wireguard/wg-*.key
+www-data ALL=(ALL) NOPASSWD:/bin/mv /tmp/wg/* /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/socat - /dev/ttyUSB[0-9]
 www-data ALL=(ALL) NOPASSWD:/usr/local/sbin/onoff_huawei_hilink.sh *

From 225bff59b60d9c70a00010b9b16e8162f9545af2 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 7 Jul 2021 23:01:47 +0100
Subject: [PATCH 225/300] Upload wg config, set postup/down rules, move to
 destination

---
 includes/wireguard.php | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 0ce23353..af81a618 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -10,10 +10,11 @@ function DisplayWireGuardConfig()
 {
     $status = new StatusMessages();
     if (!RASPI_MONITOR_ENABLED) {
-        if (isset($_POST['savewgsettings'])) {
+        $optRules = $_POST['wgRules'];
+        if (isset($_POST['savewgsettings']) && !is_uploaded_file($_FILES["wgFile"]["tmp_name"])) {
             SaveWireGuardConfig($status);
-        } elseif (is_uploaded_file( $_FILES["wgFile"]["tmp_name"])) {
-            SaveWireGuardUpload($status, $_FILES['wgFile']);
+        } elseif (isset($_POST['savewgsettings']) && is_uploaded_file($_FILES["wgFile"]["tmp_name"])) {
+            SaveWireGuardUpload($status, $_FILES['wgFile'], $optRules);
         } elseif (isset($_POST['startwg'])) {
             $status->addMessage('Attempting to start WireGuard', 'info');
             exec('sudo /bin/systemctl start wg-quick@wg0', $return);
@@ -63,6 +64,7 @@ function DisplayWireGuardConfig()
             "status",
             "wg_state",
             "serviceStatus",
+            "optRules",
             "wg_log",
             "peer_id",
             "wg_srvpubkey",
@@ -87,9 +89,10 @@ function DisplayWireGuardConfig()
  *
  * @param  object $status
  * @param  object $file
+ * @param  boolean $optRules
  * @return object $status
  */
-function SaveWireGuardUpload($status, $file)
+function SaveWireGuardUpload($status, $file, $optRules)
 {
     define('KB', 1024);
     $tmp_destdir = '/tmp/';
@@ -114,12 +117,23 @@ function SaveWireGuardUpload($status, $file)
             throw new RuntimeException($results['errors'][0]);
         }
 
-        // Good file upload, do any post-processing
+        // Valid upload, get file contents
+        $tmp_wgconfig = $results['full_path'];
+        $tmp_contents = file_get_contents($tmp_wgconfig);
 
         // Set iptables rules
+        if (isset($optRules) && !preg_match('/PostUp|PostDown/m',$tmp_contents)) {
+            $rules[] = 'PostUp = '.getDefaultNetValue('wireguard','server','PostUp');
+            $rules[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
+            $rules[] = '';
+            $rules = join(PHP_EOL, $rules);
+            $rules = preg_replace('/wlan0/m', $_SESSION['ap_interface'], $rules);
+            $tmp_contents = preg_replace('/^\s*$/ms', $rules, $tmp_contents, 1);
+            file_put_contents($tmp_wgconfig, $tmp_contents);
+        }
 
-        // Move uploaded .conf from /tmp to destination
-
+        // Move uploaded file from to destination
+        system("sudo mv $tmp_wgconfig ". RASPI_WIREGUARD_CONFIG, $return);
 
         if ($return ==0) {
             $status->addMessage('WireGuard configuration uploaded successfully', 'info');

From 84fcedc203fdf7face427a751820ad204344ba1a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 7 Jul 2021 23:24:49 +0100
Subject: [PATCH 226/300] Added get_public_ip()

---
 includes/functions.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/includes/functions.php b/includes/functions.php
index b30ff825..8ccd2430 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -778,3 +778,13 @@ class validation
     }
 }
 
+/* Resolves public IP address
+ *
+ * @return string $public_ip
+ */
+function get_public_ip()
+{
+    exec('wget https://ipinfo.io/ip -qO -', $public_ip);
+    return $public_ip[0];
+}
+

From 8374d032b392ba37ec5fa5f07007f25d7c39f137 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 7 Jul 2021 23:25:23 +0100
Subject: [PATCH 227/300] Update w/ common public_ip function

---
 includes/openvpn.php     | 4 +---
 includes/wireguard.php   | 4 +++-
 templates/wg/general.php | 6 ++++++
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/includes/openvpn.php b/includes/openvpn.php
index eae9c42d..a89c3e18 100755
--- a/includes/openvpn.php
+++ b/includes/openvpn.php
@@ -42,11 +42,9 @@ function DisplayOpenVPNConfig()
     }
 
     exec('pidof openvpn | wc -l', $openvpnstatus);
-    exec('wget https://ipinfo.io/ip -qO -', $return);
-
     $serviceStatus = $openvpnstatus[0] == 0 ? "down" : "up";
     $auth = file(RASPI_OPENVPN_CLIENT_LOGIN, FILE_IGNORE_NEW_LINES);
-    $public_ip = $return[0];
+    $public_ip = get_public_ip();
 
     // parse client auth credentials
     if (!empty($auth)) {
diff --git a/includes/wireguard.php b/includes/wireguard.php
index af81a618..162e3eef 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -58,12 +58,14 @@ function DisplayWireGuardConfig()
     exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
     $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
     $wg_state = ($wgstatus[0] > 0);
+    $public_ip = get_public_ip();
 
     echo renderTemplate(
         "wireguard", compact(
             "status",
             "wg_state",
             "serviceStatus",
+            "public_ip",
             "optRules",
             "wg_log",
             "peer_id",
@@ -132,7 +134,7 @@ function SaveWireGuardUpload($status, $file, $optRules)
             file_put_contents($tmp_wgconfig, $tmp_contents);
         }
 
-        // Move uploaded file from to destination
+        // Move processed file from tmp to destination
         system("sudo mv $tmp_wgconfig ". RASPI_WIREGUARD_CONFIG, $return);
 
         if ($return ==0) {
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 00d840ac..c9b63071 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -3,6 +3,12 @@
   <div class="row">
     <div class="col-md-6">
       <h4 class="mt-3"><?php echo _("Tunnel settings"); ?></h4>
+        <div class="col-lg-12 mt-2">
+          <div class="row mt-3 mb-2">
+            <div class="info-item col-xs-3"><?php echo _("IPv4 Address"); ?></div>
+            <div class="info-value col-xs-3"><?php echo htmlspecialchars($public_ip, ENT_QUOTES); ?><a class="text-gray-500" href="https://ipapi.co/<?php echo($public_ip); ?>" target="_blank" rel="noopener noreferrer"><i class="fas fa-external-link-alt ml-2"></i></a></div>
+          </div>
+        </div>
         <div class="input-group">
           <div class="custom-control custom-switch">
             <input class="custom-control-input" id="server_enabled" type="checkbox" name="wg_senabled" value="1" <?php echo $wg_senabled ? ' checked="checked"' : "" ?> aria-describedby="server-description">

From 2ccce60189494c081095f17599db0a493703b80e Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 8 Jul 2021 11:22:17 +0100
Subject: [PATCH 228/300] Simplify template, update save actions

---
 includes/wireguard.php   | 12 +++++++-----
 templates/wg/general.php | 31 +++++++++++++++++--------------
 2 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 162e3eef..cb66341b 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -10,10 +10,12 @@ function DisplayWireGuardConfig()
 {
     $status = new StatusMessages();
     if (!RASPI_MONITOR_ENABLED) {
-        $optRules = $_POST['wgRules'];
-        if (isset($_POST['savewgsettings']) && !is_uploaded_file($_FILES["wgFile"]["tmp_name"])) {
+        $optRules     = $_POST['wgRules'];
+        $optConf      = $_POST['wgCnfOpt'];
+        $optSrvEnable = $_POST['wgSrvEnable'];
+        if (isset($_POST['savewgsettings']) && $optConf == 'manual' && $optSrvEnable == 1 ) {
             SaveWireGuardConfig($status);
-        } elseif (isset($_POST['savewgsettings']) && is_uploaded_file($_FILES["wgFile"]["tmp_name"])) {
+        } elseif (isset($_POST['savewgsettings']) && $optConf == 'upload' && is_uploaded_file($_FILES["wgFile"]["tmp_name"])) {
             SaveWireGuardUpload($status, $_FILES['wgFile'], $optRules);
         } elseif (isset($_POST['startwg'])) {
             $status->addMessage('Attempting to start WireGuard', 'info');
@@ -30,7 +32,7 @@ function DisplayWireGuardConfig()
         }
     }
 
-    // fetch wg config
+    // fetch server config
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
     $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
@@ -42,7 +44,7 @@ function DisplayWireGuardConfig()
         $wg_senabled = true;
     }
 
-    // todo: iterate multiple peer configs
+    // fetch client config
     exec('sudo cat '. RASPI_WIREGUARD_PATH.'client.conf', $preturn);
     $conf = ParseConfig($preturn);
     $wg_pipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','peer','Address') : $conf['Address'];
diff --git a/templates/wg/general.php b/templates/wg/general.php
index c9b63071..15d2f9e3 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -9,22 +9,13 @@
             <div class="info-value col-xs-3"><?php echo htmlspecialchars($public_ip, ENT_QUOTES); ?><a class="text-gray-500" href="https://ipapi.co/<?php echo($public_ip); ?>" target="_blank" rel="noopener noreferrer"><i class="fas fa-external-link-alt ml-2"></i></a></div>
           </div>
         </div>
-        <div class="input-group">
-          <div class="custom-control custom-switch">
-            <input class="custom-control-input" id="server_enabled" type="checkbox" name="wg_senabled" value="1" <?php echo $wg_senabled ? ' checked="checked"' : "" ?> aria-describedby="server-description">
-          <label class="custom-control-label" for="server_enabled"><?php echo _("Enable server") ?></label>
-        </div>
-        <p id="wg-description">
-          <small><?php echo _("Enable this option to secure network traffic by creating an encrypted tunnel between RaspAP and configured endpoints.") ?></small>
-        </p>
-        </div>
         <h5><?php echo _("Configuration Method"); ?></h5>
         <div class="col-sm-12 mt-2 mb-2 form-check">
-          <input class="form-check-input" id="wg-upload" name="sel1" value="upload" data-toggle="" data-parent="#serversettings" data-target="#wgUpload" type="radio" checked>
+          <input class="form-check-input" id="wg-upload" name="wgCnfOpt" value="upload" data-toggle="" data-parent="#serversettings" data-target="#wgUpload" type="radio" checked>
           <label class="form-check-label"><?php echo _("Upload file"); ?></label>
         </div>
         <div class="col-sm-12 mt-2 mb-2 form-check">
-          <input class="form-check-input" id="wg-manual" name="sel1" value="manual" data-toggle="" data-parent="#serversettings" data-target="#wgManual" type="radio">
+          <input class="form-check-input" id="wg-manual" name="wgCnfOpt" value="manual" data-toggle="" data-parent="#serversettings" data-target="#wgManual" type="radio">
           <label class="form-check-label"><?php echo _("Create manually"); ?></label>
         </div>
 
@@ -67,10 +58,20 @@
             <div class="panel panel-default panel-collapse" id="PanelManual">
               <div class="panel-heading">
                 <h5 class="panel-title"><?php echo _("Create a local WireGuard config"); ?></h5>
-                <p id="wg-description">
-                  <small><?php echo _("This option generates a new <code>wg0.conf</code> WireGuard configuration on this device.") ?></small>
-                </p>
+                <div class="input-group">
+                  <div class="custom-control custom-switch">
+                    <input class="custom-control-input" id="server_enabled" type="checkbox" name="wgSrvEnable" value="1" <?php echo $wg_senabled ? ' checked="checked"' : "" ?> aria-describedby="server-description">
+                    <label class="custom-control-label" for="server_enabled"><?php echo _("Enable server") ?></label>
+                  </div>
+                  <p id="wg-description">
+                    <small>
+                      <?php echo _("Enable this option to secure network traffic by creating an encrypted tunnel between RaspAP and configured peers.") ?>
+                      <?php echo _("This setting generates a new WireGuard <code>.conf</code> file on this device.") ?>
+                    </small>
+                  </p>
+                </div>
               </div>
+
               <div class="panel-body">
                 <label for="code"><?php echo _("Local public key"); ?></label>
                 <div class="input-group col-md-12 mb-3">
@@ -94,6 +95,8 @@
                 <label for="code"><?php echo _("DNS"); ?></label>
                 <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" />
               </div>
+              <div class="row mb-3"></div>
+
             </div><!-- /.panel-body -->
           </div><!-- /.panel -->
 

From ab3e147bbfe709538ed8ea466dafcf269bd6f3c2 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 13 Jul 2021 12:51:09 +0100
Subject: [PATCH 229/300] Update wg messages for en_US locale

---
 locale/en_US/LC_MESSAGES/messages.mo | Bin 26387 -> 28313 bytes
 locale/en_US/LC_MESSAGES/messages.po |  38 ++++++++++++++++++++++++---
 2 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index f51f7c62d77de2fcf26b546fbdae30f2fa79006b..b1d575103df844f9061bbe9f73cf985b650b4813 100644
GIT binary patch
literal 28313
zcmeI4eVklHnePt}UXt*dKp?#31cA&zW-<wHNeBs<$=i_3WXMbi5-^_WJ~MMj_c@(D
z-I)xL)c^{3Srl1OcM+9kuU>TB6_Be7R}`+`OMJV#g0A<1uPBQPi^_{{c)!1@I^8{!
z%)QI*zukOlzV&wMJoQx7Q!l5&(=(>L-{V(0!1GRqcTV@b=jA_Mv7YypQ$4Q*eig>>
zSMW#}%<()Qmf+#=HmFDLf``EeUHB2Wf$&psBRt*rycw_pd6jn~JPF<o4}yOOkAwF^
zmG@P6DEtwe1)qZ|-<#`s$AGC&<(veMh4bJUa2b@GgHYw{fTzHlq2Bj#$H$<`eFm!j
zufP-G%+oB}p~~roD(7;?5<HmjO)mXbcog9eL&^KMQ1$$*i~kDjCHy@o`RBdKvI8DM
zcnOpqFNSBr9v5G6@w=hQy$MSG_d?12DYzCs1{cBUr=t_N98QDl;3({e($m+W<a`S1
z`JY2X@?M8q;arrbdR^;yJybnzhSKkyQ2O``d^`Li)cY<*Xtl>BQ1!SH>OB#Z++!|&
z51dc<R!Eod9)imE19&ui9<G6ZfNGDfc~<VXLcPBL4}yE3>i14~Fnq5|zXM91PrCHa
zLiMLFLcQlncmsSE9s;+w*z__yhwx2M@ef1k>oGVRehX4n?>TrFJgU|6PJk!Cv*1D~
zeO?KruN0~t?}7{&?;B9h{nCYBhCbnAd02Wo52}Byh0^afsQ1V42zU)#2ycSk0iO2{
zu!{Ggvpw%VxDcgofj@;y;j%XRDjbE2;kO;9wlfw8cfv#A15kQ-7)p-4Q0?$ER6lzW
z>Xp+MSozO~s?Q22`Q8F0_tjAKzYeNhKLnNU^Kcsc9+X~x0;j@%fm7gbpq~4!i$A)<
zhEIgj<3cFCt%5%6fs#9hDsLxL`(6w6p4*}N-(8NMgl7`|9F$zoIR43T4oa0?SMW#a
zJD}=)8<hNi3o!}aUMRU=fO_9+@JM*%BHJ%dfvU$Mcns`@N5QQwemk5=_&TWi+yPtQ
zN1(>vSD?y&9;!dT43+QqP~}dcbE@2vpz7HMRj<WR_1y*~cfqCK1dk?sJJfUcK*{qU
zl-!R)jic{Ewd404e+JdxUxIqi^mA?cEGT`S=EALT2I2GIv2Yz!yIch&ZwQtDZBXyM
z9-8)nrhTC7>?fh>`8ZU4z6DjzD{v-!9Ucp3oM$-?s{Cb8<F6m8J_V?8vKy-Wo1ye^
z2b>S@gDUqKsONtUCI9PC@*Q)&)yG^YInRKSs{^W^E`iFo97>*ED81!edIEP7u0YK*
z{|5E^kr&v0dpy+p7Q=419!fv&hkD<gQ1$pYRJ%P0Q}_gw+!r#4Rj)3n^829rNeuN|
z1**L3q4f4{7{a?;{FEg&emYb=<~S~J@hhO}*$-Rb<xu+E1DC<~K-Fh2RDb%eOaD1+
zCHykP6nS$nK1yE?CD&C@@)w}$UxBLcjZkvD4{nBcLm$2dCCBUw?YKJ?>b)03)xR66
z+{>Vz58*pt6{_4<px%D~LQDRcP~&PYRQ|JF{DqF)Q0=${N^d!+{G(9i?13uhcBt|{
z1|`R*pyc{Ilsu2R`0qGA4OQRgp`Lpk>OE60vi9^icrxLO9j}7Y(=|}-cpcR9H^bxL
zop3h1&&BVBdhat(^1k50ufcA@hc0K01}}v@@P4=!9<ajmR>N+11AGtchsR!wEr%np
z7d`>i|7NYUdU&_voltuEG&J>w8V}!r((kiS^?U`M2oLOJ%?D3`(q|`B{RW`)vK6Xc
zLr~AX1FF1Rpz?hTO3$Bw(!*z<%6-D6{}?VJ{2V+Jp4?^Uqb?|UwnFK3J5;|)q299#
zsvbAMli&y8Y48EK5kBR@^Hy2=af#z7RJr#+^@|6f%6}9-2)_oWz&$AWc=#^IyP)D9
zgleycAWh|c8S43i)>ux52NIqM&pQD9!xq9DXuKF!q4fS!=)+$_^~Yn^+4s$b($^9f
z?t~i%UjbFGk3;pVSE2MUjn1O_&w>ZRMNoP^A4>iW@KBhCvtR)p2Cs)|&s(6%xeKb@
z?uBQ-N1){V8B{sHfv3R3FR|}C%W(}<xr0#SVGOE$?{NGKR5^R0%K3rgui?Rjr?0o^
z$3V4<4<&C0R6Q5F`1P=t@Kz}K?{&N%9zytGC_O#~&xGH0@vpl0*P+UtjxwdMnNV^s
zfHZ-(2C5(43a7#^!D;a8a1=fXr^8+bqvX5->iMgo`rRJ572X3?F9|Ci0#%R0q4YZk
z9tqEdZ--q_?|TfYJ-z`ChtEL0=a*1&|G~vip%cs}d<>iemqX=y3)H+5L%N*zcBuAv
z97^t=K)wG(sD3h~&(`lSC^=_BrO$?vr`@G5hU!mU@F@6Zcms@}^!|cNe;J-bc>1L_
zeg)Kf*Ff2aP4Em@fNH<@!4u$L!L#54Q2KlZN?)%))nn==yN>IFdM<I{UC<}|0eB4j
z98~}M8axvI80!5m!6V=w;X*jQpFfPti(nP+@&UX4egJMEJiOVizaN2@6aF1!3ikRh
zv%CfFApB*hcDaCuq?Z*?a%_Z0!vLzEm7(f)E0p}7ho{0vq2&7!JRbflRQ(U;rE1rc
zq4F(*>W5pQ^gRUCK1C>dGz#_H+g$wZF8pCQgZKxa-undf;kTjWehI3)-@@ad_h$Q^
zSy26Nu46kqlkkO5at%6O=Xf`iULSSg-$2#-*ek639dIt;jZkv$fO_9<sCK#ys^5JS
zsve(((&Jtzy*};YUx2dr2Q$c2pV_blo(47k)<cyaL-prfQ2G80s@xl)%DoFppMMWk
zuZN)O`(t<#d=V;r`jxgFXF)wT4@#aTP;z%ejibw<+VM)q5jdN01*)7|UHpfj^!+z3
z{3)pR`5aXJzYf(dKZKI^7f|{C1ohrSu5#@IP5ZzTiEoFhXE#)RHbIp$2Boh(Q02eh
z@m{F%AAu*pC!y-|BGfo}9jg4pSxiVDv*CPr9#px5P|sftCI22M`Thb*ANN4j`x8)d
z-4E4IABM{JB`A5m1EsfTUHY%!Zo;p^Q((HyK7SkZ3I8S3`yPVb@S9NjIpMALeRH7d
zaTe70TLM#f36$JlfU4KyQ04z4R6ltM>bX~;$~z>mdOHG!gy%xV-{|6Rg{sHhj`z9v
zN1^KZBvilr0hB(c4BGYg3@CkUgz8V1L#1C0Tj4HvHoV)Ve-lcsA419hB2@ifh0^b|
zoR#A^h>7yffIi#}CC8m`F8mnOdmn?U|6ZtazYkT9U%+?3*PzNB%Uk(wfRgVHI2GOl
zmH*Q&{tJ$Kq1y4Eq59jiQ2BocRnI9XQRU2nD*tpSITk?4wG2w0)h>R(F@UOX4E5X|
zsQ26g&w?L>C&R}ae+Z?gKSH(F!9(`>!=dcW9H?=5o{QfI_1-}!d3U(*ZrDxu-H;~q
z{t5QL^M~y^;Rd*x@LqTWoH1h8-yeW<UGI6=3onUm|N9V>9*(%$at@T97D7{RsPQlW
zrQZmuo?}qs`<?J~_)(~Gz6=k6Pr+&MX{dTV2ld=R+iiJALFGFgO3!CQ>ET?caxZb|
zAzVbb0MCRUftrsVhmz-MD80S_r@&X>bohIydK_A?cH$&>8sQ7zMtFq_-wWpx{)Xf4
zpvs+BwEf}&sPb3C2VoD?d#1!zj;W4wq2iZ7wbycZ5nKoL{JR`)g$EM810DeB4&E)e
z6A5g^eGGpm{1N;<PCu1*0de}3ae?!nkN;@=Pr|u4ow0ueejGOw|M9p!+!$f~&c>;&
z`iWB?`8OQZ@xFoEfs2XPuN!_6R&d+!zXacbI}&#W?hm*Za2nTB+%wnW{}e9!-GS#c
z(yoCCJOcL$ezm!NXAwRe_doH=-syKC;hUiPL-zYKJWt?`B2B;7ahve}1$-}VA?`rJ
zi*P&f>vskIc{u$(gS!;}9{92%__g6=gY|pX!u(bLSnR@gL6$t;`*GjGVa~m)C}%V7
ztN7R8T5*RF*6(Y$1-K93E+Os*@F^VK$=DZQepUW{9rwR&(ENQf`7v+aD)@W23HLpm
z`cvcYUkUsbu7!N_TtbLH`+W}2Z*iBqh`FR)?$RG~aT-gvI{!aG%|ZJ4xJV@b$?lnd
zApB{Z`fv8r*tiqdN}j)mU&<2TGTcXT@5DWi)9-%VUfc%q-v?zAPQrgaPCv|ocOy<?
z`)=I-z<mgJE>6E*@?DI(#|FKBahyin7Thto9^#fl{bb{Qj{BJc{EEbX6Ar<JE{{pz
z&)?xRMjym|1=olBFiyW7@-DYt^Y_ip|6kzYxB(ZwntX+Zaz9J_ZMZ9N?JkdS32r;?
z7q~;n|Ict4T#f6*uiqTpmAD1O{Ucn5)9-2ATZq$dHtr1PzY_k~#Bz@8C`>2*8TcL-
zcaWoSHfisIr{d1UA1IRFuPwY&i5rn~Vc|Gj7w!Sv3ex@rzkpkbKl}X>&tk%_xrjGq
z32+AS^IhIS!e`+=k6YL9{93{}!X5BJoPMVe{;%+0_%;(`|NI|tfO~cr{*>@T4e9?4
z|9sp*F3&3bI_p>h|A<?G`ywtPZZ__J;cthR!i(S>oPLj6cpC{X#XsGJrxHE~|14Y{
z|Hbe?oPLj5m^m}Szl8KI+_AW~6TaD{$MCJr-|KiV{EqW)fa`fizfa(<!=3KJiqr3h
zxLFh8hLynYDhu=XZ}|JF3oj@CG5G%+_bc2_aK{n%CfpGI^Kgga-wH=@e~tSfPQN^E
z7p{c+9ZtWKalgU6h<hu~Jp%O`#D4;OAMOPF+i~6augBes({DZQNaFPyfV-{NPK@~f
z64yrjN*Dj%VGHhd-0`?`+_TT&--zoVycYK`e*MnH|7Gj-*5JPk|95fkc5#;xcM|>?
zxPBM+ZO57L0^EtX8x*%}aCvv%&U5{6S5Pb!!lla=3@-OO+RcCdV2~e4(n@<SDSFG&
zN;!##m-i+W<#Hi^%j!Nq$mPN`^-D<<S5iMHmBOIx2dO`AV=0X1wfmcbw6wC%&nIE(
z$4SM{Rm<ftt`x@nv|1`9Wnz*z4s(?#9`-AV%Jj(J6Xg7r`FxqO3HJK^VMRGozojS1
zhebah?u>GwUn-S4TD_HnNwwnM<gK&<^+_PVHz<aF3k8sgSL_TbVa?-9!pkT-SBQ|P
z9&f{vYbYA7mV-)^#4G%Pktp>?qe8()s7ip~m66a-C}U?SZgbD1VOesuXN9R!K|@JN
zyl)Z9a@1(~_=1)#Fp>WF@<M;rx~@LI5C&<8TJnBpA<1p$9r%M%B`o{heVNv38Y3+)
z=Oc6_$~6>WVyh)uGYpFUs@{I{y0ENxtN45|iv3cMrlUzY?^jEC^rymh263*z!*jNE
zyp@GQG8*QQ1NjO_6!U~Bx*yG`=u(NMk4lwbut1L}SM_%&Df_fJ4HlM%f*eg`a@9+%
zRKj8@>mgS80~<GaEB6z>B`Sw&t3eqt_meu3RMJvHTkj{$wZJ}UNy*>e%ZQ%*T_jHS
zDw1k%s?vpG8pU)mZ{@gPgHm1mkjv=zgq4vb?{x-gl(T>9nLERPj%#(fGbnhSQH35H
zdZw!sqO{VGwH)P#X)IJ<qzihT<HJ7vJ&e^(`F4K|O|%Yk5NkjMv08XOC58T2QZ4&s
z#$Q;T$M|<WW|$$+)wkK-kOX<-8K42ZE_IuN*A<p4k*N&5xG{j#W>AeAdHzsT2)(Y6
zARf-ZSPY9c5UaeABuSCVAJlL#bu5*Wol&0tR!fsDqpliIiY`RC?f$$?VH8J|C@4hN
zg!5#5=!saBaznIlhv#T1*d~L;b3t5j!;?B@<)lQL5>o76Zp3uy81LX1y<{k|gD;6w
z^9XJ3cdydJ@@+_lGjFc08Na1e9i()BdpOqWw}kD(?M@VHYT9$<OpMm0v{SBt4)W5V
z75L0T<w6y=+;4Ah_Z3=Tf|+Hh1jBV<q_a$h+NiVQE%jH^Ny~AFp;ljT*_QhKMQmVc
zB#AMwoBKQc3Y{`6V~ko|7Fo;62+dL=W0b2Fm>5PFn4>{C^m|rz(OHa{q1@OH3ZubT
z>JQS4m=Fd8b)h^zRe!^(xx7*z_4K-uLP9GxT4;Zb=_li&+&~$Zk1pr(V0rWktFL0P
zYg=3`Zo|4{DoQXp45eg<u}pM{VK6}cd^i+T3l%d8cq%GZiyA76Iyx?B_q&IDnW{0L
z@zOEhlwZrQ-V;jccEZDe)_nddGoKmRG#OI+fh0?o5N3dqJx$aENj0vN$NVmh+AN?6
z!!K4D;3#ph5X9RhLuEAab7(!F%reDe>M_WHFC7=^2Fy)SS$Z*utF*(I*JWqxy3KGA
z*zjOy5EaxTCd{J^vmJtC5@_vwl$Hv?7_}M<nIKRBawf%w0js3}ii%>iVkS8^Ul_j~
zv~?kvsyt0sSsnx#^H%AvkFguVwD>_$IwCS18B8=AtO_cDUrhsyNZpHC8UKlTt+&cG
z>sk~<UsM=rSg#mK)dT1*iB&FUMs*ou+@V%8$;b3kmQtu3o}cws?0}mQ$sELE{^&?l
z3DXjjoZn)QnpO%1(^k`=)FJgQUxv0FAqpYJ+hT&Evsh~n#;e^eR~T7REFGd6=NYLg
zQ0o&1zcN<BAEB|(Ul$e%w7W(tuQt79Rg{_rwj+c_WF?T~w$Xyyg4}jDOnBbpLdCX~
z8+w(N9M#lY6{p1@-7#LoY&pR?(5%>os_JlARtA(LFIVH(G>$8Q=vq`_a%56P>eqUo
z>2!mvkn%p`CfudvX|yv`&!CWq0MSEqmMUu;6p|E!h;CY+I|>2n&(=DtlF_)JNo=*5
z3GM1h>y?U@gY^}QOJ2jM8ALbgDgAc6wb59S?D^Vj(k#Yxuv$VEUr2_BRdrW#DP-Dm
zem9A^5M74Z&l)S!MS0T7>BbFXKiU~p#@e&zjqJ|4MMIjx{ZVGMY^{#$><o-RzJ^&j
z+)-u8Yu9N(KE<qIPqgkdT{c00vcEGbSFjoWFmoP*Ok0U|zcZVVtr-{&l$C}VDl_<t
z7}1Dr$9(n>2pBSY)f5#RSyI*&G@W@vP{mki@hY2?HO+k1?O{OH`KIngrtrMUEmNr_
zk7@tF&l|fyhlptHn#yRr|DOV);W)u|Y1G;wmYV$$BbfPJR!to=ErmJecV6b!E~X3S
z+#222#QMhGnuaW{q;+&&X1Y*Ml2Nd2nbyV-Z#1@4J-kp=4=;>4rH|F7D7X0v3TcAv
zqp*lptgraBnXu)ubTcbE_m(#xGA02<HB8aGg#l(oF4(E8Hca+gE)`@DYkol2S?lg&
zL?(Nbl}~xB#AeJHe(Y>clbq?Deg*px7SL2>Gz{acgKPb2#()OZWCd#!S;OaM|7=<C
z{~S(Krv9K?=l^>jOhY!ubSs2S%9xP-)d-7bD@^-OUb$Sh!pZxpVy)xLj2U&w1`f#h
zua5K5RDIv57_*trrZ6Iy4Agzt%(=yXwk7mdm&@3~G}x&^GQqRA8(VBv)moWl%Sdna
zF6wF8$8}G2I&J0|I^_z<CAM&WC1QoYhOw)PCN|B_+i752Jo~AAqpkU-3XL1shR0m`
zs9Bn4o7XkbE?%ZedTe(vINlm#`r_P}w~pO}`Q!KZcdyc5A1pI1<d`eGb=iDvd@K7%
z9zT02gNx2)FGZO*Wu8fApmlD`x(<WL1Zh$09B!S{(0*nalI`HlTBH_;nYd&}X?(Xq
zGK-i6=~%iT$F!F&pb5S1NwT@AdD8SCZ>Ee%(?_T>i|9$yqmnV-(Wrr$A`pz7|D;c3
z`{>CeW@R_&vpZv1>PeGF>4U@O7@@m%DpB+K4KJhwhR2W=biL|1^<cl||CCuPZHNpC
z7^gfInsr4(G#zH&m};pZhZ%cO%$7cq3VEm5lDV_9#1*C;f49w)tz7GyCl;eD17)2H
zTG>v_sP>tdWqlZyRu-6Cy!Ejp-oP%rsx@@x$rk0Z0W94oMyK8e9ai}R8qFJ`V#LDM
znKyTEXva2M$|hN|v30qWwFFBRPX`FHExS9e<wP>hk4Aa+l-ki$NYfssk26H)t?!tL
zaBHA!@nU1@^Qyu+S@1c!C{-&S8&Wwx8!SBy2ar8(m&g8a5L3v8&@BkOp0Jp(5!=j`
zwC>I0uar5O=}89l2JJT*{l48<kBiFAH;IfZBaCy$i37dYoGEy{PKnvJ(S^|zNu#wR
zyKw<^F|%gD1ms4%UQR%a1?o+lK-r-x7F|o5F>U#46NyJQQxRCVHk=F5rIgm7yLx1Q
zbx^&uCrG!~BgdVG*bb)xq6V{5+gp+_L5SLUF}-bLf%(myPL2!IkDF~>H^!_RLk@n-
zs%p&F`pPYJ8med)RNh8=ESzzoF?Y#|&Ww3qcdt4{e|HaO8Rfj!*T3HDL$1<Dna*##
zIzaXMw1(FozoDo0F+XD_bP}|k(MGptwDm>)CU$Dtt9Yh^_m$1zwN8WdDlM<FeP835
z(Z0t-JmA(JlO7Y1rQwuFp=`xs4~hE97+Q{Sw6YtjjbD2LpL(QLl3Y^o+-z=|my?S6
z*|`~_7^cPys#HD7eF|W8TdxcgA_v8sYgLT_pvD}tOm;rl?rjPO6ApGag}D#~`aPYQ
zms9dFw%qk#AA6UuVj_}ak>xg%ezpsW(h;*@Ny?m3u@;!H6f={ObU!-WfiRij$A&qB
zpx)%pZ`>ld@myO{4zcSTf%SvO#(+%S_@hQrSsB~EnX#4Z#e{CMDdcmDOlrfB-^6Z>
z$t%ysAk6tg)tJo{vS@~J8})X-Yb0ckN~KL6w_4$d&91ddBPF-;bx&-|N?`|NzDuYg
zI`I_Dr;x^P5m{Vz0Io3BkOMQb&-XUbPJY+Q#<upfs4{=*Cs?RnOZJ6kHE_<N##5|*
z=9;=L`gMM2mh+cxLjRnCnR7>TFzv>O8pt+`-A++syLk5cwdU4DlX)7-bxHP=q@R-*
z>X428%rM&3l$l6c+7rG6wNjGFS^GFpvoPcGs(@Nv&f~I))jb_(h%;yQYdc71?l<Sw
z<8@}E*luL0wWC{R6KY65wHuhqt`c8m%Gs!P8(({h5sv%vVw9~1v-;5^aym&Xb9#`?
zQP}LV-!QlN*(}sQl8k!#lg-%ZefPp^Wi@s$x>ko}+R>7uS~07ges+$`;2W^a1<wU`
zxQX8d^>Hd5u8f#u6<fCu>eZYKjBtF%d2378%GQQNj@KG(Ves!dE)N>aU@n+o1?%VC
z9xFRO|26h`8<Wi(Hl&Y6)>rEaE}ZRGY-%=6Y-p68&|&kby7j46aatyI_tkxLM|0kl
z#hAqw3a+m_`z!2^>T(gVV&Q3&s$mmlo~X-2iuyxsSxezWIVtPYyVu`visx^(Ukd$f
znbOrb9gNSKN|*Gqnob(a;pmkQ%8iM|Vo+wV+I@iqveouAF2%RAffU%AjLyws)$z>6
zQ>S`11#L{6;9XQUxhu$SY1f!Hpb=TO4+A;@bYltInYzJdO%9*U<DqQ8F$|=`n!;<N
z%UFbV3f_N76wxNrl9i)#3p=8DU)-hzduEZXUE`#Ee@Cs8z9B!7E16=lH@G4CpD4|q
znq}p=n!hor;-sw{@}Xnrf3y^LKOy_dT)(hjmDh*fs->*(x>6Odo{^>0KTc1uh>df)
z-*QIUx*r8ICr#E=d8TJ`;`s*DTrKGo+8&2;T+Q04pa2uNwwUzudgrpQ9oGTvM#s&P
zcH!nkc2kBw9LDC*ltRsN;y+kig+pt7(U-!k9Gv;;bBfdH0vj18<D;`-WTzwsLw#-K
zmVEjS)U|4#fn#3Bk<HGC0<~Bk&?)~=$Q_ex-PahCE&WWKHlux-7wtm|nrYH+$#)i8
zy#af4SesMzjgxQ63rg(2H`|W^^zJ-gN>~=u<ZVdOj+mtgAAg-St(%U`@pf&e8y_<k
z)3b(??bj$?wK&aDZwfmpXDMn_{QF$rNQpG3XY5MNk)4-$%<Nv<Fx6tsM?>xS_)cU#
zUV2+r_G+Hl(znv=uk1c%pQYJiQ{MUKG%n4y1bk1YJ7$ZEnqt(~jjh-BXm3k6h&J>o
z-XDyxYS=S|eA*bVyFm)Kt=-)1ZHd-I=8s!wH~MS$7tGFMojoqA>DnDk*iC14iAbM+
z=pcxsPh;*{%lIrV)*s|%k^78>gl6JzabYc<x%c4D(~2Fl&xexQvT0r`BI>(;_R6fh
zabLS8Hm$pCWIj*rM?QD6W&9|}<RAYXO(ioB)9kFF7S{DCFFUHEqigo#!ziCYwM;8$
zDW<btqa0dBS57#L9buQjhkT6|pKmJ>+jTC7>?*0z$jczj^Bsf_5?s*AcedIUcsXPs
za$L>x38zkco#ysbG#XSYeoJvnYrB6=hwmg{&%#2GYzsR&I{f06`T9`G(TUAqQd56n
z`=awmYxnZV<YjY8cA}Qe*AwI28p1Ox&RTc$Si&mCjIp}4+Rx-|Y$uYL{X}LvvzKLs
zb5zGZ_-af+TX(+gGHvOTc&Q|AUpS3j8hyE~CmoLRZJpKOv~3_+>UZiY*%c8xP|jqT
zEI2AET$2Sa9_CY6L3i(#PwU&*mYoH(aRL)A<*LD=g>4<@v~?`@JC-c%=r|jtbxhk3
zq?I;f*$M$CpKss|*{NOI02jfQ`jli(`E;*j+vfghJ>5O48!Oc@jRl=fEZX!9VJTNX
zc2ySe0Vj$tG`4_Ff6?ZFHEoOQ`J7p9<NHIR{rpmY@nBS$*1Uq)yn@*9L9%u%*Svx_
z?!qHGE^XT;-dZHOHiPUhG26xM=Q&RFbZ>RSox=&i+U!+}Z(c!kHxYFcjN=(yOKe_2
z43|%Ow%ojeXz%JWVb%}CxrgV1<F-o8D~PD5c?GfJueEz-Zs|3zAU3Zc>PSl46fWYJ
z+nDA`?7k-@S#t9VV)F{3`A}g0nNafzqPb09+xSm*-LH8C(VWofn`iS1V)F{(xJ&Tv
zOx4{zY+gaM|G3QDoy_*p4c{Qg-K}h1LFA@?^9rK*_Y=)4h|MdAd_U1Y>}Xy=)Hfsh
zF<AdLwRr`xc?FRV(9J7|<}O?I(U==|_I6_P3S#pLBL9f1c?Hq_??IYZ5Z(W7WwMKd
z=6@_P?gkha7<9{__PKEU9g_XrU$b+w?z1$nAco6zHX{9HmrJCV+W#A9f7)waK@69V
l>wwKGi1t!q^9o|azu9VDLBy^!uOK$BAU0f>{!d&%{J-GMh*kgq

delta 7766
zcmcK9eSDAg9>?+T?rnzMFk{BXHgi8C_nS>@44eDS&D@VEB8HR6Z=&2JH!Ygn6cOsk
z%{q#5dx}gcM?z6igov~_MLMtduJ0bl<8l5z*W-LVzu)h5UEk~Ty}7R6&N(a3yA>XH
zbA1!!x!iCJbu*?G`d2jOB<1_n)M`xEaARVz8$N-Pu`*u32)u><7+Bkw>R1~qU@Kei
zh&`xhVg_!&AS^{5<uX2Xj0vM57(K8V>e($&9d<(>9DyM?4)uTn48#RUM`jgP#Z9OL
zKS14o49U@ak9v+<gkv~{@O;yjf=1p8YvKg!d{jrTqdMAYEkQ5p7g6W0U=_TJO4KLP
z8DSMvdtFS&cvRxEtqakc=bJ(bn!;Bw1~=&h9=GkMP#s@Hjo=z;CcNt!<BQ?whxKtf
z#-nEBO;iHAP}d(u{$tMb&tNq5n179A2n9J3wKln^k>%?GT!@-#zbGfsTBwd2pb~3q
z+mo>|^>hrtd`!Vbs2M(qO6(SDsqRP7y$6NBXlDe~P>DpKE{H*musv#oT~K?Y7b<}<
zI2Wg(X6&9l@6I%~pdN~9?}2)7U#x+{kW0-|F$_;@@+u9XxEUMbLDZC8N6m;weP<*g
z$i_9<sQYHx`m-28eFJKyK0@u8)2NxeiAvxBRzkm6W13^Ai-K`8CJm=j?B0Nlh6gbd
z^T?(heuBf$r;#yPI2POB0qgJRLp`4P*UYp-C6b0(iXo`IGXXWg1*ieI-l3oo?Zt|C
z4wd;8)C`y=#?*o8sOwsz9}Ylo9D!P*T=c}rsQaed_Qkedgqq21s0Say2yL%p6qNaO
zREMRgHNJ;>P+(KL>8uTqRWYqliDg@#wyr@<?Ot2Ii5hv8X3hW_Auo_gLtkz0@f7sH
zX;>K-p*G(t)JV3Yrt%0@!LzpgDh5+Gan6XUqE<5;^_r!iW@el{KLyp_OjLh`=*RQT
zMhY6ycJ#;7sEmKm1*qW!Kt<GzwNQyPMJ1ewdW(9Zmaw-q8@1cVq57F)+ZUr|`W1BP
zhIJIQHd|36KY&`2Q>cv3qaIj_>c}(RNwf;;i&+b`rmax}NkZK}7Bxc?QT@)b7NOp@
zt?|siMsS#hN_Yx21K*=&;1;qEjXy85I&6zdC>et=3zgX8s2RvdCFnvWv=Fr^3sKh<
zp%U4Q8u;E8%)c%;N<%&#NBvl&wRAej#R%$8q8|7ncEgRRDZGh#;2qRJ+#Ye3Dgc#m
zBzj>3)cIzp`w}r2ySOOiP#9=W?6)TlqcZ-=dd;@~fl9b?D`&F>qh_uHcEB{$$md}o
zF16>^BcBwr-L`*)O2~Dcf-=2_8lgvPXG9^W1R}9NHpd8@he}{G>NVPmdf;cMr8|S_
z_!8>=QY=7EzE+y4XR$0XBypEnPeHHAcGL}foD-(RdIq&tmr+x88+E;RTc@J{)C|-`
zJs=L1NPARbT~P`3w(Y~M6EH~c{|pMc@dea_im)MWK>cccX1$J@DPO+FTEjrpjD=z~
zY=kv1*|rZxJ@^S!!cW`!JnTk&1&+}B{~d*%*r~lSskjuo;2BK8+AM5e%)u$R8#RSZ
z5*$0CW~MjlfjL+e^H4Lo05!0cSQ9s56dpjAI=VzbBf5*4i3g|-d=s7a+Ni0FMvb&7
zs-w>K{4k8CJ_ciOC054+s07ZSX6_1V@7zKq^jjkHugu*#I`4Zm)TgsKW?(;C-+=lK
z9I=+7I*v?o*1kFF0UdD{rlKD70F{VGvSS#ky#;DX+9bP-VX&qX4eFr4Iv?GsFU3dP
z_<&$6^`o7fzk+Y0rh3Gq&Ra1Fwdt0j9=H}YW4mm9KlY%08a1$}&d%P+b5YP#%)>A&
zL=W7Cn(AUyheuHfUceB%ih6)Hik8q9)lV2|>FT2r?0~wzJBH&Z)N^KAU27<)!`)a5
zKS!<Y4QmB<pgO9D>L}ithF;W1+Vi=nC7F&&bRO#MSYq4PV><PnsKnh;%XAq(3f?pX
zqo%MX#$bKho^IRwqYv#PQ6qQ^mH2b0wOoVRyqj=3?nKQ<!>&$Ztx(sep!Qfc4%Yi$
zKtUrpXT6BZ{0eI1_mInsA1|$@dLb&&)u<6~K_A?0+Ye%6>c>$(+xL(`8~-$ChWnxt
zn}k)>@k|O@^JVCV%TWovhFZ%v&==oFKl})_H$F!ta2e;~9n?(bcX!S|gDt2Rq1r#e
zig*(Bq52kG(G-5CPyy?(MME(b8)7nQ%EqH+WDaU1E3h`6N8NYd*1h<OMNp4I%~TiE
zp2<Yb<U~{gv#=5_?8(G7r%*(L;WaD4sT7Z~Q+8r9?@A_?A|FZ9qnGnn@I1_-{v+~p
zV3K+}K80F}ov4}FgMnCrT8eY1y>kOKK;J&hzedoqk29hKRE9%PndhQrpaARO%czmR
zi+=beYHBZ_mgow4;%(G@cWry+zD_+9gJ^GtdTu8dg$N4WQJIfNb(n`*<9yVEmZ3kc
zwr;@~>bp>howxpJ4e#gt6`X)NKM^(ZC8z<sg^}ngp`gsKqaJt%wO0Q9oy`}98c7^#
zDpOHYJJ7a|!(i$Ks1dz{vA72HnjJ><f7PD<71iH;q(8p@1Dp{?qec{m8fhjf<I(nf
z0cs7OM<ucvmB`zug!iG|qEAsvc*1%fwcD?vX3~QVrSp~1TQ7D^+YpIbn<iKllTb_2
zA44!3^}sw-M{`k$E<t@USEFX&UDQAhpzi+>HA6R1{d%x-WhjR7eA9%2Mv#JfE&8K6
z9)+5LN!S<{p*q}+O6VXe;WMbjenQQ_Jye2!p%U^N=xoYh)ODe#1Y)u5@BajQK{w3j
zL^|rnq6F2!6^y`NP!9|m<opE_joPdeQ4gGk8pv$aQY}R#ybkq2+hWgeL*2J;kk+5V
zM>OQ%S$m@6U}wrwP#F)hK4#lzpkA}ZsLfW0nz;{<KaNZZDsi77&Rz*Xov(`xFwV9Q
z8p8Z5<MA{o(|ptj=b%Qk0+qlzWW$;r7=b?7P6Dy0*Qg2Vff=Z!%R=>=gStNt3ve!~
zU$3DyF&Blh%uugM9O{O4wmr?7h1#`aP%}0eb^UXww_z!&pY^B*Y)2*XJ}R+~Q3;)}
z?cZ5lHz;Vtf1qxxG|YKWC^n=Xg|#rlIvzDs3s7sg40V4IR>QZj1|GESU!xxUGb-Uf
zZQW;h*&cG45DFtWF&um1Axy;p8oOW?rr=uai<fW;wjJq=e5-XoYGzKL9(W10%S%x+
z>O0CASPiU6JsS1DKba&7n!+5^h^C`vViu}{1-5-HYAQFPM*23YqYv%*Z!w<wWsJcZ
zqn+Q7Bvb-fsF}+}Pn?7mdA^xSL7C6SFkFsxaR+AL7q%Y7E28f}sx=SQ@jBGn??63Z
zKkmXK=!vt&IEl=$u0pjJqf2Y@9)$!vgzCVIb*zByR0GfrL-;3+m`YiRJ$xild6m%8
z{6suXj3?e8LJ1v@IhZ7M<{U25h(cu=+=*6{_t-O!QqLy*h@-T%$LFvU>Nro3m+5co
zd^*fuL^x5;wo&|_;{{sYv#njU{#s)l`lNQ@#-C9e@ix(bsQFN5?WkWPbcE8beNujS
z*z5G)7v83^E?&pg#3XysMyy2p2ev*z>;JMU_U0w_M4YWBQh&;}`Ox+i<;}!a+qMOF
z5Pv5c+k0Yh74@aW??eoBZQSzXHCt#$yX&R$R@AO;LPQe*oUDmDv>CP0bd)-n-Pn?A
z^sYZ*+sdg;`x+{L5NmDYLVSw|=iET7L)_EvzmCB)b|#{Uoz$N$Yvon3R>IbtJA|Lv
zwsLw?Na380+C+WApL(7eI66C+TK1YA)H7`PMLoYB4PG=fL%kOKYMMnvH+vC9Q=jrd
zJgW-FTw)W^htLq#6MYFC|0Jq&{Z;&tc$X+YPTE3$^dQ#h=2rGWP4QcM!8EH_Kz#X7
zT}6H2e7XLHZO_L?iGH;47MJ}hR->$+VI2j;Z^Zk=aKf8&e?wOj3eAZ*RK6f|Bv5Zg
zBvbyHh@z}xG4Urckos(FOthf<4OS<5P~L?rh+?ArI7eXy@ekV&WBs=#ucfV&bHWz(
zVGtdT#3863p%fyS@=(k|eYWotI(~I1`_(I<e33{XQi);272*M*;~3G2DEs>_PAweq
zboeQbBSsNX#4;kAh~%7(`3|N5^;?wxW$Q!mCc&S0W&hhwBzh5d2_1zFW;^!e-iAa+
zqK}Jzbi@<W2|n4TB5kwq3{ieGrBIdj!T7yxOr>6h_=S2fPPXmBlln8Z{)$!q7vB?<
z-yuFH-XvUYX-p()5biWoz~k7D(D4Itm~f-LH_?W2FAOAfJV~ULmH0CbJJ8-9PZNVE
ze}b>8ozPK{XhEDJCTjh=bI|}IlhAR57)`V#B8a}Wouc`Wh@hU1=?}Hvq27@wB6Ku&
zFqf>);|5|c;bYsr!|r-{Kc?VI1QQ1c9W#lpL~EiA59&&+q<ooZNbDzcG@?BS>)?g5
zmjC{<oZ_=YFJc=JM(7wp3?Ra|XPyUz;_j(4+>3J~hq@Pk*dy1ia9{NEg<qzRE1sBf
z*1Iq|Gqmtp<4T2<2J9<N$ZYRfJZtbAx55h9dy3CyPjUAeGdX8UZt<<*yWNUUjm+?>
qFlyrHoW$v4;|e#8Ni5u)+qHP@xSnpsfsfDkC=N;4=J9`j%6|ZNfmi1M

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index b1defed5..c1b9ff47 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -1026,14 +1026,44 @@ msgstr "Invalid custom host found on line "
 msgid "Tunnel settings"
 msgstr "Tunnel settings"
 
+msgid "Configuration Method"
+msgstr "Configuration Method"
+
+msgid "Upload file"
+msgstr "Upload file"
+
+msgid "Create manually"
+msgstr "Create manually"
+
+msgid "Upload a WireGuard config"
+msgstr "Upload a WireGuard config"
+
+msgid "This option uploads and installs an existing WireGuard <code>.conf</code> file on this device."
+msgstr "This option uploads and installs an existing WireGuard <code>.conf</code> file on this device."
+
+msgid "Apply iptables rules for AP interface"
+msgstr "Apply iptables rules for AP interface"
+
+msgid "Recommended if you wish to forward network traffic from the wg0 interface to clients connected on the AP interface."
+msgstr "Recommended if you wish to forward network traffic from the wg0 interface to clients connected on the AP interface."
+
+msgid "This option adds <strong>iptables</strong> <code>Postup</code> and <code>PostDown</code> rules for the configured AP interface (%s)."
+msgstr "This option adds <strong>iptables</strong> <code>Postup</code> and <code>PostDown</code> rules for the configured AP interface (%s)."
+
+msgid "Select WireGuard configuration file (.conf)"
+msgstr "Select WireGuard configuration file (.conf)"
+
+msgid "Create a local WireGuard config"
+msgstr "Create a local WireGuard config"
+
 msgid "Enable server"
 msgstr "Enable server"
 
-msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
-msgstr "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
+msgid "Enable this option to secure network traffic by creating an encrypted tunnel between RaspAP and configured peers."
+msgstr "Enable this option to secure network traffic by creating an encrypted tunnel between RaspAP and configured peers."
 
-msgid "This option adds <code>wg0.conf</code> to the WireGuard configuration."
-msgstr "This option adds <code>wg0.conf</code> to the WireGuard configuration."
+msgid "This setting generates a new WireGuard <code>.conf</code> file on this device."
+msgstr "This setting generates a new WireGuard <code>.conf</code> file on this device."
 
 msgid "Local public key"
 msgstr "Local public key"

From 1b7169edd4fef003f11a094a4180bfbf326b9890 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 14 Jul 2021 07:18:07 +0100
Subject: [PATCH 230/300] Tweak wg template

---
 templates/wg/general.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index 15d2f9e3..25d74d12 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -1,7 +1,7 @@
 <!-- wireguard settings tab -->
 <div class="tab-pane active" id="wgsettings">
   <div class="row">
-    <div class="col-md-6">
+    <div class="col-lg-8">
       <h4 class="mt-3"><?php echo _("Tunnel settings"); ?></h4>
         <div class="col-lg-12 mt-2">
           <div class="row mt-3 mb-2">
@@ -31,7 +31,7 @@
               </div>
               <div class="panel-body">
 
-                <div class="form-group col-sm-12">
+                <div class="form-group">
                   <div class="custom-control custom-switch">
                     <?php $checked = $optRules == 1 ? 'checked="checked"' : '' ?>
                     <input class="custom-control-input" id="chxwgrules" name="wgRules" type="checkbox" value="1" <?php echo $checked ?> />

From 98533c3ee84c19000e2fbfd9c09a064974f98f48 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 15 Jul 2021 08:49:35 +0100
Subject: [PATCH 231/300] Update release version

---
 README.md             | 2 +-
 includes/defaults.php | 2 +-
 index.php             | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index b371b9b1..0102b431 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/FRU1tXF.png)
-[![Release 2.7.4](https://img.shields.io/badge/release-2.7.4-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.7.5](https://img.shields.io/badge/release-2.7.5-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.
 
diff --git a/includes/defaults.php b/includes/defaults.php
index 280d1c3e..026f374a 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.7.4',
+  'RASPI_VERSION' => '2.7.5',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
diff --git a/index.php b/index.php
index 0f9bb7a6..3e6e9ff6 100755
--- a/index.php
+++ b/index.php
@@ -14,7 +14,7 @@
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.7.4
+ * @version 2.7.5
  * @link    https://github.com/raspap/raspap-insiders/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/

From 59abc641d6f5c2af46515bc917fe0474b7b3727f Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Fri, 16 Jul 2021 21:40:28 +0200
Subject: [PATCH 232/300] Implement firewall - settings in iptables_rules.json
 - creates a script under /tmp/iptables_raspap.sh and executes it - no
 installer yet - to do: deal with Bridge and VPN settings

---
 config/iptables_rules.json | 168 +++++++++++++++++++++++++++++++++++
 includes/firewall.php      | 174 +++++++++++++++++++++++++++++++++++++
 installers/raspap.sudoers  |   1 +
 templates/firewall.php     |  70 +++++++++++++++
 4 files changed, 413 insertions(+)
 create mode 100644 config/iptables_rules.json
 create mode 100644 includes/firewall.php
 create mode 100644 templates/firewall.php

diff --git a/config/iptables_rules.json b/config/iptables_rules.json
new file mode 100644
index 00000000..fa23d707
--- /dev/null
+++ b/config/iptables_rules.json
@@ -0,0 +1,168 @@
+{
+    "info": "IPTABLES rules. $...$ expressions will be replaces automatically ($INTERFACE$, $PORT$, $IPADDRESS$)",
+    "rules_v4_file": "/etc/iptables/rules.v4",
+    "rules_v6_file": "/etc/iptables/rules.v6",
+    "order": [ "pre_rules", "restriction_rules", "main_rules", "exception_rules" ],
+    "pre_rules": [
+        {
+            "name": "firewall policies",
+            "fw-state": true,
+            "comment": "Policy rules (firewall)",
+            "rules": [
+                "-P INPUT DROP",
+                "-P FORWARD ACCEPT",
+                "-P OUTPUT ACCEPT",
+                "-t nat -P PREROUTING ACCEPT",
+                "-t nat -P POSTROUTING ACCEPT",
+                "-t nat -P INPUT ACCEPT",
+                "-t nat -P OUTPUT ACCEPT"
+            ]
+        },
+        {
+            "name": "policies",
+            "fw-state": false,
+            "comment": "Policy rules",
+            "rules": [
+                "-P INPUT ACCEPT",
+                "-P FORWARD ACCEPT",
+                "-P OUTPUT ACCEPT",
+                "-t nat -P PREROUTING ACCEPT",
+                "-t nat -P POSTROUTING ACCEPT",
+                "-t nat -P INPUT ACCEPT",
+                "-t nat -P OUTPUT ACCEPT"
+            ]
+        },
+        {
+            "name": "loopback",
+            "fw-state": true,
+            "comment": "allow loopback device",
+            "rules": [
+                "-A INPUT -i lo -j ACCEPT",
+                "-A OUTPUT -o lo -j ACCEPT"
+            ]
+        },
+        {
+            "name": "ping",
+            "fw-state": true,
+            "comment": "allow ping request and echo",
+            "rules": [
+                "-A INPUT -p icmp --icmp-type 8/0 -j ACCEPT",
+                "-A INPUT -p icmp --icmp-type 0/0 -j ACCEPT"
+            ]
+        },
+        {
+            "name": "ntp",
+            "fw-state": true,
+            "comment": "allow ntp request via udp (tcp should work w/o rule)",
+            "rules": [
+                "-A INPUT -p udp --sport 123 -j ACCEPT"
+            ]
+        },
+        {
+            "name": "dns",
+            "fw-state": true,
+            "comment": "allow dns request via tcp and udp",
+            "rules": [
+                "-A INPUT -p udp -m multiport --sport 53,853 -j ACCEPT",
+                "-A INPUT -p tcp -m multiport --sport 53,853 -j ACCEPT"
+            ]
+        }
+    ],
+    "main_rules": [
+        {
+            "name": "accesspoint",
+            "fw-state": true,
+            "comment": "Access point interface by default no restrictions",
+            "dependson": [
+                    { "var": "ap-device", "type": "string", "replace": "$INTERFACE$" }
+            ],
+            "rules": [
+                    "-A INPUT -i $INTERFACE$ -j ACCEPT",
+                    "-A OUTPUT -o $INTERFACE$ -j ACCEPT"
+            ]
+        },
+        {
+            "name": "clients",
+            "fw-state": true,
+            "comment": "Rules for client interfaces (includes tun device)",
+            "rules": [
+                "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT"
+            ]
+        },
+        {
+            "name": "openvpn",
+            "comment": "Rules for tunnel device (tun)",
+            "dependson": [
+                  { "var": "openvpn-enable", "type": "bool" },
+                  { "var": "openvpn-serverip", "type": "string", "replace": "$IPADDRESS$" },
+                  { "var": "client-device", "type": "string", "replace": "$INTERFACE$" }
+            ],
+            "rules": [
+                "-A FORWARD -i tun+ -o $INTERFACE$ -m state --state RELATED,ESTABLISHED -j ACCEPT",
+                "-A FORWARD -i $INTERFACE$ -o tun+ -j ACCEPT",
+                "-t nat -A POSTROUTING -o tun+ -j MASQUERADE"
+            ]
+        }
+    ],
+    "exception_rules": [
+        {
+            "name": "ssh",
+            "fw-state": true,
+            "comment": "Allow ssh access to RaspAP on port 22",
+            "dependson": [
+                { "var": "ssh-enable", "type": "bool" }
+            ],
+            "rules": [
+                "-A INPUT -p tcp --dport 22 -j ACCEPT"
+            ]
+        },
+        {
+            "name": "http",
+            "fw-state": true,
+            "comment": "Allow access to RaspAP GUI (https)",
+            "dependson": [
+                { "var": "http-enable", "type": "bool" }
+            ],
+            "rules": [
+                "-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT"
+            ]
+        },
+        {
+            "name": "interface",
+            "fw-state": true,
+            "comment": "Exclude interface from firewall",
+            "dependson": [
+                { "var": "excl-devices", "type": "list", "replace": "$INTERFACE$" }
+            ],
+            "rules": [
+                "-A INPUT -i $INTERFACE$ -j ACCEPT",
+                "-A OUTPUT -o $INTERFACE$ -j ACCEPT"
+            ]
+        },
+        {
+            "name": "ipaddress",
+            "fw-state": true,
+            "comment": "allow access from/to IP",
+            "dependson": [
+                { "var": "excluded-ips", "type": "list", "replace": "$IPADDRESS$" }
+            ],
+            "rules": [
+                "-A INPUT -s $IPADDRESS$ -j ACCEPT",
+                "-A INPUT -d $IPADDRESS$ -j ACCEPT"
+            ]
+        }
+    ],
+    "restriction_rules": [
+        {
+            "name": "ipaddress",
+            "fw-state": true,
+            "dependson": [
+                { "var": "restricted-ips", "type": "list", "replace": "$IPADDRESS$" }
+            ],
+            "comment": "Block access from IP-address",
+            "rules": [
+                "-A INPUT -s $IPADDRESS$ -j DROP"
+            ]
+        }
+    ]
+}
diff --git a/includes/firewall.php b/includes/firewall.php
new file mode 100644
index 00000000..ceac3748
--- /dev/null
+++ b/includes/firewall.php
@@ -0,0 +1,174 @@
+<?php
+
+require_once 'includes/status_messages.php';
+require_once 'includes/functions.php';
+
+define(RASPAP_FIREWALL_CONF,"/tmp/iptables.conf");
+define(RASPAP_IPTABLES_CONF,"/etc/raspap/networking/firewall/iptables_rules.json");
+define(RASPAP_IPTABLES_SCRIPT,"/tmp/iptables_raspap.sh");
+
+function getDependson(&$rule, &$conf) {
+   if ( isset($rule["dependson"][0]) ) {
+      $don = &$rule["dependson"];
+      if ( !empty($don[0]) && isset($conf[$don[0]["var"]]) ) {
+         if ( !isset($don[0]["type"]) ) $don[0]["type"]="bool";
+         return $don;
+      }
+   }
+   return false;
+}
+
+function isRuleEnabled(&$sect, &$conf) {
+   $fw_on = isset($conf["firewall-enable"]) && $conf["firewall-enable"];
+   $active = isset($sect["fw-state"]) && $sect["fw-state"]==1;
+   $active = $fw_on ? $active : !$active;
+   $active = $active || !isset($sect["fw-state"]);
+   if ( ($don = getDependson($sect, $conf)) !== false &&
+         $don[0]["type"] == "bool" && !$conf[$don[0]["var"]] )  $active = false;
+   return $active;
+}
+
+function createRuleStr(&$sect, &$conf) {
+   if ( !is_array($sect["rules"]) ) return "";
+   $rules = $sect["rules"];
+   $depon = getDependson($sect,$conf);
+   $rs = array();
+   foreach ( $rules as $rule ) {
+      if ( preg_match('/\$[a-z0-9]*\$/i',$rule) ) {
+         $r = array($rule);
+         foreach ( $depon as $dep ) {
+            $rr = array();
+            $repl=$val="";
+            switch ( $dep["type"] ) {
+               case "list":
+                   if ( isset($dep["var"]) && !empty($conf[$dep["var"]]) ) $val = explode(',', $conf[$dep["var"]]);
+                   if ( !empty($val) && isset($dep["replace"]) ) $repl=$dep["replace"];
+                   break;
+               case "string":
+                   if ( isset($dep["var"]) ) $val=$conf[$dep["var"]];
+                   if ( !empty($val) && isset($dep["replace"]) ) $repl=$dep["replace"];
+                   break;
+               default:
+                   break;
+            }
+            if ( !empty($repl) && !empty($val) ) {
+//echo "replace $repl $val \n"; //print_r( $val); echo "\n";
+               if ( is_array($val) ) {
+                  foreach ( $val as $v ) $rr = array_merge($rr,str_replace($repl, $v, $r));
+               }
+               else $rr = array_merge($rr, str_replace($repl, $val, $r));
+            }
+            $r = !empty($rr) ? $rr : $r;
+         }
+         $rs = array_merge($rs,$rr);
+      } else {
+         $rs[] = $rule;
+      }
+   }
+   $str="";
+   foreach ( $rs as $r ) {
+      if ( !preg_match('/\$[a-z0-9]*\$/i',$r) ) $str .= "iptables ".$r."\n";
+   }
+   return $str;
+}
+
+function setFirewall() {
+    $json = file_get_contents(RASPAP_IPTABLES_CONF);
+    $ipt  = json_decode($json, true);
+    $conf = ReadFirewallConf();
+
+//echo "<pre>";
+// print_r($ipt);
+    $txt = "#!/bin/bash\n";
+    $txt .= "iptables -F\n";
+    $txt .= "iptables -X\n";
+    $txt .= "iptables -t nat -F\n";
+    file_put_contents(RASPAP_IPTABLES_SCRIPT, $txt);
+    if ( empty($conf) || empty($ipt) ) return false;
+    $count=0;
+    foreach ( $ipt["order"] as $idx ) {
+       if ( isset($ipt[$idx]) ) {
+//          echo "Handle $idx \n";
+          foreach ( $ipt[$idx] as $i => $sect ) {
+             if ( isRuleEnabled($sect, $conf) ) {
+//               echo "   rule $i name ".$sect["name"]."\n";
+               $str_rules= createRuleStr($sect, $conf);
+               if ( !empty($str_rules) ) {
+                  file_put_contents(RASPAP_IPTABLES_SCRIPT, $str_rules, FILE_APPEND);
+                  ++$count;
+               }
+             }
+          }
+       }
+    }
+//    echo "Firewall ON";
+//echo "</pre>";
+    if ( $count > 0 ) {
+       exec("chmod +x ".RASPAP_IPTABLES_SCRIPT);
+       exec("sudo ".RASPAP_IPTABLES_SCRIPT);
+//       exec("sudo iptables-save > /etc/iptables/rules.v4");
+//       unlink(RASPAP_IPTABLES_SCRIPT);
+    }
+    return ($count > 0);
+}
+
+function WriteFirewallConf($conf) {
+     if ( is_array($conf) ) write_php_ini($conf,RASPAP_FIREWALL_CONF);
+}
+
+
+function ReadFirewallConf() {
+    if ( file_exists(RASPAP_FIREWALL_CONF) ) {
+       $conf = parse_ini_file(RASPAP_FIREWALL_CONF);
+    } else {
+       $conf = array();
+       $conf["firewall-enable"] = false;
+       $conf["openvpn-enable"] = false;
+       $conf["openvpn-serverip"] = "";
+       $conf["wireguard-enable"] = false;
+       $conf["wireguard-serverip"] = "";
+       $conf["ssh-enable"] = false;
+       $conf["http-enable"] = false;
+       $conf["excl-devices"] = "";
+       $conf["excluded-ips"] = "";
+       $conf["ap-device"] = "";
+       $conf["client-device"] = "";
+       $conf["restricted-ips"] = "";
+    }
+    return $conf;
+}
+
+function DisplayFirewallConfig()
+{
+
+    $status = new StatusMessages();
+
+    $json = file_get_contents(RASPAP_IPTABLES_CONF);
+    $ipt_rules = json_decode($json, true);
+
+    getWifiInterface();
+    $ap_device = $_SESSION['ap_interface'];
+    $clients = getClients();
+    $fw_conf = ReadFirewallConf();
+    $fw_conf["ap-device"] = $ap_device;
+    $id=findCurrentClientIndex($clients);
+    if ( $id >= 0 ) $fw_conf["client-device"] = $clients["device"][$id]["name"];
+    if (!empty($_POST)) {
+        $fw_conf["ssh-enable"] = isset($_POST['ssh-enable']);
+        $fw_conf["http-enable"] = isset($_POST['http-enable']);
+        $fw_conf["firewall-enable"] = isset($_POST['firewall-enable']) || isset($_POST['apply-firewall']);
+        if ( isset($_POST['firewall-enable']) ) $status->addMessage(_('Firewall is now enabled'), 'success');
+        if ( isset($_POST['apply-firewall']) )  $status->addMessage(_('Firewall settings changed'), 'success');
+        if ( isset($_POST['firewall-disable']) ) $status->addMessage(_('Firewall is now disabled'), 'warning');
+        if ( isset($_POST['save-firewall']) )  $status->addMessage(_('Firewall settings saved. Firewall is still disabled.'), 'success');
+        WriteFirewallConf($fw_conf);
+        setFirewall();
+    }
+    echo renderTemplate("firewall", compact(
+                "status",
+                "ap_device",
+                "clients",
+                "fw_conf",
+                "ipt_rules")
+    );
+}
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 7ce40f28..ae737910 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -62,3 +62,4 @@ www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/wg-*.key
+www-data ALL=(ALL) NOPASSWD:/tmp/iptables_raspap.sh
diff --git a/templates/firewall.php b/templates/firewall.php
new file mode 100644
index 00000000..39e41b71
--- /dev/null
+++ b/templates/firewall.php
@@ -0,0 +1,70 @@
+<div class="row">
+  <div class="col-lg-12">
+    <div class="card">
+      <div class="card-header">
+        <div class="row">
+          <div class="col">
+            <i class="fas fa-shield-alt mr-2"></i><?php echo _("Firewall"); ?>
+          </div>
+        </div><!-- /.row -->
+      </div><!-- /.card-header -->
+      <div class="card-body">
+        <?php $status->showMessages(); ?>
+        <h4><?php echo _("Client Firewall"); ?></h4>
+        <?php if ( $fw_conf["firewall-enable"]) : ?>
+           <i class="fas fa-circle mr-2 service-status-up"></i><?php echo _("Firewall is ENABLED"); ?>
+        <?php else : ?>
+           <i class="fas fa-circle mr-2 service-status-down"></i><?php echo _("Firewall is OFF "); ?>
+        <?php endif ?>
+        <div class="row">
+          <div class="col-md-6">
+            <p class="mr-2"><small><?php echo _("The default firewall will allow only outgoing and already established traffic. No UDP traffic is allowed.") ?></small></p>
+          </div>
+        </div>
+
+        <form id="frm-firewall" action="firewall_conf" method="POST" >
+          <?php echo CSRFTokenFieldTag(); ?>
+          <h5><?php echo _("Exceptions for Services"); ?></h4>
+          <div class="row">
+            <div class="form-group col-md-6">
+                <div class="custom-control custom-switch">
+                    <input class="custom-control-input" id="ssh-enable" type="checkbox" name="ssh-enable" value="1" aria-describedby="exceptions-description" <?php if ($fw_conf["ssh-enable"]) echo "checked"; ?> >
+                    <label class="custom-control-label" for="ssh-enable"><?php echo _("allow SSH access on port 22") ?></label>
+                </div>
+                <div class="custom-control custom-switch">
+                    <input class="custom-control-input" id="http-enable" type="checkbox" name="http-enable" value="1" aria-describedby="exceptions-description" <?php if ($fw_conf["http-enable"]) echo "checked"; ?> >
+                    <label class="custom-control-label" for="http-enable"><?php echo _("allow access to the RaspAP GUI") ?></label>
+                </div>
+                <p class="mb-0" id="exceptions-description">
+                    <small><?php echo _("Allow access for some services from the client side.") ?></small>
+                </p>
+            </div>
+          </div>
+          <?php if ($fw_conf["firewall-enable"]) : ?>
+              <input type="submit" class="btn btn-outline btn-primary" value="<?php echo _("Apply changes"); ?>" name="apply-firewall" />
+              <input type="submit" class="btn btn-warning firewall-apply" value="<?php echo _("Disable Firewall") ?>"  name="firewall-disable" data-toggle="modal" data-target="#firewallModal"/>
+          <?php else : ?>
+              <input type="submit" class="btn btn-outline btn-primary" value="<?php echo _("Save"); ?>" name="save-firewall" />
+              <input type="submit" class="btn btn-success firewall-apply" value="<?php echo _("Enable Firewall") ?>" name="firewall-enable" data-toggle="modal" data-target="#firewallModal"/>
+          <?php endif ?>
+        </form>
+      </div><!-- /.card-body -->
+      <div class="card-footer"></div>
+    </div><!-- /.card -->
+  </div><!-- /.col-lg-12 -->
+</div><!-- /.row -->
+
+<!-- Modal -->
+<div class="modal fade" id="firewallModal" tabindex="-1" role="dialog" aria-labelledby="ModalLabel" aria-hidden="true">
+  <div class="modal-dialog" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+        <div class="modal-title" id="ModalLabel">
+            <i class="fas fa-sync-alt mr-2"></i>
+            <?php if($fw_conf["firewall-enable"]) echo _("Disable the firewall ..."); else  echo _("Enable the Firewall ..."); ?>
+        </div>
+        <button type="button" class="close" data-dismiss="modal" aria-label="Close"> <span aria-hidden="true">&times;</span>
+      </div>
+  </div>
+</div>
+

From 5f0eb25f5c23e3d86363f915777c339e3e9a5721 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sat, 17 Jul 2021 09:45:59 +0200
Subject: [PATCH 233/300] Add Firewall entry to menu

---
 config/config.php | 1 +
 index.php         | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/config/config.php b/config/config.php
index c02ef442..15c809c7 100755
--- a/config/config.php
+++ b/config/config.php
@@ -23,6 +23,7 @@ define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
 define('RASPI_WIREGUARD_PATH', '/etc/wireguard/');
 define('RASPI_WIREGUARD_CONFIG', RASPI_WIREGUARD_PATH.'wg0.conf');
+define('RASPI_FIREWALL_ENABLED', true);
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
 define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
diff --git a/index.php b/index.php
index 3e6e9ff6..496fafd4 100755
--- a/index.php
+++ b/index.php
@@ -41,6 +41,7 @@ require_once 'includes/system.php';
 require_once 'includes/sysstats.php';
 require_once 'includes/configure_client.php';
 require_once 'includes/networking.php';
+require_once 'includes/firewall.php';
 require_once 'includes/themes.php';
 require_once 'includes/data_usage.php';
 require_once 'includes/about.php';
@@ -175,6 +176,11 @@ $bridgedEnabled = getBridgedState();
           <?php if (RASPI_TORPROXY_ENABLED) : ?>
         <li class="nav-item">
            <a class="nav-link" href="torproxy_conf"><i class="fas fa-eye-slash fa-fw mr-2"></i><span class="nav-label"><?php echo _("TOR proxy"); ?></a>
+        </li>
+          <?php endif; ?>
+          <?php if (RASPI_FIREWALL_ENABLED) : ?>
+        <li class="nav-item">
+          <a class="nav-link" href="firewall_conf"><span class="fas fa-shield-alt mr-2"></span><span class="nav-label"><?php echo _("Firewall"); ?></a>
         </li>
           <?php endif; ?>
           <?php if (RASPI_CONFAUTH_ENABLED) : ?>
@@ -274,6 +280,9 @@ $bridgedEnabled = getBridgedState();
         case "/torproxy_conf":
             DisplayTorProxyConfig();
             break;
+        case "/firewall_conf":
+            DisplayFirewallConfig();
+            break;
         case "/auth_conf":
             DisplayAuthConfig($config['admin_user'], $config['admin_pass']);
             break;

From 2e1781a2eb620b5956aed35c8a18f65a6e33ebf9 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <zeitnitz@uni-wuppertal.de>
Date: Sat, 17 Jul 2021 22:26:56 +0200
Subject: [PATCH 234/300] Add installation script Add wireguard iptables rules

---
 config/iptables_rules.json             | 17 ++++++++++++++++-
 installers/install_feature_firewall.sh | 20 ++++++++++++++++++++
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 installers/install_feature_firewall.sh

diff --git a/config/iptables_rules.json b/config/iptables_rules.json
index fa23d707..0e6618ec 100644
--- a/config/iptables_rules.json
+++ b/config/iptables_rules.json
@@ -95,13 +95,28 @@
             "dependson": [
                   { "var": "openvpn-enable", "type": "bool" },
                   { "var": "openvpn-serverip", "type": "string", "replace": "$IPADDRESS$" },
-                  { "var": "client-device", "type": "string", "replace": "$INTERFACE$" }
+                  { "var": "ap-device", "type": "string", "replace": "$INTERFACE$" }
             ],
             "rules": [
+                "-A INPUT -p udp -s $IPADDRESS$ -j ACCEPT",
                 "-A FORWARD -i tun+ -o $INTERFACE$ -m state --state RELATED,ESTABLISHED -j ACCEPT",
                 "-A FORWARD -i $INTERFACE$ -o tun+ -j ACCEPT",
                 "-t nat -A POSTROUTING -o tun+ -j MASQUERADE"
             ]
+        },
+        {
+            "name": "wireguard",
+            "comment": "Rules for wireguard device (wg)",
+            "dependson": [
+                  { "var": "wireguard-enable", "type": "bool" },
+                  { "var": "wireguard-serverip", "type": "string", "replace": "$IPADDRESS$" },
+                  { "var": "client-device", "type": "string", "replace": "$INTERFACE$" }
+            ],
+            "rules": [
+                "-A INPUT -p udp -s $IPADDRESS$ -j ACCEPT",
+                "-A FORWARD -i wg+ -j ACCEPT",
+                "-t nat -A POSTROUTING -o $INTERFACE$ -j MASQUERADE"
+            ]
         }
     ],
     "exception_rules": [
diff --git a/installers/install_feature_firewall.sh b/installers/install_feature_firewall.sh
new file mode 100644
index 00000000..40757e43
--- /dev/null
+++ b/installers/install_feature_firewall.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+#
+# RaspAP feature installation: Firewall
+# to be sources by the RaspAP installer script
+# Author: @zbchristian <christian@zeitnitz.eu>
+# Author URI: https://github.com/zbchristian/
+# License: GNU General Public License v3.0
+# License URI: https://github.com/raspap/raspap-webgui/blob/master/LICENSE
+
+function _install_feature_firewall() {
+    name="feature firewall"
+
+    _install_log "Install $name"
+    _install_log " - copy configuration file"
+	# create config dir
+	sudo mkdir "/etc/raspap/networking/firewall" || _install_status 1 "Unable to create firewall config directory 
+    # copy firewall configuration 
+    sudo cp "$webroot_dir/config/iptables_rules.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration ($name)"
+    _install_status 0
+}

From b770b89d73087661f190cccc119cbf76f0f602d1 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <zeitnitz@uni-wuppertal.de>
Date: Sun, 18 Jul 2021 22:09:59 +0200
Subject: [PATCH 235/300] Add openvpn udp rules to firewall

---
 includes/firewall.php | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/includes/firewall.php b/includes/firewall.php
index ceac3748..980af899 100644
--- a/includes/firewall.php
+++ b/includes/firewall.php
@@ -72,7 +72,7 @@ function createRuleStr(&$sect, &$conf) {
    return $str;
 }
 
-function setFirewall() {
+function configureFirewall() {
     $json = file_get_contents(RASPAP_IPTABLES_CONF);
     $ipt  = json_decode($json, true);
     $conf = ReadFirewallConf();
@@ -135,6 +135,23 @@ function ReadFirewallConf() {
        $conf["client-device"] = "";
        $conf["restricted-ips"] = "";
     }
+    
+# get openvpn server IP (if existing)
+    if ( RASPI_OPENVPN_ENABLED && file_exists(RASPI_OPENVPN_CLIENT_CONFIG) ) {
+      exec('cat '.RASPI_OPENVPN_CLIENT_CONFIG.' |  sed -rn "s/^remote\s*([a-z0-9\.\-\_]*)\s*([0-9]*).*$/\1/ip" ', $ret);
+      if ( !empty($ret) ) {
+          $ip = $ret[0];
+          $ip = ( filter_var($ip, FILTER_VALIDATE_IP) !== false  ) ? $ip : gethostbyname($ip);
+          if ( !empty($ip) ) {
+              $conf["openvpn-serverip"] = "$ip";
+              $conf["openvpn-enable"] = true;
+          }
+      }
+    }    
+# get wireguard server IP (if existing)
+    if ( RASPI_WIREGUARD_ENABLED && file_exists(RASPI_WIREGUARD_CONFIG) ) {
+# search for endpoint       
+    }
     return $conf;
 }
 
@@ -162,7 +179,7 @@ function DisplayFirewallConfig()
         if ( isset($_POST['firewall-disable']) ) $status->addMessage(_('Firewall is now disabled'), 'warning');
         if ( isset($_POST['save-firewall']) )  $status->addMessage(_('Firewall settings saved. Firewall is still disabled.'), 'success');
         WriteFirewallConf($fw_conf);
-        setFirewall();
+        configureFirewall();
     }
     echo renderTemplate("firewall", compact(
                 "status",

From 3059dd1fb8eafe03cea389c411c8ae835b2163d4 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <zeitnitz@uni-wuppertal.de>
Date: Mon, 19 Jul 2021 17:28:49 +0200
Subject: [PATCH 236/300] Define firewall constants

---
 config/config.php     |  4 +++-
 includes/firewall.php | 21 +++++++++------------
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/config/config.php b/config/config.php
index 15c809c7..997a3990 100755
--- a/config/config.php
+++ b/config/config.php
@@ -23,7 +23,8 @@ define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
 define('RASPI_WIREGUARD_PATH', '/etc/wireguard/');
 define('RASPI_WIREGUARD_CONFIG', RASPI_WIREGUARD_PATH.'wg0.conf');
-define('RASPI_FIREWALL_ENABLED', true);
+define('RASPAP_FIREWALL_CONF',"/etc/raspap/networking/firewall/firewall.conf");
+define('RASPAP_IPTABLES_CONF',"/etc/raspap/networking/firewall/iptables_rules.json");
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
 define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
@@ -44,6 +45,7 @@ define('RASPI_DHCP_ENABLED', true);
 define('RASPI_ADBLOCK_ENABLED', false);
 define('RASPI_OPENVPN_ENABLED', false);
 define('RASPI_WIREGUARD_ENABLED', false);
+define('RASPI_FIREWALL_ENABLED', true);
 define('RASPI_TORPROXY_ENABLED', false);
 define('RASPI_CONFAUTH_ENABLED', true);
 define('RASPI_CHANGETHEME_ENABLED', true);
diff --git a/includes/firewall.php b/includes/firewall.php
index 980af899..46444fda 100644
--- a/includes/firewall.php
+++ b/includes/firewall.php
@@ -3,8 +3,6 @@
 require_once 'includes/status_messages.php';
 require_once 'includes/functions.php';
 
-define(RASPAP_FIREWALL_CONF,"/tmp/iptables.conf");
-define(RASPAP_IPTABLES_CONF,"/etc/raspap/networking/firewall/iptables_rules.json");
 define(RASPAP_IPTABLES_SCRIPT,"/tmp/iptables_raspap.sh");
 
 function getDependson(&$rule, &$conf) {
@@ -52,7 +50,6 @@ function createRuleStr(&$sect, &$conf) {
                    break;
             }
             if ( !empty($repl) && !empty($val) ) {
-//echo "replace $repl $val \n"; //print_r( $val); echo "\n";
                if ( is_array($val) ) {
                   foreach ( $val as $v ) $rr = array_merge($rr,str_replace($repl, $v, $r));
                }
@@ -76,9 +73,6 @@ function configureFirewall() {
     $json = file_get_contents(RASPAP_IPTABLES_CONF);
     $ipt  = json_decode($json, true);
     $conf = ReadFirewallConf();
-
-//echo "<pre>";
-// print_r($ipt);
     $txt = "#!/bin/bash\n";
     $txt .= "iptables -F\n";
     $txt .= "iptables -X\n";
@@ -88,10 +82,8 @@ function configureFirewall() {
     $count=0;
     foreach ( $ipt["order"] as $idx ) {
        if ( isset($ipt[$idx]) ) {
-//          echo "Handle $idx \n";
           foreach ( $ipt[$idx] as $i => $sect ) {
              if ( isRuleEnabled($sect, $conf) ) {
-//               echo "   rule $i name ".$sect["name"]."\n";
                $str_rules= createRuleStr($sect, $conf);
                if ( !empty($str_rules) ) {
                   file_put_contents(RASPAP_IPTABLES_SCRIPT, $str_rules, FILE_APPEND);
@@ -101,8 +93,6 @@ function configureFirewall() {
           }
        }
     }
-//    echo "Firewall ON";
-//echo "</pre>";
     if ( $count > 0 ) {
        exec("chmod +x ".RASPAP_IPTABLES_SCRIPT);
        exec("sudo ".RASPAP_IPTABLES_SCRIPT);
@@ -113,7 +103,14 @@ function configureFirewall() {
 }
 
 function WriteFirewallConf($conf) {
-     if ( is_array($conf) ) write_php_ini($conf,RASPAP_FIREWALL_CONF);
+	$ret = false;
+    if ( is_array($conf) ) {
+		write_php_ini($conf,"/tmp/fwdata");
+		exec('sudo /bin/cp /tmp/fwdata '. RASPAP_FIREWALL_CONF,$out);
+		$ret = empty($out);
+		unlink("/tmp/fwdata");
+	}
+	return $ret
 }
 
 
@@ -147,7 +144,7 @@ function ReadFirewallConf() {
               $conf["openvpn-enable"] = true;
           }
       }
-    }    
+    }
 # get wireguard server IP (if existing)
     if ( RASPI_WIREGUARD_ENABLED && file_exists(RASPI_WIREGUARD_CONFIG) ) {
 # search for endpoint       

From 5197df18e14bc0600fb9822e84f4fd71f7be66c9 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <zeitnitz@uni-wuppertal.de>
Date: Mon, 19 Jul 2021 17:47:38 +0200
Subject: [PATCH 237/300] Fix ownership of firewall directory

---
 installers/install_feature_firewall.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/installers/install_feature_firewall.sh b/installers/install_feature_firewall.sh
index 40757e43..a2eecdc7 100644
--- a/installers/install_feature_firewall.sh
+++ b/installers/install_feature_firewall.sh
@@ -11,10 +11,10 @@ function _install_feature_firewall() {
     name="feature firewall"
 
     _install_log "Install $name"
-    _install_log " - copy configuration file"
 	# create config dir
-	sudo mkdir "/etc/raspap/networking/firewall" || _install_status 1 "Unable to create firewall config directory 
+	sudo mkdir "$raspap_network/firewall" || _install_status 1 "Unable to create firewall config directory" 
     # copy firewall configuration 
-    sudo cp "$webroot_dir/config/iptables_rules.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration ($name)"
+    sudo cp "$webroot_dir/config/iptables_rules.json" "$raspap_network/firewall/" || _install_status 1 "Unable to copy iptables templates"
+	sudo chown $raspap_user:$raspap_user -R "$raspap_network/firewall" || _install_status 1 "Unable to change ownership of firewall directory and files "
     _install_status 0
 }

From 721e576779ee82ccbf202b6df0c77a90295361aa Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <zeitnitz@uni-wuppertal.de>
Date: Tue, 20 Jul 2021 18:13:35 +0200
Subject: [PATCH 238/300] Fix writing of the firewall config

---
 includes/firewall.php | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/includes/firewall.php b/includes/firewall.php
index 46444fda..af7a129e 100644
--- a/includes/firewall.php
+++ b/includes/firewall.php
@@ -3,7 +3,7 @@
 require_once 'includes/status_messages.php';
 require_once 'includes/functions.php';
 
-define(RASPAP_IPTABLES_SCRIPT,"/tmp/iptables_raspap.sh");
+define('RASPAP_IPTABLES_SCRIPT',"/tmp/iptables_raspap.sh");
 
 function getDependson(&$rule, &$conf) {
    if ( isset($rule["dependson"][0]) ) {
@@ -103,14 +103,9 @@ function configureFirewall() {
 }
 
 function WriteFirewallConf($conf) {
-	$ret = false;
-    if ( is_array($conf) ) {
-		write_php_ini($conf,"/tmp/fwdata");
-		exec('sudo /bin/cp /tmp/fwdata '. RASPAP_FIREWALL_CONF,$out);
-		$ret = empty($out);
-		unlink("/tmp/fwdata");
-	}
-	return $ret
+    $ret = false;
+    if ( is_array($conf) ) $ret = write_php_ini($conf,RASPAP_FIREWALL_CONF);
+    return $ret;
 }
 
 

From e049dd6d456793f253e4ec077666b026d91fc263 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <zeitnitz@uni-wuppertal.de>
Date: Tue, 20 Jul 2021 21:56:00 +0200
Subject: [PATCH 239/300] Add excelusion option to firewall GUI

---
 includes/firewall.php  | 27 +++++++++++++++++++++------
 templates/firewall.php | 13 +++++++++++--
 2 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/includes/firewall.php b/includes/firewall.php
index af7a129e..dc2397cf 100644
--- a/includes/firewall.php
+++ b/includes/firewall.php
@@ -103,9 +103,9 @@ function configureFirewall() {
 }
 
 function WriteFirewallConf($conf) {
-    $ret = false;
-    if ( is_array($conf) ) $ret = write_php_ini($conf,RASPAP_FIREWALL_CONF);
-    return $ret;
+	$ret = false;
+     	if ( is_array($conf) ) write_php_ini($conf,RASPAP_FIREWALL_CONF);
+	return $ret;
 }
 
 
@@ -127,7 +127,7 @@ function ReadFirewallConf() {
        $conf["client-device"] = "";
        $conf["restricted-ips"] = "";
     }
-    
+
 # get openvpn server IP (if existing)
     if ( RASPI_OPENVPN_ENABLED && file_exists(RASPI_OPENVPN_CLIENT_CONFIG) ) {
       exec('cat '.RASPI_OPENVPN_CLIENT_CONFIG.' |  sed -rn "s/^remote\s*([a-z0-9\.\-\_]*)\s*([0-9]*).*$/\1/ip" ', $ret);
@@ -142,7 +142,7 @@ function ReadFirewallConf() {
     }
 # get wireguard server IP (if existing)
     if ( RASPI_WIREGUARD_ENABLED && file_exists(RASPI_WIREGUARD_CONFIG) ) {
-# search for endpoint       
+# search for endpoint
     }
     return $conf;
 }
@@ -158,6 +158,13 @@ function DisplayFirewallConfig()
     getWifiInterface();
     $ap_device = $_SESSION['ap_interface'];
     $clients = getClients();
+    $str_clients = "";
+    foreach( $clients["device"] as $dev ) {
+       if ( !$dev["isAP"] ) {
+          if ( !empty($str_clients) ) $str_clients .= ", ";
+          $str_clients .= $dev["name"];
+       }
+    }
     $fw_conf = ReadFirewallConf();
     $fw_conf["ap-device"] = $ap_device;
     $id=findCurrentClientIndex($clients);
@@ -170,13 +177,21 @@ function DisplayFirewallConfig()
         if ( isset($_POST['apply-firewall']) )  $status->addMessage(_('Firewall settings changed'), 'success');
         if ( isset($_POST['firewall-disable']) ) $status->addMessage(_('Firewall is now disabled'), 'warning');
         if ( isset($_POST['save-firewall']) )  $status->addMessage(_('Firewall settings saved. Firewall is still disabled.'), 'success');
+        if ( isset($_POST['excl-devices'])  ) {
+           $excl = filter_var($_POST['excl-devices'], FILTER_SANITIZE_STRING);
+           $excl = str_replace(' ', '', $excl);
+           if ( !empty($excl) && $fw_conf["excl-devices"] != $excl ) {
+               $status->addMessage(_('Exclude devices '. $excl), 'success');
+               $fw_conf["excl-devices"] = $excl;
+           }
+        }
         WriteFirewallConf($fw_conf);
         configureFirewall();
     }
     echo renderTemplate("firewall", compact(
                 "status",
                 "ap_device",
-                "clients",
+                "str_clients",
                 "fw_conf",
                 "ipt_rules")
     );
diff --git a/templates/firewall.php b/templates/firewall.php
index 39e41b71..e20217e4 100644
--- a/templates/firewall.php
+++ b/templates/firewall.php
@@ -18,10 +18,9 @@
         <?php endif ?>
         <div class="row">
           <div class="col-md-6">
-            <p class="mr-2"><small><?php echo _("The default firewall will allow only outgoing and already established traffic. No UDP traffic is allowed.") ?></small></p>
+            <p class="mr-2"><small><?php echo _("The default firewall will allow only outgoing and already established traffic. No UDP traffic is allowed. There are no restrictions for the access point.") ?></small></p>
           </div>
         </div>
-
         <form id="frm-firewall" action="firewall_conf" method="POST" >
           <?php echo CSRFTokenFieldTag(); ?>
           <h5><?php echo _("Exceptions for Services"); ?></h4>
@@ -40,6 +39,16 @@
                 </p>
             </div>
           </div>
+          <h5><?php echo _("Exclusions from the firewall"); ?></h4>
+          <div class="row">
+            <div class="form-group col-md-6">
+                <label for="excl-device"><?php echo _("Exclude device(s)") ?></label>
+                <input class="form-control" id="excl-devices" type="text" name="excl-devices" value="<?php echo $fw_conf["excl-devices"] ?>" aria-describedby="exclusion-description"  >
+                <p class="mb-0" id="exclusion-description">
+                    <small><?php echo _("Exclude the given network device(s) (separated by a comma) from firewall rules.<br>Current client devices: <code>$str_clients</code><br>The access point <code>". $ap_device ."</code> is per default excluded.") ?></small>
+                </p>
+            </div>
+          </div>
           <?php if ($fw_conf["firewall-enable"]) : ?>
               <input type="submit" class="btn btn-outline btn-primary" value="<?php echo _("Apply changes"); ?>" name="apply-firewall" />
               <input type="submit" class="btn btn-warning firewall-apply" value="<?php echo _("Disable Firewall") ?>"  name="firewall-disable" data-toggle="modal" data-target="#firewallModal"/>

From 393292f8722f95de11d752e6939d25d6d1dd20e2 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <zeitnitz@uni-wuppertal.de>
Date: Wed, 21 Jul 2021 16:02:21 +0200
Subject: [PATCH 240/300] Add VPN server IPs to Firewall GUI

---
 includes/firewall.php  | 80 +++++++++++++++++++++++++++---------------
 templates/firewall.php | 25 +++++++++----
 2 files changed, 69 insertions(+), 36 deletions(-)

diff --git a/includes/firewall.php b/includes/firewall.php
index dc2397cf..6839a264 100644
--- a/includes/firewall.php
+++ b/includes/firewall.php
@@ -39,7 +39,7 @@ function createRuleStr(&$sect, &$conf) {
             $repl=$val="";
             switch ( $dep["type"] ) {
                case "list":
-                   if ( isset($dep["var"]) && !empty($conf[$dep["var"]]) ) $val = explode(',', $conf[$dep["var"]]);
+                   if ( isset($dep["var"]) && !empty($conf[$dep["var"]]) ) $val = explode(' ', $conf[$dep["var"]]);
                    if ( !empty($val) && isset($dep["replace"]) ) $repl=$dep["replace"];
                    break;
                case "string":
@@ -103,9 +103,9 @@ function configureFirewall() {
 }
 
 function WriteFirewallConf($conf) {
-	$ret = false;
-     	if ( is_array($conf) ) write_php_ini($conf,RASPAP_FIREWALL_CONF);
-	return $ret;
+    $ret = false;
+        if ( is_array($conf) ) write_php_ini($conf,RASPAP_FIREWALL_CONF);
+    return $ret;
 }
 
 
@@ -115,10 +115,6 @@ function ReadFirewallConf() {
     } else {
        $conf = array();
        $conf["firewall-enable"] = false;
-       $conf["openvpn-enable"] = false;
-       $conf["openvpn-serverip"] = "";
-       $conf["wireguard-enable"] = false;
-       $conf["wireguard-serverip"] = "";
        $conf["ssh-enable"] = false;
        $conf["http-enable"] = false;
        $conf["excl-devices"] = "";
@@ -127,26 +123,32 @@ function ReadFirewallConf() {
        $conf["client-device"] = "";
        $conf["restricted-ips"] = "";
     }
-
-# get openvpn server IP (if existing)
-    if ( RASPI_OPENVPN_ENABLED && file_exists(RASPI_OPENVPN_CLIENT_CONFIG) ) {
-      exec('cat '.RASPI_OPENVPN_CLIENT_CONFIG.' |  sed -rn "s/^remote\s*([a-z0-9\.\-\_]*)\s*([0-9]*).*$/\1/ip" ', $ret);
-      if ( !empty($ret) ) {
-          $ip = $ret[0];
-          $ip = ( filter_var($ip, FILTER_VALIDATE_IP) !== false  ) ? $ip : gethostbyname($ip);
-          if ( !empty($ip) ) {
-              $conf["openvpn-serverip"] = "$ip";
-              $conf["openvpn-enable"] = true;
-          }
-      }
-    }
-# get wireguard server IP (if existing)
-    if ( RASPI_WIREGUARD_ENABLED && file_exists(RASPI_WIREGUARD_CONFIG) ) {
-# search for endpoint
-    }
     return $conf;
 }
 
+function getVPN_IPs() {
+    $ips = "";
+    # get openvpn server IPs for UDP (if existing)
+    if ( RASPI_OPENVPN_ENABLED && ($fconf = glob(RASPI_OPENVPN_CLIENT_PATH ."/*.conf")) !== false && !empty($fconf) ) {
+      foreach ( $fconf as $f ) {
+         exec('cat '.$f.' |  sed -rn "s/^remote\s*([a-z0-9\.\-\_]*)\s*([0-9]*).*$/\1/ip" ', $result);
+         $ip = (isset($result[0])) ? $result[0] : "";
+         unset($result);
+         exec('cat '.$f.' |  sed -rn "s/^proto\s*([a-z]*).*$/\1/ip" ', $result);
+         $proto = (isset($result[0])) ? $result[0] : "";
+         if ( !empty($ip) && trim(strtolower($proto)) === "udp" ) {
+            $ip = gethostbyname($ip);
+            if ( filter_var($ip,FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) $ips .= " $ip";
+        }
+      }
+    }
+    # get wireguard server IPs for UDP (if existing)
+    if ( RASPI_WIREGUARD_ENABLED && ($fconf = glob(RASPI_WIREGUARD_PATH ."/*.conf")) !== false && !empty($fconf) ) {
+    }
+    return trim($ips);
+}
+
+
 function DisplayFirewallConfig()
 {
 
@@ -154,7 +156,6 @@ function DisplayFirewallConfig()
 
     $json = file_get_contents(RASPAP_IPTABLES_CONF);
     $ipt_rules = json_decode($json, true);
-
     getWifiInterface();
     $ap_device = $_SESSION['ap_interface'];
     $clients = getClients();
@@ -179,20 +180,41 @@ function DisplayFirewallConfig()
         if ( isset($_POST['save-firewall']) )  $status->addMessage(_('Firewall settings saved. Firewall is still disabled.'), 'success');
         if ( isset($_POST['excl-devices'])  ) {
            $excl = filter_var($_POST['excl-devices'], FILTER_SANITIZE_STRING);
-           $excl = str_replace(' ', '', $excl);
-           if ( !empty($excl) && $fw_conf["excl-devices"] != $excl ) {
+           $excl = str_replace(',', ' ', $excl);
+           $excl = trim(preg_replace('/\s+/', ' ', $excl));
+           if ( $fw_conf["excl-devices"] != $excl ) {
                $status->addMessage(_('Exclude devices '. $excl), 'success');
                $fw_conf["excl-devices"] = $excl;
            }
         }
+        if ( isset($_POST['excluded-ips'])  ) {
+           $excl = filter_var($_POST['excluded-ips'], FILTER_SANITIZE_STRING);
+           $excl = str_replace(',', ' ', $excl);
+           $excl = trim(preg_replace('/\s+/', ' ', $excl));
+           if ( !empty($excl) ) {
+              $excl = explode(' ',$excl);
+              $str_excl = "";
+              foreach ( $excl as $ip ) {
+                 if ( filter_var($ip,FILTER_VALIDATE_IP) ) $str_excl .= "$ip ";
+                 else $status->addMessage(_('Exclude IP address '. $ip . ' failed - not a valid IP address'), 'warning');
+              }
+          }
+          $str_excl = trim($str_excl);
+          if ( $fw_conf["excluded-ips"] != $str_excl ) {
+               $status->addMessage(_('Exclude IP address(es) '. $str_excl ), 'success');
+               $fw_conf["excluded-ips"] = $str_excl;
+           }
+        }
         WriteFirewallConf($fw_conf);
         configureFirewall();
     }
+    $vpn_ips = getVPN_IPs();
     echo renderTemplate("firewall", compact(
                 "status",
                 "ap_device",
                 "str_clients",
                 "fw_conf",
-                "ipt_rules")
+                "ipt_rules",
+                "vpn_ips")
     );
 }
diff --git a/templates/firewall.php b/templates/firewall.php
index e20217e4..e2b1ec6b 100644
--- a/templates/firewall.php
+++ b/templates/firewall.php
@@ -18,34 +18,45 @@
         <?php endif ?>
         <div class="row">
           <div class="col-md-6">
-            <p class="mr-2"><small><?php echo _("The default firewall will allow only outgoing and already established traffic. No UDP traffic is allowed. There are no restrictions for the access point.") ?></small></p>
+            <p class="mr-2"><small><?php echo _("The default firewall will only allow outgoing and already established traffic.<br> No incoming UDP traffic is allowed.<br>There are no restrictions for the access point <code>$ap_device</code>.") ?></small></p>
           </div>
         </div>
         <form id="frm-firewall" action="firewall_conf" method="POST" >
           <?php echo CSRFTokenFieldTag(); ?>
-          <h5><?php echo _("Exceptions for Services"); ?></h4>
+          <h5><?php echo _("Exception: Service"); ?></h4>
           <div class="row">
             <div class="form-group col-md-6">
                 <div class="custom-control custom-switch">
-                    <input class="custom-control-input" id="ssh-enable" type="checkbox" name="ssh-enable" value="1" aria-describedby="exceptions-description" <?php if ($fw_conf["ssh-enable"]) echo "checked"; ?> >
+                    <input class="custom-control-input" id="ssh-enable" type="checkbox" name="ssh-enable" value="1" aria-describedby="exception-description" <?php if ($fw_conf["ssh-enable"]) echo "checked"; ?> >
                     <label class="custom-control-label" for="ssh-enable"><?php echo _("allow SSH access on port 22") ?></label>
                 </div>
                 <div class="custom-control custom-switch">
                     <input class="custom-control-input" id="http-enable" type="checkbox" name="http-enable" value="1" aria-describedby="exceptions-description" <?php if ($fw_conf["http-enable"]) echo "checked"; ?> >
-                    <label class="custom-control-label" for="http-enable"><?php echo _("allow access to the RaspAP GUI") ?></label>
+                    <label class="custom-control-label" for="http-enable"><?php echo _("allow access to the RaspAP GUI on port 80 or 443") ?></label>
                 </div>
                 <p class="mb-0" id="exceptions-description">
-                    <small><?php echo _("Allow access for some services from the client side.") ?></small>
+                    <small><?php echo _("Allow incoming connections for some services from the internet side.") ?></small>
                 </p>
             </div>
           </div>
-          <h5><?php echo _("Exclusions from the firewall"); ?></h4>
+          <h5><?php echo _("Exception: network device"); ?></h4>
           <div class="row">
             <div class="form-group col-md-6">
                 <label for="excl-device"><?php echo _("Exclude device(s)") ?></label>
                 <input class="form-control" id="excl-devices" type="text" name="excl-devices" value="<?php echo $fw_conf["excl-devices"] ?>" aria-describedby="exclusion-description"  >
                 <p class="mb-0" id="exclusion-description">
-                    <small><?php echo _("Exclude the given network device(s) (separated by a comma) from firewall rules.<br>Current client devices: <code>$str_clients</code><br>The access point <code>". $ap_device ."</code> is per default excluded.") ?></small>
+                    <small><?php echo _("Exclude the given network device(s) (separated by a blank or comma) from firewall rules.<br>Current client devices: <code>$str_clients</code><br>The access point <code>". $ap_device ."</code> is per default excluded.") ?></small>
+                </p>
+            </div>
+          </div>
+          <h5><?php echo _("Exception: IP-Address"); ?></h4>
+          <div class="row">
+            <div class="form-group col-md-6">
+                <label for="excluded-ips"><?php echo _("Allow incoming connections from") ?></label>
+                <input class="form-control" id="excluded-ips" type="text" name="excluded-ips" value="<?php echo $fw_conf["excluded-ips"] ?>" aria-describedby="excl-ips-description"  >
+                <p class="mb-0" id="excl-ips-description">
+                    <small><?php echo _("For the given IP-addresses (separated by a blank or comma) the incoming connection (via TCP and UDP) is accepted.<br>This is required for an OpenVPN via UDP or Wireguard connection.") ?></small>
+                    <small><?php if ( !empty($vpn_ips) ) echo _("<br>The list of configured VPN server IP addresses: <code>". $vpn_ips. "</code>") ?></small>
                 </p>
             </div>
           </div>

From 0a6e48a953bba13163cad1e1477aeb85cb52bc0d Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <zeitnitz@uni-wuppertal.de>
Date: Wed, 21 Jul 2021 17:56:01 +0200
Subject: [PATCH 241/300] Fix display of VPN IPs

---
 includes/firewall.php  | 1 +
 templates/firewall.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/includes/firewall.php b/includes/firewall.php
index 6839a264..90713d34 100644
--- a/includes/firewall.php
+++ b/includes/firewall.php
@@ -131,6 +131,7 @@ function getVPN_IPs() {
     # get openvpn server IPs for UDP (if existing)
     if ( RASPI_OPENVPN_ENABLED && ($fconf = glob(RASPI_OPENVPN_CLIENT_PATH ."/*.conf")) !== false && !empty($fconf) ) {
       foreach ( $fconf as $f ) {
+         unset($result);
          exec('cat '.$f.' |  sed -rn "s/^remote\s*([a-z0-9\.\-\_]*)\s*([0-9]*).*$/\1/ip" ', $result);
          $ip = (isset($result[0])) ? $result[0] : "";
          unset($result);
diff --git a/templates/firewall.php b/templates/firewall.php
index e2b1ec6b..478ed652 100644
--- a/templates/firewall.php
+++ b/templates/firewall.php
@@ -56,7 +56,7 @@
                 <input class="form-control" id="excluded-ips" type="text" name="excluded-ips" value="<?php echo $fw_conf["excluded-ips"] ?>" aria-describedby="excl-ips-description"  >
                 <p class="mb-0" id="excl-ips-description">
                     <small><?php echo _("For the given IP-addresses (separated by a blank or comma) the incoming connection (via TCP and UDP) is accepted.<br>This is required for an OpenVPN via UDP or Wireguard connection.") ?></small>
-                    <small><?php if ( !empty($vpn_ips) ) echo _("<br>The list of configured VPN server IP addresses: <code>". $vpn_ips. "</code>") ?></small>
+                    <small><?php if ( !empty($vpn_ips) ) echo _("<br>The list of configured VPN server IP addresses: <code><b>". $vpn_ips. "</b></code>") ?></small>
                 </p>
             </div>
           </div>

From 1855f40f9dc36c1326a01efe6f156aaee6ebf30f Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Sat, 24 Jul 2021 15:04:01 +0200
Subject: [PATCH 242/300] Add masquerade rule for NAT

Add default NAT POSTROUTING  rule to masquerade addresses
---
 config/iptables_rules.json | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/config/iptables_rules.json b/config/iptables_rules.json
index 0e6618ec..df2b126b 100644
--- a/config/iptables_rules.json
+++ b/config/iptables_rules.json
@@ -81,6 +81,13 @@
                     "-A OUTPUT -o $INTERFACE$ -j ACCEPT"
             ]
         },
+        {
+            "name": "NAT for access point",
+            "comment": "Masquerading needed for access point",
+            "rules": [
+                "-t nat -A POSTROUTING -j MASQUERADE"
+            ]
+        },
         {
             "name": "clients",
             "fw-state": true,

From 2f1a6af0baad75be9bc880b58412569e3d7aafbd Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sun, 25 Jul 2021 15:42:46 +0200
Subject: [PATCH 243/300] Add IPv6 to Firewall

---
 config/iptables_rules.json | 15 +++++++++++++++
 includes/firewall.php      | 29 ++++++++++++++++++++++++-----
 2 files changed, 39 insertions(+), 5 deletions(-)

diff --git a/config/iptables_rules.json b/config/iptables_rules.json
index df2b126b..d9b6f5f9 100644
--- a/config/iptables_rules.json
+++ b/config/iptables_rules.json
@@ -44,12 +44,23 @@
         {
             "name": "ping",
             "fw-state": true,
+            "ip-version": 4,
             "comment": "allow ping request and echo",
             "rules": [
                 "-A INPUT -p icmp --icmp-type 8/0 -j ACCEPT",
                 "-A INPUT -p icmp --icmp-type 0/0 -j ACCEPT"
             ]
         },
+        {
+            "name": "ping IPv6",
+            "fw-state": true,
+            "ip-version": 6,
+            "comment": "allow ping request and echo for IPv6",
+            "rules": [
+                "-A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT",
+                "-A INPUT -p icmpv6 --icmpv6-type echo-reply -j ACCEPT"
+            ]
+        },
         {
             "name": "ntp",
             "fw-state": true,
@@ -99,6 +110,7 @@
         {
             "name": "openvpn",
             "comment": "Rules for tunnel device (tun)",
+            "ip-version": 4,
             "dependson": [
                   { "var": "openvpn-enable", "type": "bool" },
                   { "var": "openvpn-serverip", "type": "string", "replace": "$IPADDRESS$" },
@@ -114,6 +126,7 @@
         {
             "name": "wireguard",
             "comment": "Rules for wireguard device (wg)",
+            "ip-version": 4,
             "dependson": [
                   { "var": "wireguard-enable", "type": "bool" },
                   { "var": "wireguard-serverip", "type": "string", "replace": "$IPADDRESS$" },
@@ -164,6 +177,7 @@
         {
             "name": "ipaddress",
             "fw-state": true,
+            "ip-version": 4,
             "comment": "allow access from/to IP",
             "dependson": [
                 { "var": "excluded-ips", "type": "list", "replace": "$IPADDRESS$" }
@@ -178,6 +192,7 @@
         {
             "name": "ipaddress",
             "fw-state": true,
+            "ip-version": 4,
             "dependson": [
                 { "var": "restricted-ips", "type": "list", "replace": "$IPADDRESS$" }
             ],
diff --git a/includes/firewall.php b/includes/firewall.php
index 90713d34..1b763622 100644
--- a/includes/firewall.php
+++ b/includes/firewall.php
@@ -4,6 +4,7 @@ require_once 'includes/status_messages.php';
 require_once 'includes/functions.php';
 
 define('RASPAP_IPTABLES_SCRIPT',"/tmp/iptables_raspap.sh");
+define('RASPAP_IP6TABLES_SCRIPT',"/tmp/ip6tables_raspap.sh");
 
 function getDependson(&$rule, &$conf) {
    if ( isset($rule["dependson"][0]) ) {
@@ -64,20 +65,33 @@ function createRuleStr(&$sect, &$conf) {
    }
    $str="";
    foreach ( $rs as $r ) {
-      if ( !preg_match('/\$[a-z0-9]*\$/i',$r) ) $str .= "iptables ".$r."\n";
+      if ( !preg_match('/\$[a-z0-9]*\$/i',$r) ) $str .= '$IPT '.$r."\n";
    }
    return $str;
 }
 
+function isIPv4(&$rule) {
+    return !isset($rule["ip-version"]) || strstr($rule["ip-version"],"4") !== false; 
+}
+
+function isIPv6(&$rule) {
+    return !isset($rule["ip-version"]) || strstr($rule["ip-version"],"6") !== false; 
+}
+
 function configureFirewall() {
     $json = file_get_contents(RASPAP_IPTABLES_CONF);
     $ipt  = json_decode($json, true);
     $conf = ReadFirewallConf();
     $txt = "#!/bin/bash\n";
-    $txt .= "iptables -F\n";
-    $txt .= "iptables -X\n";
-    $txt .= "iptables -t nat -F\n";
     file_put_contents(RASPAP_IPTABLES_SCRIPT, $txt);
+    file_put_contents(RASPAP_IP6TABLES_SCRIPT, $txt);
+    file_put_contents(RASPAP_IPTABLES_SCRIPT, 'IPT="iptables"'."\n", FILE_APPEND);
+    file_put_contents(RASPAP_IP6TABLES_SCRIPT, 'IPT="ip6tables"'."\n", FILE_APPEND);
+    $txt = "\$IPT -F\n";
+    $txt .= "\$IPT -X\n";
+    $txt .= "\$IPT -t nat -F\n";
+    file_put_contents(RASPAP_IPTABLES_SCRIPT, $txt, FILE_APPEND);
+    file_put_contents(RASPAP_IP6TABLES_SCRIPT, $txt, FILE_APPEND);
     if ( empty($conf) || empty($ipt) ) return false;
     $count=0;
     foreach ( $ipt["order"] as $idx ) {
@@ -86,7 +100,8 @@ function configureFirewall() {
              if ( isRuleEnabled($sect, $conf) ) {
                $str_rules= createRuleStr($sect, $conf);
                if ( !empty($str_rules) ) {
-                  file_put_contents(RASPAP_IPTABLES_SCRIPT, $str_rules, FILE_APPEND);
+                  if ( isIPv4($sect) ) file_put_contents(RASPAP_IPTABLES_SCRIPT, $str_rules, FILE_APPEND);
+                  if ( isIPv6($sect) ) file_put_contents(RASPAP_IP6TABLES_SCRIPT, $str_rules, FILE_APPEND);
                   ++$count;
                }
              }
@@ -98,6 +113,10 @@ function configureFirewall() {
        exec("sudo ".RASPAP_IPTABLES_SCRIPT);
 //       exec("sudo iptables-save > /etc/iptables/rules.v4");
 //       unlink(RASPAP_IPTABLES_SCRIPT);
+       exec("chmod +x ".RASPAP_IP6TABLES_SCRIPT);
+       exec("sudo ".RASPAP_IP6TABLES_SCRIPT);
+//       exec("sudo iptables-save > /etc/iptables/rules.v6");
+//       unlink(RASPAP_IP6TABLES_SCRIPT);
     }
     return ($count > 0);
 }

From 882535b1309fc4fe8fcc2e29502c0bd8ed600559 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Sun, 25 Jul 2021 17:27:31 +0200
Subject: [PATCH 244/300] Get VPN state from active tun/wg device

---
 includes/firewall.php     | 37 ++++++++++++++++++++++++++++---------
 installers/raspap.sudoers |  1 +
 2 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/includes/firewall.php b/includes/firewall.php
index 1b763622..d6699866 100644
--- a/includes/firewall.php
+++ b/includes/firewall.php
@@ -142,28 +142,47 @@ function ReadFirewallConf() {
        $conf["client-device"] = "";
        $conf["restricted-ips"] = "";
     }
+    exec('ifconfig | grep -E -i "tun+"', $ret);
+    $conf["openvpn-enable"] = !empty($ret);
+    unset($ret);
+    exec('ifconfig | grep -E -i "wg+"', $ret);
+    $conf["wireguard-enable"] = !empty($ret);
     return $conf;
 }
 
 function getVPN_IPs() {
     $ips = "";
-    # get openvpn server IPs for UDP (if existing)
+    # get openvpn and wireguard server IPs
     if ( RASPI_OPENVPN_ENABLED && ($fconf = glob(RASPI_OPENVPN_CLIENT_PATH ."/*.conf")) !== false && !empty($fconf) ) {
       foreach ( $fconf as $f ) {
-         unset($result);
-         exec('cat '.$f.' |  sed -rn "s/^remote\s*([a-z0-9\.\-\_]*)\s*([0-9]*).*$/\1/ip" ', $result);
-         $ip = (isset($result[0])) ? $result[0] : "";
-         unset($result);
-         exec('cat '.$f.' |  sed -rn "s/^proto\s*([a-z]*).*$/\1/ip" ', $result);
-         $proto = (isset($result[0])) ? $result[0] : "";
-         if ( !empty($ip) && trim(strtolower($proto)) === "udp" ) {
+        unset($result);
+        exec('cat '.$f.' |  sed -rn "s/^remote\s*([a-z0-9\.\-\_]*)\s*([0-9]*).*$/\1 \2/ip" ', $result);
+        if ( !empty($result) ) {
+          $result = explode(" ",$result[0]);
+          $ip = (isset($result[0])) ? $result[0] : "";
+          $port = (isset($result[1])) ? $result[1] : "";
+          if ( !empty($ip) ) {
             $ip = gethostbyname($ip);
             if ( filter_var($ip,FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) $ips .= " $ip";
+          }
         }
       }
     }
-    # get wireguard server IPs for UDP (if existing)
+    # get wireguard server IPs
     if ( RASPI_WIREGUARD_ENABLED && ($fconf = glob(RASPI_WIREGUARD_PATH ."/*.conf")) !== false && !empty($fconf) ) {
+      foreach ( $fconf as $f ) {
+        unset($result);
+        exec('sudo /bin/cat '.$f.' |  sed -rn "s/^endpoint\s*=\s*([a-z0-9\.\-\_]*:[0-9]*).*$/\1/ip" ', $result);
+        if ( !empty($result) ) {
+          $result = explode(":",$result[0]);
+          $ip = (isset($result[0])) ? $result[0] : "";
+          $port = (isset($result[1])) ? $result[1] : "";
+          if ( !empty($ip) ) {
+             $ip = gethostbyname($ip);
+             if ( filter_var($ip,FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) $ips .= " $ip";
+          }
+        }
+      }
     }
     return trim($ips);
 }
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index ae737910..b85fe487 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -63,3 +63,4 @@ www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/tmp/iptables_raspap.sh
+www-data ALL=(ALL) NOPASSWD:/tmp/ip6tables_raspap.sh

From 088699905527b1f3a7b8879dc249955c0c29b6aa Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Mon, 26 Jul 2021 15:42:14 +0200
Subject: [PATCH 245/300] Improve active VPN detection

---
 includes/firewall.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/firewall.php b/includes/firewall.php
index d6699866..3f4ef8b7 100644
--- a/includes/firewall.php
+++ b/includes/firewall.php
@@ -142,10 +142,10 @@ function ReadFirewallConf() {
        $conf["client-device"] = "";
        $conf["restricted-ips"] = "";
     }
-    exec('ifconfig | grep -E -i "tun+"', $ret);
+    exec('ifconfig | grep -E -i "^tun[0-9]"', $ret);
     $conf["openvpn-enable"] = !empty($ret);
     unset($ret);
-    exec('ifconfig | grep -E -i "wg+"', $ret);
+    exec('ifconfig | grep -E -i "^wg[0-9]"', $ret);
     $conf["wireguard-enable"] = !empty($ret);
     return $conf;
 }

From 3d4b710492fdc5ac19195d4e96b759ba6b4f182e Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Tue, 27 Jul 2021 10:09:36 +0200
Subject: [PATCH 246/300] Allow IPv6 addresses for VPN server

---
 includes/firewall.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/includes/firewall.php b/includes/firewall.php
index 3f4ef8b7..9a61f304 100644
--- a/includes/firewall.php
+++ b/includes/firewall.php
@@ -142,10 +142,10 @@ function ReadFirewallConf() {
        $conf["client-device"] = "";
        $conf["restricted-ips"] = "";
     }
-    exec('ifconfig | grep -E -i "^tun[0-9]"', $ret);
+    exec('ifconfig | grep -E -i "tun+"', $ret);
     $conf["openvpn-enable"] = !empty($ret);
     unset($ret);
-    exec('ifconfig | grep -E -i "^wg[0-9]"', $ret);
+    exec('ifconfig | grep -E -i "wg+"', $ret);
     $conf["wireguard-enable"] = !empty($ret);
     return $conf;
 }
@@ -156,7 +156,7 @@ function getVPN_IPs() {
     if ( RASPI_OPENVPN_ENABLED && ($fconf = glob(RASPI_OPENVPN_CLIENT_PATH ."/*.conf")) !== false && !empty($fconf) ) {
       foreach ( $fconf as $f ) {
         unset($result);
-        exec('cat '.$f.' |  sed -rn "s/^remote\s*([a-z0-9\.\-\_]*)\s*([0-9]*).*$/\1 \2/ip" ', $result);
+        exec('cat '.$f.' |  sed -rn "s/^remote\s*([a-z0-9\.\-\_:]*)\s*([0-9]*)\s*$/\1 \2/ip" ', $result);
         if ( !empty($result) ) {
           $result = explode(" ",$result[0]);
           $ip = (isset($result[0])) ? $result[0] : "";
@@ -172,9 +172,9 @@ function getVPN_IPs() {
     if ( RASPI_WIREGUARD_ENABLED && ($fconf = glob(RASPI_WIREGUARD_PATH ."/*.conf")) !== false && !empty($fconf) ) {
       foreach ( $fconf as $f ) {
         unset($result);
-        exec('sudo /bin/cat '.$f.' |  sed -rn "s/^endpoint\s*=\s*([a-z0-9\.\-\_]*:[0-9]*).*$/\1/ip" ', $result);
+        exec('sudo /bin/cat '.$f.' |  sed -rn "s/^endpoint\s*=\s*\[?([a-z0-9\.\-\_:]*)\]?:([0-9]*)\s*$/\1 \2/ip" ', $result);
         if ( !empty($result) ) {
-          $result = explode(":",$result[0]);
+          $result = explode(" ",$result[0]);
           $ip = (isset($result[0])) ? $result[0] : "";
           $port = (isset($result[1])) ? $result[1] : "";
           if ( !empty($ip) ) {

From f572fdd39e59fc63e7c98fd6006b3d5cda577759 Mon Sep 17 00:00:00 2001
From: Christian Zeitnitz <christian@zeitnitz.eu>
Date: Tue, 27 Jul 2021 11:25:42 +0200
Subject: [PATCH 247/300] Improve search for tun and wg device

---
 includes/firewall.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/firewall.php b/includes/firewall.php
index 9a61f304..1f05c9fe 100644
--- a/includes/firewall.php
+++ b/includes/firewall.php
@@ -142,10 +142,10 @@ function ReadFirewallConf() {
        $conf["client-device"] = "";
        $conf["restricted-ips"] = "";
     }
-    exec('ifconfig | grep -E -i "tun+"', $ret);
+    exec('ifconfig | grep -E -i "^tun[0-9]"', $ret);
     $conf["openvpn-enable"] = !empty($ret);
     unset($ret);
-    exec('ifconfig | grep -E -i "wg+"', $ret);
+    exec('ifconfig | grep -E -i "^wg[0-9]"', $ret);
     $conf["wireguard-enable"] = !empty($ret);
     return $conf;
 }

From d12aa8da21d593ea262b075f9f583a827d88a6b2 Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Fri, 30 Jul 2021 21:01:29 +0200
Subject: [PATCH 248/300] Update README.md

---
 README.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 0102b431..3d39834f 100644
--- a/README.md
+++ b/README.md
@@ -27,15 +27,17 @@ As part of the initial rollout of Insiders, all previous one-time backers of Ras
 ## Exclusive features
 The following features are currently available exclusively to sponsors. A tangible side benefit of sponsorship is that Insiders are able to help steer future development of RaspAP. This is done through your Insiders access to discussions, feature requests, issues and pull requests in the private GitHub repository.
 
-✅ [Manage OpenVPN client configs](https://docs.raspap.com/openvpn.html#multiple-client-configs)  
-✅ [OpenVPN certificate authentication](https://docs.raspap.com/openvpn.html#certificate-authentication)      
+✅ [Manage OpenVPN client configs](https://docs.raspap.com/openvpn/#multiple-client-configs)  
+✅ [OpenVPN certificate authentication](https://docs.raspap.com/openvpn/#certificate-authentication)      
 ✅ OpenVPN service logging  
 ✅ Night mode toggle  
 ✅ Restrict network to static clients  
-✅ [WireGuard support](https://docs.raspap.com/wireguard.html)  
-✅ [Set AP transmit power](https://docs.raspap.com/ap-basics.html#transmit-power)  
+✅ [WireGuard support](https://docs.raspap.com/wireguard/)  
+✅ [Set AP transmit power](https://docs.raspap.com/ap-basics/#transmit-power)  
 ✅ Mobile data client support  
 ⚙️ Traffic shaping (in progress)  
+⚙️ Firewall settings (in progress)  
+⚙️ Printable WiFi signs (in progress)  
 
 Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/RaspAP/raspap-insiders/discussions) and let us know!
 

From b4394513cac908cf14efa35c92d4a5827e422774 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 3 Aug 2021 23:37:42 +0100
Subject: [PATCH 249/300] Update template msg + en_US locale

---
 locale/en_US/LC_MESSAGES/messages.mo | Bin 28313 -> 28395 bytes
 locale/en_US/LC_MESSAGES/messages.po |   5 ++++-
 templates/dhcp/static_leases.php     |   6 +++---
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index b1d575103df844f9061bbe9f73cf985b650b4813..45eef151276bb949578630c04ffd1b7f061152ec 100644
GIT binary patch
delta 8062
zcmZwL33!cH9>?($*+o`MVoR<i5d;xINbMv-B9=rfwIucmky2Zk%g9t~DcTxEs#QvD
z)lwQ=)Y9srs#8i^TT2-l-E5`R>3o0pJ)ZIOne+62Kj)nHeb4^h8(n$EtNe_Y`)q{I
zaziTiGNu-;4>IOD`GiQ-8go0^n0UN{6R~cLF(J4NUHAf4!u_a6KE(jMWXnHcCS`w@
zG1-`d5x5@d%5B~tQ<I8==#A&FDqcV}cnAG4ypA!|usW)PL=49^NJFM4R>3@s#X{6T
zpF*{>7Hi`kRDUNux|uB*H5^*kS%EmLLAi@{D5{|usD>W5zJR`z%k1^N7)tpFYQSeu
zGref*Z(}dY0ri{-<VpHB!^!yJIMh;3!Z@65>(|@*EvSaeP&3$v8u)2U$LpAcsr8Ks
z#EDoDr{gr7hgzxMQ3Lg7ncQk1k_>}0O>r>xL0{Zv-HDpX9@G+lf?APpQ4{zX)!`&Y
ztu2{}n#dwlM=MbS-(>4w!vxBE<9M9&Van}|K@E%vqg)fyFadQaC!<Eb6g7ZS^v2gv
zGu(x~xX)fcgc{H(d;KEnO#O@+kRK<y1gpg}d_OX)sn88CVhb!o)n7$*d>yOfpU7lQ
z^@h$KcEBjg-LVnoqgHegYQ@%}CbAoOfy^HmfVH?;<ybcv7n!c8r5lAhWYbVfyaY9X
zH5iPWu{oBZ@iOLne1vRyV`Fw;KI@u?Rhk&n77K9zZp0KcO&!}{F-7;oWc<l|hgzDe
zsDa!?ZAC~k=di_~`b<U5U^Hq5MW_Kji5mDS)C%lCZS6;>`>tR`3`lfVwlW6l_|zcd
z!-e{&2OByUOh;Spfm+IZRL4`$g|kruUxV7J4X7>LhU(}b>JWZvJ%w?UFQWz)$}-02
z_%`!o_;y16Gex$%7WJC#N6p|2@>OB(A|p4^Nlu6H7(%%{>TqVECQ^XmI0Hj*p{-wy
zl_~E)&-;If4Cl%mMZJc%Q61FeB<fVhqGsM0)o?PZ;hw0O4nfUqENaF}Py;Wu*UK=B
z@<G&d$58{igl>)e78$)xzRAvB23o74PJJCzN2#_x4YlNbZFwL@P#%R<a5`#h7NZ8d
z9CiOzRL48fvqj0Qzh{rA&{ys$)J$)oX7nejp}3aLk~PIDlsjAVP#qMaUc-5)36-MW
zmMy6E_n=nf5GLSxRJ)<A*nc$;*~*zgQ`Ay*LXEU9YGn#gBOZ+!U@_{@&P3hkMh$EU
z>TOtWufK|qQr?C7@oC=Lc|IFmln1!UXz6BP1};J^)d^IGXHYY`j2hUlI2i+YnKgr1
zs2P@^I#`A}Guu(m?LxKp9#+P~I110%dUv-r&V@|WOom%0+4?!CnLdL$q$^QNdjKE6
z&rmB8%(smWS2fi2cx;HRknbil++JUV8rT|S0&cU7j8<S5YQ`U;267B@@dCQAO{z1H
zL8#Yo7^>sBs1;a%YIp_e`3*P+cca>E&1f~i&Zq(AV4&Xr0y27_&|a8jU4YulXHiSH
z9`#z5p&B}XYUntsgY&3?{D2zRZ>Rxzw{z+vtTCtwCtyYTHyy~RqaN4@`(rJfYh8od
z>$gyQc@WjW$5<85V0FB1>x0`n9lKBiZf47EP-m<==HpZ7&LVSzOgeV%U`#h$fF<}D
z_QTwc#tg+x*b4(XIfpP0wGxM|XHYBk6MAOe*?B7>P%GR3HPO~s1G{u){p*t%N`)Gl
zhnnGX)RLB>X0{Ra;C|F=b_8|bdDK#0L9N6!RKo#Xoa^;4iE<;1!yy=nC8z<Fc47Us
zv|FjrDSsW+(H_)H-p88w71qU@n2k|go$^@J7s^6w8LHunsIzes)xI~&x*LPg2M?eI
z@`2lC&e;pUqW0`AvYo~+&1s;kH4`gPpMx#E_^roy%8S{*iMSiJ^s(KYw<Z~ND05LA
z7GMC*v}N}^GMQAYM$POp>TsoSQnV61Q7e##-Z&Yx)YDK6E=JApC9H<qFaX~}ZRrtI
zJLgbaSB|l0dUyuvHgROsP)n?hS*Q-jTj!%1UWa-s-bC&3N$WM#jDveR?bNa+qc8QD
zsOx=ETa%9(a4|;c{hwhkEW%z~C`HYn+<F83DF1<4N*|Uh4#QFPDX97msD?996Uadg
zd=j!NW<KgL9>qYcz^mtZ|0|K1MnxnB;S$tHSECx(f;xN$a4=p(&8!onmFcK0%R(*j
za16mmkolPsREIw7ueKxvE1?VB>Zl1Bjl7+`&<ztP_r(}=V<<k4`VrcWoIA4*wI%+&
zoq^X!4ImM9R=QzD%s>q^$6g<V8c<Ph#-|%*P@zLrg6e1$mf&X85;yDPTyKRfC}*PT
z=b%<>KI(hoX^h2fs4YB(QFs~~;Z4+vy81dR*19k2qnY%eA{v*W9(>i7_n?dNml%$B
zP=_^$uSG3!J=6e_Fc{lobIe4;>-jf)gseNq`SbiH=23n**ZK3@xcfVQpQj=}$>tgB
z5iF+c$KBeR>8O>NgBr+E48s>uhixZnhDT8o_zg87?*YyL>tZD3rdSQr(6hBe$mqt|
zsI4ePE$v3s9=(G4#wtTS_>QeVZp&veg8G}NjspfdD;AC#coM3;wx})cgz6^`IfQOg
z;ABh@#&Ka5YGmuI2dx)SOY1$zx!w{r^IX&fim?tZMGbrhs>8QYTlG2WaDI!L$Sn-l
z`w`4LrKOEQU1)}tF%31NK^TuCP_N-4R0rEpr+N?SzIRd2e~8+mbEujAf|}S})N5Do
zL1*BJ=z0G$$!IV0P!Enp4QM86<O@)*(@NA~d(OHEt5e>E>gcGg{~ERAmu&e5)E3=A
ztw5zA&eqgH&%gg0lF<VlQ5~nFXOB=LF2EXCgqrCB)Qp}+?eUwa6+3|H;DogtwIcfC
zAqpZ<6G}wAEggok{^}r$ikdhG6L2c3;dQ76wxDKk0JTzIpayygwKBI*1O5#)K;L1`
zp$$RZR~a?1dZ-mlvDdo}b31>ZXHZd_3-6;ExPUIait0Fcxbvrz3$;=Yp*k!^&1e>C
zU<+|FmZByQmhY@!6srAL)S2mmdM?9FMhy-?E#WX6g_CXlSGN8e)J$$zeF~iWtDs)b
zc#Ov;sHN?X58z1Dgw~?Y)@FPCZEQ%{{V|!wWNz3STqB&3C81`}3AF+ls2M+q8ps&r
zOUz6|7al<k<VUQ7*HIl;9qFt<G-}3;QO~!<IePzlkWs^jQ6oHon!#n%Yjz9ufR;t|
zVb*BWUM8ScE(LXeCaRtOsQbsF+MkL#YjaTpdlEzR{;#kXHduF}X1ove;4xH3XR#4}
zkF~JsXvZYfN@b(AG7t6qP}CPtG3qs)Z|m2hR^oLGq<?eJRvf_$%BPWSHgRKkGw^Xt
z#}n8MqsKbGjw7)j<txa+H|@sRKVVRYupG4#!ya-hMy=F5)BskXTd&0iGFsxdP%}M@
zdf!iCeY}QhC~~|r!-iOqaw2MGsThR0sP^*F52vD*dNyh$9z(TTYOlXBp7l?nVlNeO
z_zUV+Dyq;KP$K$M?ub6v9fL3nHIsp;?~Msq7oWgv+-l2rF@bW-1jkI&L}y^I?w`Q=
ztAiC(?8fI&9rd5+3}mo%GOB(d2I5j|hpSM}e`);&D^R|SUf73F>Q1~$JV@md)S&ap
z@74adCT0@Ns929(@O>;L{+eoWO{p7>AU-1>f$w>0osWx9L?jcFoGR1aKBr<9(aV<I
zk5Q;dVVkayZW4Z!+Yvp<H^90oldp$Lg9!e<Fz1L?1TTaq)#mzO;yk5~iAqkj*=}vZ
zwNGqb+e~ts1AL|sn^m;w1*`T>>5_vPf+039RuUz)yaJEdyx_;qlS1gUJJEwsO2!H{
zul`LFDqkbMATo)2iL+?>bK?$Mp|8_El=W^abtO&`PZOgFy_!nBh;NB!iP?nSh*yZ^
zL>kX$5K8{aYyXuvFXmU`D`GJ*hfwOuO+PtV&!<i~e`%QyiIH4Ov5kH1x$1lzgO_c&
z1+KMukxTgU%m(a@?pQw3DI6qj5K2{v(bOwxfb)skD*Po)rM&9Cx;i#rnP;QP7vMiJ
z3m?Y%I1GdFEH-tTCuh@69L7bZErebrZ=wTrMMM(uGi9ZgL?y~T*bu7|k;E)rB;^yq
zL<{O%n2K?z)P@*J+0%aq$foc*o*~AQua8Ro$R`q4$uA|UksnBuk^g{rn;1!aM-&n>
z2)-=Mzlr}4t-1FKMiKW?1DiR8k7{{;BQ6ssh$o3+B8f;PP7_M~iFJez4d&oS#1w+B
zc=Hs|h4_QGmtwfDH-!<zOT-hzQ6ioCd#N57_uu&FOl3`bVIk$YL`TZaiRa1ROJQU>
z+rm7oMGUvkwZ&_c-?Y~oN_(vluCeuF$?LbH2GQ7y<JFeTBH}G#2p1<24-og#4`gak
zu0rJ4`mNOcXm5B1zqEPr1`$Jy;@(76kZwD8KKJt(NVMU)%Zv37C-V*!`rj$dF$niz
zKSC**vQhvs(39hb${N76PUJ&vIg|2m@-GtJ<ac35BA0v~aewMdd71WKX)@81il&4=
z`Ju#dLaEh#4}MQM;lA=6%Ht?k$2208d?E2Q`7wl2Gon2acHeWVS8~^}mDx_&^E<EX
zVPX@pM+MSgB9{1*xJ&dUf(WJS4xZ1-d<N3yZhVfIPK+fE5lW4Txc?2rZEjKVcj6yJ
zJQu#f9)!}n4yN2HHWGfe+==^FlYg8jCO?RnK)xFBDRF`DqV6H0fc!LK0{I2_FTz(p
zUyaE8PDF8G3^9OEnrMx8ik^SRD_fQNojubtBEzyLO&M1-F~86?qG-Z|Q4^=^3~Mzl
btYS)&#AH`uV%ruicP>lwj{1Lh`Gx%#5D;5l

delta 7980
zcmZA533!cH9>?($Sx9b#EFuvkQIgmbgoH>`2niBIZL!8q1Vz!bbA{A4Cao&1R<(?d
z4!RHwWvZ32w4$X8ZB0>ascNa#R&8~@zxy7~<C*h3|NA-TyzhJV_uf3Y{H52LFTLDn
zLVQ*k(sVCl>f>6MF_)FEt6F1@G&Cjw-@{`38G~?iv@tO_9RqO%>XCI=19#c-e(X*8
z6y{;$7-K?k7Sfg5EG830#Y*(XH?R&?pc;G+tK(M~j+am!m{?<i!5?YJL}3`lV-rk6
z4YUx|&J1jTOHuu8^5{0El8hQYi&}x3SPw%RIkrMIl#Oa=uys26QeI-Omt!r;FQNwg
z8fvCHZT%6<rTiIc0`U(Z{hLHGewd0{$}Sj(eQf<KTVH}|cnN9-PoW0B6?<SMwn0~8
zRt3{B0DIyb%tx)%QPe<Bp<4}HB*UQ0T`a&@)=x8g+`14olclI7UW;0hZKw&ngX*vg
zqt=$>pe8a5)zKu>z~|ZeQfxuFJdVdX7iO=$@if+^d>OOwchr_-#ycY)g&IH+dSfYS
zhEJd`K4q`3Mh$3-y}lE5rrtpf=p>fmg?NVVM`lWbbHl^fmhuu*{XW!^RbnK5h)mX8
z!WvkssWA~4fz2=pwW7mND>f4~kwwUhV~(Mo`@xoPxXHv&5ysP6x@6QL>w#M0k*EO_
zV@-S%lW++dFJs=q*<|-NH)cB~v95#g8|;W_Ejh3_2UGC4)xQ;Q1Z8(uGS$iKKrPKa
z)Ih3GTX6<;*sh}bbhUP7&>l6T4AcNepawn}wE_!JTe}8z-yRIW&rmD-HTvuLd{4%Q
zitDHce|0XH+KEoN9%?C*P)pYhW3Ufu;Kis0A3^Q$<EV~Sq7LCY>lTcoyc;#JvmV+1
zKW#-c>#C*A;6pdeK+SvwY6h<%Uk#=T8M(QF>hLxOVNe_Aa5g|qqzwjRHrB!dTR#Ou
zDK9|J`@fnD=gGW;dJT`DI=GBF)i+Qx{|(i!4<}R&N1<lg5;e0F)Qm@>23};ZFTvWB
zSE8QVh#Jr?bZg{?$mn(Y6t$P1Tfaq}`fI3;T<x6e;ix5VWXnx4gmN;5VNcZ73`Y%k
z9P0kZP#rHs&la^~|2=y|g}!pPpk{gqHKPwv4c)|0yo+HNlI$3d>L3mE8s?)WRD^n4
zN>J@DMXktcY=PTR?Ve3$|JA@nDl~(;s1XLYcUB}8HPR-ifhD32Ybxr#bku-yQ7bpb
zUY~{~lxLxSbbdlTAJoA)yme9irMSstlj((8qE)C4*P>>!3AJ~-a3&r`jl2^tvu2iw
z>Yy*`tQ4c3n}up`A!_B8;W%7p>wQw4dbf*=W)f{}Z7*b?W}1%)I2g60rI?0KqGnWu
zI#i$9>ld*p<r~O%l8NS9NY{Iz1~wcufg)rD+-4RT&3G|tAW!2%xB+AEHfkV|ot)RN
zA*$mps1?XYH9QdY{5YJCvr+BdL=C`;QELLBsJAN?Ytg@HZZCAQW~26U5NhehpdOfm
zYN!;|&`MMX>rn&QiW=A+)PN4y`V-bOs6D@odhRZ|=->EvcD`EcV13G6tiw@D^(bmD
z7oZwgigj=;M&fo`Uxn)UENZ}4Z22~3Q?8!QpKaI=`(OpSdyw(UFs3_ZV;Me)`54xP
z?{%Drxp)|L2*V$AR$`fTEo!A+N6*YrZ^a4JmRvxs=uNDL)w=R`AU5dA`fEwMQlS|R
zKrKxHYG&h656(w5xEyugdel<Cidu<nsD=;Q>*uiz<x3cc^)sCxr%cp<3Q#LMC6o2n
z;hIT>I+}}`Nf}1rbJz%XU>=^b<@j#S7fFtF4yxgesI##H)xiPWh3}&ema@!saglYM
zn~W~(LhadJWV_5kR0G~wjxMZ5ITVw<*aA$T+?)L?#@VQ){|0057u2B)>*;hDi(0W%
zTkeXzDZ7V~(abiX4%aQzN(69Xv;yJijcrg%-5xcA-dG*SVmKCI4P1!Y(&eaj)}gj;
zGd98fsDXZqwBt6{$uyuMFvsbznKcX5a3Sign1|Zq)z)pOhN@5lI&J+0eJQ(oIoE?x
zTN8sCa3X4=DV}=vzZaQYDhg0D*levpKg#=1OIe9=c-+?Cvh{aS4ZB!Rtym~(;H{Be
zFj=U>SdRYqE(YLHoJ0TSBpDax@=|J~Ls1P(MjgIVEWnMZnQ64r4>glO)DlNy5Vk|L
zn~CbM6164AFc8n8`uPFf8u{<`f)59w1?6Cj#&pz;BTzp=#mKocZq$|>LJj<D)Bvuc
z&WcZ8XNEOU0}Vx8k3<cqmA#(QmvQP)Wl~WKhhP~_LM{Cj)b$(K7G3?E`V3UZS*Y)c
z{@4VIP+RykM&JwB40oVb^ek${ZlWgQ-=B4ANTzRp=fP>H@?4C;XE7LeqYl~o7=-6h
z1Gt7Y@efQwS3V!So}F<v+4KR<pXEDn5akIEIe(V#$HA2ExXJL7Z1M*>F2@;^52CiF
z15asXGEf7_!`e6+b=V$8&9EFb^F62u96$~5E3At@qE^6{UbVILQTMsi$mlc{pq6|*
zYLBL(zL@5q9(>H!ue9YCF@*XZsE!X~3?4@f{2HpgU$G9FAx=Nxs6!a*=r*m$#8J@+
zHL^nM0_z6U(jKto>!_KB4RvOah_RIOPy?TV>aYa0RVz@3?`70PcA{3Y3O&F7XY7S5
zsPBGX-ZjlA5)-fy>NV_z>Yx~Ps^_Ba`wOb!#i)kYp;q)w)Wr6pW_%u_@G9!MYZzO}
z`7_~U^k6({uTxPY&qlpYgHd}q%sLSxDbGSRRBr3npqBg<Ti%M=qTQ$!IEvbubEpA-
zhi*OaCmD6@H{9+KdiDtGQQrzR(`?j?`lA|}hgz{xR0pf9n^7I?#|S)$n$T6$+j1Ax
ze&7h+e=SMm2<M9@8P#whs)5O<8I+<1_zY@AHlk+!Dr#UAsKdGsb>F+F0i8gt+y#66
zXDp$73mf3fk*vQOSTWK$z0adM+>6=x0cwRJMmZfuqh`_!^%|z)Ow2(I{B6|C4xu{u
z7<E>zp`N>iYR_-9vvM`vWX4eui@LDbUMNS+WP^3Ptv`U8=}An$)2Jo&DRllU4?#^R
z4|S#nqpnZJrZ^Xy;|6=({Q((`>>O$aS5Yf)3$?@nW1NB1LB6X@6O6$U)Iio^EUrg&
zT!~tNDpb3lqbBkl&d1xRcIS=t4A5=L$Y_MC(H}RW9(di>ziq8T?d2D!Lw5mn{~gp!
zeON}d6OQVjF=`;KQ3Fdu4XC@VAK=l=S1B3IxES?dDXOF8*bJY;`dDc_hgzvWP+R6Z
z-g!O{^~Dp7dOeeEeIBagLezj~*m4PG)4y3phHW&TU>|Hh!TH0X47*dV!ZHk*==@p!
zEOLO&Wz5B#NzNf$gIbB2lO3Z`E0u(vnWNr{0jL$8gl^4r9vQvoPheww8P(81^utpa
zfM-xMyM%hqdy3OwE!2IDQA^z%wG!=6?dI6)<FF0oB8<bArttpj*Xa-y8qpcl(q2Iy
zyooOS4K<VMMb1}f6gHyV0rPOEEpNsal#f~OpxTX}>YR-ZsP?<#F6=Xv^;bte#m>*9
zzcm(BpNiVEbnJ{hQ4K7zmSZ)_tI-QN5@tD3k3s>lo_tsQ3O^^5)LsYblpfapkG6&O
z<ZF{ZiLr$KCI1p`B0|a6CHfNcC@VE5v|ahs>74vTFfntCm_Za%uau2ja27F={570U
z1QG5geEd#aA@qLx*oPh`zm>R`R+DMOwMTIp)+BC{*S;$?qZ~;5hrGV|lsZvff;toT
z(qG6NCTekw<TiKt>`&nte2PdSs!?u3JVIV+DEW9oX&cdxd@0^g1*s*WuVbYP4xUe)
zkrZ2Ahx`#_RuLZ(BZ=W&tp7ta_8x^SqA5|scJw~^*2J?!4t1yT6v3JDe9?d>&F1qc
z@n5It`5eOie9@V1_#5^oJ|lFd?oU5z|6d>yxG~;d8AtwJ+D+zHVz8}<<=S9-z0%g{
zl`6OSPf$NdN-@MF$^G^1GjCCTozNjxQvaS;WGy!3rZ@3jRoaw>FB4A?mkFf`qKfFv
z{o7IB4N>IV6H0tNn8k$N@eRbki8Vw!LMfN~x)2*}|K@wA-ULuNhzKV7P}dQa^lf*M
z_*MndRO&y#@t9=q@m%2J4MMN#F5(E$mw1s->chS1PS*1|#F@V_f29~m46qj`b7Rqc
z4ez9W1u>LpW$zI=#1!H?!jJpEz%=YmbS1A8O$;MiQ};3UB$Un&BivLfMG{SHei)wj
z)bdYft8h_&7N4|r-d53^Ym2ZU5l4QsDoMXMn1<9%RM@hpL%1{f*g<4)@lSl4c#!<P
z^aGg`%C~LB1NSaq2=y)Oy@iyU5qpT9_dVZ(@)*jA*ojbTK=~i&>&5y%=BaW%z63A(
z@C5vZ^4|Nd|C4+R!rR`{jlBLFl8S#28N@rpB<doGkI1*ee%KkK38h00CQt8wM+z=m
z;m-|i$%hkT$#=nOgwg>A&rj$y@~K?UB*F-qF-z_BVjN}jxmI61Ve`GQ7tbiYss|Sk
zjctW0mCh02|5rCb7f8b$JfE-ddCQj5xj&fv--w@yuZcR;JwS{npG;IIUx0InzZ34~
z_)r>4%q6B1cL=5W#C75-F^UKGqf#OH2z;7|AU}o3Cclu_Oepmtf~Z#-fF(}W`I#jD
zJke77|De6_FH9g-5_O5T_Tfw9^N2*sJ&1kemD-U%=wwY6`GMp=C6?K`fz(Bj4<Yhx
w-EnIub|C8M=c|lN#qu86bu0R}f24Lm+m?wbF^Q=i6B8>w%JPn&(zo{i0I(EES^xk5

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index c1b9ff47..a28fb4ec 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -10,7 +10,7 @@ msgstr ""
 "Project-Id-Version: 1.2.1\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2021-03-08 09:00+0000\n"
+"PO-Revision-Date: 2021-08-04 00:35+0000\n"
 "Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "Language-Team: \n"
 "Language: en_US\n"
@@ -368,6 +368,9 @@ msgstr "Expire time"
 msgid "MAC Address"
 msgstr "MAC Address"
 
+msgid "Optional comment"
+msgstr "Optional comment"
+
 msgid "Host name"
 msgstr "Host name"
 
diff --git a/templates/dhcp/static_leases.php b/templates/dhcp/static_leases.php
index 531820e7..a8d371ba 100644
--- a/templates/dhcp/static_leases.php
+++ b/templates/dhcp/static_leases.php
@@ -19,7 +19,7 @@
               <input type="text" name="static_leases[ip][]" value="<?php echo htmlspecialchars($ip, ENT_QUOTES) ?>" placeholder="<?php echo _("IP address") ?>" class="form-control">
             </div>
             <div class="col-md-3 col-xs-3">
-              <input type="text" name="static_leases[comment][]" value="<?php echo htmlspecialchars($comment, ENT_QUOTES) ?>" placeholder="<?php echo _("Optional Comment") ?>" class="form-control">
+              <input type="text" name="static_leases[comment][]" value="<?php echo htmlspecialchars($comment, ENT_QUOTES) ?>" placeholder="<?php echo _("Optional comment") ?>" class="form-control">
             </div>
             <div class="col-md-2 col-xs-3">
               <button type="button" class="btn btn-outline-danger js-remove-dhcp-static-lease"><i class="far fa-trash-alt"></i></button>
@@ -36,7 +36,7 @@
           <input type="text" name="ip" value="" placeholder="<?php echo _("IP address") ?>" class="form-control">
         </div>
         <div class="col-md-3 col-xs-3">
-          <input type="text" name="comment" value="" placeholder="<?php echo _("Optional Comment") ?>" class="form-control">
+          <input type="text" name="comment" value="" placeholder="<?php echo _("Optional comment") ?>" class="form-control">
         </div>
         <div class="col-md-2 col-xs-3">
           <button type="button" class="btn btn-outline-success js-add-dhcp-static-lease"><i class="far fa-plus-square"></i></button>
@@ -67,7 +67,7 @@
           <input type="text" name="static_leases[ip][]" value="{{ ip }}" placeholder="<?php echo _("IP address") ?>" class="form-control">
         </div>
         <div class="col-md-3 col-xs-3">
-          <input type="text" name="static_leases[comment][]" value="{{ comment }}" placeholder="<?php echo _("Optional Comment") ?>" class="form-control">
+          <input type="text" name="static_leases[comment][]" value="{{ comment }}" placeholder="<?php echo _("Optional comment") ?>" class="form-control">
         </div>
         <div class="col-md-2 col-xs-3">
           <button type="button" class="btn btn-outline-danger js-remove-dhcp-static-lease"><i class="far fa-trash-alt"></i></button>

From f114a701914c6a4ebf3b3254164a4eb7d341d0c3 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 5 Aug 2021 16:09:20 +0100
Subject: [PATCH 250/300] Update en_US locale w/ firewall msgs

---
 locale/en_US/LC_MESSAGES/messages.po | 71 ++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index a28fb4ec..c56747ac 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -1140,3 +1140,74 @@ msgstr "WireGuard configuration updated successfully"
 msgid "WireGuard configuration failed to be updated"
 msgstr "WireGuard configuration failed to be updated"
 
+#: templates/firewall.php
+
+msgid "Client Firewall"
+msgstr "Client Firewall"
+
+msgid "Firewall is ENABLED"
+msgstr "Firewall is ENABLED"
+
+msgid "Firewall is OFF"
+msgstr "Firewall is OFF"
+
+msgid "The default firewall will only allow outgoing and already established traffic."
+msgstr "The default firewall will only allow outgoing and already established traffic."
+
+msgid "No incoming UDP traffic is allowed."
+msgstr "No incoming UDP traffic is allowed."
+
+msgid "There are no restrictions for the access point <code>%s</code>."
+msgstr "There are no restrictions for the access point <code>%s</code>."
+
+msgid "Exception: Service"
+msgstr "Exception: Service"
+
+msgid "allow SSH access on port 22"
+msgstr "allow SSH access on port 22"
+
+msgid "allow access to the RaspAP GUI on port 80 or 443"
+msgstr "allow access to the RaspAP GUI on port 80 or 443"
+
+msgid "Allow incoming connections for some services from the internet side."
+msgstr "Allow incoming connections for some services from the internet side."
+
+msgid "Exception: network device"
+msgstr "Exception: network device"
+
+msgid "Exclude device(s)"
+msgstr "Exclude device(s)"
+
+msgid "Exclude the given network device(s) (separated by a blank or comma) from firewall rules."
+msgstr "Exclude the given network device(s) (separated by a blank or comma) from firewall rules."
+
+msgid "Current client devices: <code>%s</code>"
+msgstr "Current client devices: <code>%s</code>"
+
+msgid "The access point <code>%s</code> is per default excluded."
+msgstr "The access point <code>%s</code> is per default excluded."
+
+msgid "Exception: IP-Address"
+msgstr "Exception: IP-Address"
+
+msgid "Allow incoming connections from"
+msgstr "Allow incoming connections from"
+
+msgid "For the given IP-addresses (separated by a blank or comma) the incoming connection (via TCP and UDP) is accepted."
+msgstr "For the given IP-addresses (separated by a blank or comma) the incoming connection (via TCP and UDP) is accepted."
+
+msgid "This is required for an OpenVPN via UDP or Wireguard connection."
+msgstr "This is required for an OpenVPN via UDP or Wireguard connection."
+
+msgid "The list of configured VPN server IP addresses: <code><b>%s</b></code>"
+msgstr "The list of configured VPN server IP addresses: <code><b>%s</b></code>"
+
+msgid "Disable Firewall"
+msgstr "Disable Firewall"
+
+msgid "Enable Firewall"
+msgstr "Enable Firewall"
+
+msgid "Apply changes"
+msgstr "Apply changes"
+:

From 9b76fd54c67d61b36393dac8224167d021447b99 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 5 Aug 2021 16:12:11 +0100
Subject: [PATCH 251/300] Format labels for locale support

---
 templates/firewall.php | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)
 mode change 100644 => 100755 templates/firewall.php

diff --git a/templates/firewall.php b/templates/firewall.php
old mode 100644
new mode 100755
index 478ed652..e61686d4
--- a/templates/firewall.php
+++ b/templates/firewall.php
@@ -14,11 +14,17 @@
         <?php if ( $fw_conf["firewall-enable"]) : ?>
            <i class="fas fa-circle mr-2 service-status-up"></i><?php echo _("Firewall is ENABLED"); ?>
         <?php else : ?>
-           <i class="fas fa-circle mr-2 service-status-down"></i><?php echo _("Firewall is OFF "); ?>
+           <i class="fas fa-circle mr-2 service-status-down"></i><?php echo _("Firewall is OFF"); ?>
         <?php endif ?>
         <div class="row">
           <div class="col-md-6">
-            <p class="mr-2"><small><?php echo _("The default firewall will only allow outgoing and already established traffic.<br> No incoming UDP traffic is allowed.<br>There are no restrictions for the access point <code>$ap_device</code>.") ?></small></p>
+            <p class="mr-2">
+              <small>
+                <?php echo _("The default firewall will only allow outgoing and already established traffic."); ?><br />
+                <?php echo _("No incoming UDP traffic is allowed."); ?><br />
+                <?php printf(_("There are no restrictions for the access point <code>%s</code>."), $ap_device); ?>
+              </small>
+            </p>
           </div>
         </div>
         <form id="frm-firewall" action="firewall_conf" method="POST" >
@@ -45,7 +51,11 @@
                 <label for="excl-device"><?php echo _("Exclude device(s)") ?></label>
                 <input class="form-control" id="excl-devices" type="text" name="excl-devices" value="<?php echo $fw_conf["excl-devices"] ?>" aria-describedby="exclusion-description"  >
                 <p class="mb-0" id="exclusion-description">
-                    <small><?php echo _("Exclude the given network device(s) (separated by a blank or comma) from firewall rules.<br>Current client devices: <code>$str_clients</code><br>The access point <code>". $ap_device ."</code> is per default excluded.") ?></small>
+                  <small>
+                    <?php echo _("Exclude the given network device(s) (separated by a blank or comma) from firewall rules."); ?><br />
+                    <?php printf(_("Current client devices: <code>%s</code>"), $str_clients); ?><br />
+                    <?php printf(_("The access point <code>%s</code> is per default excluded."), $ap_device); ?>
+                  </small>
                 </p>
             </div>
           </div>
@@ -55,8 +65,11 @@
                 <label for="excluded-ips"><?php echo _("Allow incoming connections from") ?></label>
                 <input class="form-control" id="excluded-ips" type="text" name="excluded-ips" value="<?php echo $fw_conf["excluded-ips"] ?>" aria-describedby="excl-ips-description"  >
                 <p class="mb-0" id="excl-ips-description">
-                    <small><?php echo _("For the given IP-addresses (separated by a blank or comma) the incoming connection (via TCP and UDP) is accepted.<br>This is required for an OpenVPN via UDP or Wireguard connection.") ?></small>
-                    <small><?php if ( !empty($vpn_ips) ) echo _("<br>The list of configured VPN server IP addresses: <code><b>". $vpn_ips. "</b></code>") ?></small>
+                  <small>
+                    <?php echo _("For the given IP-addresses (separated by a blank or comma) the incoming connection (via TCP and UDP) is accepted."); ?><br />
+                    <?php echo _("This is required for an OpenVPN via UDP or Wireguard connection."); ?><br />
+                    <?php if ( !empty($vpn_ips) ) printf (_("The list of configured VPN server IP addresses: <code><b>%s</b></code>"), $vpn_ips); ?>
+                  </small>
                 </p>
             </div>
           </div>

From cb2e97fdec63dfc157b237e5643acffd7a4e4cd4 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 5 Aug 2021 16:12:45 +0100
Subject: [PATCH 252/300] Minor: mode change

---
 templates/torproxy.php  | 0
 templates/wireguard.php | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 templates/torproxy.php
 mode change 100644 => 100755 templates/wireguard.php

diff --git a/templates/torproxy.php b/templates/torproxy.php
old mode 100644
new mode 100755
diff --git a/templates/wireguard.php b/templates/wireguard.php
old mode 100644
new mode 100755

From 99577938f6ce7f30aee2b042a6a1adb2e350d18f Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 5 Aug 2021 18:05:31 +0100
Subject: [PATCH 253/300] Formatting: processed w/ phpcbf

---
 includes/firewall.php | 381 +++++++++++++++++++++++-------------------
 1 file changed, 208 insertions(+), 173 deletions(-)

diff --git a/includes/firewall.php b/includes/firewall.php
index 1f05c9fe..63940662 100644
--- a/includes/firewall.php
+++ b/includes/firewall.php
@@ -3,82 +3,99 @@
 require_once 'includes/status_messages.php';
 require_once 'includes/functions.php';
 
-define('RASPAP_IPTABLES_SCRIPT',"/tmp/iptables_raspap.sh");
-define('RASPAP_IP6TABLES_SCRIPT',"/tmp/ip6tables_raspap.sh");
+define('RASPAP_IPTABLES_SCRIPT', "/tmp/iptables_raspap.sh");
+define('RASPAP_IP6TABLES_SCRIPT', "/tmp/ip6tables_raspap.sh");
 
-function getDependson(&$rule, &$conf) {
-   if ( isset($rule["dependson"][0]) ) {
-      $don = &$rule["dependson"];
-      if ( !empty($don[0]) && isset($conf[$don[0]["var"]]) ) {
-         if ( !isset($don[0]["type"]) ) $don[0]["type"]="bool";
-         return $don;
-      }
-   }
-   return false;
-}
-
-function isRuleEnabled(&$sect, &$conf) {
-   $fw_on = isset($conf["firewall-enable"]) && $conf["firewall-enable"];
-   $active = isset($sect["fw-state"]) && $sect["fw-state"]==1;
-   $active = $fw_on ? $active : !$active;
-   $active = $active || !isset($sect["fw-state"]);
-   if ( ($don = getDependson($sect, $conf)) !== false &&
-         $don[0]["type"] == "bool" && !$conf[$don[0]["var"]] )  $active = false;
-   return $active;
-}
-
-function createRuleStr(&$sect, &$conf) {
-   if ( !is_array($sect["rules"]) ) return "";
-   $rules = $sect["rules"];
-   $depon = getDependson($sect,$conf);
-   $rs = array();
-   foreach ( $rules as $rule ) {
-      if ( preg_match('/\$[a-z0-9]*\$/i',$rule) ) {
-         $r = array($rule);
-         foreach ( $depon as $dep ) {
-            $rr = array();
-            $repl=$val="";
-            switch ( $dep["type"] ) {
-               case "list":
-                   if ( isset($dep["var"]) && !empty($conf[$dep["var"]]) ) $val = explode(' ', $conf[$dep["var"]]);
-                   if ( !empty($val) && isset($dep["replace"]) ) $repl=$dep["replace"];
-                   break;
-               case "string":
-                   if ( isset($dep["var"]) ) $val=$conf[$dep["var"]];
-                   if ( !empty($val) && isset($dep["replace"]) ) $repl=$dep["replace"];
-                   break;
-               default:
-                   break;
+function getDependson(&$rule, &$conf)
+{
+    if (isset($rule["dependson"][0]) ) {
+        $don = &$rule["dependson"];
+        if (!empty($don[0]) && isset($conf[$don[0]["var"]]) ) {
+            if (!isset($don[0]["type"]) ) { $don[0]["type"]="bool";
             }
-            if ( !empty($repl) && !empty($val) ) {
-               if ( is_array($val) ) {
-                  foreach ( $val as $v ) $rr = array_merge($rr,str_replace($repl, $v, $r));
-               }
-               else $rr = array_merge($rr, str_replace($repl, $val, $r));
+            return $don;
+        }
+    }
+    return false;
+}
+
+function isRuleEnabled(&$sect, &$conf)
+{
+    $fw_on = isset($conf["firewall-enable"]) && $conf["firewall-enable"];
+    $active = isset($sect["fw-state"]) && $sect["fw-state"]==1;
+    $active = $fw_on ? $active : !$active;
+    $active = $active || !isset($sect["fw-state"]);
+    if (($don = getDependson($sect, $conf)) !== false 
+        && $don[0]["type"] == "bool" && !$conf[$don[0]["var"]] 
+    ) {  $active = false;
+    }
+    return $active;
+}
+
+function createRuleStr(&$sect, &$conf)
+{
+    if (!is_array($sect["rules"]) ) { return "";
+    }
+    $rules = $sect["rules"];
+    $depon = getDependson($sect, $conf);
+    $rs = array();
+    foreach ( $rules as $rule ) {
+        if (preg_match('/\$[a-z0-9]*\$/i', $rule) ) {
+            $r = array($rule);
+            foreach ( $depon as $dep ) {
+                $rr = array();
+                $repl=$val="";
+                switch ( $dep["type"] ) {
+                case "list":
+                    if (isset($dep["var"]) && !empty($conf[$dep["var"]]) ) { $val = explode(' ', $conf[$dep["var"]]);
+                    }
+                    if (!empty($val) && isset($dep["replace"]) ) { $repl=$dep["replace"];
+                    }
+                    break;
+                case "string":
+                    if (isset($dep["var"]) ) { $val=$conf[$dep["var"]];
+                    }
+                    if (!empty($val) && isset($dep["replace"]) ) { $repl=$dep["replace"];
+                    }
+                    break;
+                default:
+                    break;
+                }
+                if (!empty($repl) && !empty($val) ) {
+                    if (is_array($val) ) {
+                        foreach ( $val as $v ) { $rr = array_merge($rr, str_replace($repl, $v, $r));
+                        }
+                    }
+                    else { $rr = array_merge($rr, str_replace($repl, $val, $r));
+                    }
+                }
+                $r = !empty($rr) ? $rr : $r;
             }
-            $r = !empty($rr) ? $rr : $r;
-         }
-         $rs = array_merge($rs,$rr);
-      } else {
-         $rs[] = $rule;
-      }
-   }
-   $str="";
-   foreach ( $rs as $r ) {
-      if ( !preg_match('/\$[a-z0-9]*\$/i',$r) ) $str .= '$IPT '.$r."\n";
-   }
-   return $str;
+            $rs = array_merge($rs, $rr);
+        } else {
+            $rs[] = $rule;
+        }
+    }
+    $str="";
+    foreach ( $rs as $r ) {
+        if (!preg_match('/\$[a-z0-9]*\$/i', $r) ) { $str .= '$IPT '.$r."\n";
+        }
+    }
+    return $str;
 }
 
-function isIPv4(&$rule) {
-    return !isset($rule["ip-version"]) || strstr($rule["ip-version"],"4") !== false; 
+function isIPv4(&$rule)
+{
+    return !isset($rule["ip-version"]) || strstr($rule["ip-version"], "4") !== false; 
 }
 
-function isIPv6(&$rule) {
-    return !isset($rule["ip-version"]) || strstr($rule["ip-version"],"6") !== false; 
+function isIPv6(&$rule)
+{
+    return !isset($rule["ip-version"]) || strstr($rule["ip-version"], "6") !== false; 
 }
 
-function configureFirewall() {
+function configureFirewall()
+{
     $json = file_get_contents(RASPAP_IPTABLES_CONF);
     $ipt  = json_decode($json, true);
     $conf = ReadFirewallConf();
@@ -92,55 +109,61 @@ function configureFirewall() {
     $txt .= "\$IPT -t nat -F\n";
     file_put_contents(RASPAP_IPTABLES_SCRIPT, $txt, FILE_APPEND);
     file_put_contents(RASPAP_IP6TABLES_SCRIPT, $txt, FILE_APPEND);
-    if ( empty($conf) || empty($ipt) ) return false;
+    if (empty($conf) || empty($ipt) ) { return false;
+    }
     $count=0;
     foreach ( $ipt["order"] as $idx ) {
-       if ( isset($ipt[$idx]) ) {
-          foreach ( $ipt[$idx] as $i => $sect ) {
-             if ( isRuleEnabled($sect, $conf) ) {
-               $str_rules= createRuleStr($sect, $conf);
-               if ( !empty($str_rules) ) {
-                  if ( isIPv4($sect) ) file_put_contents(RASPAP_IPTABLES_SCRIPT, $str_rules, FILE_APPEND);
-                  if ( isIPv6($sect) ) file_put_contents(RASPAP_IP6TABLES_SCRIPT, $str_rules, FILE_APPEND);
-                  ++$count;
-               }
-             }
-          }
-       }
+        if (isset($ipt[$idx]) ) {
+            foreach ( $ipt[$idx] as $i => $sect ) {
+                if (isRuleEnabled($sect, $conf) ) {
+                    $str_rules= createRuleStr($sect, $conf);
+                    if (!empty($str_rules) ) {
+                        if (isIPv4($sect) ) { file_put_contents(RASPAP_IPTABLES_SCRIPT, $str_rules, FILE_APPEND);
+                        }
+                        if (isIPv6($sect) ) { file_put_contents(RASPAP_IP6TABLES_SCRIPT, $str_rules, FILE_APPEND);
+                        }
+                        ++$count;
+                    }
+                }
+            }
+        }
     }
-    if ( $count > 0 ) {
-       exec("chmod +x ".RASPAP_IPTABLES_SCRIPT);
-       exec("sudo ".RASPAP_IPTABLES_SCRIPT);
-//       exec("sudo iptables-save > /etc/iptables/rules.v4");
-//       unlink(RASPAP_IPTABLES_SCRIPT);
-       exec("chmod +x ".RASPAP_IP6TABLES_SCRIPT);
-       exec("sudo ".RASPAP_IP6TABLES_SCRIPT);
-//       exec("sudo iptables-save > /etc/iptables/rules.v6");
-//       unlink(RASPAP_IP6TABLES_SCRIPT);
+    if ($count > 0 ) {
+        exec("chmod +x ".RASPAP_IPTABLES_SCRIPT);
+        exec("sudo ".RASPAP_IPTABLES_SCRIPT);
+        //       exec("sudo iptables-save > /etc/iptables/rules.v4");
+        //       unlink(RASPAP_IPTABLES_SCRIPT);
+        exec("chmod +x ".RASPAP_IP6TABLES_SCRIPT);
+        exec("sudo ".RASPAP_IP6TABLES_SCRIPT);
+        //       exec("sudo iptables-save > /etc/iptables/rules.v6");
+        //       unlink(RASPAP_IP6TABLES_SCRIPT);
     }
     return ($count > 0);
 }
 
-function WriteFirewallConf($conf) {
+function WriteFirewallConf($conf)
+{
     $ret = false;
-        if ( is_array($conf) ) write_php_ini($conf,RASPAP_FIREWALL_CONF);
+    if (is_array($conf) ) { write_php_ini($conf, RASPAP_FIREWALL_CONF);
+    }
     return $ret;
 }
 
 
-function ReadFirewallConf() {
-    if ( file_exists(RASPAP_FIREWALL_CONF) ) {
-       $conf = parse_ini_file(RASPAP_FIREWALL_CONF);
+function ReadFirewallConf()
+{
+    if (file_exists(RASPAP_FIREWALL_CONF) ) {
+        $conf = parse_ini_file(RASPAP_FIREWALL_CONF);
     } else {
-       $conf = array();
-       $conf["firewall-enable"] = false;
-       $conf["ssh-enable"] = false;
-       $conf["http-enable"] = false;
-       $conf["excl-devices"] = "";
-       $conf["excluded-ips"] = "";
-       $conf["ap-device"] = "";
-       $conf["client-device"] = "";
-       $conf["restricted-ips"] = "";
+        $conf = array();
+        $conf["firewall-enable"] = false;
+        $conf["ssh-enable"] = false;
+        $conf["http-enable"] = false;
+        $conf["excl-devices"] = "";
+        $conf["excluded-ips"] = "";
+        $conf["ap-device"] = "";
+        $conf["client-device"] = "";
+        $conf["restricted-ips"] = "";
     }
     exec('ifconfig | grep -E -i "^tun[0-9]"', $ret);
     $conf["openvpn-enable"] = !empty($ret);
@@ -150,39 +173,42 @@ function ReadFirewallConf() {
     return $conf;
 }
 
-function getVPN_IPs() {
+function getVPN_IPs()
+{
     $ips = "";
-    # get openvpn and wireguard server IPs
-    if ( RASPI_OPENVPN_ENABLED && ($fconf = glob(RASPI_OPENVPN_CLIENT_PATH ."/*.conf")) !== false && !empty($fconf) ) {
-      foreach ( $fconf as $f ) {
-        unset($result);
-        exec('cat '.$f.' |  sed -rn "s/^remote\s*([a-z0-9\.\-\_:]*)\s*([0-9]*)\s*$/\1 \2/ip" ', $result);
-        if ( !empty($result) ) {
-          $result = explode(" ",$result[0]);
-          $ip = (isset($result[0])) ? $result[0] : "";
-          $port = (isset($result[1])) ? $result[1] : "";
-          if ( !empty($ip) ) {
-            $ip = gethostbyname($ip);
-            if ( filter_var($ip,FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) $ips .= " $ip";
-          }
+    // get openvpn and wireguard server IPs
+    if (RASPI_OPENVPN_ENABLED && ($fconf = glob(RASPI_OPENVPN_CLIENT_PATH ."/*.conf")) !== false && !empty($fconf) ) {
+        foreach ( $fconf as $f ) {
+            unset($result);
+            exec('cat '.$f.' |  sed -rn "s/^remote\s*([a-z0-9\.\-\_:]*)\s*([0-9]*)\s*$/\1 \2/ip" ', $result);
+            if (!empty($result) ) {
+                $result = explode(" ", $result[0]);
+                $ip = (isset($result[0])) ? $result[0] : "";
+                $port = (isset($result[1])) ? $result[1] : "";
+                if (!empty($ip) ) {
+                    $ip = gethostbyname($ip);
+                    if (filter_var($ip, FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) { $ips .= " $ip";
+                    }
+                }
+            }
         }
-      }
     }
-    # get wireguard server IPs
-    if ( RASPI_WIREGUARD_ENABLED && ($fconf = glob(RASPI_WIREGUARD_PATH ."/*.conf")) !== false && !empty($fconf) ) {
-      foreach ( $fconf as $f ) {
-        unset($result);
-        exec('sudo /bin/cat '.$f.' |  sed -rn "s/^endpoint\s*=\s*\[?([a-z0-9\.\-\_:]*)\]?:([0-9]*)\s*$/\1 \2/ip" ', $result);
-        if ( !empty($result) ) {
-          $result = explode(" ",$result[0]);
-          $ip = (isset($result[0])) ? $result[0] : "";
-          $port = (isset($result[1])) ? $result[1] : "";
-          if ( !empty($ip) ) {
-             $ip = gethostbyname($ip);
-             if ( filter_var($ip,FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) $ips .= " $ip";
-          }
+    // get wireguard server IPs
+    if (RASPI_WIREGUARD_ENABLED && ($fconf = glob(RASPI_WIREGUARD_PATH ."/*.conf")) !== false && !empty($fconf) ) {
+        foreach ( $fconf as $f ) {
+            unset($result);
+            exec('sudo /bin/cat '.$f.' |  sed -rn "s/^endpoint\s*=\s*\[?([a-z0-9\.\-\_:]*)\]?:([0-9]*)\s*$/\1 \2/ip" ', $result);
+            if (!empty($result) ) {
+                $result = explode(" ", $result[0]);
+                $ip = (isset($result[0])) ? $result[0] : "";
+                $port = (isset($result[1])) ? $result[1] : "";
+                if (!empty($ip) ) {
+                     $ip = gethostbyname($ip);
+                    if (filter_var($ip, FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) { $ips .= " $ip";
+                    }
+                }
+            }
         }
-      }
     }
     return trim($ips);
 }
@@ -200,60 +226,69 @@ function DisplayFirewallConfig()
     $clients = getClients();
     $str_clients = "";
     foreach( $clients["device"] as $dev ) {
-       if ( !$dev["isAP"] ) {
-          if ( !empty($str_clients) ) $str_clients .= ", ";
-          $str_clients .= $dev["name"];
-       }
+        if (!$dev["isAP"] ) {
+            if (!empty($str_clients) ) { $str_clients .= ", ";
+            }
+            $str_clients .= $dev["name"];
+        }
     }
     $fw_conf = ReadFirewallConf();
     $fw_conf["ap-device"] = $ap_device;
     $id=findCurrentClientIndex($clients);
-    if ( $id >= 0 ) $fw_conf["client-device"] = $clients["device"][$id]["name"];
+    if ($id >= 0 ) { $fw_conf["client-device"] = $clients["device"][$id]["name"];
+    }
     if (!empty($_POST)) {
         $fw_conf["ssh-enable"] = isset($_POST['ssh-enable']);
         $fw_conf["http-enable"] = isset($_POST['http-enable']);
         $fw_conf["firewall-enable"] = isset($_POST['firewall-enable']) || isset($_POST['apply-firewall']);
-        if ( isset($_POST['firewall-enable']) ) $status->addMessage(_('Firewall is now enabled'), 'success');
-        if ( isset($_POST['apply-firewall']) )  $status->addMessage(_('Firewall settings changed'), 'success');
-        if ( isset($_POST['firewall-disable']) ) $status->addMessage(_('Firewall is now disabled'), 'warning');
-        if ( isset($_POST['save-firewall']) )  $status->addMessage(_('Firewall settings saved. Firewall is still disabled.'), 'success');
-        if ( isset($_POST['excl-devices'])  ) {
-           $excl = filter_var($_POST['excl-devices'], FILTER_SANITIZE_STRING);
-           $excl = str_replace(',', ' ', $excl);
-           $excl = trim(preg_replace('/\s+/', ' ', $excl));
-           if ( $fw_conf["excl-devices"] != $excl ) {
-               $status->addMessage(_('Exclude devices '. $excl), 'success');
-               $fw_conf["excl-devices"] = $excl;
-           }
+        if (isset($_POST['firewall-enable']) ) { $status->addMessage(_('Firewall is now enabled'), 'success');
         }
-        if ( isset($_POST['excluded-ips'])  ) {
-           $excl = filter_var($_POST['excluded-ips'], FILTER_SANITIZE_STRING);
-           $excl = str_replace(',', ' ', $excl);
-           $excl = trim(preg_replace('/\s+/', ' ', $excl));
-           if ( !empty($excl) ) {
-              $excl = explode(' ',$excl);
-              $str_excl = "";
-              foreach ( $excl as $ip ) {
-                 if ( filter_var($ip,FILTER_VALIDATE_IP) ) $str_excl .= "$ip ";
-                 else $status->addMessage(_('Exclude IP address '. $ip . ' failed - not a valid IP address'), 'warning');
-              }
-          }
-          $str_excl = trim($str_excl);
-          if ( $fw_conf["excluded-ips"] != $str_excl ) {
-               $status->addMessage(_('Exclude IP address(es) '. $str_excl ), 'success');
-               $fw_conf["excluded-ips"] = $str_excl;
-           }
+        if (isset($_POST['apply-firewall']) ) {  $status->addMessage(_('Firewall settings changed'), 'success');
+        }
+        if (isset($_POST['firewall-disable']) ) { $status->addMessage(_('Firewall is now disabled'), 'warning');
+        }
+        if (isset($_POST['save-firewall']) ) {  $status->addMessage(_('Firewall settings saved. Firewall is still disabled.'), 'success');
+        }
+        if (isset($_POST['excl-devices'])  ) {
+            $excl = filter_var($_POST['excl-devices'], FILTER_SANITIZE_STRING);
+            $excl = str_replace(',', ' ', $excl);
+            $excl = trim(preg_replace('/\s+/', ' ', $excl));
+            if ($fw_conf["excl-devices"] != $excl ) {
+                $status->addMessage(_('Exclude devices '. $excl), 'success');
+                $fw_conf["excl-devices"] = $excl;
+            }
+        }
+        if (isset($_POST['excluded-ips'])  ) {
+            $excl = filter_var($_POST['excluded-ips'], FILTER_SANITIZE_STRING);
+            $excl = str_replace(',', ' ', $excl);
+            $excl = trim(preg_replace('/\s+/', ' ', $excl));
+            if (!empty($excl) ) {
+                $excl = explode(' ', $excl);
+                $str_excl = "";
+                foreach ( $excl as $ip ) {
+                    if (filter_var($ip, FILTER_VALIDATE_IP) ) { $str_excl .= "$ip ";
+                    } else { $status->addMessage(_('Exclude IP address '. $ip . ' failed - not a valid IP address'), 'warning');
+                    }
+                }
+            }
+            $str_excl = trim($str_excl);
+            if ($fw_conf["excluded-ips"] != $str_excl ) {
+                 $status->addMessage(_('Exclude IP address(es) '. $str_excl), 'success');
+                 $fw_conf["excluded-ips"] = $str_excl;
+            }
         }
         WriteFirewallConf($fw_conf);
         configureFirewall();
     }
     $vpn_ips = getVPN_IPs();
-    echo renderTemplate("firewall", compact(
-                "status",
-                "ap_device",
-                "str_clients",
-                "fw_conf",
-                "ipt_rules",
-                "vpn_ips")
+    echo renderTemplate(
+        "firewall", compact(
+            "status",
+            "ap_device",
+            "str_clients",
+            "fw_conf",
+            "ipt_rules",
+            "vpn_ips"
+        )
     );
 }

From 307256d96e39dd6200cd6a4f1c834825682f3f66 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 5 Aug 2021 18:15:12 +0100
Subject: [PATCH 254/300] Function comment block stubs

---
 includes/firewall.php | 52 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 50 insertions(+), 2 deletions(-)

diff --git a/includes/firewall.php b/includes/firewall.php
index 63940662..53503ced 100644
--- a/includes/firewall.php
+++ b/includes/firewall.php
@@ -6,6 +6,12 @@ require_once 'includes/functions.php';
 define('RASPAP_IPTABLES_SCRIPT', "/tmp/iptables_raspap.sh");
 define('RASPAP_IP6TABLES_SCRIPT', "/tmp/ip6tables_raspap.sh");
 
+/**
+ *
+ * @param  string $rule
+ * @param  string $conf
+ * @return string $don
+ */
 function getDependson(&$rule, &$conf)
 {
     if (isset($rule["dependson"][0]) ) {
@@ -19,6 +25,12 @@ function getDependson(&$rule, &$conf)
     return false;
 }
 
+/**
+ *
+ * @param  string $sect
+ * @param  string $conf
+ * @return string $active
+ */
 function isRuleEnabled(&$sect, &$conf)
 {
     $fw_on = isset($conf["firewall-enable"]) && $conf["firewall-enable"];
@@ -32,6 +44,12 @@ function isRuleEnabled(&$sect, &$conf)
     return $active;
 }
 
+/**
+ *
+ * @param  string $sect
+ * @param  string $conf
+ * @return string $str
+ */
 function createRuleStr(&$sect, &$conf)
 {
     if (!is_array($sect["rules"]) ) { return "";
@@ -84,16 +102,31 @@ function createRuleStr(&$sect, &$conf)
     return $str;
 }
 
+
+/**
+ *
+ * @param  string $rule
+ * @return string boolean
+ */
 function isIPv4(&$rule)
 {
     return !isset($rule["ip-version"]) || strstr($rule["ip-version"], "4") !== false; 
 }
 
+/**
+ *
+ * @param  string $rule
+ * @return boolean
+ */
 function isIPv6(&$rule)
 {
     return !isset($rule["ip-version"]) || strstr($rule["ip-version"], "6") !== false; 
 }
 
+/**
+ *
+ * @return string $count
+ */
 function configureFirewall()
 {
     $json = file_get_contents(RASPAP_IPTABLES_CONF);
@@ -141,6 +174,11 @@ function configureFirewall()
     return ($count > 0);
 }
 
+/**
+ *
+ * @param string $conf
+ * @return string $ret
+ */
 function WriteFirewallConf($conf)
 {
     $ret = false;
@@ -149,7 +187,10 @@ function WriteFirewallConf($conf)
     return $ret;
 }
 
-
+/**
+ *
+ * @return string $conf
+ */
 function ReadFirewallConf()
 {
     if (file_exists(RASPAP_FIREWALL_CONF) ) {
@@ -173,6 +214,10 @@ function ReadFirewallConf()
     return $conf;
 }
 
+/**
+ *
+ * @return string $ips
+ */
 function getVPN_IPs()
 {
     $ips = "";
@@ -213,7 +258,9 @@ function getVPN_IPs()
     return trim($ips);
 }
 
-
+/**
+ *
+ */
 function DisplayFirewallConfig()
 {
 
@@ -292,3 +339,4 @@ function DisplayFirewallConfig()
         )
     );
 }
+

From 9405297662e8e0cceb1f1dd7b908f01409add4d6 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 5 Aug 2021 20:29:46 +0100
Subject: [PATCH 255/300] Renamed constant for consistency

---
 config/config.php     |  8 ++++----
 includes/firewall.php | 10 +++++-----
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/config/config.php b/config/config.php
index 997a3990..ab3cebb4 100755
--- a/config/config.php
+++ b/config/config.php
@@ -23,14 +23,14 @@ define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
 define('RASPI_WIREGUARD_PATH', '/etc/wireguard/');
 define('RASPI_WIREGUARD_CONFIG', RASPI_WIREGUARD_PATH.'wg0.conf');
-define('RASPAP_FIREWALL_CONF',"/etc/raspap/networking/firewall/firewall.conf");
-define('RASPAP_IPTABLES_CONF',"/etc/raspap/networking/firewall/iptables_rules.json");
+define('RASPI_FIREWALL_CONF', RASPI_CONFIG.'/networking/firewall/firewall.conf');
+define('RASPI_IPTABLES_CONF', RASPI_CONFIG.'/networking/firewall/iptables_rules.json');
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
 define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
 define('RASPI_ACCESS_CHECK_DNS', 'one.one.one.one');
-define('RASPI_CLIENT_CONFIG_PATH', '/etc/raspap/networking/client_udev_prototypes.json');
-define('RASPI_MOBILEDATA_CONFIG', '/etc/raspap/networking/mobiledata.ini');
+define('RASPI_CLIENT_CONFIG_PATH', RASPI_CONFIG.'/networking/client_udev_prototypes.json');
+define('RASPI_MOBILEDATA_CONFIG', RASPI_CONFIG.'/networking/mobiledata.ini');
 define('RASPI_CLIENT_SCRIPT_PATH', '/usr/local/sbin');
 
 // Constant for the 5GHz wireless regulatory domain
diff --git a/includes/firewall.php b/includes/firewall.php
index 53503ced..4fbfad2c 100644
--- a/includes/firewall.php
+++ b/includes/firewall.php
@@ -129,7 +129,7 @@ function isIPv6(&$rule)
  */
 function configureFirewall()
 {
-    $json = file_get_contents(RASPAP_IPTABLES_CONF);
+    $json = file_get_contents(RASPI_IPTABLES_CONF);
     $ipt  = json_decode($json, true);
     $conf = ReadFirewallConf();
     $txt = "#!/bin/bash\n";
@@ -182,7 +182,7 @@ function configureFirewall()
 function WriteFirewallConf($conf)
 {
     $ret = false;
-    if (is_array($conf) ) { write_php_ini($conf, RASPAP_FIREWALL_CONF);
+    if (is_array($conf) ) { write_php_ini($conf, RASPI_FIREWALL_CONF);
     }
     return $ret;
 }
@@ -193,8 +193,8 @@ function WriteFirewallConf($conf)
  */
 function ReadFirewallConf()
 {
-    if (file_exists(RASPAP_FIREWALL_CONF) ) {
-        $conf = parse_ini_file(RASPAP_FIREWALL_CONF);
+    if (file_exists(RASPI_FIREWALL_CONF) ) {
+        $conf = parse_ini_file(RASPI_FIREWALL_CONF);
     } else {
         $conf = array();
         $conf["firewall-enable"] = false;
@@ -266,7 +266,7 @@ function DisplayFirewallConfig()
 
     $status = new StatusMessages();
 
-    $json = file_get_contents(RASPAP_IPTABLES_CONF);
+    $json = file_get_contents(RASPI_IPTABLES_CONF);
     $ipt_rules = json_decode($json, true);
     getWifiInterface();
     $ap_device = $_SESSION['ap_interface'];

From ddc5b4455744d16aa4f672dc1e7df3ded702724c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 5 Aug 2021 22:52:40 +0100
Subject: [PATCH 256/300] Standardize modal dialog

---
 templates/firewall.php | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/templates/firewall.php b/templates/firewall.php
index e61686d4..70210346 100755
--- a/templates/firewall.php
+++ b/templates/firewall.php
@@ -77,7 +77,7 @@
               <input type="submit" class="btn btn-outline btn-primary" value="<?php echo _("Apply changes"); ?>" name="apply-firewall" />
               <input type="submit" class="btn btn-warning firewall-apply" value="<?php echo _("Disable Firewall") ?>"  name="firewall-disable" data-toggle="modal" data-target="#firewallModal"/>
           <?php else : ?>
-              <input type="submit" class="btn btn-outline btn-primary" value="<?php echo _("Save"); ?>" name="save-firewall" />
+              <input type="submit" class="btn btn-outline btn-primary" value="<?php echo _("Save settings"); ?>" name="save-firewall" />
               <input type="submit" class="btn btn-success firewall-apply" value="<?php echo _("Enable Firewall") ?>" name="firewall-enable" data-toggle="modal" data-target="#firewallModal"/>
           <?php endif ?>
         </form>
@@ -93,11 +93,18 @@
     <div class="modal-content">
       <div class="modal-header">
         <div class="modal-title" id="ModalLabel">
-            <i class="fas fa-sync-alt mr-2"></i>
-            <?php if($fw_conf["firewall-enable"]) echo _("Disable the firewall ..."); else  echo _("Enable the Firewall ..."); ?>
+          <i class="fas fa-sync-alt mr-2"></i><?php echo _("Executing firewall option") ?>
         </div>
-        <button type="button" class="close" data-dismiss="modal" aria-label="Close"> <span aria-hidden="true">&times;</span>
       </div>
+      <div class="modal-body">
+        <div class="col-md-12 mb-3 mt-1">
+          <?php if($fw_conf["firewall-enable"]) echo _("Disabling firewall").'...'; else echo _("Enabling firewall").'...'; ?>
+        </div>
+      </div>
+      <div class="modal-footer">
+        <button type="button" class="btn btn-outline btn-primary" data-dismiss="modal"><?php echo _("Close"); ?></button>
+      </div>
+    </div>
   </div>
 </div>
 

From 93db1347cbfefb70b566ce0c1c80b4facca74661 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 9 Aug 2021 06:24:29 +0100
Subject: [PATCH 257/300] Instantiate system class w/ namespace

---
 includes/hostapd.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/hostapd.php b/includes/hostapd.php
index 19ed0b08..386f9925 100755
--- a/includes/hostapd.php
+++ b/includes/hostapd.php
@@ -14,7 +14,7 @@ getWifiInterface();
 function DisplayHostAPDConfig()
 {
     $status = new StatusMessages();
-    $system = new System();
+    $system = new \RaspAP\System\Sysinfo;
     $arrConfig = array();
     $arr80211Standard = [
         'a' => '802.11a - 5 GHz',

From 6be1ad16120d858d418c0108bb47b8d3abc8ad22 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 9 Aug 2021 17:54:20 +0100
Subject: [PATCH 258/300] Legacy 802.11a UI support. Resolves #983

---
 app/js/custom.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index 09b6176f..d0eb6e69 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -365,7 +365,9 @@ function loadChannelSelect(selected) {
         var countries_5Ghz_max48ch = data["5Ghz_max48ch"].countries;
 
         // Map selected hw_mode and country to determine channel list
-        if (($.inArray(country_code, countries_2_4Ghz_max11ch) !== -1) && (hw_mode !== 'ac') ) {
+        if (hw_mode === 'a') {
+            selectablechannels = data["5Ghz_max48ch"].channels;
+        } else if (($.inArray(country_code, countries_2_4Ghz_max11ch) !== -1) && (hw_mode !== 'ac') ) {
             selectablechannels = data["2_4GHz_max11ch"].channels;
         } else if (($.inArray(country_code, countries_2_4Ghz_max14ch) !== -1) && (hw_mode === 'b')) {
             selectablechannels = data["2_4GHz_max14ch"].channels;

From 4df91097faf5bf187118f0c031dfd1204ebf0a30 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Aug 2021 00:15:40 +0000
Subject: [PATCH 259/300] Bump path-parse from 1.0.6 to 1.0.7

Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index c30bcf3a..9ecde714 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3286,9 +3286,9 @@ path-is-absolute@^1.0.0:
   integrity sha1-F0uSaHNVNP+8es5r9TpanhtcX18=
 
 path-parse@^1.0.6:
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.6.tgz#d62dbb5679405d72c4737ec58600e9ddcf06d24c"
-  integrity sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw==
+  version "1.0.7"
+  resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735"
+  integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==
 
 path-root-regex@^0.1.0:
   version "0.1.2"

From 0adbf9f215b1d5f0f1f3ad08fb30de49cd49353b Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Tue, 31 Aug 2021 16:43:44 +0200
Subject: [PATCH 260/300] Fix system info class creation

Hostapd.php is throwing an error.
Two problems found:
1) the class System is not existing. Its actually called Sysinfo
2) the namespace of the class is RaspAP\System
---
 includes/hostapd.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/hostapd.php b/includes/hostapd.php
index 19ed0b08..386f9925 100755
--- a/includes/hostapd.php
+++ b/includes/hostapd.php
@@ -14,7 +14,7 @@ getWifiInterface();
 function DisplayHostAPDConfig()
 {
     $status = new StatusMessages();
-    $system = new System();
+    $system = new \RaspAP\System\Sysinfo;
     $arrConfig = array();
     $arr80211Standard = [
         'a' => '802.11a - 5 GHz',

From 7df8f6862114e64522f5a4d025a150ed87698c96 Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Tue, 31 Aug 2021 16:57:46 +0200
Subject: [PATCH 261/300] Fix index of known networks

Index now stored in the network array
---
 templates/wifi_stations.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/templates/wifi_stations.php b/templates/wifi_stations.php
index 6949a51a..9ccfa779 100755
--- a/templates/wifi_stations.php
+++ b/templates/wifi_stations.php
@@ -14,12 +14,11 @@
   </div>
 <?php endif ?>
 
-<?php $index = 0; ?>
-
 <?php if (!empty($connected)): ?>
 <h4 class="h-underlined my-3"><?php echo _("Connected") ?></h4>
 <div class="card-grid">
 	<?php foreach ($connected as $network) : ?>
+	<?php $index = isset($network['index']) ? $network['index'] : -1; ?>
 	<?php echo renderTemplate("wifi_stations/network", compact('network', 'index')) ?>
 	<?php $index++; ?>
 	<?php endforeach ?>
@@ -30,6 +29,7 @@
 <h4 class="h-underlined my-3"><?php echo _("Known") ?></h4>
 <div class="card-grid">
 	<?php foreach ($known as $network) : ?>
+	<?php $index = isset($network['index']) ? $network['index'] : -1; ?>
 	<?php echo renderTemplate("wifi_stations/network", compact('network', 'index')) ?>
 	<?php $index++; ?>
 	<?php endforeach ?>
@@ -40,6 +40,7 @@
 <h4 class="h-underlined my-3"><?php echo _("Nearby") ?></h4>
 <div class="card-grid">
 	<?php foreach ($nearby as $network) : ?>
+	<?php $index = isset($network['index']) ? $network['index'] : -1; ?>
 	<?php echo renderTemplate("wifi_stations/network", compact('network', 'index')) ?>
 	<?php $index++; ?>
 	<?php endforeach ?>

From 9aa94a4d228816f152bbf2c66387380eb284d285 Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Tue, 31 Aug 2021 17:00:08 +0200
Subject: [PATCH 262/300] Add network index to network array

---
 includes/wifi_functions.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/includes/wifi_functions.php b/includes/wifi_functions.php
index b7b543df..0a24576d 100755
--- a/includes/wifi_functions.php
+++ b/includes/wifi_functions.php
@@ -6,9 +6,11 @@ function knownWifiStations(&$networks)
 {
     // Find currently configured networks
     exec(' sudo cat ' . RASPI_WPA_SUPPLICANT_CONFIG, $known_return);
+    $index = 0;
     foreach ($known_return as $line) {
         if (preg_match('/network\s*=/', $line)) {
-            $network = array('visible' => false, 'configured' => true, 'connected' => false);
+            $network = array('visible' => false, 'configured' => true, 'connected' => false, 'index' => $index);
+            ++$index;
         } elseif (isset($network) && $network !== null) {
             if (preg_match('/^\s*}\s*$/', $line)) {
                 $networks[$ssid] = $network;
@@ -98,7 +100,8 @@ function nearbyWifiStations(&$networks, $cached = true)
                 'channel' => ConvertToChannel($arrNetwork[1]),
                 'passphrase' => '',
                 'visible' => true,
-                'connected' => false
+                'connected' => false,
+                'index' => -1
             );
         }
 

From 433434f4b794b2503c7917cfb6bcff8958fcd411 Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Wed, 18 Aug 2021 20:37:45 +0200
Subject: [PATCH 263/300] Correct non-ASCII SSID read from wpa_supplicant

---
 includes/wifi_functions.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/includes/wifi_functions.php b/includes/wifi_functions.php
index b7b543df..e29882bc 100755
--- a/includes/wifi_functions.php
+++ b/includes/wifi_functions.php
@@ -18,6 +18,7 @@ function knownWifiStations(&$networks)
                 switch (strtolower($lineArr[0])) {
                 case 'ssid':
                     $ssid = trim($lineArr[1], '"');
+                    $ssid = str_replace('P"','',$ssid);
                     $network['ssid'] = $ssid;
                     break;
                 case 'psk':

From 5630258d9a0074c8e1faf282092f0cef5918e662 Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Wed, 18 Aug 2021 21:04:30 +0200
Subject: [PATCH 264/300] Fix SSID name of wifi client

---
 includes/get_clients.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/get_clients.php b/includes/get_clients.php
index 279fbef8..c05ef61b 100644
--- a/includes/get_clients.php
+++ b/includes/get_clients.php
@@ -70,7 +70,7 @@ function getClients($simple=true)
                 $cl["device"][$i]["isAP"] = !empty($retiw);
                 unset($retiw);
                 exec("iw dev $dev link 2> /dev/null", $retiw);
-                if (!$simple && !empty($ssid=preg_only_match("/.*SSID: ([\w ]*).*/", $retiw)) ) {
+                if (!$simple && !empty($ssid=preg_only_match("/.*SSID:\s*([^\"]*).*/", $retiw)) ) {
                     $cl["device"][$i]["connected"] = "y";
                     $cl["device"][$i]["ssid"] = $ssid;
                     $cl["device"][$i]["ap-mac"] = preg_only_match("/^Connected to ([0-9a-f\:]*).*$/", $retiw);

From d478bf53628185c8ac9c0df4b1fd89b6474ccfd7 Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Wed, 18 Aug 2021 20:24:36 +0200
Subject: [PATCH 265/300] Handle non-ASCII SSID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Non-ASCII SSID has to be stored in wpa_supplicant.conf identical to the string given by wpa_cli scan. This includes the escaped special chars (e.g. ö = \xc3\xb9 ), with a prescript "P".
To obtain a valid psk from wpa_passphrase, the UTF8 string is passed (ssid2utf8 replaces the \x bytes by their binary value) to the exec(). For this to work the shell locale has to be UTF8 (via putenv()). Otherwise the string is converted to the shell encoding.
---
 includes/configure_client.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/includes/configure_client.php b/includes/configure_client.php
index 540f0fef..ddaa4205 100755
--- a/includes/configure_client.php
+++ b/includes/configure_client.php
@@ -61,7 +61,7 @@ function DisplayWPAConfig()
                     if (strlen($network['passphrase']) >=8 && strlen($network['passphrase']) <= 63) {
                         unset($wpa_passphrase);
                         unset($line);
-                        exec('wpa_passphrase '.escapeshellarg($ssid). ' ' . escapeshellarg($network['passphrase']), $wpa_passphrase);
+                        exec('wpa_passphrase '. ssid2utf8( escapeshellarg($ssid) ) . ' ' . escapeshellarg($network['passphrase']), $wpa_passphrase);
                         foreach ($wpa_passphrase as $line) {
                             if (preg_match('/^\s*}\s*$/', $line)) {
                                 if (array_key_exists('priority', $network)) {
@@ -69,7 +69,11 @@ function DisplayWPAConfig()
                                 }
                                 fwrite($wpa_file, $line.PHP_EOL);
                             } else {
-                                fwrite($wpa_file, $line.PHP_EOL);
+                                if ( strpos($ssid, "\x") !== false  && strpos($line, "ssid=\"") !== false ) {
+                                     fwrite($wpa_file, "\tssid=P\"".$ssid."\"".PHP_EOL);
+                                } else {
+                                     fwrite($wpa_file, $line.PHP_EOL);
+                                }
                             }
                         }
                     } else {

From 077a9cd675a3dd949a6da34b49e59d012c4dab4b Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Wed, 18 Aug 2021 21:57:30 +0200
Subject: [PATCH 266/300] Convert non ASCII ssid for display to utf8

Convert hex bytes to binary. Assumes utf8 encoding
---
 includes/wifi_functions.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/includes/wifi_functions.php b/includes/wifi_functions.php
index e29882bc..b080f10f 100755
--- a/includes/wifi_functions.php
+++ b/includes/wifi_functions.php
@@ -181,3 +181,12 @@ function reinitializeWPA($force)
     return $result;
 }
 
+/*
+ * Replace escaped bytes (hex) by binary - assume UTF8 encoding
+ *
+ * @param string $ssid
+ */
+function ssid2utf8($ssid) {
+    return  evalHexSequence($ssid);
+}
+

From 3aa564cdec0318d2f1f275fad8f9db491af923aa Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Tue, 31 Aug 2021 16:18:00 +0200
Subject: [PATCH 267/300] only lower case hex sequences in non-ASCII SSID

---
 includes/functions.php      | 4 ++++
 includes/wifi_functions.php | 3 +--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/includes/functions.php b/includes/functions.php
index 8ccd2430..b4774c2f 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -765,6 +765,10 @@ function evalHexSequence($string)
     return preg_replace_callback('/\\\x(..)/', $evaluator, $string);
 }
 
+function hexSequence2lower($string) {
+ return preg_replace_callback('/\\\\x([0-9A-F]{2})/', function($b){ return '\x'.strtolower($b[1]); }, $string);
+}
+
 /* File upload callback object
  *
  */
diff --git a/includes/wifi_functions.php b/includes/wifi_functions.php
index b080f10f..0ff1175d 100755
--- a/includes/wifi_functions.php
+++ b/includes/wifi_functions.php
@@ -73,7 +73,6 @@ function nearbyWifiStations(&$networks, $cached = true)
         $arrNetwork = preg_split("/[\t]+/", $network);  // split result into array
 
         $ssid = trim($arrNetwork[4]);
-        $ssid = evalHexSequence($ssid);
 
         // exclude raspap ssid
         if (empty($ssid) || $ssid == $ap_ssid) {
@@ -117,7 +116,7 @@ function connectedWifiStations(&$networks)
     exec('iwconfig ' .$_SESSION['wifi_client_interface'], $iwconfig_return);
     foreach ($iwconfig_return as $line) {
         if (preg_match('/ESSID:\"([^"]+)\"/i', $line, $iwconfig_ssid)) {
-            $networks[$iwconfig_ssid[1]]['connected'] = true;
+            $networks[hexSequence2lower($iwconfig_ssid[1])]['connected'] = true;
         }
     }
 }

From 7344c323eedde2fc2a82e6d024e4287302cb95af Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Wed, 18 Aug 2021 22:10:33 +0200
Subject: [PATCH 268/300] Fix display of non-ASCII SSID

---
 ajax/networking/wifi_stations.php   | 1 +
 includes/get_clients.php            | 2 ++
 templates/dashboard.php             | 2 +-
 templates/wifi_stations/network.php | 2 +-
 4 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/ajax/networking/wifi_stations.php b/ajax/networking/wifi_stations.php
index aca5bc89..ecc9c098 100644
--- a/ajax/networking/wifi_stations.php
+++ b/ajax/networking/wifi_stations.php
@@ -14,6 +14,7 @@ knownWifiStations($networks);
 nearbyWifiStations($networks, !isset($_REQUEST["refresh"]));
 connectedWifiStations($networks);
 sortNetworksByRSSI($networks);
+foreach ($networks as $ssid => $network) $networks[$ssid]["ssidutf8"] = ssid2utf8( $ssid ); 
 
 $connected = array_filter($networks, function($n) { return $n['connected']; } );
 $known     = array_filter($networks, function($n) { return !$n['connected'] && $n['configured']; } );
diff --git a/includes/get_clients.php b/includes/get_clients.php
index c05ef61b..c167a538 100644
--- a/includes/get_clients.php
+++ b/includes/get_clients.php
@@ -1,6 +1,7 @@
 <?php
 
 require_once 'includes/functions.php';
+require_once 'includes/wifi_functions.php';
 
 function getClients($simple=true)
 {
@@ -73,6 +74,7 @@ function getClients($simple=true)
                 if (!$simple && !empty($ssid=preg_only_match("/.*SSID:\s*([^\"]*).*/", $retiw)) ) {
                     $cl["device"][$i]["connected"] = "y";
                     $cl["device"][$i]["ssid"] = $ssid;
+                    $cl["device"][$i]["ssidutf8"] = ssid2utf8($ssid);
                     $cl["device"][$i]["ap-mac"] = preg_only_match("/^Connected to ([0-9a-f\:]*).*$/", $retiw);
                     $sig = preg_only_match("/.*signal: (.*)$/", $retiw);
                     $val = preg_only_match("/^([0-9\.-]*).*$/", $sig);
diff --git a/templates/dashboard.php b/templates/dashboard.php
index e443db8d..113d004d 100755
--- a/templates/dashboard.php
+++ b/templates/dashboard.php
@@ -38,7 +38,7 @@
                     <?php $valEcho=function($cl,$id) {$val = isset($cl[$id])&& !empty($cl[$id]) ? $cl[$id] : "-"; echo  htmlspecialchars($val,ENT_QUOTES);} ?>
                     <?php if ($clientinfo["type"] == "wlan") : // WIRELESS ?>
                       <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Connected To"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"ssid"); ?></div>
+                        <div class="info-item col-xs-3"><?php echo _("Connected To"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"ssidutf8"); ?></div>
                       </div>
                       <div class="row mb-1">
                         <div class="info-item col-xs-3"><?php echo _("AP Mac Address"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"ap-mac"); ?></div>
diff --git a/templates/wifi_stations/network.php b/templates/wifi_stations/network.php
index e0a9684c..4d20fb2f 100644
--- a/templates/wifi_stations/network.php
+++ b/templates/wifi_stations/network.php
@@ -4,7 +4,7 @@
 		<?php if (strlen($network['ssid']) == 0) {
 			$network['ssid'] = "(unknown)";
 		} ?>
-		<h5 class="card-title"><?php echo htmlspecialchars($network['ssid'], ENT_QUOTES); ?></h5>
+		<h5 class="card-title"><?php echo htmlspecialchars($network['ssidutf8'], ENT_QUOTES); ?></h5>
 
 		<div class="info-item-wifi"><?php echo _("Status"); ?></div>
 		<div>

From 98fe68e2d38758e15c124ecc5319e8ad302c26dd Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Thu, 2 Sep 2021 10:58:34 +0200
Subject: [PATCH 269/300] Fix numbering of nearby nextworks

---
 includes/wifi_functions.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/includes/wifi_functions.php b/includes/wifi_functions.php
index 0a24576d..7d5decd3 100755
--- a/includes/wifi_functions.php
+++ b/includes/wifi_functions.php
@@ -70,6 +70,12 @@ function nearbyWifiStations(&$networks, $cached = true)
     exec('cat '.RASPI_HOSTAPD_CONFIG.' | sed -rn "s/ssid=(.*)\s*$/\1/p" ', $ap_ssid);
     $ap_ssid = $ap_ssid[0];
 
+    $index = 0;
+    if ( !empty($networks) ) {
+      $lastnet = end($networks);
+      if ( isset($lastnet['index']) ) $index = $lastnet['index'] + 1;
+    }
+    
     foreach (explode("\n", $scan_results) as $network) {
         $arrNetwork = preg_split("/[\t]+/", $network);  // split result into array
 
@@ -86,8 +92,6 @@ function nearbyWifiStations(&$networks, $cached = true)
             continue;
         }
 
-        $networks[$ssid]['ssid'] = $ssid;
-
         // If network is saved
         if (array_key_exists($ssid, $networks)) {
             $networks[$ssid]['visible'] = true;
@@ -95,14 +99,16 @@ function nearbyWifiStations(&$networks, $cached = true)
             // TODO What if the security has changed?
         } else {
             $networks[$ssid] = array(
+                'ssid' => $ssid,
                 'configured' => false,
                 'protocol' => ConvertToSecurity($arrNetwork[3]),
                 'channel' => ConvertToChannel($arrNetwork[1]),
                 'passphrase' => '',
                 'visible' => true,
                 'connected' => false,
-                'index' => -1
+                'index' => $index
             );
+            ++$index;
         }
 
         // Save RSSI, if the current value is larger than the already stored

From a634e0dfaaf612c00f912c1a035986474625878d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 7 Sep 2021 17:05:58 +0100
Subject: [PATCH 270/300] Merge from upstream master: Pass $upstreamServers to
 template

---
 includes/dhcp.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/includes/dhcp.php b/includes/dhcp.php
index 9fd7e338..53a33535 100755
--- a/includes/dhcp.php
+++ b/includes/dhcp.php
@@ -52,6 +52,7 @@ function DisplayDHCPConfig()
     exec('cat '. RASPI_DNSMASQ_PREFIX.$ap_iface.'.conf', $return);
     $conf = array_merge(ParseConfig($return));
     $hosts = (array)$conf['dhcp-host'];
+    $upstreamServers = (array)$conf['server'];
     exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
     exec('cat ' . RASPI_DNSMASQ_LEASES, $leases);
 
@@ -63,6 +64,7 @@ function DisplayDHCPConfig()
             "ap_iface",
             "conf",
             "hosts",
+            "upstreamServers",
             "interfaces",
             "leases"
         )

From d07fd0a3279d17d6bf6abfe11c4d89dcece7ebd7 Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Wed, 8 Sep 2021 10:59:58 +0200
Subject: [PATCH 271/300] Implement update firewall function

- cleanup firewall.php
- add function updateFirewall
- add standalone script update_firewall.sh to update the firewall rules
---
 includes/firewall.php         | 80 +++++++++++++++++++++++------------
 installers/raspap.sudoers     |  4 ++
 installers/update_firewall.sh | 29 +++++++++++++
 3 files changed, 86 insertions(+), 27 deletions(-)
 create mode 100644 installers/update_firewall.sh

diff --git a/includes/firewall.php b/includes/firewall.php
index 4fbfad2c..f44833c3 100644
--- a/includes/firewall.php
+++ b/includes/firewall.php
@@ -8,9 +8,9 @@ define('RASPAP_IP6TABLES_SCRIPT', "/tmp/ip6tables_raspap.sh");
 
 /**
  *
- * @param  string $rule
- * @param  string $conf
- * @return string $don
+ * @param  array $rule
+ * @param  array $conf
+ * @return array $don
  */
 function getDependson(&$rule, &$conf)
 {
@@ -27,9 +27,9 @@ function getDependson(&$rule, &$conf)
 
 /**
  *
- * @param  string $sect
- * @param  string $conf
- * @return string $active
+ * @param  array $sect
+ * @param  array $conf
+ * @return boolean $active
  */
 function isRuleEnabled(&$sect, &$conf)
 {
@@ -46,8 +46,8 @@ function isRuleEnabled(&$sect, &$conf)
 
 /**
  *
- * @param  string $sect
- * @param  string $conf
+ * @param  array $sect
+ * @param  array $conf
  * @return string $str
  */
 function createRuleStr(&$sect, &$conf)
@@ -105,8 +105,8 @@ function createRuleStr(&$sect, &$conf)
 
 /**
  *
- * @param  string $rule
- * @return string boolean
+ * @param  array $rule
+ * @return boolean
  */
 function isIPv4(&$rule)
 {
@@ -115,7 +115,7 @@ function isIPv4(&$rule)
 
 /**
  *
- * @param  string $rule
+ * @param  array $rule
  * @return boolean
  */
 function isIPv6(&$rule)
@@ -125,7 +125,7 @@ function isIPv6(&$rule)
 
 /**
  *
- * @return string $count
+ * @return boolean 
  */
 function configureFirewall()
 {
@@ -164,19 +164,19 @@ function configureFirewall()
     if ($count > 0 ) {
         exec("chmod +x ".RASPAP_IPTABLES_SCRIPT);
         exec("sudo ".RASPAP_IPTABLES_SCRIPT);
-        //       exec("sudo iptables-save > /etc/iptables/rules.v4");
-        //       unlink(RASPAP_IPTABLES_SCRIPT);
+        exec("sudo iptables-save | sudo tee /etc/iptables/rules.v4");
+        unlink(RASPAP_IPTABLES_SCRIPT);
         exec("chmod +x ".RASPAP_IP6TABLES_SCRIPT);
         exec("sudo ".RASPAP_IP6TABLES_SCRIPT);
-        //       exec("sudo iptables-save > /etc/iptables/rules.v6");
-        //       unlink(RASPAP_IP6TABLES_SCRIPT);
+        exec("sudo ip6tables-save | sudo tee /etc/iptables/rules.v6");
+        unlink(RASPAP_IP6TABLES_SCRIPT);
     }
     return ($count > 0);
 }
 
 /**
  *
- * @param string $conf
+ * @param array $conf
  * @return string $ret
  */
 function WriteFirewallConf($conf)
@@ -189,14 +189,15 @@ function WriteFirewallConf($conf)
 
 /**
  *
- * @return string $conf
+ * @return array $conf
  */
 function ReadFirewallConf()
 {
+    $conf = array();
     if (file_exists(RASPI_FIREWALL_CONF) ) {
         $conf = parse_ini_file(RASPI_FIREWALL_CONF);
-    } else {
-        $conf = array();
+    }
+    if ( !isset($conf["firewall-enable"]) ) {
         $conf["firewall-enable"] = false;
         $conf["ssh-enable"] = false;
         $conf["http-enable"] = false;
@@ -260,14 +261,13 @@ function getVPN_IPs()
 
 /**
  *
+ * @return array $fw_conf
  */
-function DisplayFirewallConfig()
+function getFirewallConfiguration() 
 {
-
-    $status = new StatusMessages();
-
+    $fw_conf = ReadFirewallConf();
+    
     $json = file_get_contents(RASPI_IPTABLES_CONF);
-    $ipt_rules = json_decode($json, true);
     getWifiInterface();
     $ap_device = $_SESSION['ap_interface'];
     $clients = getClients();
@@ -279,11 +279,38 @@ function DisplayFirewallConfig()
             $str_clients .= $dev["name"];
         }
     }
-    $fw_conf = ReadFirewallConf();
     $fw_conf["ap-device"] = $ap_device;
+    $fw_conf["client-list"] = $str_clients;
     $id=findCurrentClientIndex($clients);
     if ($id >= 0 ) { $fw_conf["client-device"] = $clients["device"][$id]["name"];
     }
+    return $fw_conf;
+}
+
+/**
+ *
+ */
+function updateFirewall() 
+{
+    $fw_conf = getFirewallConfiguration();
+    if ( isset($fw_conf["firewall-enable"]) ) {
+        WriteFirewallConf($fw_conf);
+        configureFirewall();
+    }
+    return;
+}
+
+/**
+ *
+ */
+function DisplayFirewallConfig()
+{
+    $status = new StatusMessages();
+
+    $fw_conf = getFirewallConfiguration();
+    $ap_device = $fw_conf["ap-device"];
+    $str_clients = $fw_conf["client-list"];
+
     if (!empty($_POST)) {
         $fw_conf["ssh-enable"] = isset($_POST['ssh-enable']);
         $fw_conf["http-enable"] = isset($_POST['http-enable']);
@@ -334,7 +361,6 @@ function DisplayFirewallConfig()
             "ap_device",
             "str_clients",
             "fw_conf",
-            "ipt_rules",
             "vpn_ips"
         )
     );
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index b85fe487..c7bbac5c 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -64,3 +64,7 @@ www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/tmp/iptables_raspap.sh
 www-data ALL=(ALL) NOPASSWD:/tmp/ip6tables_raspap.sh
+www-data ALL=(ALL) NOPASSWD:/usr/sbin/iptables-save
+www-data ALL=(ALL) NOPASSWD:/usr/sbin/ip6tables-save
+www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /etc/iptables/rules.v4
+www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /etc/iptables/rules.v6
diff --git a/installers/update_firewall.sh b/installers/update_firewall.sh
new file mode 100644
index 00000000..2a7d9212
--- /dev/null
+++ b/installers/update_firewall.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+# include the raspap helper functions
+source /usr/local/sbin/raspap_helpers.sh
+
+_getWebRoot
+
+echo -n "Update firewall ... "
+
+cat << EOF > /tmp/updateFirewall.php
+<?php
+//set_include_path('/var/www/html/');
+\$_SESSION['locale']="en_GB.UTF-8";
+
+require_once 'includes/config.php';
+require_once 'includes/defaults.php';
+require_once RASPI_CONFIG.'/raspap.php';
+require_once 'includes/locale.php';
+require_once 'includes/wifi_functions.php';
+require_once 'includes/get_clients.php';
+require_once 'includes/firewall.php';
+
+updateFirewall();
+
+?>
+EOF
+
+sudo php -d include_path=$raspap_webroot /tmp/updateFirewall.php
+rm /tmp/updateFirewall.php
+echo "done."

From 45bd02ecb7d6341b77175421e837ae5949fb7302 Mon Sep 17 00:00:00 2001
From: zbchristian <33725910+zbchristian@users.noreply.github.com>
Date: Wed, 8 Sep 2021 14:28:43 +0200
Subject: [PATCH 272/300] Improve detection of escaped hex bytes in ssid name

---
 includes/configure_client.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/configure_client.php b/includes/configure_client.php
index ddaa4205..19269025 100755
--- a/includes/configure_client.php
+++ b/includes/configure_client.php
@@ -69,7 +69,7 @@ function DisplayWPAConfig()
                                 }
                                 fwrite($wpa_file, $line.PHP_EOL);
                             } else {
-                                if ( strpos($ssid, "\x") !== false  && strpos($line, "ssid=\"") !== false ) {
+                                if ( preg_match('/\\\\x[0-9A-Fa-f]{2}/',$ssid) && strpos($line, "ssid=\"") !== false ) {
                                      fwrite($wpa_file, "\tssid=P\"".$ssid."\"".PHP_EOL);
                                 } else {
                                      fwrite($wpa_file, $line.PHP_EOL);

From 84bd1410259bf1e6d02dc950dc327fe470cf96ca Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Nov 2021 09:50:21 +0000
Subject: [PATCH 273/300] Update release version

---
 README.md             | 2 +-
 includes/defaults.php | 2 +-
 index.php             | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 3d39834f..3782cda2 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/FRU1tXF.png)
-[![Release 2.7.5](https://img.shields.io/badge/release-2.7.5-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.7.6](https://img.shields.io/badge/release-2.7.6-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.
 
diff --git a/includes/defaults.php b/includes/defaults.php
index 026f374a..458d671a 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.7.5',
+  'RASPI_VERSION' => '2.7.6',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
diff --git a/index.php b/index.php
index 3e6e9ff6..15fae5ca 100755
--- a/index.php
+++ b/index.php
@@ -14,7 +14,7 @@
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.7.5
+ * @version 2.7.6
  * @link    https://github.com/raspap/raspap-insiders/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/

From 03d14ed434df1a1ba869d1e6b020dece80b414ee Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 15 Nov 2021 22:14:59 +0000
Subject: [PATCH 274/300] Update for for Debian 11 compatibility

---
 config/090_raspap.conf | 2 +-
 installers/common.sh   | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/090_raspap.conf b/config/090_raspap.conf
index da01c751..f44d1a89 100644
--- a/config/090_raspap.conf
+++ b/config/090_raspap.conf
@@ -1,4 +1,4 @@
 # RaspAP default config
-log-facility=/tmp/dnsmasq.log
+log-facility=/var/log/dnsmasq.log
 conf-dir=/etc/dnsmasq.d
 
diff --git a/installers/common.sh b/installers/common.sh
index e7d02af8..00d6f513 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -139,7 +139,7 @@ function _get_linux_distro() {
 # Sets php package option based on Linux version, abort if unsupported distro
 function _set_php_package() {
     case $RELEASE in
-        18.04|19.10) # Ubuntu Server
+       18.04|19.10|11*) # Ubuntu Server & Debian 11 
             php_package="php7.4-cgi"
             phpcgiconf="/etc/php/7.4/cgi/php.ini" ;;
         10*)
@@ -159,7 +159,7 @@ function _set_php_package() {
 function _install_dependencies() {
     _install_log "Installing required packages"
     _set_php_package
-    if [ "$php_package" = "php7.4-cgi" ]; then
+   if [ "$php_package" = "php7.4-cgi" ] && [ ${OS,,} = "ubuntu" ]; then 
         echo "Adding apt-repository ppa:ondrej/php"
         sudo apt-get install $apt_option software-properties-common || _install_status 1 "Unable to install dependency"
         sudo add-apt-repository $apt_option ppa:ondrej/php || _install_status 1 "Unable to add-apt-repository ppa:ondrej/php"
@@ -609,7 +609,7 @@ function _optimize_php() {
     if [ "$upgrade" == 0 ]; then
         _install_log "Optimize PHP configuration"
         if [ ! -f "$phpcgiconf" ]; then
-            _install_warning "PHP configuration could not be found."
+            _install_status 2 "PHP configuration could not be found."
             return
         fi
 

From 8cef08cc81851c302d494a412908042adc6cec0c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 15 Nov 2021 22:15:16 +0000
Subject: [PATCH 275/300] Update release version

---
 README.md             | 2 +-
 includes/defaults.php | 2 +-
 index.php             | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 3782cda2..524d9759 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/FRU1tXF.png)
-[![Release 2.7.6](https://img.shields.io/badge/release-2.7.6-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.7.7](https://img.shields.io/badge/release-2.7.7-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.
 
diff --git a/includes/defaults.php b/includes/defaults.php
index 458d671a..c098ae55 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.7.6',
+  'RASPI_VERSION' => '2.7.7',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
diff --git a/index.php b/index.php
index 15fae5ca..94e72977 100755
--- a/index.php
+++ b/index.php
@@ -14,7 +14,7 @@
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.7.6
+ * @version 2.7.7
  * @link    https://github.com/raspap/raspap-insiders/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/

From e75333e29d458b580d3ee86a15f9f3ba27d88fbc Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 17 Nov 2021 18:20:03 +0000
Subject: [PATCH 276/300] Define RASPI_DHCPCD_LOG

---
 config/config.php          | 1 +
 includes/adblock.php       | 2 +-
 includes/defaults.php      | 1 +
 includes/dhcp.php          | 2 +-
 templates/dhcp/logging.php | 4 ++--
 5 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/config/config.php b/config/config.php
index c02ef442..95b43d41 100755
--- a/config/config.php
+++ b/config/config.php
@@ -15,6 +15,7 @@ define('RASPI_ADBLOCK_LISTPATH', '/etc/raspap/adblock/');
 define('RASPI_ADBLOCK_CONFIG', RASPI_DNSMASQ_PREFIX.'adblock.conf');
 define('RASPI_HOSTAPD_CONFIG', '/etc/hostapd/hostapd.conf');
 define('RASPI_DHCPCD_CONFIG', '/etc/dhcpcd.conf');
+define('RASPI_DHCPCD_LOG', '/var/log/dnsmasq.log'),
 define('RASPI_WPA_SUPPLICANT_CONFIG', '/etc/wpa_supplicant/wpa_supplicant.conf');
 define('RASPI_HOSTAPD_CTRL_INTERFACE', '/var/run/hostapd');
 define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant');
diff --git a/includes/adblock.php b/includes/adblock.php
index 034971b7..45983695 100755
--- a/includes/adblock.php
+++ b/includes/adblock.php
@@ -78,7 +78,7 @@ function DisplayAdBlockConfig()
     $adblock_custom_content = file_get_contents(RASPI_ADBLOCK_LISTPATH .'custom.txt');
 
     $adblock_log = '';
-    exec('sudo chmod o+r /tmp/dnsmasq.log');
+    exec('sudo chmod o+r '.RASPI_DHCPCD_LOG);
     $handle = fopen("/tmp/dnsmasq.log", "r");
     if ($handle) {
         while (($line = fgets($handle)) !== false) {
diff --git a/includes/defaults.php b/includes/defaults.php
index c098ae55..ec49636f 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -20,6 +20,7 @@ $defaults = [
   'RASPI_ADBLOCK_CONFIG' =>  RASPI_DNSMASQ_PREFIX.'adblock.conf',
   'RASPI_HOSTAPD_CONFIG' => '/etc/hostapd/hostapd.conf',
   'RASPI_DHCPCD_CONFIG' => '/etc/dhcpcd.conf',
+  'RASPI_DHCPCD_LOG' => '/var/log/dnsmasq.log',
   'RASPI_WPA_SUPPLICANT_CONFIG' => '/etc/wpa_supplicant/wpa_supplicant.conf',
   'RASPI_HOSTAPD_CTRL_INTERFACE' => '/var/run/hostapd',
   'RASPI_WPA_CTRL_INTERFACE' => '/var/run/wpa_supplicant',
diff --git a/includes/dhcp.php b/includes/dhcp.php
index 53a33535..3e53017a 100755
--- a/includes/dhcp.php
+++ b/includes/dhcp.php
@@ -228,7 +228,7 @@ function updateDnsmasqConfig($iface,$status)
 
     // write default 090_raspap.conf
     $config = '# RaspAP default config'.PHP_EOL;
-    $config .='log-facility=/tmp/dnsmasq.log'.PHP_EOL;
+    $config .='log-facility='.RASPI_DHCPCD_LOG.PHP_EOL;
     $config .='conf-dir=/etc/dnsmasq.d'.PHP_EOL;
     // handle log option
     if ($_POST['log-dhcp'] == "1") {
diff --git a/templates/dhcp/logging.php b/templates/dhcp/logging.php
index ce451e6d..46307536 100644
--- a/templates/dhcp/logging.php
+++ b/templates/dhcp/logging.php
@@ -16,8 +16,8 @@
     <div class="form-group col-md-8 mt-2">
       <?php
       if ($conf['log-dhcp'] == 1 || $conf['log-queries'] == 1) {
-          exec('sudo chmod o+r /tmp/dnsmasq.log');
-          $log = file_get_contents('/tmp/dnsmasq.log');
+          exec('sudo chmod o+r '.RASPI_DHCPCD_LOG);
+          $log = file_get_contents(RASPI_DHCPCD_LOG);
           echo '<textarea class="logoutput">'.htmlspecialchars($log, ENT_QUOTES).'</textarea>';
       } else {
           echo '<textarea class="logoutput my-3"></textarea>';

From fc4fe6ea58f948b6de7c76ee8d06d09b1a79338a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 17 Nov 2021 18:21:06 +0000
Subject: [PATCH 277/300] Update release version

---
 README.md             | 2 +-
 includes/defaults.php | 2 +-
 index.php             | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 524d9759..59c008cc 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/FRU1tXF.png)
-[![Release 2.7.7](https://img.shields.io/badge/release-2.7.7-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.7.8](https://img.shields.io/badge/release-2.7.8-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.
 
diff --git a/includes/defaults.php b/includes/defaults.php
index ec49636f..7e4dae7d 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.7.7',
+  'RASPI_VERSION' => '2.7.8',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
diff --git a/index.php b/index.php
index 94e72977..c8a1acf2 100755
--- a/index.php
+++ b/index.php
@@ -14,7 +14,7 @@
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.7.7
+ * @version 2.7.8
  * @link    https://github.com/raspap/raspap-insiders/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/

From c0774a7bde352ad626f8b827118efb9b7170c5f3 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 17 Nov 2021 22:00:20 +0000
Subject: [PATCH 278/300] Minor: typo fix

---
 config/config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/config.php b/config/config.php
index 95b43d41..5c4a298b 100755
--- a/config/config.php
+++ b/config/config.php
@@ -15,7 +15,7 @@ define('RASPI_ADBLOCK_LISTPATH', '/etc/raspap/adblock/');
 define('RASPI_ADBLOCK_CONFIG', RASPI_DNSMASQ_PREFIX.'adblock.conf');
 define('RASPI_HOSTAPD_CONFIG', '/etc/hostapd/hostapd.conf');
 define('RASPI_DHCPCD_CONFIG', '/etc/dhcpcd.conf');
-define('RASPI_DHCPCD_LOG', '/var/log/dnsmasq.log'),
+define('RASPI_DHCPCD_LOG', '/var/log/dnsmasq.log');
 define('RASPI_WPA_SUPPLICANT_CONFIG', '/etc/wpa_supplicant/wpa_supplicant.conf');
 define('RASPI_HOSTAPD_CTRL_INTERFACE', '/var/run/hostapd');
 define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant');

From 4b27f9c844fe148cf1b80392d284bdbc21fdfd91 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 18 Nov 2021 10:26:38 +0000
Subject: [PATCH 279/300] Bugfix: vnstat column name change

---
 ajax/bandwidth/get_bandwidth_hourly.php | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/ajax/bandwidth/get_bandwidth_hourly.php b/ajax/bandwidth/get_bandwidth_hourly.php
index bc1c48b5..82c5d9ad 100644
--- a/ajax/bandwidth/get_bandwidth_hourly.php
+++ b/ajax/bandwidth/get_bandwidth_hourly.php
@@ -34,16 +34,13 @@ if (filter_input(INPUT_GET, 'tu') == 'h') {
     23     => array('date' => '23:00', 'rx' => 0, 'tx' => 0)
     );
 
-
-
-
     exec(sprintf('vnstat -i %s --json h', escapeshellarg($interface)), $jsonstdoutvnstat, $exitcodedaily);
     if ($exitcodedaily !== 0) {
         exit('vnstat error');
     }
 
     $jsonobj = json_decode($jsonstdoutvnstat[0], true)['interfaces'][0];
-    $jsonData = $jsonobj['traffic']['hours'];
+    $jsonData = $jsonobj['traffic']['hour'];
     for ($i = count($jsonData) - 1; $i >= 0; --$i) {
         $data_template[$jsonData[$i]['id']]['rx'] = round($jsonData[$i]['rx'] / 1024, 0);
         $data_template[$jsonData[$i]['id']]['tx'] = round($jsonData[$i]['tx'] / 1024, 0);

From 83373cf1c8385a777d928a0417770f5cd0e3cc2d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 18 Nov 2021 16:57:44 +0000
Subject: [PATCH 280/300] Update release version

---
 README.md             | 2 +-
 includes/defaults.php | 2 +-
 index.php             | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 59c008cc..d71e25ce 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/FRU1tXF.png)
-[![Release 2.7.8](https://img.shields.io/badge/release-2.7.8-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.7.9](https://img.shields.io/badge/release-2.7.9-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.
 
diff --git a/includes/defaults.php b/includes/defaults.php
index 7e4dae7d..3292c407 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.7.8',
+  'RASPI_VERSION' => '2.7.9',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
diff --git a/index.php b/index.php
index c8a1acf2..ec6819a1 100755
--- a/index.php
+++ b/index.php
@@ -14,7 +14,7 @@
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.7.8
+ * @version 2.7.9
  * @link    https://github.com/raspap/raspap-insiders/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/

From 5415707721cf46b2fa33a2d4f87d34defebb6a3b Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 21 Nov 2021 23:24:26 +0000
Subject: [PATCH 281/300] Fix for vnStat v2.6 (bullseye) breaking changes

---
 ajax/bandwidth/get_bandwidth.php        | 4 ++--
 ajax/bandwidth/get_bandwidth_hourly.php | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ajax/bandwidth/get_bandwidth.php b/ajax/bandwidth/get_bandwidth.php
index db9ebfe8..04c1fc03 100644
--- a/ajax/bandwidth/get_bandwidth.php
+++ b/ajax/bandwidth/get_bandwidth.php
@@ -42,10 +42,10 @@ $jsonobj = json_decode($jsonstdoutvnstat[0], true);
 $timeunits = filter_input(INPUT_GET, 'tu');
 if ($timeunits === 'm') {
     // months
-    $jsonData = $jsonobj['interfaces'][0]['traffic']['months'];
+    $jsonData = $jsonobj['interfaces'][0]['traffic']['month'];
 } else {
     // default: days
-    $jsonData = $jsonobj['interfaces'][0]['traffic']['days'];
+    $jsonData = $jsonobj['interfaces'][0]['traffic']['day'];
 }
 
 $datasizeunits = filter_input(INPUT_GET, 'dsu');
diff --git a/ajax/bandwidth/get_bandwidth_hourly.php b/ajax/bandwidth/get_bandwidth_hourly.php
index 82c5d9ad..a8e0f5cc 100644
--- a/ajax/bandwidth/get_bandwidth_hourly.php
+++ b/ajax/bandwidth/get_bandwidth_hourly.php
@@ -42,8 +42,8 @@ if (filter_input(INPUT_GET, 'tu') == 'h') {
     $jsonobj = json_decode($jsonstdoutvnstat[0], true)['interfaces'][0];
     $jsonData = $jsonobj['traffic']['hour'];
     for ($i = count($jsonData) - 1; $i >= 0; --$i) {
-        $data_template[$jsonData[$i]['id']]['rx'] = round($jsonData[$i]['rx'] / 1024, 0);
-        $data_template[$jsonData[$i]['id']]['tx'] = round($jsonData[$i]['tx'] / 1024, 0);
+        $data_template[$jsonData[$i]['time']['hour']]['rx'] = round($jsonData[$i]['rx'] / 1024, 0);
+        $data_template[$jsonData[$i]['time']['hour']]['tx'] = round($jsonData[$i]['tx'] / 1024, 0);
     }
 
     $data = array();

From 4d00bd9e94f73cc422541fe95db4789e6742ef48 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 25 Nov 2021 08:06:17 +0000
Subject: [PATCH 282/300] Update default getColorOpt()

---
 includes/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/functions.php b/includes/functions.php
index b4774c2f..b3574023 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -672,7 +672,7 @@ function getThemeOpt()
 function getColorOpt()
 {
     if (!isset($_COOKIE['color'])) {
-        $color = "#d8224c";
+        $color = "#2b8080";
     } else {
         $color = $_COOKIE['color'];
     }

From d12fc09caef8a79e9302e05286a1aca5f364df90 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 26 Nov 2021 21:38:22 +0000
Subject: [PATCH 283/300] Update nav-link dom element

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 496fafd4..5cda40e1 100755
--- a/index.php
+++ b/index.php
@@ -180,7 +180,7 @@ $bridgedEnabled = getBridgedState();
           <?php endif; ?>
           <?php if (RASPI_FIREWALL_ENABLED) : ?>
         <li class="nav-item">
-          <a class="nav-link" href="firewall_conf"><span class="fas fa-shield-alt mr-2"></span><span class="nav-label"><?php echo _("Firewall"); ?></a>
+          <a class="nav-link" href="firewall_conf"><i class="fas fa-shield-alt fa-fw mr-2"></i><span class="nav-label"><?php echo _("Firewall"); ?></a>
         </li>
           <?php endif; ?>
           <?php if (RASPI_CONFAUTH_ENABLED) : ?>

From 730c3c3cc8cb7cc16cb4f73f0f1893ff748ffe22 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 28 Nov 2021 09:07:16 +0000
Subject: [PATCH 284/300] Update release version

---
 README.md             | 2 +-
 includes/defaults.php | 2 +-
 index.php             | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index d71e25ce..9e33764a 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/FRU1tXF.png)
-[![Release 2.7.9](https://img.shields.io/badge/release-2.7.9-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.8.0](https://img.shields.io/badge/release-2.8.0-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.
 
diff --git a/includes/defaults.php b/includes/defaults.php
index 3292c407..3ba8d848 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.7.9',
+  'RASPI_VERSION' => '2.8.0',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
diff --git a/index.php b/index.php
index 06f0b45a..00454c54 100755
--- a/index.php
+++ b/index.php
@@ -14,7 +14,7 @@
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.7.9
+ * @version 2.8.0
  * @link    https://github.com/raspap/raspap-insiders/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/

From bf5de0a81d38886af053f84677d8189c31a6a629 Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Sun, 28 Nov 2021 11:39:04 +0100
Subject: [PATCH 285/300] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 9e33764a..4f872919 100644
--- a/README.md
+++ b/README.md
@@ -35,8 +35,8 @@ The following features are currently available exclusively to sponsors. A tangib
 ✅ [WireGuard support](https://docs.raspap.com/wireguard/)  
 ✅ [Set AP transmit power](https://docs.raspap.com/ap-basics/#transmit-power)  
 ✅ Mobile data client support  
+✅ Firewall settings  
 ⚙️ Traffic shaping (in progress)  
-⚙️ Firewall settings (in progress)  
 ⚙️ Printable WiFi signs (in progress)  
 
 Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/RaspAP/raspap-insiders/discussions) and let us know!

From d75175848fa2b6fa6a11619f8ffa4fa40c935bd7 Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Wed, 29 Dec 2021 12:39:59 +0100
Subject: [PATCH 286/300] Fix for issue RaspAP/raspap-webgui#1016

---
 includes/dhcp.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/includes/dhcp.php b/includes/dhcp.php
index 3e53017a..850d5847 100755
--- a/includes/dhcp.php
+++ b/includes/dhcp.php
@@ -180,9 +180,7 @@ function compareIPs($ip1, $ip2)
 function updateDnsmasqConfig($iface,$status)
 {
     $config = '# RaspAP '.$iface.' configuration'.PHP_EOL;
-    $config .= 'interface='.$iface.PHP_EOL.
-        'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd'].
-        ',255.255.255.0,';
+    $config .= 'interface='.$iface.PHP_EOL.'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd'].','.$_POST['SubnetMask'].',';
     if ($_POST['RangeLeaseTimeUnits'] !== 'infinite') {
         $config .= $_POST['RangeLeaseTime'];
     }

From 2ca5f25dff321d0f47008ef57a9d42becfd3241d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 25 Nov 2021 09:02:59 +0000
Subject: [PATCH 287/300] Merge First Edition of RaspAP/raspap-insiders

---
 app/css/lightsout.css     |   2 +-
 app/img/wifi-qr-code.php  |  13 +++
 app/js/custom.js          |  24 +-----
 config/config.php         |   6 --
 includes/adblock.php      |   2 +-
 includes/dashboard.php    | 170 +++++++++++++++++++++-----------------
 includes/defaults.php     |   2 +-
 includes/dhcp.php         |   4 +-
 includes/functions.php    |   8 +-
 includes/networking.php   |  12 +--
 index.php                 |  14 +---
 installers/common.sh      |   6 +-
 installers/raspap.sudoers |   7 +-
 templates/dashboard.php   | 166 +++++++++++--------------------------
 templates/networking.php  | 120 +--------------------------
 15 files changed, 177 insertions(+), 379 deletions(-)

diff --git a/app/css/lightsout.css b/app/css/lightsout.css
index 19ca7c5a..aa42b720 100644
--- a/app/css/lightsout.css
+++ b/app/css/lightsout.css
@@ -378,7 +378,7 @@ tspan, rect {
   fill: #d2d2d2;
 }
 
-text-muted {
+.text-muted {
   font-size: 0.8rem;
 }
 
diff --git a/app/img/wifi-qr-code.php b/app/img/wifi-qr-code.php
index e2baf69b..a36966c3 100644
--- a/app/img/wifi-qr-code.php
+++ b/app/img/wifi-qr-code.php
@@ -10,12 +10,25 @@ if (!isset($_SERVER['HTTP_REFERER'])) {
     exit;
 }
 
+function qr_encode($str)
+{
+    return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);
+}
+
 $hostapd = parse_ini_file(RASPI_HOSTAPD_CONFIG, false, INI_SCANNER_RAW);
 
 // assume wpa encryption and get the passphrase
 $type = "WPA";
 $password = isset($hostapd['wpa_psk']) ? $hostapd['wpa_psk'] : $hostapd['wpa_passphrase'];
 
+// use wep if configured
+$wep_default_key = intval($hostapd['wep_default_key']);
+$wep_key = 'wep_key' . $wep_default_key;
+if (array_key_exists($wep_key, $hostapd)) {
+    $type = "WEP";
+    $password = $hostapd[$wep_key];
+}
+
 // if password is still empty, assume nopass
 if (empty($password)) {
     $type = "nopass";
diff --git a/app/js/custom.js b/app/js/custom.js
index 10ab8b6c..0e842ebf 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -1,6 +1,5 @@
 function msgShow(retcode,msg) {
-    if(retcode == 0) {
-        var alertType = 'success';
+    if(retcode == 0) { var alertType = 'success';
     } else if(retcode == 2 || retcode == 1) {
         var alertType = 'danger';
     }
@@ -138,8 +137,7 @@ function setupBtns() {
     $('#btnSummaryRefresh').click(function(){getAllInterfaces();});
     $('.intsave').click(function(){
         var int = $(this).data('int');
-        var opts = $(this).data('opts');
-        saveNetDeviceSettings(int,opts);
+        saveNetworkSettings(int);
     });
     $('.intapply').click(function(){
         applyNetworkSettings();
@@ -182,24 +180,6 @@ function loadWifiStations(refresh) {
 }
 $(".js-reload-wifi-stations").on("click", loadWifiStations(true));
 
-function saveNetDeviceSettings(int,opts="") {
-    var frmInt = $('#frm-'+int).find(':input');
-    var arrFormData = {};
-    $.each(frmInt,function(i3,v3){
-        if($(v3).attr('type') == 'radio') {
-		arrFormData[$(v3).attr('id')] = $(v3).prop('checked');
-    } else {
-	    arrFormData[$(v3).attr('id')] = $(v3).val();
-    }
-    });
-    arrFormData['interface'] = int;
-    arrFormData['opts'] = opts;
-    $.post('ajax/networking/save_net_dev_config.php',arrFormData,function(data){
-        var jsonData = JSON.parse(data);
-        $('#msgNetworking').html(msgShow(jsonData['return'],jsonData['output']));
-    });
-}
-
 /*
 Populates the DHCP server form fields
 Option toggles are set dynamically depending on the loaded configuration
diff --git a/config/config.php b/config/config.php
index 96808363..d4f9266e 100755
--- a/config/config.php
+++ b/config/config.php
@@ -24,15 +24,10 @@ define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
 define('RASPI_WIREGUARD_PATH', '/etc/wireguard/');
 define('RASPI_WIREGUARD_CONFIG', RASPI_WIREGUARD_PATH.'wg0.conf');
-define('RASPI_FIREWALL_CONF', RASPI_CONFIG.'/networking/firewall/firewall.conf');
-define('RASPI_IPTABLES_CONF', RASPI_CONFIG.'/networking/firewall/iptables_rules.json');
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
 define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
 define('RASPI_ACCESS_CHECK_DNS', 'one.one.one.one');
-define('RASPI_CLIENT_CONFIG_PATH', RASPI_CONFIG.'/networking/client_udev_prototypes.json');
-define('RASPI_MOBILEDATA_CONFIG', RASPI_CONFIG.'/networking/mobiledata.ini');
-define('RASPI_CLIENT_SCRIPT_PATH', '/usr/local/sbin');
 
 // Constant for the 5GHz wireless regulatory domain
 define('RASPI_5GHZ_ISO_ALPHA2', array('NL','US'));
@@ -46,7 +41,6 @@ define('RASPI_DHCP_ENABLED', true);
 define('RASPI_ADBLOCK_ENABLED', false);
 define('RASPI_OPENVPN_ENABLED', false);
 define('RASPI_WIREGUARD_ENABLED', false);
-define('RASPI_FIREWALL_ENABLED', true);
 define('RASPI_TORPROXY_ENABLED', false);
 define('RASPI_CONFAUTH_ENABLED', true);
 define('RASPI_CHANGETHEME_ENABLED', true);
diff --git a/includes/adblock.php b/includes/adblock.php
index 45983695..b9bcd74c 100755
--- a/includes/adblock.php
+++ b/includes/adblock.php
@@ -78,7 +78,7 @@ function DisplayAdBlockConfig()
     $adblock_custom_content = file_get_contents(RASPI_ADBLOCK_LISTPATH .'custom.txt');
 
     $adblock_log = '';
-    exec('sudo chmod o+r '.RASPI_DHCPCD_LOG);
+    exec('sudo chmod o+r '. RASPI_DHCPCD_LOG);
     $handle = fopen("/tmp/dnsmasq.log", "r");
     if ($handle) {
         while (($line = fgets($handle)) !== false) {
diff --git a/includes/dashboard.php b/includes/dashboard.php
index a53aa820..00809655 100755
--- a/includes/dashboard.php
+++ b/includes/dashboard.php
@@ -3,7 +3,6 @@
 require_once 'includes/config.php';
 require_once 'includes/wifi_functions.php';
 require_once 'includes/functions.php';
-require_once 'includes/get_clients.php';
 
 /**
  * Show dashboard page.
@@ -24,27 +23,6 @@ function DisplayDashboard(&$extraFooterScripts)
         $status->showMessages();
         return;
     }
-
-    // ------------------------- Button pressed to switch client on/off ---------------------------------------------------------   
-    $switchedOn = false;
-    if (!RASPI_MONITOR_ENABLED) {
-        if (isset($_POST['ifdown_wlan0'])) {
-            // Pressed stop button
-            $status->addMessage(sprintf(_('Interface is going %s.'), _('down')), 'warning');
-            setClientState("down");
-            $status->addMessage(sprintf(_('Interface is now %s.'), _('down')), 'success');
-        } elseif (isset($_POST['ifup_wlan0'])) {
-            // Pressed start button
-            $status->addMessage(sprintf(_('Interface is going %s.'), _('up')), 'warning');
-            setClientState("up");
-            $status->addMessage(sprintf(_('Interface is now %s.'), _('up')), 'success');
-            $switchedOn = true;
-        }
-    }
-        
-    
-    // ----------------------------- INFOS ABOUT THE ACCESS POINT -------------------------------------------------------------
-    
     exec('ip a show '.$_SESSION['ap_interface'], $stdoutIp);
     $stdoutIpAllLinesGlued = implode(" ", $stdoutIp);
     $stdoutIpWRepeatedSpaces = preg_replace('/\s\s+/', ' ', $stdoutIpAllLinesGlued);
@@ -110,40 +88,103 @@ function DisplayDashboard(&$extraFooterScripts)
         $strTxBytes .= getHumanReadableDatasize($strTxBytes);
     }
 
-    // ------------------------ INFOS ABOUT THE CLIENT---------------------------------------------------------------
-    $clientinfo=array("name"=>"none","type"=>-1,"connected"=>"n");
-    $raspi_client=$_SESSION['wifi_client_interface'];
-    loadClientConfig();
-    $all_clients = getClients(false);
-    $clientinfo = array("name" => "none", "connected" => "n");
-    if ( ($idx = findCurrentClientIndex($all_clients)) >= 0) $clientinfo = $all_clients["device"][$idx];
-    if ($clientinfo["name"] != "none") $raspi_client = $clientinfo["name"];
-    $interfaceState = $clientinfo["connected"] == "y" ? 'UP' : 'DOWN';
-    $txPower="";
-    if ($clientinfo["type"] == "wlan") {
-        // txpower is now displayed on iw dev(..) info command, not on link command.
-        exec('iw dev '.$clientinfo["name"].' info |  sed -rn "s/.*txpower ([0-9]*)[0-9\.]*( dBm).*/\1\2/p"', $stdoutIwInfo);
-        if (!empty($stdoutIwInfo)) $txPower=$stdoutIwInfo[0];
+    define('SSIDMAXLEN', 32);
+    // Warning iw comes with: "Do NOT screenscrape this tool, we don't consider its output stable."
+    exec('iw dev ' .$_SESSION['wifi_client_interface']. ' link ', $stdoutIw);
+    $stdoutIwAllLinesGlued = implode('+', $stdoutIw); // Break lines with character illegal in SSID and MAC addr
+    $stdoutIwWRepSpaces = preg_replace('/\s\s+/', ' ', $stdoutIwAllLinesGlued);
+
+    preg_match('/Connected to (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2}))/', $stdoutIwWRepSpaces, $matchesBSSID) || $matchesBSSID[1] = '';
+    $connectedBSSID = $matchesBSSID[1];
+    $connectedBSSID = empty($connectedBSSID) ? "-" : $connectedBSSID;
+
+    $wlanHasLink = false;
+    if ($interfaceState === 'UP') {
+        $wlanHasLink = true;
     }
-    
+
+    if (!preg_match('/SSID: ([^+]{1,'.SSIDMAXLEN.'})/', $stdoutIwWRepSpaces, $matchesSSID)) {
+        $wlanHasLink = false;
+        $matchesSSID[1] = 'None';
+    }
+
+    $connectedSSID = $matchesSSID[1];
+
+    preg_match('/freq: (\d+)/i', $stdoutIwWRepSpaces, $matchesFrequency) || $matchesFrequency[1] = '';
+    $frequency = $matchesFrequency[1].' MHz';
+
+    preg_match('/signal: (-?[0-9]+ dBm)/i', $stdoutIwWRepSpaces, $matchesSignal) || $matchesSignal[1] = '';
+    $signalLevel = $matchesSignal[1];
+    $signalLevel = empty($signalLevel) ? "-" : $signalLevel;
+
+    preg_match('/tx bitrate: ([0-9\.]+ [KMGT]?Bit\/s)/', $stdoutIwWRepSpaces, $matchesBitrate) || $matchesBitrate[1] = '';
+    $bitrate = $matchesBitrate[1];
+    $bitrate = empty($bitrate) ? "-" : $bitrate;
+
+    // txpower is now displayed on iw dev(..) info command, not on link command.
+    exec('iw dev '.$_SESSION['wifi_client_interface'].' info ', $stdoutIwInfo);
+    $stdoutIwInfoAllLinesGlued = implode(' ', $stdoutIwInfo);
+    $stdoutIpInfoWRepSpaces = preg_replace('/\s\s+/', ' ', $stdoutIwInfoAllLinesGlued);
+
+    preg_match('/txpower ([0-9\.]+ dBm)/i', $stdoutIpInfoWRepSpaces, $matchesTxPower) || $matchesTxPower[1] = '';
+    $txPower = $matchesTxPower[1];
+
+    // iw does not have the "Link Quality". This is a is an aggregate value,
+    // and depends on the driver and hardware.
+    // Display link quality as signal quality for now.
+    $strLinkQuality = 0;
+    if ($signalLevel > -100 && $wlanHasLink) {
+        if ($signalLevel >= 0) {
+            $strLinkQuality = 100;
+        } else {
+            $strLinkQuality = 100 + intval($signalLevel);
+        }
+    }
+
+    $wlan0up = false;
     $classMsgDevicestatus = 'warning';
     if ($interfaceState === 'UP') {
+        $wlan0up = true;
         $classMsgDevicestatus = 'success';
     }
 
-    if ($switchedOn) exec('sudo ip -s a f label ' . $raspi_client);
-
+    if (!RASPI_MONITOR_ENABLED) {
+        if (isset($_POST['ifdown_wlan0'])) {
+            // Pressed stop button
+            if ($interfaceState === 'UP') {
+                $status->addMessage(sprintf(_('Interface is going %s.'), _('down')), 'warning');
+                exec('sudo ip link set '.$_SESSION['wifi_client_interface'].' down');
+                $wlan0up = false;
+                $status->addMessage(sprintf(_('Interface is now %s.'), _('down')), 'success');
+            } elseif ($interfaceState === 'unknown') {
+                $status->addMessage(_('Interface state unknown.'), 'danger');
+            } else {
+                $status->addMessage(sprintf(_('Interface already %s.'), _('down')), 'warning');
+            }
+        } elseif (isset($_POST['ifup_wlan0'])) {
+            // Pressed start button
+            if ($interfaceState === 'DOWN') {
+                $status->addMessage(sprintf(_('Interface is going %s.'), _('up')), 'warning');
+                exec('sudo ip link set ' .$_SESSION['wifi_client_interface']. ' up');
+                exec('sudo ip -s a f label ' . $_SESSION['wifi_client_interface']);
+                $wlan0up = true;
+                $status->addMessage(sprintf(_('Interface is now %s.'), _('up')), 'success');
+            } elseif ($interfaceState === 'unknown') {
+                $status->addMessage(_('Interface state unknown.'), 'danger');
+            } else {
+                $status->addMessage(sprintf(_('Interface already %s.'), _('up')), 'warning');
+            }
+        } else {
+            $status->addMessage(sprintf(_('Interface is %s.'), strtolower($interfaceState)), $classMsgDevicestatus);
+        }
+    }
     // brought in from template
     $arrHostapdConf = parse_ini_file(RASPI_CONFIG.'/hostapd.ini');
     $bridgedEnable = $arrHostapdConf['BridgedEnable'];
-    if ($arrHostapdConf['WifiAPEnable'] == 1) {
-        $client_interface = 'uap0';
-    } else {
-        $client_interface = $clientinfo["name"];
-    }
+    $clientInterface = $_SESSION['wifi_client_interface'];
     $apInterface = $_SESSION['ap_interface'];
-    $clientInterface = $raspi_client;
     $MACPattern = '"([[:xdigit:]]{2}:){5}[[:xdigit:]]{2}"';
+
     if (getBridgedState()) {
         $moreLink = "hostapd_conf";
         exec('iw dev ' . $apInterface . ' station dump | grep -oE ' . $MACPattern, $clients);
@@ -151,39 +192,11 @@ function DisplayDashboard(&$extraFooterScripts)
         $moreLink = "dhcpd_conf";
         exec('cat ' . RASPI_DNSMASQ_LEASES . '| grep -E $(iw dev ' . $apInterface . ' station dump | grep -oE ' . $MACPattern . ' | paste -sd "|")', $clients);
     }
-    $ifaceStatus = $clientinfo["connected"]=="y" ? "up" : "down";
-    $isClientConfigured = true;
-    switch($clientinfo["type"]) {
-        case "eth":
-        case "usb":
-            $client_title = "Client: Ethernet cable";
-            $type_name = "Ethernet";
-            break;
-        case "phone":
-            $client_title = "Client: Smartphone (USB tethering)";
-            $type_name = "Smartphone";
-            break;
-        case "wlan":
-            $client_title = "Wireless Client";
-            $type_name = "Wifi";
-            break;
-        case "ppp":
-        case "hilink":
-            $client_title = "Mobile Data Client";
-            $type_name = "Mobile Data";
-            break;
-        default: 
-            $client_title = "No information available";
-            $type_name = "Not configured";
-            $ifaceStatus = "warn";
-            $isClientConfigured = false;
-    }
+    $ifaceStatus = $wlan0up ? "up" : "down";
 
     echo renderTemplate(
         "dashboard", compact(
             "clients",
-            "client_title",
-            "type_name",
             "moreLink",
             "apInterface",
             "clientInterface",
@@ -198,9 +211,14 @@ function DisplayDashboard(&$extraFooterScripts)
             "strRxBytes",
             "strTxPackets",
             "strTxBytes",
+            "connectedSSID",
+            "connectedBSSID",
+            "bitrate",
+            "signalLevel",
             "txPower",
-            "clientinfo",
-            "isClientConfigured"
+            "frequency",
+            "strLinkQuality",
+            "wlan0up"
         )
     );
     $extraFooterScripts[] = array('src'=>'app/js/dashboardchart.js', 'defer'=>false);
diff --git a/includes/defaults.php b/includes/defaults.php
index 3ba8d848..52b27276 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.8.0',
+  'RASPI_VERSION' => '2.7.1',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
diff --git a/includes/dhcp.php b/includes/dhcp.php
index 3e53017a..850d5847 100755
--- a/includes/dhcp.php
+++ b/includes/dhcp.php
@@ -180,9 +180,7 @@ function compareIPs($ip1, $ip2)
 function updateDnsmasqConfig($iface,$status)
 {
     $config = '# RaspAP '.$iface.' configuration'.PHP_EOL;
-    $config .= 'interface='.$iface.PHP_EOL.
-        'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd'].
-        ',255.255.255.0,';
+    $config .= 'interface='.$iface.PHP_EOL.'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd'].','.$_POST['SubnetMask'].',';
     if ($_POST['RangeLeaseTimeUnits'] !== 'infinite') {
         $config .= $_POST['RangeLeaseTime'];
     }
diff --git a/includes/functions.php b/includes/functions.php
index b3574023..81e642ed 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -757,8 +757,12 @@ function qr_encode($str)
     return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);
 }
 
-function evalHexSequence($string)
-{
+// Validates a host or FQDN
+function validate_host($host) {
+  return preg_match('/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i', $host);
+}
+
+function evalHexSequence($string) {
     $evaluator = function ($input) {
 	return hex2bin($input[1]);
     };
diff --git a/includes/networking.php b/includes/networking.php
index 1cb93f0e..ac5d39bc 100755
--- a/includes/networking.php
+++ b/includes/networking.php
@@ -2,8 +2,6 @@
 
 require_once 'includes/status_messages.php';
 require_once 'includes/internetRoute.php';
-require_once 'includes/functions.php';
-require_once 'includes/get_clients.php';
 
 /**
  *
@@ -19,18 +17,10 @@ function DisplayNetworkingConfig()
     $arrHostapdConf = parse_ini_file(RASPI_CONFIG.'/hostapd.ini');
     $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
 
-    foreach ($interfaces as $interface) {
-        exec("ip a show $interface", $$interface);
-    }
-    loadClientConfig();
-    $clients=getClients();
     echo renderTemplate("networking", compact(
         "status",
         "interfaces",
         "routeInfo",
-        "bridgedEnabled",
-		"clients")
+        "bridgedEnabled")
     );
 }
-
-?>
\ No newline at end of file
diff --git a/index.php b/index.php
index 00454c54..994aba5b 100755
--- a/index.php
+++ b/index.php
@@ -14,8 +14,8 @@
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.8.0
- * @link    https://github.com/raspap/raspap-insiders/
+ * @version 2.7.1
+ * @link    https://github.com/raspap/raspap-webgui/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/
  *
@@ -41,7 +41,6 @@ require_once 'includes/system.php';
 require_once 'includes/sysstats.php';
 require_once 'includes/configure_client.php';
 require_once 'includes/networking.php';
-require_once 'includes/firewall.php';
 require_once 'includes/themes.php';
 require_once 'includes/data_usage.php';
 require_once 'includes/about.php';
@@ -176,11 +175,6 @@ $bridgedEnabled = getBridgedState();
           <?php if (RASPI_TORPROXY_ENABLED) : ?>
         <li class="nav-item">
            <a class="nav-link" href="torproxy_conf"><i class="fas fa-eye-slash fa-fw mr-2"></i><span class="nav-label"><?php echo _("TOR proxy"); ?></a>
-        </li>
-          <?php endif; ?>
-          <?php if (RASPI_FIREWALL_ENABLED) : ?>
-        <li class="nav-item">
-          <a class="nav-link" href="firewall_conf"><i class="fas fa-shield-alt fa-fw mr-2"></i><span class="nav-label"><?php echo _("Firewall"); ?></a>
         </li>
           <?php endif; ?>
           <?php if (RASPI_CONFAUTH_ENABLED) : ?>
@@ -280,8 +274,8 @@ $bridgedEnabled = getBridgedState();
         case "/torproxy_conf":
             DisplayTorProxyConfig();
             break;
-        case "/firewall_conf":
-            DisplayFirewallConfig();
+        case "/torproxy_conf":
+            DisplayTorProxyConfig();
             break;
         case "/auth_conf":
             DisplayAuthConfig($config['admin_user'], $config['admin_pass']);
diff --git a/installers/common.sh b/installers/common.sh
index 00d6f513..2f10867c 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -139,10 +139,10 @@ function _get_linux_distro() {
 # Sets php package option based on Linux version, abort if unsupported distro
 function _set_php_package() {
     case $RELEASE in
-       18.04|19.10|11*) # Ubuntu Server & Debian 11 
+        18.04|19.10|11*) # Ubuntu Server & Debian 11
             php_package="php7.4-cgi"
             phpcgiconf="/etc/php/7.4/cgi/php.ini" ;;
-        10*)
+        10*|11*)
             php_package="php7.3-cgi"
             phpcgiconf="/etc/php/7.3/cgi/php.ini" ;;
         9*)
@@ -159,7 +159,7 @@ function _set_php_package() {
 function _install_dependencies() {
     _install_log "Installing required packages"
     _set_php_package
-   if [ "$php_package" = "php7.4-cgi" ] && [ ${OS,,} = "ubuntu" ]; then 
+    if [ "$php_package" = "php7.4-cgi" ] && [ ${OS,,} = "ubuntu" ]; then
         echo "Adding apt-repository ppa:ondrej/php"
         sudo apt-get install $apt_option software-properties-common || _install_status 1 "Unable to install dependency"
         sudo add-apt-repository $apt_option ppa:ondrej/php || _install_status 1 "Unable to add-apt-repository ppa:ondrej/php"
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index c7bbac5c..db5154e5 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -62,9 +62,4 @@ www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/wg-*.key
-www-data ALL=(ALL) NOPASSWD:/tmp/iptables_raspap.sh
-www-data ALL=(ALL) NOPASSWD:/tmp/ip6tables_raspap.sh
-www-data ALL=(ALL) NOPASSWD:/usr/sbin/iptables-save
-www-data ALL=(ALL) NOPASSWD:/usr/sbin/ip6tables-save
-www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /etc/iptables/rules.v4
-www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /etc/iptables/rules.v6
+
diff --git a/templates/dashboard.php b/templates/dashboard.php
index 113d004d..597dc6b5 100755
--- a/templates/dashboard.php
+++ b/templates/dashboard.php
@@ -3,17 +3,18 @@
     <div class="card">
       <div class="card-header">
         <div class="row">
-          <div class="col">
-            <i class="fas fa-tachometer-alt fa-fw mr-2"></i><?php echo _("Dashboard"); ?>
-          </div>
-          <div class="col">
-            <button class="btn btn-light btn-icon-split btn-sm service-status float-right">
-              <span class="icon"><i class="fas fa-circle service-status-<?php echo $ifaceStatus ?>"></i></span>
-              <span class="text service-status"><?php echo $type_name; if ( $isClientConfigured ) echo ' '. _($ifaceStatus); ?></span>
-            </button>
-          </div>
+    <div class="col">
+      <i class="fas fa-tachometer-alt fa-fw mr-2"></i><?php echo _("Dashboard"); ?>
+    </div>
+    <div class="col">
+      <button class="btn btn-light btn-icon-split btn-sm service-status float-right">
+        <span class="icon"><i class="fas fa-circle service-status-<?php echo $ifaceStatus ?>"></i></span>
+        <span class="text service-status"><?php echo strtolower($apInterface) .' '. _($ifaceStatus) ?></span>
+      </button>
+    </div>
         </div><!-- /.row -->
       </div><!-- /.card-header -->
+
       <div class="card-body">
         <div class="row">
 
@@ -32,97 +33,37 @@
           <div class="col-sm-6 align-items-stretch">
             <div class="card h-100">
               <div class="card-body wireless">
-                <h4 class="card-title"><?php echo _("$client_title"); ?></h4>
+                <h4 class="card-title"><?php echo _("Wireless Client"); ?></h4>
                 <div class="row ml-1">
                   <div class="col-sm">
-                    <?php $valEcho=function($cl,$id) {$val = isset($cl[$id])&& !empty($cl[$id]) ? $cl[$id] : "-"; echo  htmlspecialchars($val,ENT_QUOTES);} ?>
-                    <?php if ($clientinfo["type"] == "wlan") : // WIRELESS ?>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Connected To"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"ssidutf8"); ?></div>
-                      </div>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("AP Mac Address"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"ap-mac"); ?></div>
-                      </div>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Bitrate"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"bitrate"); ?></div>
-                      </div>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Signal Level"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"signal"); ?></div>
-                      </div>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Transmit Power"); ?></div><div class="info-value col-xs-3"><?php echo htmlspecialchars($txPower, ENT_QUOTES); ?></div>
-                      </div>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Frequency"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"freq"); ?></div>
-                      </div>
-                    <?php elseif ($clientinfo["type"] == "phone" ) : // Smartphones (tethering over USB) ?>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Device"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"vendor")." ". $valEcho($clientinfo,"model"); ?></div>
-                      </div>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("IP Address"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"ipaddress"); ?></div>
-                      </div>
-                    <?php elseif ($clientinfo["type"] == "hilink" ) : // MOBILE DATA - ROUTER MODE (HILINK) ?>
-                      <?php
-                          exec('ip route list |  sed -rn "s/default via (([0-9]{1,3}\.){3}[0-9]{1,3}).*dev '.$clientinfo["name"].'.*/\1/p"',$gw); // get gateway
-                          $gw=empty($gw) ? "" : $gw[0];
-                      ?>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Device"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"model")." (Hilink)"; ?></div>
-                      </div>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Connection mode"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"mode"); ?></div>
-                      </div>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Signal quality"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"signal"); ?></div>
-                      </div>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Network"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"operator"); ?></div>
-                      </div>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("WAN IP"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"wan_ip"); ?></div>
-                      </div>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Web-GUI"); ?></div><div class="info-value col-xs-3"><?php if(!empty($gw)) echo '<a href="http://'.$gw.'" >'.$gw."</a>"; ?></div>
-                      </div>
-                    <?php elseif ($clientinfo["type"] == "ppp" ) : // MOBILE DATA MODEM) ?>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Device"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"model"); ?></div>
-                      </div>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Connection mode"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"mode"); ?></div>
-                      </div>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Signal strength"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"signal"); ?></div>
-                      </div>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Network"); ?></div><div class="info-value col-xs-3"><?php  $valEcho($clientinfo,"operator"); ?></div>
-                      </div>
-                    <?php elseif  ($clientinfo["type"] == "eth" ) : // ETHERNET ?>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("Device"); ?></div><div class="info-value col-xs-3"><?php $valEcho($clientinfo,"vendor")." ".$valEcho($clientinfo,"model"); ?></div>
-                      </div>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("IP Address"); ?></div><div class="info-value col-xs-3"><?php echo $valEcho($clientinfo,"ipaddress"); ?></div>
-                      </div>
-                    <?php else : // NO CLIENT ?>
-                      <div class="row mb-1">
-                        <div class="info-item col-xs-3"><?php echo _("No Client device or not yet configured"); ?></div>
-                      </div>
-                    <?php endif; ?>
+                    <div class="row mb-1">
+                      <div class="info-item col-xs-3"><?php echo _("Connected To"); ?></div><div class="info-value col-xs-3"><?php echo htmlspecialchars($connectedSSID, ENT_QUOTES); ?></div>
+                    </div>
+                    <div class="row mb-1">
+                      <div class="info-item col-xs-3"><?php echo _("Interface"); ?></div><div class="info-value col-xs-3"><?php echo htmlspecialchars($clientInterface); ?></div>
+                    </div>
+                    <div class="row mb-1">
+                      <div class="info-item col-xs-3"><?php echo _("AP Mac Address"); ?></div><div class="info-value col-xs-3"><?php echo htmlspecialchars($connectedBSSID, ENT_QUOTES); ?></div>
+                    </div>
+                    <div class="row mb-1">
+                      <div class="info-item col-xs-3"><?php echo _("Bitrate"); ?></div><div class="info-value col-xs-3"><?php echo htmlspecialchars($bitrate, ENT_QUOTES); ?></div>
+                    </div>
+                    <div class="row mb-1">
+                      <div class="info-item col-xs-3"><?php echo _("Signal Level"); ?></div><div class="info-value col-xs-3"><?php echo htmlspecialchars($signalLevel, ENT_QUOTES); ?></div>
+                    </div>
+                    <div class="row mb-1">
+                      <div class="info-item col-xs-3"><?php echo _("Transmit Power"); ?></div><div class="info-value col-xs-3"><?php echo htmlspecialchars($txPower, ENT_QUOTES); ?></div>
+                    </div>
+                    <div class="row mb-1">
+                      <div class="info-item col-xs-3"><?php echo _("Frequency"); ?></div><div class="info-value col-xs-3"><?php echo htmlspecialchars($frequency, ENT_QUOTES); ?></div>
+                    </div>
+                  </div>
+                  <div class="col-md d-flex">
+                    <script>var linkQ = <?php echo json_encode($strLinkQuality); ?>;</script>
+                    <div class="chart-container">
+                      <canvas id="divChartLinkQ"></canvas>
+                    </div>
                   </div>
-                  <?php if ($isClientConfigured) : ?>
-                     <div class="col-md d-flex">
-                        <?php
-                          preg_match("/.*\((\s*\d*)\s*%\s*\)/",$clientinfo["signal"],$match);
-                          $strLinkQuality=array_key_exists(1,$match) ? $match[1] : 0;
-                        ?>
-                        <script>var linkQ = <?php echo json_encode($strLinkQuality); ?>;</script>
-                        <div class="chart-container">
-                           <canvas id="divChartLinkQ"></canvas>
-                        </div>
-                     </div>
-                  <?php endif; ?>
                 </div><!--row-->
               </div><!-- /.card-body -->
             </div><!-- /.card -->
@@ -152,7 +93,7 @@
                         <?php endif; ?>
                         <?php foreach (array_slice($clients,0, 2) as $client) : ?>
                         <tr>
-                          <?php if ($bridgedEnable == 1): ?>
+                          <?php if ($arrHostapdConf['BridgedEnable'] == 1): ?>
                             <td><?php echo htmlspecialchars($client, ENT_QUOTES) ?></td>
                           <?php else : ?>
                             <?php $props = explode(' ', $client) ?>
@@ -176,41 +117,28 @@
             </div><!-- /.card -->
           </div><!-- /.col-md-6 -->
         </div><!-- /.row -->
+
         <div class="col-lg-12 mt-3">
           <div class="row">
             <form action="wlan0_info" method="POST">
-                <?php echo CSRFTokenFieldTag(); ?>
+                <?php echo CSRFTokenFieldTag() ?>
                 <?php if (!RASPI_MONITOR_ENABLED) : ?>
-                    <?php if ($ifaceStatus == "down") : ?>
-                    <input type="submit" class="btn btn-success" value="<?php echo _("Start").' '.$type_name ?>" name="ifup_wlan0" data-toggle="modal" data-target="#switchClientModal"/>
-                    <?php elseif ($ifaceStatus == "up") : ?>
-                    <input type="submit" class="btn btn-warning" value="<?php echo _("Stop").' '.$type_name ?>"  name="ifdown_wlan0" data-toggle="modal" data-target="#switchClientModal"/>
+                    <?php if (!$wlan0up) : ?>
+                    <input type="submit" class="btn btn-success" value="<?php echo _("Start").' '.$clientInterface ?>" name="ifup_wlan0" />
+                    <?php else : ?>
+                    <input type="submit" class="btn btn-warning" value="<?php echo _("Stop").' '.$clientInterface ?>"  name="ifdown_wlan0" />
                     <?php endif ?>
                 <?php endif ?>
-              <button type="button" onClick="window.location.reload();" class="btn btn-outline btn-primary"><i class="fas fa-sync-alt"></i> <?php echo _("Refresh") ?></button>
+              <button type="button" onClick="window.location.reload();" class="btn btn-outline btn-primary"><i class="fas fa-sync-alt"></i> <?php echo _("Refresh") ?></a>
             </form>
           </div>
         </div>
+
       </div><!-- /.card-body -->
       <div class="card-footer"><?php echo _("Information provided by ip and iw and from system"); ?></div>
     </div><!-- /.card -->
   </div><!-- /.col-lg-12 -->
 </div><!-- /.row -->
-
-<!-- Modal -->
-<div class="modal fade" id="switchClientModal" tabindex="-1" role="dialog" aria-labelledby="ModalLabel" aria-hidden="true">
-  <div class="modal-dialog" role="document">
-    <div class="modal-content">
-      <div class="modal-header">
-        <div class="modal-title" id="ModalLabel">
-            <i class="fas fa-sync-alt mr-2"></i>
-            <?php if($ifaceStatus=="down") echo _("Waiting for the interface to start ..."); else  echo _("Stop the Interface"); ?>
-        </div>
-        <button type="button" class="close" data-dismiss="modal" aria-label="Close"> <span aria-hidden="true">&times;</span>
-      </div>
-  </div>
-</div>
-
 <script type="text/javascript"<?php //echo ' nonce="'.$csp_page_nonce.'"'; ?>>
 // js translations:
 var t = new Array();
diff --git a/templates/networking.php b/templates/networking.php
index f331f2de..3887a01b 100755
--- a/templates/networking.php
+++ b/templates/networking.php
@@ -1,6 +1,7 @@
 <div class="row">
   <div class="col-lg-12">
     <div class="card">
+
       <div class="card-header">
         <div class="row">
           <div class="col">
@@ -8,14 +9,11 @@
           </div>
         </div><!-- ./row -->
       </div><!-- ./card-header -->
+
       <div class="card-body">
         <div id="msgNetworking"></div>
         <ul class="nav nav-tabs">
           <li role="presentation" class="nav-item"><a class="nav-link active" href="#summary" aria-controls="summary" role="tab" data-toggle="tab"><?php echo _("Summary"); ?></a></li>
-          <?php if (!$bridgedEnabled) : // no interface details when bridged ?>
-            <li role="presentation" class="nav-item"><a class="nav-link" href="#netdevices" aria-controls="netdevices" role="tab" data-toggle="tab"><?php echo _("Network Devices"); ?></a></li>
-            <li role="presentation" class="nav-item"><a class="nav-link" href="#mobiledata" aria-controls="mobiledata" role="tab" data-toggle="tab"><?php echo _("Mobile Data Settings"); ?></a></li>
-          <?php endif ?>
         </ul>
         <div class="tab-content">
           <div role="tabpanel" class="tab-pane active" id="summary">
@@ -77,120 +75,6 @@
             <button type="button" onClick="window.location.reload();" class="btn btn-outline btn-primary"><i class="fas fa-sync-alt"></i> <?php echo _("Refresh") ?></a>
 
           </div>
-          <?php $arrMD = file_exists(($f = RASPI_MOBILEDATA_CONFIG)) ? parse_ini_file($f) : false;
-                if ($arrMD==false) { $arrMD=[]; $arrMD["pin"]=$arrMD["apn"]=$arrMD["apn_user"]=$arrMD["apn_pw"]=$arrMD["router_user"]=$arrMD["router_pw"]=""; }
-          ?>
-          <div role="tabpanel" class="tab-pane fade in" id="netdevices">
-            <h4 class="mt-3"><?php echo _("Properties of network devices") ?></h4>
-            <div class="row">
-             <div class="col-sm-12">
-              <div class="card ">
-                <div class="card-body">
-                  <form id="frm-netdevices">
-                    <?php echo CSRFTokenFieldTag() ?>
-                    <div class="table-responsive">
-                      <table class="table table-hover">
-                        <thead>
-                          <tr>
-                            <th><?php echo _("Device"); ?></th>
-                            <th><?php echo _("Interface"); ?></th>
-                            <th></th>
-                            <th><?php echo _("MAC"); ?></th>
-                            <th><?php echo _("USB vid/pid"); ?></th>
-                            <th><?php echo _("Device type"); ?></th>
-                            <th style="min-width:6em"><?php echo _("Fixed name"); ?></th>
-                            <th></th>
-                          </tr>
-                        </thead>
-                        <tbody>
-                        <?php
-                           if(!empty($clients)) {
-                              $ncl=$clients["clients"];
-                              if($ncl > 0) {
-                                 foreach($clients["device"] as $id => $dev) {
-                                   echo "<tr>";
-                                   echo "<td>".$dev["vendor"]." ".$dev["model"]."</td>\n";
-                                   echo "<td>".$dev["name"]."</td>\n";
-                                   $ty="Client";
-                                   if(isset($dev["isAP"]) && $dev["isAP"]) $ty="Access Point";
-                                   echo "<td>".$ty."</td>\n";
-                                   echo "<td>".$dev["mac"]."</td>\n";
-                                   if(isset($dev["vid"]) && !empty($dev["vid"])) echo "<td>".$dev["vid"]."/".$dev["pid"]."</td>\n";
-                                   else echo "<td> - </td>\n";
-                                   $udevfile=$_SESSION["udevrules"]["udev_rules_file"];
-                                   $isStatic=array();
-                                   exec('find /etc/udev/rules.d/  -type f \( -iname "*.rules" ! -iname "'.basename($udevfile).'" \) -exec grep -i '.$dev["mac"].' {} \; ',$isStatic);
-                                   if(empty($isStatic))
-                                     exec('find /etc/udev/rules.d/  -type f \( -iname "*.rules" ! -iname "'.basename($udevfile).'" \) -exec grep -i '.$dev["vid"].' {} \; | grep -i '.$dev["pid"].' ',$isStatic);
-                                   $isStatic = empty($isStatic) ? false : true;
-                                   $devname=array();
-                                   exec('grep -i '.$dev["vid"].' '.$udevfile.' | grep -i '.$dev["pid"].' | sed -rn \'s/.*name=\"(\w*)\".*/\1/ip\' ',$devname);
-                                   if(!empty($devname)) $devname=$devname[0];
-                                   else {
-                                      exec('grep -i '.$dev["mac"].' '.$udevfile.' | sed -rn \'s/.*name=\"(\w*)\".*/\1/ip\' ',$devname);
-                                      if(!empty($devname)) $devname=$devname[0];
-                                   }
-                                   if(empty($devname)) $devname="";
-                                   $isStatic = $isStatic || in_array($dev["type"],array("ppp","tun"));
-                                   $txtdisabled=$isStatic ? "disabled":"";
-                                   echo '<td><select '.$txtdisabled.' class="selectpicker form-control" id="int-new-type-'.$dev["name"].'">';
-                                   foreach($_SESSION["net-device-types"] as $i => $type) {
-                                     $txt=$_SESSION["net-device-types-info"][$i];
-                                     $txtdisabled =   in_array($type,array("ppp","tun")) ? "disabled":"";
-                                     if(preg_match("/^".$_SESSION["net-device-name-prefix"][$i].".*$/",$dev["type"])===1) echo '<option '.$txtdisabled.' selected value="'.$type.'">'.$txt.'</option>';
-                                     else echo '<option '.$txtdisabled.' value="'.$type.'">'.$txt.'</option>';
-                                   }
-                                   echo "</select></td>";
-                                   echo '<td>';
-                                   if (! $isStatic ) echo '<input type="text" class="form-control" id="int-name-'.$dev["name"].'" value="'.$devname.'" >'."\n";
-                                   else echo $dev["name"];
-                                   echo '<input type="hidden" class="form-control" id="int-vid-'.$dev["name"].'" value="'.$dev["vid"].'" >'."\n";
-                                   echo '<input type="hidden" class="form-control" id="int-pid-'.$dev["name"].'" value="'.$dev["pid"].'" >'."\n";
-                                   echo '<input type="hidden" class="form-control" id="int-mac-'.$dev["name"].'" value="'.$dev["mac"].'" >'."\n";
-                                   echo '<input type="hidden" class="form-control" id="int-type-'.$dev["name"].'" value="'.$dev["type"].'" >'."\n";
-                                   echo '</td>'."\n";
-                                   echo '<td>';
-                                   if (! $isStatic) echo '<a href="#" class="btn btn-secondary intsave" data-opts="'.$dev["name"].'" data-int="netdevices">' ._("Change").'</a>';
-                                   echo "</td>\n";
-                                   echo "</tr>\n";
-                                 }
-                              }
-                           } else echo "<tr><td colspan=4>No network devices found</td></tr>";
-                        ?>
-                        </tbody>
-                     </table>
-                    </div>
-                  </form>
-                </div>
-               </div>
-             </div>
-            </div>
-          </div><!-- /.tab-panel -->
-          <div role="tabpanel" class="tab-pane fade in" id="mobiledata">
-            <div class="row">
-              <div class="col-lg-6">
-                <h4 class="mt-3"><?php echo _("Settings for Mobile Data Devices") ?></h4>
-                <hr />
-                <form id="frm-mobiledata">
-                  <?php echo CSRFTokenFieldTag() ?>
-                  <div class="form-group">
-                    <label for="pin-mobile"><?php echo _("PIN of SIM card") ?></label>
-                    <input type="number" class="form-control" id="pin-mobile" placeholder="1234" value="<?php echo $arrMD["pin"]?>" >
-                  </div>
-                  <h4 class="mt-3"><?php echo _("APN Settings (Modem device ppp0)") ?></h4>
-                  <div class="form-group">
-                    <label for="apn-mobile"><?php echo _("Access Point Name (APN)") ?></label>
-                    <input type="text" class="form-control" id="apn-mobile" placeholder="web.myprovider.com" value="<?php echo $arrMD["apn"]?>" >
-                    <label for="apn-user-mobile"><?php echo _("Username") ?></label>
-                    <input type="text" class="form-control" id="apn-user-mobile" value="<?php echo $arrMD["apn_user"]?>" >
-                    <label for="apn-pw-mobile"><?php echo _("Password") ?></label>
-                    <input type="text" class="form-control" id="apn-pw-mobile"  value="<?php echo $arrMD["apn_pw"]?>" >
-                  </div>
-                  <a href="#" class="btn btn-outline btn-primary intsave" data-int="mobiledata"><?php echo _("Save settings") ?></a>
-                </form>
-              </div>
-		    </div>
-          </div><!-- /.tab-panel -->
         </div>
       </div><!-- /.card-body -->
 

From c2665ae528913b3053bfab08e2d6bd685629e365 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 29 Dec 2021 12:41:35 +0000
Subject: [PATCH 288/300] Resolve merge conflict

---
 includes/functions.php | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/includes/functions.php b/includes/functions.php
index 81e642ed..526b3ae1 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -757,11 +757,6 @@ function qr_encode($str)
     return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);
 }
 
-// Validates a host or FQDN
-function validate_host($host) {
-  return preg_match('/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i', $host);
-}
-
 function evalHexSequence($string) {
     $evaluator = function ($input) {
 	return hex2bin($input[1]);

From 0c5ecb549d9bf9672425503908be3ab52a6ac2df Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 29 Dec 2021 13:27:34 +0000
Subject: [PATCH 289/300] Update release version - First Insiders Edition

---
 README.md             | 228 +++++++++++++++++++++++++++++-------------
 includes/defaults.php |   2 +-
 index.php             |   8 +-
 3 files changed, 164 insertions(+), 74 deletions(-)

diff --git a/README.md b/README.md
index 4f872919..3b78e7e9 100644
--- a/README.md
+++ b/README.md
@@ -1,87 +1,177 @@
-![](https://i.imgur.com/FRU1tXF.png)
-[![Release 2.8.0](https://img.shields.io/badge/release-2.8.0-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Insiders Edition](https://img.shields.io/static/v1?label=Insiders%20Edition&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+![](https://i.imgur.com/xeKD93p.png)
+[![Release 2.8.0](https://img.shields.io/badge/release-v2.8.0-green)](https://github.com/raspap/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Join Insiders](https://img.shields.io/static/v1?label=Join%20Insiders&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
-Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.
+RaspAP is feature-rich wireless router software that _just works_ on many popular [Debian-based devices](#supported-operating-systems), including the Raspberry Pi. Our popular [Quick installer](#quick-installer) creates a known-good default configuration for all current Raspberry Pis with onboard wireless. A fully responsive, mobile-ready interface gives you control over the relevant services and networking options. Advanced DHCP settings, WireGuard and OpenVPN support, [SSL certificates](https://docs.raspap.com/ssl-quick/), security audits, [captive portal integration](https://docs.raspap.com/captive/), themes and [multilingual options](https://docs.raspap.com/translations/) are included.
 
+RaspAP has been featured on sites such as [Instructables](http://www.instructables.com/id/Raspberry-Pi-As-Completely-Wireless-Router/), [Adafruit](https://blog.adafruit.com/2016/06/24/raspap-wifi-configuration-portal-piday-raspberrypi-raspberry_pi/), [Raspberry Pi Weekly](https://www.raspberrypi.org/weekly/commander/) and [Awesome Raspberry Pi](https://project-awesome.org/thibmaek/awesome-raspberry-pi) and implemented in countless projects.
+
+We hope you enjoy using RaspAP as much as we do creating it. Tell us how you use this with [your own projects](https://github.com/raspap/raspap-awesome).
+
+![](https://i.imgur.com/uhBFoOB.png)
+![](https://i.imgur.com/EiIpdOS.gif)
+![](https://i.imgur.com/eCjUS1H.gif)
+![](https://i.imgur.com/5FT2BcS.gif)
+![](https://i.imgur.com/RKaBFrZ.gif)
 ## Contents
 
- - [How sponsorship works](#how-sponsorship-works)
- - [About your sponsorship](#about-your-sponsorship)
- - [Exclusive features](#exclusive-features)
- - [Funding targets](#funding-targets)
- - [Frequently asked questions](#frequently-asked-questions)
+ - [Prerequisites](#prerequisites)
+ - [Quick installer](#quick-installer)
+ - [Join Insiders](#join-insiders)
+ - [WireGuard support](#wireguard-support)
+ - [OpenVPN support](#openvpn-support)
+ - [Ad Blocking](#ad-blocking)
+ - [Bridged AP](#bridged-ap)
+ - [Simultaneous AP and Wifi client](#simultaneous-ap-and-wifi-client)
+ - [Manual installation](#manual-installation)
+ - [802.11ac 5GHz support](#80211ac-5ghz-support)
+ - [Supported operating systems](#supported-operating-systems)
+ - [Multilingual support](#multilingual-support)
+ - [HTTPS support](#https-support)
+ - [How to contribute](#how-to-contribute)
+ - [Reporting issues](#reporting-issues)
+ - [License](#license)
 
-## How sponsorship works
-New features first land in Insiders, which means that *sponsors will have access to them immediately*. Every feature is tied to a funding goal in monthly subscriptions. When a funding goal is hit, the features that are tied to it are merged back into the [public RaspAP repository](https://github.com/RaspAP/raspap-webgui) and released for general availability. Bugfixes and minor enhancements are always released simultaneously in both editions.
-
-Don't want to sponsor? No problem, RaspAP already has tons of features available, so chances are that most of your requirements are already satisfied. See the list of [exclusive features](#exclusive-features) to learn which features are currently only available to sponsors.
-
-## About your sponsorship
-Your sponsorship is through your individual or organization's GitHub account. By visiting [**RaspAP's sponsor profile**](https://github.com/sponsors/RaspAP), you may change your sponsorship tier or cancel your sponsorship anytime. <sup>[1](#footnote-1)</sup>
-
-As part of the initial rollout of Insiders, all previous one-time backers of RaspAP on GitHub, PayPal or [Open Collective](https://opencollective.com/raspap) will receive unlimited access to Insiders. This is a small gesture for those early financial supporters who recognized the potential of this project.
-
-
-> ℹ️ **Important**: If you're [sponsoring](https://github.com/sponsors/RaspAP) RaspAP through a GitHub organization, please send a short email to [sponsors@raspap.com](mailto:sponsors@raspap.com) with the name of your organization and the account that should be added as a collaborator. <sup>[2](#footnote-2)</sup>
-
-## Exclusive features
-The following features are currently available exclusively to sponsors. A tangible side benefit of sponsorship is that Insiders are able to help steer future development of RaspAP. This is done through your Insiders access to discussions, feature requests, issues and pull requests in the private GitHub repository.
-
-✅ [Manage OpenVPN client configs](https://docs.raspap.com/openvpn/#multiple-client-configs)  
-✅ [OpenVPN certificate authentication](https://docs.raspap.com/openvpn/#certificate-authentication)      
-✅ OpenVPN service logging  
-✅ Night mode toggle  
-✅ Restrict network to static clients  
-✅ [WireGuard support](https://docs.raspap.com/wireguard/)  
-✅ [Set AP transmit power](https://docs.raspap.com/ap-basics/#transmit-power)  
-✅ Mobile data client support  
-✅ Firewall settings  
-⚙️ Traffic shaping (in progress)  
-⚙️ Printable WiFi signs (in progress)  
-
-Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/RaspAP/raspap-insiders/discussions) and let us know!
-
-## Funding targets
-Following is a list of funding targets. When a funding target is reached, the features that are tied to it are merged back into RaspAP and released to the public for general availability.
-
-### $500 
-The first **Insiders Edition** includes the exclusive features listed above.
-
-## Frequently asked questions
-
-### Upgrading
-*I have an existing RaspAP installation. How do I upgrade to Insiders?*
-
-Upgrading is easy. Simply invoke the Quick Installer with the --upgrade switch, specifying the private Insiders Edition, like so:
+## Prerequisites
+Start with a clean install of the [latest release of Raspberry Pi OS (32-bit) Lite](https://www.raspberrypi.org/software/operating-systems/#raspberry-pi-os-32-bit). The Raspberry Pi OS desktop and 64-bit beta distros are unsupported.
 
+1. Update Raspbian, including the kernel and firmware, followed by a reboot:
 ```
-curl -sL https://install.raspap.com | bash -s -- --upgrade --insiders
+sudo apt-get update
+sudo apt-get full-upgrade
+sudo reboot
+```
+2. Set the "WLAN country" option in `raspi-config`'s **Localisation Options**: `sudo raspi-config`
+
+3. If you have a device without an onboard wireless chipset, the [**Edimax Wireless 802.11b/g/n nano USB adapter**](https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wireless_adapters_n150/ew-7811un) is an excellent option – it's small, cheap and has good driver support.
+
+With the prerequisites done, you can proceed with either the Quick installer or Manual installation steps below.
+
+## Quick installer
+Install RaspAP from your device's shell prompt:
+```sh
+curl -sL https://install.raspap.com | bash
+```
+The [installer](https://docs.raspap.com/quick/) will complete the steps in the manual installation (below) for you.
+
+After the reboot at the end of the installation the wireless network will be
+configured as an access point as follows:
+* IP address: 10.3.141.1
+  * Username: admin
+  * Password: secret
+* DHCP range: 10.3.141.50 — 10.3.141.255
+* SSID: `raspi-webgui`
+* Password: ChangeMe
+
+**Note:** As the name suggests, the Quick Installer is a great way to quickly setup a new AP. However, it does not automagically detect the unique configuration of your system. Best results are obtained by connecting to ethernet (`eth0`) or as a WiFi client, also known as managed mode, with `wlan0`. For the latter, refer to [this FAQ](https://docs.raspap.com/faq/#headless). Special instructions for the Pi Zero W are [available here](https://docs.raspap.com/ap-sta/).
+
+Please [read this](https://docs.raspap.com/issues/) before reporting an issue.
+
+## Join Insiders
+[![](https://i.imgur.com/eml7k0b.png)](https://github.com/sponsors/RaspAP/)  
+
+RaspAP is free software, but powered by _your_ support. If you find RaspAP useful for your personal or commercial projects, [become an Insider](https://github.com/sponsors/RaspAP/) and get early access to [exclusive features](https://docs.raspap.com/insiders/#exclusive-features) in the [Insiders Edition](https://docs.raspap.com/insiders/).
+
+A tangible side benefit of sponsorship is that **Insiders** are able to help _steer future development of RaspAP_. This is done through Insiders' team access to discussions, feature requests, issues and more in the private GitHub repository.
+
+## WireGuard support
+
+![](https://i.imgur.com/5YDv37e.png)
+
+WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be considerably more performant than OpenVPN, and is generally regarded as the most secure, easiest to use, and simplest VPN solution for modern Linux distributions.
+
+WireGuard may be optionally installed by the [Quick Installer](https://docs.raspap.com/quick/). Once this is done, you can manage local (server) settings, create a peer configuration and control the `wg-quick` service with RaspAP.
+
+Details are [provided here](https://docs.raspap.com/wireguard/).
+
+## OpenVPN support
+
+![](https://i.imgur.com/ta7tCon.png)
+
+OpenVPN may be optionally installed by the Quick Installer. Once this is done, you can [manage client configurations](https://docs.raspap.com/openvpn/) and the `openvpn-client` service with RaspAP.
+
+To configure an OpenVPN client, upload a valid .ovpn file and, optionally, specify your login credentials. RaspAP will store your client configuration and add firewall rules to forward traffic from OpenVPN's `tun0` interface to your configured wireless interface. 
+
+See our [OpenVPN documentation](https://docs.raspap.com/openvpn/) for more information.
+
+
+## Ad Blocking
+This feature uses DNS blacklisting to block requests for ads, trackers and other undesirable hosts. To enable ad blocking, simply respond to the prompt during the installation. As a beta release, we encourage testing and feedback from users of RaspAP.
+
+Details are [provided here](https://docs.raspap.com/adblock/).
+
+## Bridged AP
+By default RaspAP configures a routed AP for your clients to connect to. A bridged AP configuration is also possible. Slide the **Bridged AP mode** toggle under the **Advanced** tab of **Configure hotspot**, then save and restart the hotspot.
+
+**Note:** In bridged mode, all routing capabilities are handled by your upstream router. Because your router assigns IP addresses to your device's hotspot and its clients, you might not be able to reach the RaspAP web interface from the default `10.3.141.1` address. Instead use your RPi's hostname followed by `.local` to access the RaspAP web interface. With Raspbian default settings, this should look like `raspberrypi.local`. Alternate methods are [discussed here](https://www.raspberrypi.org/documentation/remote-access/ip-address.md).
+
+More information on Bridged AP mode is provided [in our documentation](https://docs.raspap.com/bridged/).
+
+## Simultaneous AP and Wifi client
+RaspAP lets you create an AP with a Wifi client configuration, often called [AP-STA mode](https://docs.raspap.com/ap-sta/). With your system configured in managed mode, enable the AP from the **Advanced** tab of **Configure hotspot** by sliding the **Wifi client AP mode** toggle. Save settings and start the hotspot. The managed mode AP is functional without restart.
+
+**Note:** This option is disabled until you configure your system as a wireless client. For a device operating in [managed mode](https://docs.raspap.com/faq/#headless) without an `eth0` connection, this configuration must be enabled [_before_ a reboot](https://docs.raspap.com/ap-sta/). 
+
+## Manual installation
+Detailed manual setup instructions are provided [on our documentation site](https://docs.raspap.com/manual/).
+
+## 802.11ac 5GHz support
+RaspAP provides an 802.11ac wireless mode option for supported hardware (currently the RPi 3B+/4 and compatible Orange Pi models) and wireless regulatory domains. See [this FAQ](https://docs.raspap.com/faq/#80211ac) for more information. 
+
+## Supported operating systems
+RaspAP was originally made for Raspbian, but now also installs on the following Debian-based distros.
+
+| Distribution | Release  | Architecture | Support |
+|---|:---:|:---:|:---:|
+| Raspberry Pi OS | (32-bit) Lite Bullseye | ARM | Official |
+| Armbian | Bullseye | [ARM](https://docs.armbian.com/#supported-socs) | Official |
+| Debian  |  Bullseye | ARM / x86_64  | Beta |
+| Ubuntu  |  18.04 LTS / 19.10 | ARM / x86_64  | Beta |
+
+![](https://i.imgur.com/luiyYNw.png)
+
+We find Armbian particularly well-suited for this project. Please note that "supported" is not a guarantee. If you are able to improve support for your preferred distro, we encourage you to [actively contribute](#how-to-contribute) to the project.
+
+## Multilingual support
+RaspAP uses [GNU Gettext](https://www.gnu.org/software/gettext/) to manage multilingual messages. In order to use RaspAP with one of our supported translations, you must configure a corresponding language package on your RPi. To list languages currently installed on your system, use `locale -a` at the shell prompt. To generate new locales, run `sudo dpkg-reconfigure locales` and select any other desired locales. Details are provided on our [documentation site](https://docs.raspap.com/translations/).
+
+See this list of [supported languages](https://docs.raspap.com/translations/#supported-languages) that are actively maintained by volunteer translators. If your language is not supported, why not [contribute a translation](https://docs.raspap.com/translations/#contributing-to-a-translation)? Contributors will receive credit as the original translators.
+
+## HTTPS support
+The Quick Installer may be used to [generate SSL certificates](https://docs.raspap.com/ssl-quick/) with `mkcert`. The installer automates the manual steps [described here](https://docs.raspap.com/ssl-manual/), including configuring lighttpd with SSL support. 
+
+Simply append the `-c` or `--cert` option to the Quick Installer, like so:
+
+```sh
+curl -sL https://install.raspap.com | bash -s -- --cert
 ```
 
-If you haven't [added SSH keys to your GitHub account](https://docs.github.com/en/github/authenticating-to-github/connecting-to-github-with-ssh) you will be prompted to authenticate. If so, just enter your GitHub credentials during the install:
+**Note**: this only installs mkcert and generates an SSL certificate with the input you provide. It does *not* (re)install RaspAP.
 
-```
-RaspAP Install: Cloning latest files from github
-Cloning into '/tmp/raspap-webgui'...
-Username for 'https://github.com': octocat
-Password for 'https://octocat@github.com':
-```
+More information on SSL certificates and HTTPS support is available [in our documentation](https://docs.raspap.com/ssl-quick/). 
 
-> ℹ️  Note: your password is sent securely via SSH to GitHub. The above prompt is actually from GitHub, so the installer does not know your credentials.
+## How to contribute
+1. Fork the project in your account and create a new branch: `your-great-feature`.
+2. Open an issue in the repository describing the feature contribution you'd like to make.
+3. Commit changes in your feature branch.
+4. Open a pull request and reference the initial issue in the pull request message.
 
-### Terms
-*We're using RaspAP for a commercial project. Can we use Insiders under the same terms and conditions?*
+Find out more about our [coding style guidelines and recommended tools](CONTRIBUTING.md). 
 
-Yes. Whether you're an individual or a company, you may use RaspAP Insiders precisely under the same terms as RaspAP, which are defined by the [GNU GPL-3.0 license](https://github.com/RaspAP/raspap-insiders/blob/master/LICENSE). However, we kindly ask you to respect the following guidelines:
+## Reporting issues
+Please [read this](https://docs.raspap.com/issues/) before reporting a bug.
 
-* Please **don't distribute the source code** of Insiders. You may freely use it for public, private or commercial projects, fork it, mirror it, do whatever you want with it, but please don't release the source code, as it would counteract the sponsorware strategy.
-* If you cancel your subscription, you're removed as a collaborator and will miss out on future updates of Insiders. However, you may *use the latest version* that's available to you as long as you like. Just remember that [GitHub deletes private forks](https://docs.github.com/en/github/setting-up-and-managing-your-github-user-account/removing-a-collaborator-from-a-personal-repository).
+## Contributors
+
+### Code Contributors
+This project exists thanks to all the awesome people who [contribute](CONTRIBUTING.md) their time and expertise.
+
+<a href="https://github.com/raspap/raspap-webgui/graphs/contributors"><img src="https://opencollective.com/raspap/contributors.svg?width=890&button=false" /></a>
+
+### Financial Contributors
+Development of RaspAP is made possible thanks to a sponsorware release model. This means that new features are first exclusively released to sponsors as part of [**Insiders**](https://github.com/sponsors/RaspAP).
+
+Learn more about [how sponsorship works](https://docs.raspap.com/insiders/#how-sponsorship-works), and how easy it is to get access to Insiders.
 
 ## License
 See the [LICENSE](./LICENSE) file.
 
-### Footnotes
-
-<sub><a name="footnote-1"></a>1. If you cancel your sponsorship, GitHub schedules a cancellation request which will become effective at the end of the billing cycle, which ends at the 22nd of a month for monthly sponsorships. This means that even though you cancel your sponsorship, you will keep your access to Insiders as long as your cancellation isn't effective. All charges are processed by GitHub through Stripe. As we don't receive any information regarding your payment, and GitHub doesn't offer refunds, sponsorships are non-refundable.</sub>
-
-<sub><a name="footnote-2"></a>2. It's currently not possible to grant access to each member of an organization, as GitHub only allows for adding users. Thus, after sponsoring, please send an email to sponsors@raspap.com, stating which account should become a collaborator of the Insiders repository. We're working on a solution which will make access to organizations much simpler.</sub>
diff --git a/includes/defaults.php b/includes/defaults.php
index 52b27276..3ba8d848 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.7.1',
+  'RASPI_VERSION' => '2.8.0',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
diff --git a/index.php b/index.php
index 994aba5b..238f73b9 100755
--- a/index.php
+++ b/index.php
@@ -7,15 +7,15 @@
  * Enables use of simple web interface rather than SSH to control WiFi and related services  on the Raspberry Pi.
  * Recommended distribution is Raspberry Pi OS (32-bit) Lite. Specific instructions to install the supported software are
  * in the README and original post by @SirLagz. For a quick run through, the packages required for the WebGUI are:
- * lighttpd (version 1.4.53 installed via apt)
- * php-cgi (version 7.3.19-1 installed via apt)
+ * lighttpd (version 1.4.59 installed via apt)
+ * php-cgi (version 7.4.25 installed via apt)
  * along with their supporting packages, php7.3 will also need to be enabled.
  *
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.7.1
- * @link    https://github.com/raspap/raspap-webgui/
+ * @version 2.8.0
+ * @link    https://github.com/RaspAP/raspap-webgui/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/
  *

From 5017fb16b9b1248703449031583cf34ecc4a3e6f Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 29 Dec 2021 15:36:22 +0000
Subject: [PATCH 290/300] Fix merge conflict

---
 app/img/wifi-qr-code.php | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/app/img/wifi-qr-code.php b/app/img/wifi-qr-code.php
index a36966c3..acecfe85 100644
--- a/app/img/wifi-qr-code.php
+++ b/app/img/wifi-qr-code.php
@@ -10,11 +10,6 @@ if (!isset($_SERVER['HTTP_REFERER'])) {
     exit;
 }
 
-function qr_encode($str)
-{
-    return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);
-}
-
 $hostapd = parse_ini_file(RASPI_HOSTAPD_CONFIG, false, INI_SCANNER_RAW);
 
 // assume wpa encryption and get the passphrase

From f6995ba2394adbb02e09878974a0bd06bbd7c9ed Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 31 Dec 2021 13:05:11 +0000
Subject: [PATCH 291/300] Update default value for color-input

---
 templates/themes.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/themes.php b/templates/themes.php
index c5a06fa4..0e5d7fc2 100755
--- a/templates/themes.php
+++ b/templates/themes.php
@@ -17,7 +17,7 @@
           </div>
           <div class="col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Color"); ?></label>
-            <input class="form-control color-input" value="#d8224c" aria-label="color" />
+            <input class="form-control color-input" value="#2b8080" aria-label="color" />
           </div>
         </div>
         <form action="system_info" method="POST">

From 5fe58be79e726f2458bb2398ae2b977ed56343fc Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 31 Dec 2021 13:10:09 +0000
Subject: [PATCH 292/300] Update en_US msgs + compile .mo

---
 locale/en_US/LC_MESSAGES/messages.mo | Bin 28395 -> 30827 bytes
 locale/en_US/LC_MESSAGES/messages.po |   9 ++++-----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index 45eef151276bb949578630c04ffd1b7f061152ec..0fa65aaa5914a0778009fdfa50703b50a984eb90 100644
GIT binary patch
literal 30827
zcmeI4dw^U;nYRxi+!7K93HLw_w`7K7CX<9q7(&QoCYK?Z$&g71HxtfupP4zNr%$I(
z_e_S!{icF`ipZ*~D2O5}3W|WDpMb2c3y7`?x{9FgDys{~f{J(d`Bl~F?nyGb?Dxm_
zPq)@QRdwpr<*ll>-l|jKxq~LY$K&^wJv?tFyl{Wdn>@kuK5&>~J@0G2=QY58hI#lZ
zoC<?uJP)r|fV|?p3myt@h5Nz>T=-$QmhgAsI(YoCo_7!|!O8G?cqDu`+!Njd4~F+a
z<@e8UANXT<2>dxz{@!t(Hx29uJK&LU7Q6^5-z(q@cq5zwZ-Xbmd!Xw7G*tfo4v&I=
zgsR68$6KBPRo;3ixkT^?c%9>IQ2BfjDxW7D{|)X%_z&*+9u#^2;RB)C;X}2*!Ns2r
zy9uv>YS;T6KLYnAd^ePQ?}M}9BQE|07ymL;zJGwK|DGgLy=TEy@D#WZUItZ<Ps9D-
zqi_;@0*=6Epybv)$EG_UDxZrXBKNL@7r;B<UQmNV+#9Mr`$Nfl7L;60f|tW~sPZ0z
z>aVXuwdZ-L`n(ADfq!)I6B|8m9^q+F{kaq>-DXJ9ULGC@Z-Fb}olyPrGF1I1pJ?lG
zDBP3qJg9cIK-KqjsCu@+{opxp61)g%+--#_?@D+Ld>7ms9x~THKMF1)ya+0O08WN^
zcsRTS(iPs#Q1yHW?hBuQ>YwjGvh-eolJAi;R`Od2)t(jbXm}&kd!KOO&qAN@x1s9y
zD=2wRY_j9;5Gc7f!^!XrI0bgX1#lDe_VB#7!ZO~sHGAG?pf{gq;68W;oZRAh=fY07
z7~byq1GtUw3^G%HT?bW<cfe`zR(K%17pk3)LbdaUQ0>^4K`8l7gKF;_D0#KQX>bEn
zx&2V>e;BGA&q2+vUqH!g0>an0I2<b7X>d9`7pguvI0?QPZiClD_0#X5`rA7RnSn`A
z`5gciKih>{;6a2}LDl<w=)(+DyRU)D??$Nhyc?>#yWsxtvyP9#*@T~hs_(BI4?fw3
zPlkxb+vvjAL&@z<sCGRDQJLOPpz1gA6kFa@sD3^k&VY;HA#gR69JfHpVVjG;5>6-l
zUa0om4IAM7Q1kjZsQmXh)y|K}Q0b<@L*Nlm`7VHJXFF88x}n-zhN|~f?)j}y<KQl+
z_a1_(&y!H~eimw8{wGxb{?hReP~%}A2A#?|2I~1dD0we-;WMH7XAM;QH$(MH0#)A~
zQ0Z@iD))WR^ba)s1Et3wg=*)sQ0@6CR6hHkX5}>lD*pz@GobQc4_PX_2p$IC4%M!Y
zLCv@Op~`s-N-p1o^Wck6`5)eD^En2p9gCslwFaub7edJ=2UYI^R6Tb<joWLW(!CX`
ze(!^l)2H0?hu{vv4@0eMr=M=$KM(qZ`=H9b8g{~4pyc%<sPbNbYR{`s_1a?zvV{jh
z)&DxE_Pqlt|G$UQtDlE@?_sF?o`M>8Ps0%Y+{Ld$$teCDsCHcJc!`UD8&o@Qg&L<H
zfs*T!kSx6KL&@XNrFMMzP|p{_Mz{>lg%`W$w?NhF<52Z~5UTwTL$&u?Q1$pB+z4NS
zK5ReJ)*}lw4<o2@Z-8q5%~1K?2KD~E@Cx_{RK9J?Z2i_k)o(M@Jj+3)ABKv*&hcib
ze!Lw@KA(b0|7ECo^dwaJ=b-X`5vm@qL)B|yo2}0jsQ8(VjZp191?s&{sB$*I6X8X0
zCcMG%<4|(?3RFLS9qRq>z=Pon@NoDi7k}t-TkeTa^*s$T)V+4t4KIZ&;gfJGoZjwv
zh{!t@E`xor6Mh5+@Fmy<*L7I?<%4hq;h(~5;9LT|@LsqXP9$@clYt5R43xZPud-YW
zCC{^<%HIq%Z-$`y;VLM3+ysw+x5DG$=b`d>4(<(Kfs)_rQ0<?v+P*gv8a)A(?hLpu
z?0}M27gW9(sOOi#h45N98-5NR3ZI9n&+Bj>xDP^^2oHd&-wddB`0z-05<C|6z;!Tj
z;m6=S!asAIewNL58Pxdcfy#d~R6hN%1zrUofcHU_d+{1uuh{W=sQ3@T{ooytspx$Q
zD!&&Ue+4HH{v$kj56}AxY#@9xotlT6q59$L(1*`Ljn_Xx$zc+mxi35xDm)jih3!!7
zd?(a+{1KcCUxRALU*MkbND@izv!LET8LEC=Q2Ki#RQ@@r{w>1}cs-m2pM=WyMW}xL
zEt~?U^jN#@NH~>n8&v*1@F+M4Rgdc&Z-*-HOHlLcX{d4Vs^gTiZ9WZ9`JC#w4(>&G
zz&#&=2M~TUR6A~jYX8kH{!U2Ky$7M%wfB0<1E9v+VNmj&1vTF0x%gfee?C;c15ovk
zq3V4DTm^533*j%I>Twj4PyOEnC&5$U2wV;&w}+t8eHAL7XQ0OEOYj1C;0D{ioMRCl
zMErI*1Kt27-w(sf;XP30&EIJI>olnLtbr=$T&VgFy7&T|NBB~x{`?21bdSS1@cZyU
zIN=<tm!?DY&-qaGAAzdJ)llQ<y-@A^093!+>7IWQs$O4q&!2<`6aFq#c`w0h;GdxS
z;i^sc`CH*4!XJW)|29;)--psGKZ7Sg8N;gQY^Z)c6{>%h!4u(y@DO-Cl>BamE8(Z%
z(eSrW?;U!c4g1h1d?r-=E`rlw0Uipkf|C3Dq3UxN)VRMNE`X0gkNNy-SjPLC^X>j2
zN2gL{Z`OrYAB;eX_U?y^;nX)-u7cYLUjfx$uR_)1_fYkigfdrqXF|2J396l)Q0*u|
z$@fyI_P!e)4nGF<{v%N3ehVHA=Wem>I18$M=RnCT4`;z^q0)U6PKW;pRiE!c_4j{3
z)%P{1ehM$L{hfo-gTqky?SL8wH@WZ!pz3!YRK33nefSNicE19Z-*2JX^B1V{4i4<N
z_8ptxY~owtEEqUm>3ADlK>VXF{2G+pruW%)&4<Sj?uM#g0jj)9p!)fpP~-eVQ0@3E
zlpLRclEV*O{7X>snV7NdISe)sJ_a5O&w|Q-2x@+eK(+f)sC=)3%J+j%?Ysx7T@OLc
z;~zuS`(^ihQr3=xgQ4D=4OO4TQ1xC7_k^3E#_0u)15o23fhy<iF8;kx^1j1`KLOQ0
z4??y7aj1TI9;&`CK&AgPRJnVFu79BF>qF`BCa89<hHB5*Q2A_!lGhbb`QPk#7gYXV
zg2%z9;bHK1Q0+RX-_EyVpvsvKC6^^|9y}K+|7)T0c{@})?tq#%4?@-VYf$p}9+VuO
zg{tQZa3XvKD&4Q4>bKW`mE#dm&u7COa4tLw-U;>oSD+7{f-3iyuoF%gwDMXDRbDSt
zdp1MWYX~OrGPn<X6{>x|hsuAS$c~#6px&Dc_lB)da%_W$$lK`Rzu@A(4AqWj9DnBG
ze*@KyNf+C3dH|FjTMU=Lm2h8pHPraJ(LKKvHWI!Y&V|po=M%Qtdd+~U|8Y?5p9?3!
zrBL<ggd5>`(1-Ux)#IB`^YCe?a$kpPzn8Q5PJw!VCcFa9gUa`lQ1$y9RQ(@^`@!!)
zrT>YGf7Q_&vi&#}N^VC$rEiAHXEB@t&w|STT)02XK-H@NCI3+u{}#vhK(+UFsQ2!N
zli?%qMEE3}314@dk+*VM0M(DDLA}2WO8@ji&C|%mUk#@cz6GkjABCsEdtf*GIa~=B
z$2Q&N@Jzz*fXm=huoE6ou=|JeU>D&pz*TU+ZFc`~HoS)L-@#ruv&a~Q1*meq0X0sK
z=8xoclj9w5I^hT4RQNd5y!lsn0DKur9)E_?3zJHA|8N3SK4(G6;X)|+WuV%hhkEZV
za0a{?D&1XB{c$gpygm<=?>F4@U%-Wg{|nBB$CvH;wg##`8K`lZK#jj0P~}_!r^6ee
z^vZ{!^!FFxI{3T`&mXq>X1(L(Q2E{srzkyC{*OcD^DWo{Uxp9BStGXGXQ0;IA2`0|
z;wNvn{d^!igXc#;<#(>*MQ{S)LAVFptUvr#!jo{TZP06S@h20$(#5?6{wHo8uFu6u
z=HGJuVcwyejlJrkDmZ~>hY(^JGQWT0ujH~A_kVDb!JA1V85|9pp?){u*5m#OcO>z9
z;WW<ldlA<_cp*-|Z7^|u^@V;P$1T8p4#yPop1_?&nm6G#;va!Wxpy8Roc`!8BY%ZE
zd43!0g-75%kADq30M~>6VB8k`?}fj?jpDWvZiUyu<Kf@oK88D#@GbC*xb*j!^OSj}
z-v$fsRKm+#+)czq_?vO+*SF!mg!>>)zfqU&G{-&Q^|*eV_K6zHKf#6g^^<MZ=KKmD
zgwwp&?-Ja*a80=5N%QwG{r$pu?u9<?a-N^!;?}?iarfcw$Dty;bv0!a@LxgP0(gy!
z&k|mb|NT(EKjN;!%^_|Ow&C=fMR+^z9X9Cw7QTvWA#QKnTKu=-`tbi>cnH+*Tnq1N
z!k@r@C0vU8HU86abMY^So1lI_z-93N7*2stLFtoW+;cen4kZ5V@M|W7EkW4FWpVo5
zjQbt#Y!}`WUg-RriGLQi0(Y#7n*<LeJO}q@+}$|+-iiA!-1)evq`3p?hbr{`0e2N~
zpMoto{Q}%X+;#={eHypW`1sBT|K$8H!Bcqmblg|)zwF{W;4!#Uar1He@LazcxP6VU
z`sX3MhwC}+A{YIy@aMS0i2DFs>Eh?Pd^Qn22bahF#XS>bf9p4qbZ5aBcZ_@IMEv{X
zzK_%ISGdLQ+4K0{id#!Kg1^Kqch4TczX<<%xUb?rAAT9$i0j6k>(WU#>URQe0&$nQ
zc*U)D{%he5MesWUw}kM&!~NiQ;TbO7#c+S;pG$lruH?day)OK#a2L3^9gb(hgK+O5
z&7rss7vF$?2>%A$AMkI(rN7xOjlu!`W8vfO;g8@^xRMKB%JXITFLmK1a0PK^!>e)M
z#!bduhtuyHxT(g6UW1*u|8U{sc<%-L596N1{ocj@6z<D2{r19Li)$r(8VqszEw%7o
zhx#6_-$!v5;hzcLrwD#;!c8OY9G7MQcH`QKFS<CT)31^6dGKKPFK`CD9X^eF2B%*y
z?or$;xbNWlaUa2LB&~iq+;PUoehu~zKOHv{_hG`5;Wyp$%ivwOlW;%7-GkF_Zws%T
zwEE@XVb<#ny0{Y^FLv>J!Y=2(0Di{#g;lt%xJ%qSpT&PY?#;LXT%P!M!`j~>0<XD<
zFTe|N|LDSBcN8wi-B}Zk$?JQB_rp!VO~d^VcZDnallZ+QeM>ughEMXt?ZHqX7q%{$
z-?!9nX*U1!`-1FXoRpd~@sPJ9DHY@Vz|!uxq*N~CZ(7mg2boNmBz_@|@}<NN3WYEz
z`a$B)Syu@2bDI72K~iYz@w0K5`1!cxXUfH5m@nl<{iIwd#6@D_d_K&SqWpkgij^k^
zg??9%@!PW5B6$<+_ItyUQY3yuSDX!p{A@TJWkSDDD6}+sZGCaM<Vy0|Y=wGMA-_8q
z3jGE$AQ43j2c@v$@m0ff$UBpZs8KcEhE=crXrNpSN>Q9Y)88-{CH_d1%lTBQ6j1Tf
zVCcu>F<i(uxp$JVsCqT0nW<4hO-^xs*DRJ~XwlNK87-M_BK@)Xg?`8C_8vbM21$rm
zvi|a1oY_hl_=7?zEc%^2snjYG<5^bDr_!Y;Q<H^>Ef?s`Fc|VXx_eD=VNvl`@Y$g#
z?-zn38HtNozg);7KV>!?<TEuM-m|^qwdHd0h#%z{G-`U<wQ)Z2`{SaY#B_&i6EVej
z$Ow_13XA!$<R?*9vimEU@QQsNW@#)!$mvz8W$NFH_*MTxf$^0Y4Dth#lL<wIQqY%U
z5Eje&tJ*NkOv(L0hEZWsRU1+&g+qmOP}=_9ux`EAwww4(Q88Rq4vI)-H%|xSQc{Q+
zUb}hbI(?UCalzkRVMLE#77xcOibs`_%8c4P<G_q+uWd}QrXO8=zf0(Mg{8qb>n#tG
zC}aOt6E6<~I@-!|ILLX+qY{%Q^vvkYMG5_yj*sQVC_6ycA^IUky|+`?XNrY+^;5Rl
zUr86OMg!$Fhl9NOdmcH3{%Bk-`bDOESe%2(af5V#k<;F@(O(+}S>xG22YT%qsX4Db
zES4hE7zRXbfLfa&IA*f@{ZTIT+RgZJVETtcHZHIH2IDxPR(_vmplM^F7!Naii`8dR
zpR`ruUD3HHv(=xoK8*5FDGGAYCE*+?JVqjltXLE6Ta7SM2)0N^@?MZHIgLOY(|i)5
zO%4evH#2C4bRKWtD5Io5vh$spXI`Pt{gsT<kswFyjl%OgJ5t};cp&v=s*>^>3gtdZ
z^S6ehjebMeJkac_X0=^&rkGZ%v6X(y<d8{L615GOohzNL?3Vh?&CR|-^Gz^SZlz$L
zS~<xutwUwF*owCLD;Ts!L1Z*GT(VZbcL+6H7>x7i_>H~G{St#TETVWCT@oqm(jeVb
zAYqg#=UAHtnW!T{G4#9I+8I1X)A@+f4{{^HXyW(LttcQS2yG!hKhgL@vAVPpC++mw
z<6KOy)-DoAShX7y<tEOUNQR(GgC<fDR$fEF_AUAH&=#~!Dxw$_#MFxWncGAcm=+sI
zpAGwia;{`%1#d+|<snU-g)J?oHv66ZzEsz!&-`hbXY#M4*JuhQbi3xF!z(_&!z`($
zZd#9N{f0PwtV);(OY$T(jV$L&#ZkXqv$#FB0j*j7P?-sj5c_gLeyi$G8i}Qgivf8S
z$)42)bshMUajvS++$xzq9}4ni`eD>-w+4e-rQO1xv^trckT_9Q(p3jf#nK3dgD9tw
zv(u7avoO;@R0*RZ8zqHYFiPwDLe?@wMSEDMsuNvS3<8bvNYAXtZq+e<JK3uWk5$#v
z%9^I3BBNf1{`x4%epHel3`u-MCWC#kR*{aN6!_&N7zk^;h#$QXYjk@ZuKQOZNXD$f
z)CSYa)KnvdVHMj>Ks~7~qs&jluSJ=mZmd4K2A-0RYxIZKU7I+_kNP8nQ7KFcERKGI
zL1KC{=t~;Sz|+80S-uo>GnL4ND1D2a1f9lOy)jno&az?#O0W!^az4w9R)#XA9Q@K~
z0e^(VLVtCb%P~GQt0~%ys*Wfz9c*V3oruvAXSUFwEkR~$I!4k|6;0?Okh$&ln&FrY
z`^p0hQpBB4hJs|<*lMTN5N50~IQz>QtZ7mvqgqoe=kun+Tn<E6qGFRGt!bn=VJtKa
z#6AqXtk0Yax68VYhC_`OGKmNf-Om6jW1=CXcqoYUMr9q!1$0Sjs&&L8`J5KS6=qen
z#-D7TlC0UP_2V9|WXAO&FO8mFYc8%c8Yq3gA~^R#rPw4*;Ra#lK^l)B2P6vjVj*Nn
zbbhx$x)8&PmDMUfGmLrD*4xc3^hh)ul}4M>_f1=zri}V!9{3}ynCaGowy@DL74kI|
zi{Z917QD3qgKUC|L^sKdHp4om0!4o~Dwfbc{s8MK6Hz;(W`B7qWUDF$0wtxRj3GOO
zLXOx)&0|YM1w&@Ix~7C9NrKHnSDF%nG73euxb$1vRr64AVL;M(rtL$R2U(L^YFFlz
z84rP<HM)ZV64Cn=k<podO90V8K1RQ3X4`3q=489aEXQ_`=F@;p3SkD@fx?_!WQJtM
zZ8>}`(r>KPB*bu&)RB3SrAH%6io^D0QkhefX!NZ{e6Fk!pBr^TAFV8RZZ8?+k{JC+
zW)Zzu-N0yXWb?%=G*+W4<qcFBwSk~&mU~KJ!r3b4?6O#yHoMK21~RF&h9K*-cXy{(
z#(Nt>syJF;d+F8(bazH;rWv4q36&D&5LRg<4D;z2mw9Zaf#%hC8EYb0{pgH|)XMm)
zGm7?9Uv%4u|LKcK$abHRMP=h6T4i@FLdn?%GX%zOTqZS`vc8&F8T-;~MqE;h8?;8O
z$Y&*~>P}cO=6E7q>4;#>&<JAZ==K)rCf8e0ETSHhU|5-?6;Deyn<itl%g{@$Qf~!X
z+NjA^ifu}F&o!~V_E?}cVVbo)$k3Bq8SBXg8<NIKjE3F-^C4fUO(hNMa;P;>%7Ia$
z-H5Zf*nbZNjaD)BJG0;Jd>I_u=@m1Y+<ek3(P0X6y;$OLffxKz#CB&T%0}H1+h=~(
zu47~3*<9`#ZPy<JUVDI0^O}1;V)iNN<}h7cWXi7SZd<-~MTb`#w{GQ1!rQ5ky3N!6
zuqqq`?+kQi?B9}$Ufazfh2Jn71^x!qi00GAj-EzUMJHSwu4J24B6{0fX;zSYX4G5F
zhR^)*dwV-Oq%-@9thO1JU~hG58W~?(50A$h1xnzeQ=>pprfsQb+=YF$J5^ZCx`N$d
zQJG-Qq^y|(#^OsyrZM{}fjstrmLn#R+rygCG(Q<l=4Y@blKG5PuXCJa&f*#Od5|?L
z@3_wgX)^noai2#8(;3l-fmvy(7>6_CzL6evj8|if=yBg2&TGLN_wfibW5AsBbV`Nv
z>)@#3^J@yMiS5={ttRS~S(UK(CpD2l4h5fOp~GCOiDtm;8dEORq%is`%5&-xNrcpi
zzS5#<PE=!;nGR(-ZK8COP~FdB_hWHuk;`clv2#N8&(2BKgkhmAhfea=<W=Lf9JH0S
zT}eIZ{zrP0UDD3ciMLiqnEnRon6=SR#2&&e5$-tIY8<4L+A1VtH+eQD8J3@?Gal*Z
z9W9q)E9bK#QI>7KHkl=!X<OOD$+GiS4>5>vretaZ+L)?&qOcBsd`_1N<&wu4ft;UC
zmadv(=`OeNX3O5ka>5?n*;QUwI25xt-pDCI)tkj%Dsp<(75AwG?ec2<zCG+16V;ol
z#;!PD8f2b3?mW@E&9RTy?SyD|PDvU@Qg}xy2f1Sc8e+!uLj`08y>1Svj0WnCU4`6|
zq`jXk#8ErG%*i-iOES|CSk*Qh-7%!}tVVX#$lh|FMrl`&Y^_F)IkK_?P8n3RG}^e*
zYAI#AS8cXwsv4}a)#rhk2-S*K<^|PWm&1;5=h|Ze)ejX`9_#X$=ppBK#(*95Wy(6M
zau?gxTW3Egq}*BIyT^)76~5hFF<!M`vqR@@dbdVWZ)X>0QpK#-)4Rs&p`wMsA~VK#
zbr$dSX#b=?e$DXi!7xI%=&WxmQ<S;F6zz%p_3WgzZ}iNp=qZ}-AUf4kQCbVreR=KK
z->%1fyx<JKagX~*Qghm;P--gL!@iy(+L@y`S=IfONpB6B#N%lx&cr#-875{-aN<<`
z3}fas+N?H#8dZ&QUzONdR2#!8I;xR`g(a;)i#aYE@7%Z9TOant9N4c9Ga&->yOyV3
zKDdl>BvK9bux|`YCc^Yz7TYA<fkw%ou@vJXr;V5_JK4aMj~^ogEmX#>CVInZkyMM5
zrQ3kiey>n1`#Av^gw+G(+JIU*_6V7$>`Lt4R70!oLovf-eaM$P>ERkZv7VhWD_)jO
zS(x$r%Xv1o)J4mZJ#OJRvVAb*ynsfVG(3`$z!Kvv+EN%SxGjf!V@sM#dTytN=p<V(
zU)5?qYo&4NhYf{Mp%h@wT)g%4li%J}+t;2fG4rQ-5{c-wS6X09h(!x)Pa}I-psKRy
z)j6=)N1eSM`D2fp^JDYD!OanMkX>HYK9kn&TD)FucC<RBo|=5!BYTR~%Sjn+NY%mE
z&4pQg8k%E1DmIdnNm=>mqoQjjgG;N(N?OiU)799$9hd<hk{Qc9gISvq^hVA6NTb;2
zrQXUZDoar98FguUfiuElI;-8G1Nv8mjQOHwgl&{db?cVVNoSFhn{;7A(HH%i1<_BJ
zuHM0Tgp0B9NV?1;>>Ud(mDbp?@KPOS>NJ5A<&rUxdfBz3M%SXMbDj%qbJl_j>N{tC
zpfqS6E8D6BG^#n38RU4CbMuDww#J%=9Dmm8!r*`O*(0b?gPC9_Em-|-;b9K)CAoIY
z+n97Iu_1j7w7$wvaN%_8WuK<=#D+!~2`x6Anp<6;6(`%Ov#07~IBIeuQv1wUXf9;U
z)!q_Yy=uJ(*lOXatyRr_(7aKt6HhcADz-315#?%GwF$i5niExjqy6aYr?yRd?F<;3
zG?6UPI~AGK=EKoAcN1zKvO_L1S?y-Rg1S{q3HQXetAPaA9giH7#%kc1J+w|(?GvQ2
z^NR1H($!u;wpiOoy$#60nY#99!k)`izGf&R7Rt)WmpK(fr#726)6Y4ToxQo15X)3C
zc9E>t0q#H81I=`EA^pndykt<S*`CDM?9As&CRVCkc&=*^*38kcL7f*lh7K!VT{urw
zRr}I$ty-Bc`|cV5L5>gtTs}6}C8V@9y3BmnAoy#ISFLD2|CgC=79gn!RCB5_wM~~n
zNUVmQ*^;GdnPOZ9PB~Hg#4SQrhjXPR-=AtQqr}7N2(C!M?1;zDi7c9=f75()VqiOw
z^72jEHl<6PT_`x)+1+=9aZAV!W(p>ov;?Q~{vUF)N5E-*uH|p6R{6Mzp%CYW|F^lg
zyF=-9jOt|~E4&`$RxYHOSB0v0O||q%^%jRlQ_aY&HIn>>6OzW=2$+#HURPxqPUiUj
z4T!m1&?gpqw$Ha1jM1C|SVY?BGYc!~(G@#p0NU-QGdrv$?5gb6V1FRYn=b%lYV5QB
zWp*XL!076W1ZJDh2Mm2bbTXZ9BlGdt==8&aUE?(`E5@p`q4nXjy`$0z>BKR`aa1=P
zks-6v+n`Ta{UP_iQbW2nCbgwaoQ?!~WN6rz6f|~+-;iBC)aY%nhu{?>MIZmUd@;Yk
zDac0qrHj#><<lT`R;9i*k9019ZO1JMw>(vCwT=0$I@G9r%`8ElU5U_WBY4&0bVs!-
z><~<!s8jLpa<wWU(wwYvHee2)z0_mOr9!$Tt;CwI=`yMLFlxT)dz;$2wQz6hX)`-m
zyD{9w)?IA!J7rO=t-C4U;t9ji_M}cgYjz!G@zg~PZ&TQp>i)h6t>(0UZM^R7DcrPb
zW2d(%S{a!?Zs$_#uUzyoTe;Qt(6S<HcRXab{_d#5eB0CtWxikAbK)#n>OxDJ#Kro3
z-1>9hjZsR*l4@{a?MApD<j>I-2(`~rQc)6f8pp|R%%|L)yVhL<9It-v3fS0LQ2G3`
zOU_KhBt7v_NhYkTjb3_SYFF~!-qq<^iH$0``wJI(_F46;OjFuziRlsT7fs5=Em|Q@
zI%$!|tkHVPwE`{?$cWC#P}V09BWb!>7ri+3A7l^6bs0@PpAQQWCoo*e+Fmg0zxgVd
z<qIL7>NsT2E^oB^qhiRc<|_{G#}v*T5Uxo^BSER;Hw<lRZ1xwm_^t*l=$PpwThP+d
z;ty?_rw@>vhS>z>Y2q(vUU)Lknmye&^wI??wPR9iYUg-o;dy31P#N1E5>SkpuvOK!
z8%w|_Vrph~d#NH$3rjQS^p#VJi_t4ho!O>ybl?)_TUF!c1(VoA(?LyL$v~8CT3#MV
znl{9({&L+JJwM`nhhuhD9!~#qm!!dE1AHXT>5}czNj>YD(vzAd4%Na|F7zy1(A2WH
zspTZUrKNSz$#W4}%cQkIQfe}4G8b@|{RT=%4`Q1(aO1PpCntMwtJ_;!Hug^H>g-xk
z+o+aF?HoK}cr@wLS}PZ<wwLDfX*0^7ZWIeM@{EleRyHlJrgJ*JiO+JePFq_2#eGp}
zQvI%R{jPD%r~1k%YW=P;7nFB%Ggw>e-Njc{rQJSF_u9LAGqyL?cX^L3`0ffLdi=6@
zI9^das+2V5a&i5xF$R}0zEeZQSjF|b#@6zv-!+zTQon0#KQYwr8ry$Vpq*d+t}%NQ
z=7zb6pl{Q<8eG3?T)%6a-esxZHLl+^))nviU1Ob>WUF>NONaY64C7r1c2{rH??JjJ
zQNL@P+UJO}e%ILiBOLA{|IItK=0Z#5i=_EJQ@?A>9c-B{m0N5KEq61se%ILkd)fM3
z<LZ@zG54=W(hu9*$gSTsuHQ8_|H!v~*O*Jw^}EJ=f=(}DrB`D3OsB(w^m|oJbTvv}
z;p=ye^>3Z(ca81GTKgH){4-4VZ~pmqEQ_V~8cqGKvHmMW^}EJggf%yp>UWLnca2Mx
z4}iVq-c9|karM6f!9SL*-!-n^H8%f|r7>4Mxm={Rwenqk>}9dtTvW9;GIbtRziS*W
zeFIl=?Va!XUE^@+m;qS7Yiw^H*Y6tF{PWlPU1RjJ{<~A|KW|yTYi$0LH}$*5{0AA*
Lvy=Z{ca8rWad?O6

delta 8213
zcmciGiF-}g9>(z%86+Yhro@;-B!ZBLnHpmjb0TIEVyH2Vx%6;pwT2o}SCML!Qd6m8
z2yNBSs#aBRDQ!(H<<e-Wsi<D}`<}f#*V8}XuBX5AS!?aR*Syb(=HK+mKj-5<U(9c*
zA!Yd(Qx4Y#8*`g{T)1kDxnIGUSbTtEuu`Nkp|}`b_!bt%1E@#7!a%%Y%QrBYazU3d
zT`&cU;aa3Cx7kgmEER{)7cXE*yo74-0T#rtipG?}(x?s+Fbo?a4VjKu0@E-WN1+C~
z1l7)JERTCo{hjveX0~M1aFI&R3dCR;%1PD%sD`GX8hY9K7Wz}pv)A`w5z5C<13rhE
z>1A7gA3IYHjB+NBCh6Y{A`^fkP)j)uV{p2yUu)|(p&HIZ&0s%j;AgQd-o`|1T-lf)
z9D{{$GETx-sFnH?HPC`AlUoghlVNbCCicZ{=#N{h9@I?spqBVc)QbFsn!rs|hvOKv
zwqz=5BJ)ulEk_M}gROrb<0$Wo;c?D~$+tHKS23n2<+9iY<4}h(8#VGpr~%}nFTRhO
z;ZF3&{r37{)PT;|>z7ey>LzMH0i5XBSSps`2as7wg>HBoYhxa&{yM7T+gKVOBa=0y
zt2%qw3?nGF!)ln0TG9Ea6<dRv$S&jsGJjzpmg8oXqupd&WLlw?E)#XgCZU#iA!-1t
zFa$SZEzCpXW6Uo&foy(tW42>D>zaloY8cZ9M`15qj}6e&bZm%O6y48}DM;pL)Y4o>
z4dfAOD?;O)!xo9^voUH0Ls2sriyGjosDZCQt-yBF)_#t<?-~}uzyxPyi(`<EPZ=_P
zT&RqCu&Q&xG`HmrsHIFtbvzzjI2|?cRj936huXp|sE!Vy4&hhUGZ;hpDr#UwSjI>l
z-*|6^ZztqGGuD<@qh7NEs2Q9?zADTkWaOqoqSIk4hEi^dI-H$Q6Uo3ZoPtGgo~>Vr
z#VKz`@B4q44Cl%mN4<vkQ5}@!B<fU0qh?+m)o>kD!yQpG?T?z-aMX+!q6VI8ujgS=
z%7;+TokR`j3c5A&dt~%F`PXswGRRsIb?PgkI%;g|+n|=byDj&|Vw5wn1Wrb6%>vYb
zm!j_9jOy5f-Yu%b`g`|?3Vr3CLCy3YYDSMy4aL-TmaHb0pxn}$hU#Dx>NT8&nout4
zZP|ose-CO!4r3f%M73L_9{aBb!s|IRsEJyt7O0VSN3Bc-YQ#fP1I$7l+Nr4f+^B&q
zM7<4b?e%T=JmsCJAD>$Fo#(rti*heF87<uuY>)F%OLYp>;W^ZduA&C^2WDd+FSBMa
z4K>5rs16pR&dgTSb30M(eS*dDC}!dXTkme&(7BL|n#myRI9ophHPhEnhjck=X%FHv
z_%&)pLio1P;VOl?9*b469`fB}2HETLQ3G3rOu%inkkJb4M9ugJY9J>t6)&L+8#Z<Z
z(g*b#4n%c46SV?!Q4KFcJ--fT;4W0V^%<=O*b+6s6b#b)pFu_sjItM|S?8km@^#eG
ztwp_-d8mdCq8d7h>fj=3Aitsp_7F87-zH9dF>54h!f{xL{!KG7>Zk)&!=6|UXIfXG
z_WA?VULHa<@CBB{b66U0+xn2EPRB0Pfa7hsA?l2^!*pDN?oMRxkZFr8n;Fv@=i+Sq
z8hc=Bb7KbJ2JDQ1Eu2G`hFXcE)^n(px`E!Aw{+f$VyG3af|_W3EQ3icS^vsp22i1f
zW}#-d6t$$esF|%tJ$L~1njJ&kcM-MJ*H9~Q3)OI7l5;%@6De2280?SXI2$#f+$7dt
zOS_p0o$?*1j`pBt@+p?Z@39iz#V#1p$|(;=eWA>==AjzCj5-^4QSJM(th+E6{qP`a
zAfLHy=7PQO2WrnAA=_yJ+BglgvL<5z>Qk_;55M&oOL+nNHwJg1mOi?j^VZZs9m-Tx
zhZz`%Q*GHji%c>VD^WAMiaJ~kI4N3*j;Iw#Lto5BE%hW+g9}hId<RS677WBsP+NKo
z)y@Uf*5zX~nhxH9x=jojHB=YNV<%LHBdv2#4X;7H6?;*8eA;>oHRF(uPCMnSb<m&s
zWYqQUsI5sy4LA#n>HVK#FU-fzT*yVuAm4fi11SH6T1r2bD+a?*^$k$<%}@;|qb87o
z8u&P5SIivLVLXmOSb$g0`~DXuGl`0D49111k*-8FunBee4q{)tjG9>sMl0K*wyYCs
zi3edQPC({oW}`avV}G?Jp;#DQ=vGHH$Y|tE?1k1CN4Yyjq8p3go2Vb5t;o4E`%zm`
zu&Xoh%BTS(pw3EbEQIY*15L5l`=ACiwkzY)4O6Jlp_+~AXa&y3ji@D#@8(>uhqWmu
zqv~g%R%{OHdm;y;aSLh-PhbR|#cFsLwW6->&WhFV&iZI39jK^)i%}15v*kVLqWm3(
z;RDoR4d!c6OB{t7Kq7`<Q>=x_Xm~wezzJmCDbAngcQK9fyQ$8f=f>UB`TM*v@{?>{
zvmV1N$^qQ1t(lBknHi{oEW)DrHtMi>P%}J^n!rQUgnWBB1FVGMlxt!sY=hpd?N3HG
zPDgD;E^2AlqxR@M)HhZh>cNj}{YhIskHx6Ji|RPAx3gklsDUS<+G~W`;uffW(vU;w
zHW^OFjKvr(Ohb)qjrEZA5^8CE`#9I@qGq0onm`s-#6_rqZ%1|bA!@6>K^@MYP!qX_
zVR}D8c&D_qk*EvtSRC7+X4D5`aWLvNoR8{YE9zA5LEZN;>iHw6ExLf3>F=nCJwm;9
zQT?2OC!qKJPbQ<iOhY|595tY+sFBY_y-v$fhwTmP1}sf^C#s|4w*Cjyl3%gqUr}51
z0JQ>z`#W1x5xxKZuS!M_G)HyZ7QK6f8gT}e!Lg{B&PB~A2erq0Q7d*3)xjxiK59ku
z$3p~!qb8JqdRv+eVExrWCo0NfAB@9^sD{^|8rX!I!9mnYeTy3C71YYyLk;*LYJmO&
zokJUny018DU{R<QY+$dq8t8WZK5tJ&c`kg4YTy#O@H(pFkU`F$PA=3+J&Wov3pJx@
zsDaJHY|KSXplG_Yf)S|pqfuuj3H4liHyJh93$=s;F%z?G{r9&1N7PL2Sp71b`%9o+
z&sdDb8mOi1iO=8=)Pz=}&eleI{X?uu+5H8X>SXTN8(f2(ktL#L&;qpr?NKxChZ@K*
z<V(y<LKhxG4dgehh__K4mmK1(Kn2u{tD~N8gfsO1cOavNkD^9+3N?ePsMqWs>H#f_
z>Wf+{p!PBjwQ>zm_a~#;>5003II8`LsIxW`HLzDPRPX;Xdtsf`gPQSv)PpBb9i7K&
z_zRZ9l0zL6Q7hF2wUue8=Lev^fU;1p=^R_X8nqHTFo^!mAzN__+fzP^Y_o|O#+!jJ
zV_Q6ht+B#z=htxv_Mm(XIryf@2>S;N>Ja9mR$}0@j#;RcnuQv`GIZ;;SVu-n`~hmF
zM^W$lX{?O5Pz{BTbY@r;3sFu$&8#s7V=Ah>bPT|WsHL8cT8WoX?dIC+yGOGAiB#;P
zA_jj){YpiQat4%u1t~X2KWvA=*a<b0-l*@5(O3yz!7jMjmLFjp<;c;F$*74=!4Ta)
zn)O!)%c$6eZ=yQtImQ`CUu!n1ejWzlB5Z;yP|ts7{SgaLzKTBBjZkVwY$N(nxeztz
zbn^SO|MiKfL_8I1F$q7#T;lJk9M_au<6z=z^2P8IZ>{rj8O9QIh;dGpX=<NSu@lkR
zmfbH=C`4h4u8{5$0hF5%9m!Y0N-C3&LZv<ge_xmjL_LBR!kfx-y)SW*(icQwr`l|_
z*5KNgHm_|axy?a78xR{+wCOFY_D<=FgXxc<HZPVFvu$}99<zDDkDWJ#(rG)Q1EEw0
z3)sB+H#MkypZJzYCY~hDqUp(v+iiuuPP<XoyRFoUI8EdbLkYc_N}Y+Hh}Vhfgx-kv
zh^0guo^MYm6;xjPuf%yVe-Pgj3y2wnQY&t{;bgs^I_3POWsVR-xYocn_Ko+d^Kk;+
zwdLBl+U7+n;m<Scuq(Qw`Djbw5OIf4DoG5bUP%L-LzGwHZ)qas6;IVwwE5yZTY-EA
z{u4Xlb66P%VhEncnojfNZ1UhhE-Gyz^eXuh&8QnoBoa3%E7c_mQ})BESeghYrs*On
zod_XnQ|H3Q7=ua;i2;<o{WpUy6n5Y_VkG&>sMLde0&$)EBBB)e-b5bx&xj9+A;izb
zC}Il1m!<hP@gJf-_g=#Y;z_DvGiUI5E$>6(DshT<mB=CziN?fPLa8UQhVY}o6#SeR
zPw*9QmJmtAU&NCX$$ecZ3?|+oULlSXZK;2fqR6;k;G-p#W$lG|lxGsnDc2(2B>yB8
zCDYOtW??yEkbSNZ-lDwMUau<cwQ9J^)(<DI-;OdwbsvsbBQo=e4~YI;97jAuJW0Qj
zDMPsgkz(sNQ}>&_;Whlu=EZIzlE~!V1XYmkJ9s}2@EJrj<hsj;^$#QS5f%F1DYY;d
z_hS!2sRCuCK%%!d#}Ab?kZUc-7qR7J%7e(iP56@EiOq>r@@d4=sXOJx+JB{Nq9YYG
ziGt(@5GM(xdQUz03+1?{$`2@ypj;Z;5Jkw3B7Pu0j8KXvni55ydQSC9?uxdui&OUg
z&MSMA*g))2fz+3XCLR-yi0(u%p>*59`&pdNAllr8ZxEA-;lyD=sX7t!zk#^TJu3b|
zyhy}y;YaL1D1Gc;@~vV$5n#(LxPK-2mx(O$eTdQIOA%iYmk1x~o+UEKPa;N>pNsz@
z{Pi1Ijm)1!1Q&)8y$Gc-)>x<L{dc^wC4D@HU407Vycku<vop%q*K;K1y#k&>J);Wb
zd{ezdK=%0b@e{H=H>wx*@l5Jn+t=S)k+Utnl&4?9Zl9b3iOT~gXAW_VNgti*xnFyt
uzh_Cq9f854GhNx4<HwH}Gb}r&YgUA3Z_?%fPvoRzAJ5~C3w-}yo&6VBl$zN9

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index c56747ac..13b3f2f5 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -1104,11 +1104,11 @@ msgstr "Allowed IPs"
 msgid "Persistent keepalive"
 msgstr "Persistent keepalive"
 
-msgid "Display WireGuard status"
-msgstr "Display WireGuard status"
+msgid "Display WireGuard debug log"
+msgstr "Display WireGuard debug log"
 
-msgid "Enable this option to display an updated WireGuard status."
-msgstr "Enable this option to display an updated WireGuard status."
+msgid "Enable this option to display an updated WireGuard debug log."
+msgstr "Enable this option to display an updated WireGuard debug log."
 
 msgid "Scan this QR code with your client to connect to this tunnel"
 msgstr "Scan this QR code with your client to connect to this tunnel"
@@ -1210,4 +1210,3 @@ msgstr "Enable Firewall"
 
 msgid "Apply changes"
 msgstr "Apply changes"
-:

From 0af3e7a7c6a7ed473ee5b6e57d84b1522b00dff2 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 31 Dec 2021 13:10:27 +0000
Subject: [PATCH 293/300] Update wg logging facility

---
 includes/wireguard.php    | 25 ++++++++++++++++++++-----
 installers/raspap.sudoers |  2 +-
 templates/wg/logging.php  |  6 +++---
 3 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index cb66341b..a5b96ac9 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -13,6 +13,7 @@ function DisplayWireGuardConfig()
         $optRules     = $_POST['wgRules'];
         $optConf      = $_POST['wgCnfOpt'];
         $optSrvEnable = $_POST['wgSrvEnable'];
+        $optLogEnable = $_POST['wgLogEnable'];
         if (isset($_POST['savewgsettings']) && $optConf == 'manual' && $optSrvEnable == 1 ) {
             SaveWireGuardConfig($status);
         } elseif (isset($_POST['savewgsettings']) && $optConf == 'upload' && is_uploaded_file($_FILES["wgFile"]["tmp_name"])) {
@@ -30,6 +31,7 @@ function DisplayWireGuardConfig()
                 $status->addMessage($line, 'info');
             }
         }
+        CheckWireGuardLog( $optLogEnable, $status );
     }
 
     // fetch server config
@@ -69,7 +71,7 @@ function DisplayWireGuardConfig()
             "serviceStatus",
             "public_ip",
             "optRules",
-            "wg_log",
+            "optLogEnable",
             "peer_id",
             "wg_srvpubkey",
             "wg_srvport",
@@ -218,8 +220,11 @@ function SaveWireGuardConfig($status)
             }
         }
     }
+
     // Save settings
     if ($good_input) {
+        var_dump($_POST);
+
         // server (wg0.conf)
         if ($_POST['wg_senabled'] == 1) {
             // fetch server private key from filesytem
@@ -278,10 +283,6 @@ function SaveWireGuardConfig($status)
             system('sudo rm '. RASPI_WIREGUARD_PATH.'client.conf', $return);
         }
 
-        // handle log option
-        if ($_POST['wg_log'] == "1") {
-            exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
-        }
         foreach ($return as $line) {
             $status->addMessage($line, 'info');
         }
@@ -293,3 +294,17 @@ function SaveWireGuardConfig($status)
     }
 }
 
+/**
+ *
+ * @return object $status
+ */
+function CheckWireGuardLog( $opt, $status )
+{
+   // handle log option
+    if ( $opt == "1") {
+        exec("sudo journalctl --identifier wg-quick > /tmp/wireguard.log");
+        $status->addMessage('WireGuard debug log updated', 'success');
+    }
+    return $status;
+}
+
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index db5154e5..8acfabdd 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -55,7 +55,7 @@ www-data ALL=(ALL) NOPASSWD:/usr/local/sbin/onoff_huawei_hilink.sh *
 www-data ALL=(ALL) NOPASSWD:/bin/sed -i * /etc/wvdial.conf
 www-data ALL=(ALL) NOPASSWD:/bin/sed -i * /etc/udev/rules.d/80-raspap-net-devices.rules
 www-data ALL=(ALL) NOPASSWD:/usr/bin/tee -a /etc/udev/rules.d/80-raspap-net-devices.rules
-www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log
+www-data ALL=(ALL) NOPASSWD:/usr/bin/journalctl --identifier wg-quick
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl * wg-quick@wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
diff --git a/templates/wg/logging.php b/templates/wg/logging.php
index c9cb4185..d7dfe582 100644
--- a/templates/wg/logging.php
+++ b/templates/wg/logging.php
@@ -4,10 +4,10 @@
     <div class="col-md-12">
       <h4 class="mt-3"><?php echo _("Logging"); ?></h4>
           <div class="custom-control custom-switch">
-            <input class="custom-control-input" id="wg_log" type="checkbox" name="wg_log" value="1" <?php echo $wg_log ? ' checked="checked"' : "" ?> aria-describedby="wg_log">
-            <label class="custom-control-label" for="wg_log"><?php echo _("Display WireGuard status") ?></label>
+            <input class="custom-control-input" id="wgLogEnable" type="checkbox" name="wgLogEnable" value="1" <?php echo $optLogEnable ? ' checked="checked"' : "" ?> aria-describedby="wgLogEnable">
+            <label class="custom-control-label" for="wgLogEnable"><?php echo _("Display WireGuard debug log") ?></label>
           </div>
-          <p><small><?php echo _("Enable this option to display an updated WireGuard status.") ?></small></p>
+          <p><small><?php echo _("Enable this option to display an updated WireGuard debug log.") ?></small></p>
           <?php
               exec('sudo chmod o+r /tmp/wireguard.log');
               $log = file_get_contents('/tmp/wireguard.log');

From 031df3195c3c740f5488e4a4fa6fa5cc7b9bcc9b Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 31 Dec 2021 13:12:38 +0000
Subject: [PATCH 294/300] Update release version

---
 README.md             | 2 +-
 includes/defaults.php | 2 +-
 index.php             | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 686604da..3b78e7e9 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/xeKD93p.png)
-[![Release 2.8.0b](https://img.shields.io/badge/release-v2.8.0b-green)](https://github.com/raspap/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Join Insiders](https://img.shields.io/static/v1?label=Join%20Insiders&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.8.0](https://img.shields.io/badge/release-v2.8.0-green)](https://github.com/raspap/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Join Insiders](https://img.shields.io/static/v1?label=Join%20Insiders&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 RaspAP is feature-rich wireless router software that _just works_ on many popular [Debian-based devices](#supported-operating-systems), including the Raspberry Pi. Our popular [Quick installer](#quick-installer) creates a known-good default configuration for all current Raspberry Pis with onboard wireless. A fully responsive, mobile-ready interface gives you control over the relevant services and networking options. Advanced DHCP settings, WireGuard and OpenVPN support, [SSL certificates](https://docs.raspap.com/ssl-quick/), security audits, [captive portal integration](https://docs.raspap.com/captive/), themes and [multilingual options](https://docs.raspap.com/translations/) are included.
 
diff --git a/includes/defaults.php b/includes/defaults.php
index 0234ebf8..3ba8d848 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.8.0 beta',
+  'RASPI_VERSION' => '2.8.0',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
diff --git a/index.php b/index.php
index f5c255f7..238f73b9 100755
--- a/index.php
+++ b/index.php
@@ -14,7 +14,7 @@
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.8.0b
+ * @version 2.8.0
  * @link    https://github.com/RaspAP/raspap-webgui/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/

From 7ae0625ae3f57c5627a790ff4633c310168492df Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 31 Dec 2021 14:38:11 +0000
Subject: [PATCH 295/300] Update translations + compile mo files

---
 locale/da_DK/LC_MESSAGES/messages.mo | Bin 17983 -> 15656 bytes
 locale/da_DK/LC_MESSAGES/messages.po |  69 +--------------
 locale/es_MX/LC_MESSAGES/messages.mo | Bin 14307 -> 13172 bytes
 locale/es_MX/LC_MESSAGES/messages.po | 116 ++++++++++++++++++-------
 locale/ja_JP/LC_MESSAGES/messages.mo | Bin 15512 -> 15152 bytes
 locale/ja_JP/LC_MESSAGES/messages.po | 119 ++++++++++++++++---------
 locale/ko_KR/LC_MESSAGES/messages.mo | Bin 14673 -> 13606 bytes
 locale/ko_KR/LC_MESSAGES/messages.po | 124 ++++++++++++++++++---------
 locale/ru_RU/LC_MESSAGES/messages.mo | Bin 20232 -> 16177 bytes
 locale/ru_RU/LC_MESSAGES/messages.po |  68 +++++++--------
 10 files changed, 282 insertions(+), 214 deletions(-)

diff --git a/locale/da_DK/LC_MESSAGES/messages.mo b/locale/da_DK/LC_MESSAGES/messages.mo
index ddcee07d81fcc1ae430d31975cd755aa6e95e230..98094dad7321a0b56f7e61205edd741547cd0cbd 100644
GIT binary patch
delta 5333
zcmZYB4OCY30mt$G1EPTMii!e)A|MC`0z!$VX}T1prmZa0ST<uLT*A~ydlIvjlGg4F
zO_y&qbH0>5V#}8qOEc3%QcNSYnfZpN#FK5#?Xd6fxqr^FvwQqKpa1<o_ul{OeQ<Au
z=bbX|nNBU18jh<ZlFVsk%wUf(U$s-MF-JQaQ;fB!s-a=Vw81>=g!$MSr(*;@i-A~)
zU2p|<!>!1p%|YynwHR!S*Ic5|k%~s-p9$nHH587zF#+}9yRDC+9xw}g;9~0r)P4I<
z_Z`C^Y_Ro>s1E36bvzi`)4qwIFpi3TNRLdJbv|mO6{s7RqdKw%`Dga<5rW4t6wjb$
z;xe|!8#n`l=#2(A8}+<}sOMGcoc7Hs3dy($JK!nQgRY=v<VREkt;5|Bbw$-jqB@X<
z`hE~HNHY@EfqZO<Mc5rnPy>7glkj!)(n(WIK~r)Pdtw8|U?_K~=lxJqJ6KO)Z{*@O
zies67|CBN<YA_geeK=|WNl4$#KvX;9FdCmgwX-0C`Bx9$qCz9th%K-Rb;C|uUu)0n
zQ60UG8c7g4HU`_FI&uf<d0D8L7=oJe3DyFP=e!uzk)@H$zY0~hq7KtIzhTc4qTDqf
zh3fI+sE(GS8mK_c%v#ivY(;haW7JHXM$OFks17%w?hoc+I`8DApc^7kHw-|n<p@;I
z^N_)seEa=u)B_iy8h!&c)f=o;s8y;)J*VE*UqH>!byR!*w%>a@GJG`@iF%z9Q9T=h
zx?wEx>YE2qBP_H&hw6ZXZE-E?Iq#u5ya$u<6zVxGW88+@p_VWX`JM2ZYzpdW4r(N$
zP<voJsv{30|4acNy0IL!#!FH6tweQXJ?ib*fokvo>iw@leP4&V?>uTi4gPa4Yho)}
z_Hw7T2kL?(R7ZwjUmT7aX%VVpWvC^aZ|j$0BIoOD{b#6#&!Rf?9clnSqB<VZoAzkm
zgi%mKeUR@=BC3Hgs41O*YN!C!ffCdvnrF`!S(l?`a6M`OKGbywQ1{oO?*9hWfkyPI
zf&WlYgCVhQgPp9=s0))(56(hf3^UyN7;0p5QB%7BHNpzi+p!9@8LMo44QfWtp*q$W
z%lfP078L~;+Q*oCu?W@UZPtCL5uHF?e+BtxZt|h)dd9gONJVux3$<DAvGot31~?hD
z$*17}ERSRUHL@xy)Ic?A_tqhkVj3|I!{XiZsi@cQCDc?_qGsT2Y=N6mzj)iMpW6C!
zs1aX8UEgTE>7@`rg(rbOwH_XVvpKKp>yC6>qI=^c)YMKx?ea3@%`%Hn58Q|vnGZF9
zBewnu@~WHb7=j&>_<6<%)Dn3!C}^riqk29C^?+Gc$JW1#TKfaG{yb{tOh0#x+h8cC
z@u-fbp*l7Kbzd%Oh6`~b&P8U>YrdeMHT@R#fFCdjn@}SR;#Wk!SaGNk<XA^yYtHXS
zHJFc6aXM;G97iqD1#F2wpzgngDHy~@IPIHs3VKkkzk(keR7ajh-8cs|L-SFaXc_AI
zHK>`|j9QX|s6Fr{YKqUIuKO3VPfd&d?hGWN20R!OXy4>gU>lfH)Qu}p58RHS?1}yO
zHRng~a7VB;)!l@<tcOq?u1CFY7p(eA#;v9YGH7!jYCtnl1DT6nP4$Zu^neQcMI~yj
zR%1KdZtFk7B+d_`*7l#)Ce&tX#XHpoqpV5D3uLlTn{bkKj&;QV=AYRyJ8i`!)Glt7
z&O@*_YR!hCf0JTc&Zl4}d<wN`pGS3I8Fs)es1fc(-Tw({pr50zKZ&~kS~~Nu3j#CT
z2e-u-&LdC_=Abs;1E_|dM6KyeYdMB-z8KZ;I_q}SbN8c`v<B6oOQ;!bL=Dh*Gu;b&
zqL!d9s)y;Q8^@q#WGZ$<U9Shch8n?Y)a&KL7(9wvnnvu5H&NHO9q9hIJQ6j47^^p#
zf_7~-s)vIy21lYAm}cwCP&dv;J#Y!?m+(zggIiEjyaRRLZhKyXT{y2p%}4`kliomP
z%xl_bxi`e1I+Bk3IWXC%5$B_BEXHm)8`XhVF#%WE^8=_QI)S?WJZee4v*%5y841aD
zXCeyY^#1pvpb?Bh?cO}>iutGqmY^Ou&z>)`E=SGCdQ?L`)DrGPjj#qaLzhv{y=iTE
zr#sV~(f|MdNENss5%qw9sD_7O80J~0qL%0x)O%cxnxU7m8?LbWPz@hKJ+B@$fD5SW
zui<Yn;4bDrmqIZGjbNAcFzUk7s1bgT{qUCkK4FmCk!(~0!%!W~Ma^V^tuI8q_ob+%
za!}9Ph3fEuLCk+Ng|qg8CVZ6hgdBHQ&qsA^HEL6BMK!PwwO0<K9#o4Fc-htm4R%Ky
zikhh~)O``C`(lwFRu29C-ga!JtX=#Nd4)uh3ZmmAdEZ|$<^|kAo+qbCB{@v)Cpz-U
zA%DsJ&>;GfQt}O%Li~r?e~zpp$H?7eDAD@gejMTCPvmuSo@^nn5gk7#+Sxkxkc}i=
zCmi>={N$5ABWAp<@zztQBL|5?v|fK8I;N5mqBYj~={VqGM&ov}kLYb_KK^bCZ=l}$
z2gw5@ljz7Idr2Dk-T%!$mD+e)N%Jv;!ZyO*^Z%868-GbyYX2?<Q$xzh&&W)&pEMuZ
z;4PX@@G&x-j3O^-{r^beS)xOm=wUL0Xh;8^uvh$>@=Kgdbj&A9{3Z8yd==$WWDN-?
zUy}_)M;>{X#FAf-k4W<|lJ?Csl45JdTJ^quOy-gGqzySi=91>4JB4%PDrrxm$wkt9
z?4<A>dDB+>1t-|DSV+8m`1p(rB6?Lik;TMEmXY3M09izuk7No}B+ypO#?>U1^e49;
z8JxUDJ|)kPr^qCt<F{J>KT~MuKQ-oWcn`_8=M!-OdBUC##CvVI2OcGt$x1Se^de`;
zuZfO1WCi(<EG1`18Tpn}lh(Jt|J|tgg4B|yNio??bZD7AAup2`NddV+f{Bg~T>QV1
zMYjAaTuUCY=fiQ9EeBZd)Pr}CIPy4ol58TMlds5eQb=^XLq_;Z?#DmiujCSmAs2{_
zS4jg&)Cort8AFznaikS7IVGhtrWa519qf`A;0p*3@;IHlpLfD~yx>Gd#5;u%6P=LA
zK2C0Ax>Fh1(W#G$_5C+;vB!ywj`tNrp9~0`Sy1Gx?0wa@B=*A~-@3#=kMBs*9#2$i
zN@_+*T1HH2_Fb82p}7Smr706;6cm>f6_ie&;fzV{=Ts-xIGa;OJJns1d<FeS1^C`i
zP4YMmX{VjW0gIjZj5wz>W2_ULndVH+%yD*Sc6AD~J2)v>J$*w5e&BI7WheNqWnXkV
YFg~Zr_sHNILB7qyJs#h&5k;Q=0gKNy@Bjb+

delta 7438
zcmai%3w%`7wTDjvBqU0}L>>vRgG3S_nIt?c1dL!Hh@hfK(P~RiX3m6RCNpu)B!E&!
zTTy96ZAU@5*V<x%))qvAiddD03gxO*Tib$FR9aeT6}gwIwu<)q&)E@Zdw+MEf4;r<
zIeV|Q*Iw%oe|+sTx8<bYEbe}{Ma#*ttU<86r)6D5zp9UBE$g1XmQ@Mwg>kqO7QwoH
zmUTLu0*m2A@HF^!I1t8QH+U;#iFF(757)wcxDE1?ws!Ixo7O&f27Cve36DV;Dqxis
z4&awIt~HzudBs`?%V64Y4b-|vAwSl${OSRJZ|2{Dy%`^c`PjE|2KXl^fO;?pUJR?C
z9J|i&Ca4pyggU_*D2LWUIr20tfUm(qcmOIQhoScU5XzCfQlF>8B=)UhIy(7sC<CjZ
z4E)H9e+H`<KLK?shoG+NBPauBa(qS1hB7=J%Fq-u-vs5@Rpz-1btP>uEzfSIa}!(z
z^WZ>^#opFg@N764DiY0b6pTWhcoo#$Z-h;7I~)S@@lG58Z8#n3fMH0~ttC)bbmt)A
zUq|PDCM=Tf75E6<R|i|xe7KxlCcrnKBGPZDAIc$68wQ{ZO@WHU0w@DfC<ng<`LWjU
zOYd!iI^aI2h`cp4ZCTyv9A-ibj+h5|wm<Fzb;1g$2-HJ<tVVvxp%B!DF{qGwP*=FZ
za1|WE_yNe))?UNIhK1>2loAg{LA`J_B#PEDD39-f^7L^i13REX_gkntKLq9YCr}Y7
zKFg0#IV@p34$AQhU?sd1@?%}gFYTMYkB(m00JYI(sEu|*CDT5r6a4|ov7_dBui?I-
zp->LhKwUwD;e}8+^kt}h+RXfQP!YQY62Y`}I~^Hb1@+=aD1%!e`Di@{<=|UTA%7R@
zWJjSQ(4*XE8O%BYdokYtwa;uQ$FGD{upMfjwXmP+|3Nys;~lUY{56y#zk@o_LD(H0
zfpX*+wBd26bwel-ov03K-2^B{8llSdGAM&V*aJqPo?ip=uy5T!M<=>P6YxLGcr8?U
zK4!+xLpib^>MjpJowO$zCdc|gUENTq`8qffo@eGGP=>FAa_HMItrL8YjyzunWpFc;
zq3w{ovYvx7@F%E{egI|YIFzB@6@D@eh8kBGj)#h1Bh&#efl9g{)cV#6;;#j1Cgi|M
zC<FIE8C++^n+%_XdT$TZ#=nC4bR01J6y`H7B|Ld>7}NnPp{i#RR8n4Q=A)IwUm>}k
z33;{>YP=dca6Oz3dlJXF@M0*>*BWktI@$A3>-Iy^!g|*{FB;`LVnaDz0hP34%>0Zr
zot{iw43+Kk;TV{N`jV}Kx{{}$PW&R2!F^C!{T`$ut%A{n7gj-ymqD$&A1cBRK}F^%
zsH=SrYX9_J(|N}{_&Y4%!RJs53aA<J444Z`;n5tz4mqS%6ySRfCqPBuVW{=np+dhG
zstVqK`oO&pwO>(9_P}YYA03^f4(h>0P+z`zP#dKn|8iQ_L*3zOs1R<1I>An;_4^G!
zH1ox^er}9{dOic527^#Jkbs4%{}puP>0Pi0Zh&&+F{tEv8Y<+k!z<wtsF2RA^WUEj
z3mJ!D4|omKNf$$X*j7UwWRu}mC`Wd}V(eQl(b0$JZKw_Y2t)8M@C-PIgpk2zsH|>-
z+Hf(fhBrb*=pjhHT6>@j95wUDp&aZt)>H*l1S?@$$#*UtEog!Y)n%{`jKlRX4V5$_
z#`%UuLm8R|wXPK^>zBe3_<g8IJ_4KI4p;$uj`!cIg(Dcx8&CY@`7$Q-p}8B%@Z<12
zxCa)JY(3AhthX4Ke95vF!DDa+Trk0p#0J=#@xz8Ypswx}sFS}Bb?1LGESbpP4vecO
z5`Plex|#`vb_G;K?u5FEd!aVC-^@P<b;3@l6Ye(izk#C|AAri8!g`;@urK2>csi^#
zJQtqL_`)<DWqX_99fq5r?)F79{sfjWE}LXo{BdNBhsuGu@J#qss2oYcVt4~ob!4C%
z_$gFmcR(HBRj7le57FUztRs-hvC1d=8($6;fv-Vr6oT4#nR$K(l)-zU4L3kJvIi>b
z-!RXQLFGv9xju`a-YbJRl(uU8jx_};beBS%>`FKQ2BAD%1{Lz<a4@_J>b*yxuIT4b
zj_!t9cK|A4A4649NrS)sY^Z~bgZlf^nnA~AA_V2Ya;OlkgfjR;sPfzlb&@TH+o7uB
z1t<q!fi~O^W#AJtUqmKrU4N+khC?Om7?_`?b3Pq~`a-CMbIdphb$1b{lcr%QTmf~L
z4?w-Y1<H}#kUxs77obl30o1zODSl*5hjO4CR=}|^t%<AX=q?vQEm#6&;G0n63{*t!
zgNnq%P}%z^RK#9~%I<?ucmDy@e)&`V^?jknLk+8;A~I<z@t2_)Oy~};fI49iDn#Fa
z+IXem8mLfjFyqaJPeHBU3uWjvs3bdR_%YPFUg!H|-VZ85gU?U<p{Zd)$uk4W@B*j}
z6HpPj7HYvwFbY?}*)X?}(u0>k9b}{7(@^jK66&OH!_n|P^SpGL@6f0;9T^%6<#7X4
zNavdQtKbmEVW>M>4i(~!P$zvB%D}5o2Y3?>g&#t_-)}nC3mf1dxCYA6$Dwj3y@yWr
z4q<mD4nl48XE+e*1Frc&P>~o0^WbQxbz`8O*TWq63<@H(?dbRF&{T?#q4$s+xDBnz
z)<2y~P%~2d6M7wef^_#A(f5&zsHq|rp-)jIQo8`@)C)DB{UH0>|CIzI(AUx9=;Zd6
z>R;_cq;RM$L-UZrruLi<>#uMFx*1(>=5#e{(OG6JT!9v#r_nxiIZ`Y4VY%>cD2H&h
z$a8YZ`WpH(`Uv$v?;tfLkrJmTdIhN|;r@cEQ5YrAQ<)vTOVVGVr>5`UyQoToliL0C
zJI(l4C(Wz-DEcv~MGkrq-Hvu5HD%AG=q8jwtC3m>`f0XDFjvy~qd%~og?}*pF8qQ{
zF8UucaV4CC#+b42Wptq#4~BOmWg_44Y<q&=t*Ff(TJ45;y3EfQj6;*n<W?9#*CBJ)
z**{nRZk`Koqo1R_8qic<Y8~iH=n?b=8jmI+HR{+pp6yYS@O!A24BUv8q60{60{Sf)
zi(W$CK-<t^bP%aMh<<}sq21_XGy^rDuJ%hh_nE;kI33+(#&^IEP<pDF_%*y3)tm9l
z@By?R*{BZPf~Fz0kv^>VVF+D~E<@i%YDdxVY|sDjZ=!!EnuUIcUO@k=03V{GR*0@a
zH=wTO(V1-qPj*eh(@g(XIMMXi845o{JJ2~AnAT)iYWOhxrY?9cog=8iJcz=JP=Oi$
z$gl|h1Z_sIqMxCBq;@ZgqZqmeU5lomhfsf%LZeUsor$`k|3ujYTMu8;KrM&=nFr^g
z&(U|#Otc4m3oS-l(0tSzsr{D^>)UV_dLA7^E6|(hzmYY$xnbs<j&ZiT#A$7dx%HE4
znj7rez!|jx{<E8%(87e53Ir3aoiCTv<rcY4FcG&S@sykFaAKXG_s!2Kj3qqRYD~lu
z$xQeDhXysad#OaL-5g5<qp^sWvg3)A9dg5wxEsp6+kbglJv->XrQJO{m9U##e}x;e
zo0r<I3`F8BwiCCr?j@4qIkpoDC0)<6!--fdvDkmvi7&MmFN~yIugwX%c4Zcx&61SU
z?2TlPkeyoS+OlQGoo=meAQK%ha)>=Sm<YKIp@`>rULv@F4Hr1U=;WI0bmq1J&NSb5
z^FqW)xwe;bQjtX5BQzf735L5Qh)0nQ*G?s!xYrtCz;xJ&#M<#SkU2b{qW`oD8t33N
zE-j3Be*D5Xn<*%r)W?M4i-2V&mzGwzo@*!Cd{cxcmT0lFdw2xiP1;T{73qkimS$#^
z1v;0M-ky`0TQ)q*IU+5JSXZ1}!Vu3M-g9GaFonn2yOZsJH9hV$$8cLN`L=WuGUZ1`
z0dv|yCLkwlepVJ3<ObVQx}eJ(uWjlaTW&=NJ`0km&XEIO&ke@ilufe4F-ttGnI>oG
zkU5c1R|cGLmiV-DRX7||hWzu3+3P#?l}!GSzxHrb$w;vC=#ZT~GOgu(%E=htdr~D{
zoz1VV1B4<;In&{0E-JS>JIlM}jBuN?t`pJb2)0dnS@TcKw<S2xmb0J98DCdjTUT8-
z)~=mUUpKLEw&SI$FV~I7oKzxNZ_n*;*<o%p($>ayQ{y2w>ACUDwu+aF=Oh!0uv|TJ
zTD?7X;`j-*b(wVKyeU^yHzpH{Ly>rOQzYhQpVrkDo+!zv=eD-Fv96l@my*o9Tr#Tj
zv&tE{y|QKbMO8MAuF5Hx-5#}?9FipyuX?lc{A7EJoAj$N$;FUt+2VBVNHpr2^5j8g
zR`ng}Y1v{WB&RG2xpv2{^+^h|iuaSY7j<IUeO$8K?jW_C6xkI@5g3;W&K7R9?Z#rf
ztm3V9vbD>zFq?$iV=XD$3A2S0$Ay$j=2o`ydWGAXY;QFS!%p1gjgULiCNHxNcyXtL
z<O*c=RgW09>nF+or;b0Wp4T)l9%2tU7*0CTgtFcgvTmMAR!rJ<t+Nvp7hbaeDb?(S
z-9@oLW>#R#z%ME}<dWNVOLEuxxaWrDV#W(J_1A`{#LW+OW>a9;SUwE|JRb5=kr+A7
zjby(GxJA*mxY-J?_AA_pW((ZSyjU}-^LXHioXl%AeJ`;Wc2KLKc6-;>xEEzPOS>vi
z*TKFa3Y~Cw1v{BN7QWh4T?-d;io-9}45~WSg@0f9#+g*+q1r%Mc-Ph>rn~I=mG2k+
z{@TO2Y3_zEo$ASr@h`&{g+H%lX)F|J`IqpVaMlj<0Wdc~d=~K$_`eoqGvVL7Kg-SR
z9s6mXJ_=s6^VxA9^~l8Q^Xg9ux`M<J7I6ejo%F5nlk4P<g^rz>Q$M8h$@-j};cm0}
V`08j~@ztlopU!?LwoQuX`~#%X*Ps9Z

diff --git a/locale/da_DK/LC_MESSAGES/messages.po b/locale/da_DK/LC_MESSAGES/messages.po
index 0b41bc40..7edbab58 100644
--- a/locale/da_DK/LC_MESSAGES/messages.po
+++ b/locale/da_DK/LC_MESSAGES/messages.po
@@ -3,8 +3,8 @@ msgstr ""
 "Project-Id-Version: raspap\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2021-01-13 08:19\n"
-"Last-Translator: Svend Skipper Andersen\n"
+"PO-Revision-Date: 2020-04-14 08:51\n"
+"Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "Language-Team: Danish\n"
 "Language: da_DK\n"
 "MIME-Version: 1.0\n"
@@ -12,10 +12,8 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 "X-Crowdin-Project: raspap\n"
-"X-Crowdin-Project-ID: 395801\n"
 "X-Crowdin-Language: da\n"
 "X-Crowdin-File: /master/locale/en_US/LC_MESSAGES/messages.po\n"
-"X-Crowdin-File-ID: 10\n"
 
 #: index.php
 msgid "RaspAP Wifi Configuration Portal"
@@ -253,12 +251,6 @@ msgstr "Klientliste"
 msgid "Interface"
 msgstr "Interface"
 
-msgid "Enable DHCP for this interface"
-msgstr "Aktivér DHCP for denne grænseflade"
-
-msgid "Enable this option if you want RaspAP to assign IP addresses on the selected interface."
-msgstr "Aktivér denne indstilling hvis du ønsker at RaspAP skal tildele IP-adresser på den valgte grænseflade."
-
 msgid "DNS Server"
 msgstr "DNS-server"
 
@@ -352,9 +344,6 @@ msgstr "Format"
 msgid "Choose a hosted server"
 msgstr "Vælg en hostet server"
 
-msgid "Enable these options to log DHCP server activity."
-msgstr "Aktivér disse indstillinger for at logge DHCP-serveraktivitet."
-
 msgid "Log DHCP requests"
 msgstr "Log DHCP anmodninger"
 
@@ -455,31 +444,10 @@ msgstr "Maksimal klientantal"
 msgid "Configures the max_num_sta option of hostapd. The default and maximum is 2007. If empty or 0, the default applies."
 msgstr "Konfigurerer max_num_sta i hostapd. Standard og maksimum er 2007. Hvis tom eller 0, bruges standard."
 
-msgid "Beacon interval"
-msgstr "Beaconinterval"
-
-msgid "Disable <code>disassoc_low_ack</code>"
-msgstr "Deaktivér <code>disassoc_low_ack</code>"
-
-msgid "Do not disassociate stations based on excessive transmission failures."
-msgstr "Undlad at frakoble stationer baseret på overdrevne transmissionsfejl."
-
-msgid "Executing RaspAP service start"
-msgstr "Udfører RaspAP servicestart"
-
-msgid "Close"
-msgstr "Luk"
-
-msgid "Enable this option to log <code>hostapd</code> activity."
-msgstr "Aktivér denne indstilling for at logge <code>hostapd</code> aktivitet."
-
 #: includes/networking.php
 msgid "Summary"
 msgstr "Oversigt"
 
-msgid "Internet connection"
-msgstr "Internetforbindelse"
-
 msgid "Current settings"
 msgstr "Nuværende indstillinger"
 
@@ -507,9 +475,6 @@ msgstr "Deaktiveret"
 msgid "Static IP Options"
 msgstr "Statiske IP-indstillinger"
 
-msgid "Metric"
-msgstr "Metrisk"
-
 msgid "Apply settings"
 msgstr "Anvend indstillinger"
 
@@ -562,12 +527,6 @@ msgstr "Systemet genstarter nu!"
 msgid "System Shutting Down Now!"
 msgstr "Systemet lukker ned nu!"
 
-msgid "Web server port"
-msgstr "Webserverport"
-
-msgid "Web server bind address"
-msgstr "Webserver bind-adresse"
-
 #: includes/themes.php
 msgid "Theme settings"
 msgstr "Temaindstillinger"
@@ -575,9 +534,6 @@ msgstr "Temaindstillinger"
 msgid "Select a theme"
 msgstr "Vælg et tema"
 
-msgid "Color"
-msgstr "Farve"
-
 #: includes/data_usage.php
 msgid "Data usage"
 msgstr "Dataforbrug"
@@ -778,24 +734,3 @@ msgstr "Statistikker"
 msgid "Information provided by adblock"
 msgstr "Information leveret af adblock"
 
-msgid "Enable custom blocklist"
-msgstr "Aktiver brugerdefineret blokliste"
-
-msgid "Define custom hosts to be blocked by entering an IPv4 or IPv6 address followed by any whitespace (spaces or tabs) and the host name."
-msgstr "Definer brugerdefinerede værter, der skal blokeres ved at indtaste en IPv4- eller IPv6-adresse efterfulgt af blanke tegn (mellemrum eller faneblade) og værtsnavnet."
-
-msgid "<b>IPv4 example:</b> 0.0.0.0 badhost.com"
-msgstr "<b>IPv4 eksempel:</b> 0.0.0.0 badhost.com"
-
-msgid "This option adds an <code>addn-hosts</code> directive to the dnsmasq configuration."
-msgstr "Denne indstilling tilføjer et <code>addn-værts</code> direktiv til dnsmasq-konfigurationen."
-
-msgid "Custom blocklist not defined"
-msgstr "Brugerdefineret blokliste ikke defineret"
-
-msgid "Invalid custom IP address found on line "
-msgstr "Ugyldig brugerdefineret IP-adresse fundet på linje "
-
-msgid "Invalid custom host found on line "
-msgstr "Ugyldig brugerdefineret vært fundet på linje "
-
diff --git a/locale/es_MX/LC_MESSAGES/messages.mo b/locale/es_MX/LC_MESSAGES/messages.mo
index 29f3fb6ce763abeeb201ce897d1fb715c6d1a6fb..e90306c7c6a52ec608263fa912132d9dc0ed72d0 100644
GIT binary patch
delta 4780
zcmY+`2~gD60mt#TcpxC6fJYQ{g$f8Fhc`s)g^BgR28~yvF0vpByM%?PmAKKycqD3d
zHP)!Hv077YwPw{sOqxU!8|}n8)oIhA)sE4rZAM3?wn;jS_WRraOUJz7x1aa^yZf&H
z`>%fPzh4o&me_WOp<E;>q`JK^@h)TD?Wn89-0N(N4_mMkF6?5A-tuE2HexT_f^F~!
zcEw{DjUQt-{1iLjP2|tq;U(Fapm|6|9VgRUcT7WdSY(}r>L7qUaijGh>U$rczV~}<
zhkv)%@1Q2oiW<0Wk~8sm)b*Yi!}unZN-P%!VjK>~1RRfbSc;nQdDO~3Lv?V=w(sCT
z+W$p1$z-rB^)mwbGZT1G|8r0iEVtK}U<~7%p#8uG)YffBP2ezcH%t>gh99C<(u`Sn
z6SXr5e2GPxbadlL)XvOBO|%Nt-?ONNtVT^Rgh6fHJ}T<yZS0Geun*qF7>wu5w%8r@
zxfEV>eXwnhLQP->YJ!!hiPs`sm}RJ)+hlzW(`g^-#{NeJ<bu45`PhkBsXYdD78ar=
z)QB2*H>%@<sFj{UHp5&*x-i#KEBy~@<sEuB6YF8^hx%MrkD&9xv0TtSDn-q7K5F2l
zr~%fYw(M2we$*{FYTKWnw)!fn<G-N#`xmOe2dKjv$CtE2>8Q`=2B~mv%y85SCR-Px
z25!K3d=b^rHq^xSp$0mG+WJ4B2E2uu=snaeYefy{VstmgqCTIEx<$d!RP@DS)PU1b
zr+5KshP9|uyWGCN3iZWJsEKd4?Ke?deav2eA2VrRK`o#aHIZ0muUnIZTo0Q5R0eQi
zuzlkh)I|KK39LfR_$AatccBJ4fLh@R?1!gO12m&{>LzO77Sx$}XxlOT%ISJ{jMMYq
zpNdwJkNRLSYKA4K4|-4?`cVTk+V)!OHq^xSp|<`o@@Gz2ub>uk54Ce&p%(NIyE48>
z?Cl(;Ow=3WP&+WwT8^4fz`7PS;hpyVBlsQKP4@lksDWCnU!f-c5V;Gc1CLSxreRPs
zewvCpEJJq5Jcp^c4NLH(ZMWl@)Q)7Lwtg7$gqb31slC1wwUf1|mH*JX2BT<i#H;)p
zv#BrpU(1CuZlF&871ZIoZQEaCHtkN#MjaKRRyq!~<(0^vspCZ}+<|&3UPtwJ5;eh#
z_WBLf4t#A*P769;$W3!rJ`weSGSne^9(jVyCe)T5LUni)HKFsUvvJAVjCxvbqju^p
zYG+$fx3Dv_=cmA=;&v<wQc;JOQMckYs^j~pGti17F|NO}qGD9Xb5R{FMonNfYJ!_l
zw{QolpX2uZ)2MOIBfD>|p>{0zfQnWeo$hp;iuttjPy>{qeri`De`YH$I;8KQZo%(R
zTm47WO24q}hp2v&Gn^gF#i6t(VJ-%d?+48>D$!hMLe1<fYUMXj6KJu<W;)l?P%|$;
z4zwvk-Ksg(D&)_s;6?rIx1Pm;v~M8C$|Ufk(_7DfJ{30?O0WagqPA)UYNcCI6FGqT
z;(MqGUbpYx#TeSIEa&@i$n7@CsIxNyHNmG){gok`V;Zmz<C{HH)ZrP_y}gLKho9N@
zeT=3Z#iPJ)hKWUeJ_B{AhM{)iNsPk^)I#b|{j5ZNZzpO;PN2Sj6@wb^b1J%rE$GJf
z?32Ebfm*=?jKlfZ5tm?lT!vctD&!cM^{BIQ)L#DxJJP;{+JR=&4t#<7-h+Yce>*B2
za-8SB6KdvtQ3Ge9Iv9sqX$k82_8_;>EJxj{H&7j(Mjg6ysDZBG5Ntsm&h$Z!g{TEh
z8^r$W-p=KMW*)E~*nrydy{LP65Vhh9sFhr{{tea9J=<=zcFc8dWeRG-S*V4KMU6KN
zHSx+Il>{nM9c{7g-PR)*&-F8?9k_tnnP${I|2Jx)NqLUFPy?i)cIa``t?}CHFQXQE
zz#43_Z(K%g*+1+Xt*A4R$dADY%s{mlVk|abXM6!Qfvu=BvkM2~Db$MpiMl0UVg@D_
zI6vuySfS^?f(pB4K1FrdiaHbV^r8-vP%FwqU7v(HBPFOEn{C_Ws9RKnE({QrcOA?r
z<QPPDa~XQbFg^b&KPK9yN}|;+A+HgY6GV?uf*O=U@-bOJ*nKmN%qP!~sbm8wCX<O4
zz+sR4qtyvj=8(l?I(bXuk0ZY#^@M+zB1K!8NVH;=wd6vi=G<3p>6^CwYdlQ8PukdP
z;t<(F2B<-)BCnJ8$+JWy_+4JK{VE5^T=E<_KsJ)uq%ZlVd}u2#;S}N~F+}AT<Rm#m
zYKh7^hsf(iUY{f%kQL<Ty8lm5d6B5RO8SvfvXJ=5H{}SGQDmjPun0#IorRC=wWatY
z5=*k|HU94sDGj{-jO3ABB#M;l{=Y#*&*EO9qQ^sJjl;KI-?ptX+(|wmX{0S#Pw4Ld
z#ZPSv(Nmz(nKY8!YET|0)%rpP(Fs@CLne_DH6AHrsq1uaCi}@x$zw$282JquO<pEH
zAny>B3bG?o`}Ru>&G$%T!oRfdJ&#GYE+!H$8KMT|C*-%}DH0+@<T%kU+*uMwRuh$(
z<a<QF8QaNLGM=cMcQ8#FKixKlV?KF-yh65-S>z}gOjKq#ME>_Wf%+!0kDMb<6P4a1
zOjfBu8R`&u?PBZm@N}e}!2eFEEGOBdE;Kc<IXot5o-6!T@|391@$UOVvwD<=&-FOw
z3N`ku3P<-UaD{v+S)n~CE#YmwH%G-U_SSga0dIYMm9H`odfvT0+_T?sSEwSjwtbx^
zQ0u7;HK)$#Q;?UFHzX&2h&yjY;n4ipDV{)m&Wt*bFHr5N_t%B)rDms3@%SnmJeA&@
z8D39Kp}Vx!<EsiR=A+K#Lbo@tptv-&H*H>UdUZpcr#fe%zpf@w==Rk{nt@RTMQ*1$
zD%0ogH_DwqpeS~B&iFe2vhpfl&h$F}67Qn=Lbo%mN8WjKh@9fmN8XuORqZWw=hiS?
zZ(VM+f03u!o9j*SEtpxFJ7xTWsl}zGW1lE4&8_hU0!%$HsMa6;GA-H_?$&>uD|{mT
zuTh~1S+_!Y*=xd0*?)G0_U3F2PapJ(E7T=#Sa@<?A6M9yKe|oV@qS-LRV8a$ROR=%
Z%f0S;Z;dC^W$5wnpN2NNLQ97){~uIt8j%11

delta 5945
zcmc(h3vg7`8OP7^5_!J@0in5|KnTeu0UsodNDL7W2vH)4igA<NJYcgM_HKa4W2;pQ
z7F1k?Rz$59qy<qD1p%J{m0A(S`nHU(X=%0gAzB=))8Bvh1T$l&GwpPyXZC-8=bU@*
z_kHI(-?_>0>W{*)qy0MFX=v}Dq3F{t#*FkC^F&Y08dKWOm=L@K_JYsA9`G>aXWrv-
z2K+PZ2)p+;CI$9}gWyPb8ay8kgvGEcybAU;CT3hZ1DIF><zNleiyNT~w^$yAGVlo;
z0z2@MI1K8&2~h7%ft_Kwop+%Eh(bAD4z++A6Z0`+Zl@!|cfr%)PS_3ZgWcitus1vc
zBk)5=<mNJ#DMK|d;lPfU!%XH^!#;2ql${qKubS7O>>q=j@ozr2H@<=jpcm2TfmFzp
zITI>?Jjm{tX>c$sg<8=9m;pV=&)maBTk{xn;6bPi{Q)+^6HozfBV92WZlR+U?T3o=
zb;!?rz=dbcS1=9sNj2tsFb67-Sx^Dbft}zrP|v$|ez_gr1QpOGsDK}V3Sdtv`!7S!
zGNF|ogi7gA%TM4a#wVZxNMqUJ1uz$u+wnT6TG<H|;325MK83RTB~%7_P%zqpGoS*^
z8AATG@+nLx6Z4=Vtb;NTvE$`XFWd<A{M}Gnv;!*OJx~EWZ|{EyW$!qY<4)XEX8T*F
zL1HpvV|Jn#DkYadIhqIMpaIIkGKej+3M#+{pq}3jIS}SisFfYG{4JE@zd@a3A7@*3
zdPAnnP?!m06X?j03+1>TYOij9I?o%R0@(<)f-O*c-3%4TZs@>gpx*lcYD<qpy>}8S
zkS@cLry&K(-zdm2jTt{3J#aSEi$zc?y4a4dhDxPt=Nq8{SPj$REl?}m4HeLHP+Rn}
zoqr#WVf>k$Po+TQF9V*2f0IW?krzTmTn6Q^9LiA`4u?@F2kW6yc`uaX?NGI{*NzWZ
z9)Zf(`%nw|6zVxuumbD`d*a^=r6YqGP!7(s<4Kk?p#r-C%AgC$s##=t3sg$CL1nN7
zYC(IUs{asFv3+Fc{{fYOJ`VX;L}_$1F$NaH2~ZKPw7d;!1@}Wew+o&HpM!etk5G=k
zhAP62q)X#es0F1#6>mBm2aBK<vUoW8m*MM~P*tvnBVaR}1z)%0kxa_)RH&5ChuWHj
zP#>xW%T;#%KB$FlhRV#tmb+mG#!tg@ea5toi19KLU!9qBuz+Rhn;nC4cpDrGH$xeE
z74kE0bCKh3ptfe<$YkKdp;kN@>NL%SvQq{1e3PAD2bGbnG27X1Zybfn#20qH@2F%k
zW<u>@0aR+|KpC756<8xw4Xv=e8Fps80V<G9P?>uaD&wtCTNitS4qsPu4Bi2Kqmzc$
zL+#NHC<l9?_P!P7!B?SH);&FG*nzU+hYDm0>;lW67IY<)oh9~u46=ZjSwn|{G(U%3
z;Q^@B9D<7Y7|exVLODnuldS4ONX%v~RJE^!&2SymmQ2n_1~?09#Z`8^6w3ZuI2iwC
zE1h$gXocDE1XSedY<xGE4HbDlRG=3^WugKqphcE9+xZ8eo^OU-;a<qM$Lxptu6$tm
zSD21}<I7AM&ak`~@-qv#Z~)8(C<A+-1K)%)d;+Qld|Am142B9Q6Y9NUs6cD%{l)Nf
z#;YykFeXEr=x_kc7N{b75h~J;p;CJsD%Gd?lSSi)x<3i>Q8T5m7YxIma3$29ud(B;
zP#M_;_2GI7_JZ&F$$#Pl!h}}%HS7+Dun!7s6qKQCs28V0Z9y%RfmKirH$WBRX6V4Z
zkmQ(mp&WP3Nxt6)YJpi$f83_zkbgOx&O{G57i#aTpi;FEauQ7=)TeZ#o!<%d{65$l
z9)!x&TlW4ZP{;2J*ax13T2K!vSplR#y`LSUqYM;4ozoK73A!*HE`ZwOI8;E}psM#V
zD2K1Wv*AZjRh~L7$xNt)O@gY48Bhyw?fqp?nTg#>M|-~kYUTT&R@7>F1j^8dcKn&;
zH&ChXH9i^mP^cA+hjKUxD)4zw_7*|exz3K)CK)rE=*ZARurJ&Pm7+sXHSv3>NISDk
zu_u&+6sQdOp|)tQonHa9()Cao+iu6ZU@_yDpx*DtneV6bKbDSOm<R{JGB^R&+422Q
z-+|qB+zPd)Z$brh45~Q)0*Tf1JU5w%La41Ofums^91GXMYWO7d>-?W}UNTj)p$spC
zDxT#~hOdW;_+C5zI8-q`1(nhl?D#dPEqo99Aok5-q*jU!Bznn<{Hn$Fafv6o{L2Mh
zr0Ck(kLg^E_(NwdLa(5wQ4vxbh!n&x(X;3mNKGr>gXU;J`##!$RBLO|By_vJ|4P|!
zP+Oyr6RXhp2->R-ZD$hZ*YIB3zt6H3mZ1mG&(JnReJ0wExNb(u=xgXHq-|D9(f(J`
z38Nd)WON8c5Z@xR95tb~HqUm3!?EacRAuM3zzmdzRKRLiCXqM+>Z+jIT7Nos<KL8{
zOVCzyDS8==L{B2M`%z({$6rY}$o6-`>rtj1x8Y_wOOQ^L+D%C$t~YRf4!w?MBl$O1
zpli{cr~+MvE<|cMs2OcS+2|m80jZ5bd5K=~G7GezU8n@<Z$tYw%?@6LhY_Ffn7M_{
zi|8t(HXrF&ahejXFV_OJ4xNuiAT^zU6=)@zigaXGp|_BZ+oNb13ZX?vEt*8)8cbYS
z{}1Tgh3-Ieky<gj2fc*eMEa1dL3L;;dKm3TZOx%`fgL;oH`@LV*aN+T7NAz7mW6b*
zCo2EbQCr(irw{rm>W5~a2a#HR5{c`txZY~V&%@hLM?1a-{sdizI-mf09IZxb>ro?m
z8zuI?6CJf0)R5>UFK2*m=sdI#rJ^^`Of&^OfjpFt)P9H_L+Ki{YtPUhgU&_|AyeQ*
zBjHfZ#FB9QWS>I=oW=$w+(5lExn#EExsk<gq~$>0a$ibqIPAGjz^M&;QMan?*6{u%
z9b!(jw$5|H4bi%A$f>J#n!=6Fl0YcxTpI8i3QL`6*eR%(=((Y)gw;ijZluojG##yV
zttHQ?42P=gY8oRLuW*CmC62qaGT7+VEp~%V1=$r7{mz9=PL*37XbhgR90+=0C#%uJ
zT3ys@7yQ(sQfqj$=Y#_Fr`-7CwJBRVha>fYXuQY3>dsNGAslT94{Y|GKHYU23WNBI
zJE;r4=S-H3h)c9y)H5@}HSL3MxheHr-}q3l$#Kb$qa`)9OWAi<V`eqDp*f``@x6mH
zJItOQ|9J4{Ek}mLJItSTsnZY%FKseqwQeHJXtXX=<1zd;r-7;}&nc)3SGf~I;jD=3
zg@cO=vJ>OBELMfQ`hd6SR2Bo;41YW_Y*oMSY^c}r_hI?I?$bimi9GONe018iopb%;
z{JHT5)5>DGd0DwRS>tk@apUuI&l#IT>oz0cMYGBxfshvrM8lDMXGS9dUc^Kt+Z$w1
zUY!`^=H=x~strf$19d@vWw?GKuZC(G12t||8HJVaoEqmlu2(+u@@_My%`DEE<3>Cp
z$#-)7@nz1%ErH=(e1i(Bs@iSpw-s4EVwG=T(Z4RqKb?8BL##Lys0h0Mx56CnBr5Yi
zE6f*1{mvHVj?p)CnHpAUw&bM0+rBcpW!yeIQHuYzI5%dj{qKr%ROW<^rL(8E%+E~o
zwJgah>gbl8s?Q>OJ_D6H=2axutq=T<%Jgu~&H<Nw_siq8#Bx{o2H8SQ_?;FC1OxRI
Nk-Ex2{N%W%e*!p0XN>>=

diff --git a/locale/es_MX/LC_MESSAGES/messages.po b/locale/es_MX/LC_MESSAGES/messages.po
index dfc1661e..4926c273 100644
--- a/locale/es_MX/LC_MESSAGES/messages.po
+++ b/locale/es_MX/LC_MESSAGES/messages.po
@@ -1,22 +1,19 @@
-# RaspAP Portable Object file
-# Project home: https://github.com/billz/raspap-webgui
-# Licensed under the GNU General Public License v3.0
-# This file is distributed under the same license as the RaspAP package
-# FIRST AUTHOR billzimmerman@gmail.com, 2017
-#
-#, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: 1.2.1\n"
+"Project-Id-Version: raspap\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2019-10-21 23:15+0000\n"
-"Last-Translator: Luis Franco <luis_franco1990@hotmail.com>\n"
-"Language-Team: \n"
-"Language: es_MX\n"
+"PO-Revision-Date: 2020-04-14 08:51\n"
+"Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
+"Language-Team: Spanish\n"
+"Language: es_ES\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Crowdin-Project: raspap\n"
+"X-Crowdin-Language: es-ES\n"
+"X-Crowdin-File: /master/locale/en_US/LC_MESSAGES/messages.po\n"
 
 #: index.php
 msgid "RaspAP Wifi Configuration Portal"
@@ -35,7 +32,13 @@ msgid "WiFi client"
 msgstr "Cliente wiFi"
 
 msgid "Hotspot"
-msgstr "Hotspot"
+msgstr ""
+
+msgid "Memory Use"
+msgstr ""
+
+msgid "CPU Temp"
+msgstr ""
 
 msgid "Networking"
 msgstr "Red de trabajo"
@@ -44,10 +47,10 @@ msgid "DHCP Server"
 msgstr "Servidor DHCP"
 
 msgid "OpenVPN"
-msgstr "OpenVPN"
+msgstr ""
 
 msgid "TOR proxy"
-msgstr "TOR proxy"
+msgstr ""
 
 msgid "Authentication"
 msgstr "Autentificacion"
@@ -97,7 +100,7 @@ msgid "Client settings"
 msgstr "Configuracion de Cliente"
 
 msgid "SSID"
-msgstr "SSID"
+msgstr ""
 
 msgid "Channel"
 msgstr "Canal"
@@ -178,8 +181,8 @@ msgstr "Paquetes Trasnferidos"
 msgid "Transferred Bytes"
 msgstr "Bytes Trasnferidos"
 
-msgid "Wireless Information"
-msgstr "Informacion Inalambrica"
+msgid "Wireless Client"
+msgstr ""
 
 msgid "Connected To"
 msgstr "Conectado a"
@@ -248,6 +251,9 @@ msgstr "Lista de Clientes"
 msgid "Interface"
 msgstr "Interfaz"
 
+msgid "DNS Server"
+msgstr "Servidor DNS"
+
 msgid "Starting IP Address"
 msgstr "Dirección IP de incio"
 
@@ -318,31 +324,31 @@ msgid "Dnsmasq is not running"
 msgstr "Dnsmasq no esta iniciado"
 
 msgid "Upstream DNS servers"
-msgstr "Upstream DNS servers"
+msgstr ""
 
 msgid "Only ever query DNS servers configured below"
-msgstr "Only ever query DNS servers configured below"
+msgstr ""
 
 msgid "Enable this option if you want RaspAP to <b>send DNS queries to the servers configured below exclusively</b>. By default RaspAP also uses its upstream DHCP server's name servers."
-msgstr "Enable this option if you want RaspAP to <b>send DNS queries to the servers configured below exclusively</b>. By default RaspAP also uses its upstream DHCP server's name servers."
+msgstr ""
 
 msgid "This option adds <code>no-resolv</code> to the dnsmasq configuration."
-msgstr "This option adds <code>no-resolv</code> to the dnsmasq configuration."
+msgstr ""
 
 msgid "Add upstream DNS server"
-msgstr "Add upstream DNS server"
+msgstr ""
 
 msgid "Format"
-msgstr "Format"
+msgstr ""
 
 msgid "Choose a hosted server"
-msgstr "Choose a hosted server"
+msgstr ""
 
 msgid "Log DHCP requests"
-msgstr "Log DHCP requests"
+msgstr ""
 
 msgid "Log DNS queries"
-msgstr "Log DNS queries"
+msgstr ""
 
 #: includes/hostapd.php
 msgid "Basic"
@@ -367,7 +373,7 @@ msgid "Encryption Type"
 msgstr "Tipo de Encriptacion"
 
 msgid "PSK"
-msgstr "PSK"
+msgstr ""
 
 msgid "Advanced settings"
 msgstr "Configuracion Avanzada"
@@ -426,6 +432,9 @@ msgstr "Salida del archivo de registro"
 msgid "WiFi client AP mode"
 msgstr "Modo AP de WiFi de cliente"
 
+msgid "Bridged AP mode"
+msgstr ""
+
 msgid "Hide SSID in broadcast"
 msgstr "Ocultar SSID en la transmisión"
 
@@ -445,9 +454,6 @@ msgstr "Configuracion Actual"
 msgid "Default Gateway"
 msgstr "Puerta de Enlace predeterminada"
 
-msgid "DNS Server"
-msgstr "Servidor DNS"
-
 msgid "Alternate DNS Server"
 msgstr "Servidor DNS Alterno"
 
@@ -606,7 +612,7 @@ msgid "Diffie Hellman parameters"
 msgstr "Parámetros Diffie Hellman"
 
 msgid "KeepAlive"
-msgstr "KeepAlive"
+msgstr ""
 
 msgid "Server log"
 msgstr "Registro del servidor"
@@ -660,6 +666,10 @@ msgstr "Intentando iniciar TOR"
 msgid "Attempting to stop TOR"
 msgstr "Intentando detener TOR"
 
+#: template/dashboard.php
+msgid "Bridged AP mode is enabled. For Hostname and IP, see your router's admin page."
+msgstr ""
+
 #: common form controls
 msgid "Save settings"
 msgstr "Guardar Configuraciones"
@@ -682,3 +692,45 @@ msgstr "arriba"
 msgid "down"
 msgstr "abajo"
 
+msgid "adblock"
+msgstr ""
+
+msgid "Ad Blocking"
+msgstr ""
+
+msgid "Start Ad Blocking"
+msgstr ""
+
+msgid "Restart Ad Blocking"
+msgstr ""
+
+msgid "Blocklist settings"
+msgstr ""
+
+msgid "Enable blocklists"
+msgstr ""
+
+msgid "Enable this option if you want RaspAP to <b>block DNS requests for ads, tracking and other virtual garbage</b>. Blocklists are gathered from multiple, actively maintained sources and automatically updated, cleaned, optimized and moderated on a daily basis."
+msgstr ""
+
+msgid "This option adds <code>conf-file</code> and <code>addn-hosts</code> to the dnsmasq configuration."
+msgstr ""
+
+msgid "Choose a blocklist provider"
+msgstr ""
+
+msgid "Hostnames blocklist last updated"
+msgstr ""
+
+msgid "Domains blocklist last updated"
+msgstr ""
+
+msgid "Update now"
+msgstr ""
+
+msgid "Statistics"
+msgstr ""
+
+msgid "Information provided by adblock"
+msgstr ""
+
diff --git a/locale/ja_JP/LC_MESSAGES/messages.mo b/locale/ja_JP/LC_MESSAGES/messages.mo
index 5dfbb4babad9e6786cd3ab1f6a05b1f63ba8c0e9..1298711ada9b7409d7c004e6ba45a4f2ed3d434f 100644
GIT binary patch
delta 5457
zcma*q3sh8f0>|<HD1u^IqM0J$px`4#zzTy9GklaOYGB$!WrB%790)LVdkipcnQUf`
zp=B@aAwE;b@=<E`c57GMo@S@45zVu0soQS5?H=3jZ|>i+vuDrQd-%=g{{M6D|9S6N
zE9P&$)Bkx~)FX!DFi9ZaM;nvkGUmNbsx_u4&KMthurs#cdH4nLXTIU1BmRWFuwz$a
z+G2ma5C`E!I1*#<M(mCrY;TO;%;TgB74_H+gQ$+0Q8#W!HGIJOXH)|*TpW*y)-2S0
zg{b?Au^rxJ>+4YiSb}tHRz&n0vx*bVXq~-aJ9ePF7h`chYK9-+`FI4Y@g!>C#Y|K8
z&p~z2V9SeeFy-ZV0ltB1=R@RH^Cia8zxg{S8mWtE>5CZD01{9G=!aZlGEf5;i|mq_
zial`#YDV+$60Ar5%mzNRMX#e9KSHh052%4gvrK+9*qIZ}BoQ^jbmY(E@WHjF5PRb+
zOvFai0M}s@ZbMzS)7H1x@~5Z)oI(vSs)y5YC)5Nk?7{wPW(ibi35QxoU_Z*^Q61M<
zgP1`%WXr9nXQLg<pn)Z!26h#y-EpWH7ok?R5;f2Ts0pv^$@*&rHd3Jx?nX86mMyoS
zZa9Rx;UsEH+VJFQz@1P7h(~pliCV$Y*2%~%W;*J=xwgImwFQg)oT!5)d%;Fj!#j{a
z^Clk}*b&qXCy*DwoI=g09lgtV)Bw^@Z*DHCo$<(@xseauKL^#{J*chmFXKe->l)Mu
z*P~|e5^8T>Lk-|<bYlxf_7t^;QT%A=zK*B?bVohyDX0!JQ4e>n{eBecz5-+-eshzp
z@HrJ`4r)stu;oWl1KEfJa4TwthfxDNf!dnWwm#}&V+K-=L)GV?29}Q+&~(%UyckRW
zW*#T%Fo5bPh)K8t)xj>*QofFAumv@MuTam*Nn8HW+MXv-E7%>iReey`WuorC3U&YW
z7<vDTI8g_)P#w;*<$CL4)Do{mHT*m>S+mu805!93P)qwgYKH$py#<|lh4c_6qv~@}
zD>51V8d;I8C`XNOzO@lGgD33wTQHgOtM>a=REIyH26zVbFm`Y|^@*qnr6A9%8G=Lc
zTGT}DcC-HKU?CMePv&v#gFA2{9=7E{?1#1}AGLHdP&2MTZCNey8)N2MAGY;tQ4`#R
zx_*cCRcu4~og}|8@45&TtEpJt*IA-$rm3ZxfK191*>W9ni3y@+z8y8-J(!MPqP8+F
z#VPkj4PX*#0ym+yq}-P4{G9ZsVhLv94jhE1ZGB=tr+y5oz7EyE22_KuVKn{;HQ+<m
zZ%`foWbHsF`o1gbzJ92!@@I0wuc)~WwFM>CI^0D0aa+D_fYVVassSHrruSkVHro0F
zsQ3R1)I)dD*2fNX?vF=3yh+GJ{3e$ZjjRyq%akIkXdc37+=gy^*_J=UA(X?&BAK{L
zoGrKlucmx6^5B~%QTOjgwf_d{A^aFM@Y6Uz@BdGc6AG-awqP=9sT=uF1KX{8Z2g<4
z22P;{a0c}ZBoB7#$D+2V5Ose!YCw0O-mWFq)tE;AW*aA3lA~5vsxiYUC!*?aL2c1|
z)D|tZ<xR+QYu>i?Cr}-=V|g@@WV{q-U?wg_t;BxR06#;&MtGVNE&V@Hdz+Nzm|-1>
zYG5*IAPa5%D(e<h$NNwn9I^F(MYZ3SS3}>&qP`!9Y9}Y1^=Hs#iv1#hnqd?6!>y=+
z9YX$$E5rGIs5KuolX7GiO&!MIdeqj0P+M~d^^e@YQ3KGgP#5Srl=bhxNeUI`V;b@^
zZbqPfP^RN~I0xHf1M0d)jKh`IO{jMEp}v0?HS@!$34CSiW7!XFS-dsJ&xtykfl+uT
zGDve5s-caj8SX}{%=@SYzC*2Cm&=^%MqnJ}iP#ZuwPl~R-ntAmur)XW{hK&Z2j8MP
zjJn+Epc`I5ITN)4V{N$*wU=J(j0><E22m^2jGE9ERD1hT9UelpcLdemDW~i=XE;%V
z=ktWA!6B%JV>oILZ?N8tYG^g8fwia^zl7TR{nqbME7W_K)9y&rK#HtYsNa`5)PH}P
z=Qz>Q?m;#DDPD=kQ4RII!s%!<UPyTwYEON(z6sUATGT*xqJD^uVt4G%yQp?@ktR(M
z@}p>0;9R}``#9k@#AIbVGxu8WMLo^SQ4iNssO#3E8u$?PRG+~f*oIN-x?ZT2N<n=;
z7+t8&Yl)7D<aMI{Bgfs=m+@hHel3;|uPuv(WIEB-j3zqvki5v5v-gqhq5LXow)MSm
zCz)c);t{>&+KWZxDzb#|9GVZw*@HL7#02Me?(KiVRy}Eb91F-Q@)TJ|cr7Bw0zRK5
z?Z^j_8fWu#s!h3-%q9)w6Y>XAMbe0lxek$aoaUVSBR?gBDNH5B_JZe7o8l(%M8{1I
zk>_2fy~z$+r+4KsGJ{MaYsh5sN79e%COV!bBXz>@42e9dDr_g(HNE}k9`{q2L-Y>m
z2slJO>-l_xyhpB&)bM`<IFAI0hZGV$wmS3+w3VzR>Es>qwmLmX^z8G*{e0we79uZ^
z3FLip?s3gIg#(=HU1=o0CpVMT<QCGN@a{$qz1TVAAu^owCF(!&eE$aTB4Y`!j`=M)
zL<W#;WIm}Nm1HrgCTEW_dvXu1AWO*&wr&)@MJ~4GSbTuoM($MqFL3f2IeR2=GQt)%
z<D>R`6LunpNh#S!bPOT-smmqf$k}5(Ctb*L(v@6Co+mnHIq=E+_rvdgt}y07&fAi5
zGLtlsdr2EoL^hE7$VX%usUe>d9Z?RZ1%38hB#@5e3UWK?Nj@gyRWXLVLhc|}5*>Bq
zMKX}+c+<h`#Y@QL!E581JGif|s4SjU<|_?-8@IxhFlmar&^x=z<lXM^m3rNUw|i%M
zBL$zgBDA?%ew*Nyi=GNi?XkE`Fs9cv!BM^b7P>7V#?^6T$uA9+T%7-_is1Uh`WR1b
zSxs$OacDsAF0P>8eP8<$Pp#MOtDGA=nbkeiBPq+3kXKRW_0^iGW!2saZ%vJRLS>29
zcuH>70E6XyDx#}BHC3Lf;Nd=ni9^#<(=SWS80JpT%)WG3?08R2ZE9h)$5&I~sjaLI
zp6oNI|9ECF$5ZM}E%bV3XS>IFsyse#jhAbk`fPW(XXdy`!GnEo4rV1M`=_PmRaed}
zDf6XHs;(^e7T0FGoepDv`R3ev&#4|$R^iQdr_E**-s&{Q>#6Xjd3`gd6r_#Mn>k^0
zLBYteqYKhzGb;vEGo-3A*5uUGR#*B;bB~3ZzkB7eoV1`X`A}Tzu0ZR<i^74XaA0FN
z5C}KC5FC>-F+JR{TBX49aKp}UU|~40E*y9z9C&(EenGh5#mM;*eKsupdhhPmMNfw|
zr2NCxA#c)@V>{Ni?s`7>O#kH2=l$<*8|*Ro$57AIgKdN7WlW0;2UdjxG`#NU?!CvC
zH6LGmf2cTPmn$^xQlBg7zehsrt@k~6qNy=l|7f_OG3Xf<A3Av1-v4na*R`%Wd+9@&
z&qg1Aam&}u3qwPPt#So>W_>dJ=*x@LQ2ml)E4LkM+UzuH{?D0)+GV%6dK_P{>iG7@
dSfp@ZZMfmt$h{%fC-|2u<73V~IMF#v{{yI`3nl;n

delta 5783
zcmc)NdvH|M0mt#Pyx(sj0W=q4fFzJ70g?iW5D*P72~vFFLT*T4vm5qq2vKx-$g7G4
zSI~kF6t$v=!YT+-K~cn3#7b$aRt9BsELuAXRvmGs-{0;D!;Iq}&UB`C`0eMMv%BYY
z&)w*A3+``-p6JqSz2SPF^d?`lFebxi%)a(&HD+=bV}dvZJKzCqhewfr<{!ND!hd5^
zY}?hCi?Ad1zzl4OBd|M`Vk^7>I~x-<E`@G1)T0Kt3-!fKsE*^-qo@u($DY`PFUgBh
z-y4Sd-Z*TIGi|$znm`0K@FLU#mM7Yy#@s_e9dE?exC7hZOV}0<VMlxy!}u{Wb2E))
zs-roW7{JyS;Xv9~V<+5&>gNsQtL7N0|Ie^F<C`<~jqgzt=)i3BffS_4q@yNKjNBbF
z9#e5LYDIG~3q9nYd59O?nitT)!>AqlC+@`WP!oQd?TV`7I0dcfAZn(^k$>hRUihr}
z9@DT>iZPd99%>?!P!qluo8ir<&%3sLk*%*lP3S??gr7rAU{4D7Umd+dgI0PNwWTMl
zpJPAj-=QXu#<JyQn2$4UeI4qo>_AQM2x?+qp!)p}Y6seJU~~(5p(dKwll|Aq$I+mj
zn1PyMHL8QKtuI1-VL9sa51?+*cGQITpeAt0zW*_*zq6=;oAIW0wyQM_nUl$m+J;ip
zmP|nnGy^q2Eoy*Uk-p3-)C9MnKEDllAk6cql^wQzh#L57)RXMv*;YRtktWj{2V!&>
z1$E@22ChNft2<E7^L?m^Y(lNz3DmvbiJHi6bnpP`dmo{0=~>kGen3s6#l^{|;Ud&{
z{gB5rYH}#(1A|dt9F1DhRknT;YAapaUWb~%Y8-%fqgJ>ZHKEs0x9Dx#eiAdOe`(uO
zI3OA?3tKY2DW;&Ak3!A395vuf)IcHZgAvpK8&F&MFlyj!sI#)y)?c%}i`uc1s0Dq2
z`kYR%CfEksGrs9fK^<nH1{iAVms=;GCUzaFLl@aqGv9hQYD=F+?O+_WpuMQme*|^d
zPTBS!Q9IDdVgEIwGzx0S#8MoFn&Iu%wWt+5iu&9xycAzYeeN`B;B%-$*p%&3Jq5L(
zG}Pf8fCV@jwU7mU*nf4rlm?y34cHfV;v_t7>lrkv<10~Hek1DE%tQT9)mm5C_RXk;
zJ&xL$XRW)j3HANB$!E-~eWR?3hMQQ9w#=82v>UQZraz|RIMj;fA>TD&)WGXex9%Ct
z!@a11KS!ORZ&0_OdB0@67xt%~jm0=MN+FxV8vDi``^HDMy%(QW2jfs3-iR%*1~uV`
zbtP)xjkf+6>hrr%kM$d<9Xx^jn3^-F9gnsfkSq+q?KF(B^)sk}I%Xz2>W*4zKOBvP
zw!I$pS8gThklk<FccQ-kD(bMliCV~~sEMCL<`6X<vyz8tDC!G0po6n*{SM5bekZb<
zW-sa%oWv`zDci@BWya!8bW#1J3``D`hB|x&s0B<w)@H6t$o*eNLHA-C>Q;P;>Y&S@
zq^VX1^?rYBhf`4#x*0X06}EjVYNfkS{k(;m;4#$G^0l=YtIB13)1890XsmTMj-bBS
z)?Y^5vky@B?5wSK%1!<-Wun@zMh!FvwV)MPhzD>8o<(haHYZgR9EnlQu$%(-!d#CX
zahWw{-Gb^Mj)~{pwx2^ytX+Qcdl}Xu)I>^cy#h5(#J1mxn#jg{?!P*Ch6Z-U9I|hm
zMXji1LGtf^I%<MfA!C{_>isR&{iqdvfE)|+6>=9%Z<gN@$D?l56x6M%NBwczSjhf&
zq3{q5opA@Y#)GJxID-7$Fdw3x_a9LAzU$!RFPnq<TqdfYVrv<ypPBakYSa!ipcb;&
zwm%uAz>l1H5jDX3s9(0Pkxek)Vq$=z<O+*XE1!h=-aORKtwDY6CDcUzgl+MJt)I63
zXzj%P)P$nx6fUEXg%{ymR7Z=k6Rt(A_z_#*j=Hz|u>+pKZul>3g-wPg7t$8hPdcif
zLR3FvY<&vSPt?q!ppKTH&ca&Mz1nI$ikj&+s1DAdR@i!2@?Q70jzjH87&XCrQ4@$;
z4`M0xW5}<)N#zmIe}9^h6ttz&Q3H7RD_o4~a35;G6R4GbW$P_Uk^`io4qYbd2dNyp
z<9(>_Z%5{A-a-BFw4(ER%*Sj!|63`f;Bo7hsKe88c=89QGwO>YP^Y#M_4&D|&n-jk
z&>H*xz38LP9We`tuF2%JL@D{Aadkys;w6?S@_3<3Ds5fdNp2$Ava#eHvY+U0fG(|6
z2kj~H3fW3@^(1@9wW@HjCUYN2Cu_*%<Q{#UC(8VVG+sLOEn=%Xq(vXLO`EM%SWdQ(
zN66EpfaqFD9w*JoG4e9e&C;b~J)4Bcax#V-Az{K#saZrCNaHmlS%@a?UN)6qlM4Ip
z6R5kLMpA9t^;R7>UHZjnyt-0&fXpOQ$dlw6@;1pJe;~RZC8H80V;;jEI-0t6lci*!
zDi>V8p{!%n-nOl{;JrI2zfO*mskZ$(yoIbMv&b}Z1<{p9c9I84E;&rzu;VBG2dtQe
z#%mIVIN3!e5<P4eUgK@$&v=yR;l7*vk=#IZ-AMGqT%-zDXTqs9>&OVwmn6n-Md3Db
zJGqkZ@S0WR??gYO&y!n8kjy8#B1saj0b5>-8_B(7I?+{19wKj%zY#r4cadtcP~$&K
z;UH<e9154&%5%8MmbYU&@;;eMUM0Hp!`z#UBv+HhYa4}5<aeYCDI>opx@wZ}%KG1g
z-`a*lxRx}v^_%g2vV=4te)1w&O>}J_b>ux&xSAy~bFkKyMK98Z3?=hO3i&IUFpQUR
zWFPTJ3DLETyg&x1a=~?gawZuZo6+UTc>AvFeOXoh;2hT}uX1Z#Gnz`!4PYqbxsKnd
z3V9K?!tvbj0yi9gx!c4hQ72MW?Kz>^NOdUaR989;p*pADAB;HH_`TXulbuM&89r;I
z=LRdBF%zdc^XuGjwd<)lQsvs7JZE+&SXn)%E==dM+(4+_aTm@G)Opnl+(5(d+*u=Y
zoGTif3b)c<7dYRuKj4L&L3JLzRYyFhuGWi$U4M-;=E~8NZO8pRC+M#^KTJ-nd5<TW
zhr%`fNPKILwM{Nbem3kfD=*@ive29hCmAd1Sr)si=jrTVpuurjaborjiH{_=;HMLh
zM|!pP#n<&N^~FBB_?CFhCGCA<F4!P{MTO@KpB<`jM+QTK!mbwzEEt}fs5fp&MbNA9
zd-Kn4iC;UL6I+<JD&E#9^QDdtRwh<JtC?OMb_1^GITPqH=Jg3Q&(A5y$&Y=~r+i?3
z@u2*?K?Oxl{?L-a1=)FAZOZ&!WKen7AM^tLNGM$5Os@_Es{J+h^u4sjK&K!tzc{v}
zZ^~e2Kvg7C>y_l@*4NkPMD+RUN_Sz->`+Z^&_AefNM3G)o%V9`^9C0TE6Sbg&&`Z&
z?R$N@G7e9je~w$?%=O2brf0-9q@Rw(E}a+~)iovFCF5IPtZV=D?mu&!iu$i=8Z8a_
zX9e8<+o39S5~u2y9jbj<KeQN|JXO20-)-6_ag1~bfA(Ol%$*TGle@?Fi%!;4`L(`S
z$04clX@&cJu^~lU;wOtX`%26IC&w!~^u2D=&ObpssP=%z*AIKgmvU;^v!|9mc4`^_
cww+qK=hTwzpDtVe$>trg+e&)I9xhq;Uz0IB`2YX_

diff --git a/locale/ja_JP/LC_MESSAGES/messages.po b/locale/ja_JP/LC_MESSAGES/messages.po
index 26401630..439ec8b4 100644
--- a/locale/ja_JP/LC_MESSAGES/messages.po
+++ b/locale/ja_JP/LC_MESSAGES/messages.po
@@ -1,26 +1,19 @@
-# RaspAP Portable Object file
-# Project home: https://github.com/billz/raspap-webgui
-# Licensed under the GNU General Public License v3.0
-# This file is distributed under the same license as the RaspAP package
-# FIRST AUTHOR billzimmerman@gmail.com, 2017
-# 
-# Translators:
-# William Zimmerman <billzimmerman@gmail.com>, 2019
-# 
-#, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: 1.2.1\n"
+"Project-Id-Version: raspap\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2019-10-25 17:42+0000\n"
-"Last-Translator: William Zimmerman <billzimmerman@gmail.com>, 2019\n"
-"Language-Team: Japanese (https://www.transifex.com/na-360/teams/104285/ja/)\n"
+"PO-Revision-Date: 2020-04-17 06:37\n"
+"Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
+"Language-Team: Japanese\n"
+"Language: ja_JP\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Language: ja\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
+"X-Crowdin-Project: raspap\n"
+"X-Crowdin-Language: ja\n"
+"X-Crowdin-File: /master/locale/en_US/LC_MESSAGES/messages.po\n"
 
 #: index.php
 msgid "RaspAP Wifi Configuration Portal"
@@ -41,6 +34,12 @@ msgstr "WiFiクライアント"
 msgid "Hotspot"
 msgstr "ホットスポット"
 
+msgid "Memory Use"
+msgstr "メモリ使用率"
+
+msgid "CPU Temp"
+msgstr "CPU温度"
+
 msgid "Networking"
 msgstr "ネットワーク"
 
@@ -115,9 +114,7 @@ msgstr "パスフレーズ"
 msgid "Wifi settings updated successfully"
 msgstr "Wifi設定が正常に更新されました"
 
-msgid ""
-"Wifi settings updated but cannot restart (cannot execute 'wpa_cli "
-"reconfigure')"
+msgid "Wifi settings updated but cannot restart (cannot execute 'wpa_cli reconfigure')"
 msgstr "Wifi設定は更新されましたが、再起動できません（「wpa_cli reconfigure」を実行できません）"
 
 msgid "Wifi settings failed to be updated"
@@ -147,11 +144,8 @@ msgstr "隠す"
 msgid "Not configured"
 msgstr "設定されていません"
 
-msgid ""
-"<strong>Note:</strong> WEP access points appear as 'Open'. RaspAP does not "
-"currently support connecting to WEP"
-msgstr ""
-"<strong>注：</strong> WEPアクセスポイントは「オープン」と表示されます。RaspAPは現在、WEPへの接続をサポートしていません"
+msgid "<strong>Note:</strong> WEP access points appear as 'Open'. RaspAP does not currently support connecting to WEP"
+msgstr "<strong>注：</strong> WEPアクセスポイントは「オープン」と表示されます。RaspAPは現在、WEPへの接続をサポートしていません"
 
 #: includes/dashboard.php
 msgid "Interface Information"
@@ -187,8 +181,8 @@ msgstr "転送されたパケット"
 msgid "Transferred Bytes"
 msgstr "転送されたバイト"
 
-msgid "Wireless Information"
-msgstr "ワイヤレスの情報"
+msgid "Wireless Client"
+msgstr "無線クライアント"
 
 msgid "Connected To"
 msgstr "接続"
@@ -330,31 +324,31 @@ msgid "Dnsmasq is not running"
 msgstr "Dnsmasqが実行されていません"
 
 msgid "Upstream DNS servers"
-msgstr "Upstream DNS servers"
+msgstr "アップストリームDNSサーバー"
 
 msgid "Only ever query DNS servers configured below"
-msgstr "Only ever query DNS servers configured below"
+msgstr ""
 
 msgid "Enable this option if you want RaspAP to <b>send DNS queries to the servers configured below exclusively</b>. By default RaspAP also uses its upstream DHCP server's name servers."
-msgstr "Enable this option if you want RaspAP to <b>send DNS queries to the servers configured below exclusively</b>. By default RaspAP also uses its upstream DHCP server's name servers."
+msgstr ""
 
 msgid "This option adds <code>no-resolv</code> to the dnsmasq configuration."
-msgstr "This option adds <code>no-resolv</code> to the dnsmasq configuration."
+msgstr ""
 
 msgid "Add upstream DNS server"
-msgstr "Add upstream DNS server"
+msgstr "アップストリームDNSサーバーを追加"
 
 msgid "Format"
-msgstr "Format"
+msgstr ""
 
 msgid "Choose a hosted server"
-msgstr "Choose a hosted server"
+msgstr ""
 
 msgid "Log DHCP requests"
-msgstr "Log DHCP requests"
+msgstr ""
 
 msgid "Log DNS queries"
-msgstr "Log DNS queries"
+msgstr ""
 
 #: includes/hostapd.php
 msgid "Basic"
@@ -438,17 +432,17 @@ msgstr "ログファイル出力"
 msgid "WiFi client AP mode"
 msgstr "WiFiクライアントAPモード"
 
+msgid "Bridged AP mode"
+msgstr ""
+
 msgid "Hide SSID in broadcast"
 msgstr "ブロードキャストでSSIDを非表示"
 
 msgid "Maximum number of clients"
 msgstr "クライアントの最大数"
 
-msgid ""
-"Configures the max_num_sta option of hostapd. The default and maximum is "
-"2007. If empty or 0, the default applies."
-msgstr ""
-"hostapdのmax_num_staオプションを構成します。 デフォルトおよび最大値は2007です。空欄または0の場合、デフォルトが適用されます。"
+msgid "Configures the max_num_sta option of hostapd. The default and maximum is 2007. If empty or 0, the default applies."
+msgstr "hostapdのmax_num_staオプションを構成します。 デフォルトおよび最大値は2007です。空欄または0の場合、デフォルトが適用されます。"
 
 #: includes/networking.php
 msgid "Summary"
@@ -672,6 +666,10 @@ msgstr "TORを実行しようとしています"
 msgid "Attempting to stop TOR"
 msgstr "TORを停止しようとしています"
 
+#: template/dashboard.php
+msgid "Bridged AP mode is enabled. For Hostname and IP, see your router's admin page."
+msgstr ""
+
 #: common form controls
 msgid "Save settings"
 msgstr "設定を保存"
@@ -693,3 +691,46 @@ msgstr "上"
 
 msgid "down"
 msgstr "下"
+
+msgid "adblock"
+msgstr "adblock"
+
+msgid "Ad Blocking"
+msgstr "広告ブロック"
+
+msgid "Start Ad Blocking"
+msgstr "広告ブロックを開始する"
+
+msgid "Restart Ad Blocking"
+msgstr "広告ブロックを再開する"
+
+msgid "Blocklist settings"
+msgstr ""
+
+msgid "Enable blocklists"
+msgstr ""
+
+msgid "Enable this option if you want RaspAP to <b>block DNS requests for ads, tracking and other virtual garbage</b>. Blocklists are gathered from multiple, actively maintained sources and automatically updated, cleaned, optimized and moderated on a daily basis."
+msgstr ""
+
+msgid "This option adds <code>conf-file</code> and <code>addn-hosts</code> to the dnsmasq configuration."
+msgstr ""
+
+msgid "Choose a blocklist provider"
+msgstr ""
+
+msgid "Hostnames blocklist last updated"
+msgstr ""
+
+msgid "Domains blocklist last updated"
+msgstr ""
+
+msgid "Update now"
+msgstr "今すぐ更新する"
+
+msgid "Statistics"
+msgstr "統計"
+
+msgid "Information provided by adblock"
+msgstr ""
+
diff --git a/locale/ko_KR/LC_MESSAGES/messages.mo b/locale/ko_KR/LC_MESSAGES/messages.mo
index 9eb3acb94edf68896a63fac06ad39a3490048e01..f5163afc54753ae103c10a4365c5da3a22e34bf4 100644
GIT binary patch
delta 4813
zcmZ|Sd303O0mt#11QHUKgf;9LvanA!_F>aPfSLp_0R%z95Jn&*nK+415IYf&t<f4s
zYN%i;i%20Lj4L8gD`l$%>mPzB9(rsm$T`qft#Ulj?{D5k`KR~fH=ld&%)9r#``(*@
z4+Afk1uwO0w#iWbLb{W>SYtXy8S_Ic^%^s^tud8&KeoYRsJG5yJNy*8;dP9`mUMQ+
zM2y1>?1XM?f#Z>nnnLVgOwg22(ZDsBjH^)tzF>V5HNZ#M6|Y*Gw|9<np^nSK<~Y&z
z7orw02Q~2m)WR!l{|by}ezS^70&mn|OMD&^aXSVuj9PJTma74VqXy2i?Lr(#`$0^?
zb*OO~kUz777mfcmYJu<D{?i!G{N{7}fh(x3`x>=?1R7io(-pg5FVvZg#Qr!QwKINX
zQ_Na);bzp19zrej6l%N=Q73X4wZQ*iP+NDKiUvyNB?U9FCr-wAtiWct4EZxFZGXtN
zx1tvC8ft+jP!pd+oxpiy3iCN?2fwjKC$s;(=}2T1ns}&n2IkOSYTK`%?unDAg?)iq
zSWIVU;MS-!PD3`&<RWvJiKsK4i`s!I)B<Z!$8YG&{;MNIhYr|+Iv|X?X2(%0K8ISs
zXQ+w3M{QvXu8Zt|x<oG9_MmoP0&3jJsPTNL@v2Za^W#A(T0jHpfR~W_&Fn^<$-CCS
zq9*<)w#IK!12tn5Evzl-csFXoA*f4IfSR}jwa_xurCf@dH~1J87nL=r19qaW*;}Xs
zkD?|%jk>!ppeDMCx|{!P-~SGETpX*>3A91AQ&C&r&-RbNzO)OG6A7B7RJ4*csI7m>
zdBZefKiW;U|6|lbuAmn19csb)*3v@TqbBN!I>Sutg@aJzPe<+8T+|LO!N~K!+;*(C
z)}ywn5p^beP&dm_)B;bT2DpeC@Cs^zZ*BXwwN(#iVO>z;r6X^dY-=IL>G?0CqOA&`
z&S*L6aj8Qtv)N|*52JSAENVfQZ2L>p!v1TG=MmAuyP-axh3Pm3^|?~ie2-#Km6cR<
z2CI?FXzDN*ccE7P32MN9AiHjEVk&mxnVo_oQ0)z<o!N`J1c#6()f}~cZ2PaHPT=bl
zuD`D3EjnbZ%a~|vgQxfrYKyhBFLEI@@Em5*8I@sVr!cZ$)QRju7w$uy&{-UU=k5D#
z(wyTvqK;2b3pxW2qk}b=Jk%NbkU#T;?cZtJ$E{aT6SihwwXhDTGfK7XfvBg&gSt8M
zQ461eI#C~L0Tn?i+M-%(gY{K>mj08rJv+mhuo^YM3e<qBa17R?7IF@C$u6NT*;Uj6
zZlM+&-`n|KNkV--m|;5xp^J`5s4tMk7>l*2yLKJwfE_p*4<di&1~1$WCb^F>18^v6
z;`yi@S&G_;TGa9NsD(Eo^90R4DlE<%#}W7yW@1KPXXVqZCCCkK%21Epdem{7Pz!hm
zHPI)iiNCUbgF2zxsGaH5&oLF#nBQbl(KRo!R-(>iBkIiGKs`1ep}vy;j+*Eu>e99B
z?@W+}YI|@f79n$*4XB+uh;euUb+27koB2%?v*`ozsIAFHJ@;d6dlqUTi%?tpBqrcy
z>kib;?6>cKfU&eM+xC~J9s2>b@c4oJPGDCI##5O@MQ;=#H?}E7ZS6YL2b)k6UqtP|
zb!#);%%R-{)t`?#ZXW8AtVNyiPHcruwtdL9-*dD7+KRJu=yAA?T2M4MfX=WLYT{(n
z&J4iT=)uUsQJ1C&b;b)&6E8u1ZX@dW2J2qbJ$B5#e>0Q)*9u!?ITIvVQ;;XmWZHJI
zbv|m~M^F<7ZM)vuh#Id6*(CG2?f;wg2DYL97PiFJ!EEPOs|#wteyFV)iAgvKb*8gy
zyA-v68q`3mP&-v`+gmV+_8!zYhf$a26uR*e@@HCc-L%l)Xeyc@50h{T_Q83m9axWi
zdzvQHQ*sV9;5F1jqH>+PKhfG7HO^?%`;&1n&Ou%3dep)WI0nrT+i?aN)11e#m@vqh
z=swheCCFtnLF+zTLHjfG;7n%Gj)YM6!Zy@XwHx&qp0oYmV<K(+FvRKkPokm&I$Kka
z-=6<lw0b=y8|)_-FY*PW<`UA5G*^SNjJ!zZklz#SU_DW3rWfY_u{=agTeh1VBKk5>
zSxfYNprT80CQ{?~8{Z`D$x-qextB~Ld87qV`I$rHJEWBQMB9D}gSrV+`jcaXf7nLK
zd%SKWkCRPA_kxO-{FeMl4ay$Um5e9PlRp#PV2enAEF~(xBOj3W$pA8ew7qlwTypac
zSw~c+IhY03hf(*&V)84ZuUD0YgeS=qklzs9AH9ffz?aEPa)RgvFDF}x$`o>cq-OX3
zIU2tvV@U%!Kst~+Wwx#S0#}g~QcF~RN!CPa&QJC;)LRnWjE@i(i6-lb%4(8N9wYB+
z{wlJPsJ!41d3}J_gQScUMS7h7rcbu@VHise+x9+OK^kp)xmBDZ`sN!*PLloPZ4x}q
z%Mr4TY$p2pe1p72co0mOxXCV}($T>@f%?&zPF^9$$sdT1s60&`B!46oM5V^Tykt$h
zbN%aVhv-X2lBuMUR1=jQB!k>Tn#c@tA1NdW<WBKZ*+NQe$2gotw9`K)+sRxKB6sFD
z^Qpc{Mv+0JAL&C>_L9+&n)6RBRd?F9h`Fn-s)xKzipe~p(wht?PpUDhx+dVSTsUU3
zzs47OsNI?HJ?&>lg%5Tphz=b{ZVW%r`RV9zT({h)(8JwxLtDE4EBtJaUD2VSYi+n|
zuVM72R>cOq)m7fA(8bhgJ#(|&*@N9VgI(FfJwtL53cS@d?r8yUWp%l?#vcgXNF9(-
z;H_NvsCS{yJ<aE>@VN5*0iU;$PddFG*Ajn8eo^Rb+U(G<^z`6N_qc$6*@DHD?x_KP
znXk0Q<8r1;`01UykG-pV!s2qD$CXvV8hnAQa(}6}+?VC6ESX-MRWPokFt51y-idj|
zSrxwOYL-)-S>;doaW}4QKYVR#gJ)EzJpGICqKp@#!ae%L$Am8QzZ5<)ASWi=HtR%G
gsCmw;@cf*VsPNj{{FqSk(EZ_yLqClQ9UorzKXP#hMgRZ+

delta 5825
zcmc(h3viUx6~}K92pXQ@8D8cK5D0{1lMsPK2x5pJAVd?ih=LokBnz9}u-}G&po>&3
zR-{P82fnBx)`Eycr6>xDAZh_csIN+WbUL=s(owXiRr~wz-q_68>5Ma-=^g&x@1DE&
zJLlYU@BPB2`EP`y$Gf&!XK3%De&}SfF_{U*?CPjdW6HZ46NHz*PH+$G01rd{ncws1
z3s1o$*uI-FJz!_p3ueN0a4hTz%ivk?N|<U))cELhXP^-(z$&O0?}2jMY<U>U!3o$0
zCi0TlAL_l)Q14BIZQ&d{?t@Ao0u^`})B<jdjYo}HOGl2^!?WQNFa<sf+r#~^Gdu#r
z@FPg(W(LcYqZ$|sVC`jaIO8|NF7Rn6KQBXGHE%-s{{*%rzWL1l@Fi3NoybNL(jY@-
zAXEZHklisC!QQYOYDM$mFz7=5nfrNYYo3A*JOEXpKf~?t3{=9KDOXgEo9Sppd!aHt
z2Ki?`<iT9?B}|81(u_F==0PPg9V+3=U>kTf)O?>EUuNx_pc1+dD&cKV3G7T`|K;cf
z2DH)xP$fNXc>)f`J_D6NI?EQv!F)K!+P6WSl_#JQJP4K8NhrTxKvkdv2S!`a7b?-b
zKGa_;pU8kJF%v37Ka_*8wU<G?a3j?Gd!e>yD^$Wep%U0{fBy)|-)X48ZTL}@?Pi${
z$;o6#?LZk+NiKm3G!rU7Jyd|D5MO2`RDusd&EEpK5avm!l^w8rA1d&tP&YY&yDdMR
zAw#Ag91f$S>Bx}}DsUatUflq7pYMc9<Q}LMY=YYB?NEvAfDYUP_1=e2TY4Jmy|1AX
zN$wxN4LzXZ4TfCPsL7?H358HEmO`y)vbASJmC|R&8=w-n8D_!NP%GR4mC!z@Ejnb!
zKY&BA|7OS2I3S8Q47MY_DWapy$3taY2^DY-RG<*dfDxzwcR-c$0jR)Rpw7xO)_%$I
z2vo&BfLhQ=sChcUN-za>B);iKM-GQU1sG-R^DQriO6&?KhdxME%|gr7P$k_ARl#Pc
z1w8|G`VT@KwvX-jH&7Mm;!uBOlukzjLtz;l4VB?_mTRC^@F3K@r{N&D4{F|DpaTCB
z>JTPTF4<{N3rdGNyjidSmO?FLQ3myw;}s0(RNesx!0m84JZ9}o2IY7XRLQS`+L{GW
zAF6uGm3Djs)WRNys?6h-J76OAZg_WsF)t2?8nc{%D_M>lzYn#-6Hq1m3M%uCnei26
zK?mCd6}TK~g|+ZpxDaaPk3jj^3gzcHDF3fRs&9@%E%@6goq=@v437U$0%gy(Tmh4@
zH$gdg3~FW1T6-VVADK6y&d4930-u6f`L|HlI(bMuk^WGL=UGN4+0NB)Ek7)_cKfV&
z;DN9m<HMjF7r+uY9x9>bP<y!=YAe@6C9)MJ!<|rDw+CweF>8Me9o_#kbd+K5q45{;
zpicKFs23{XSXc#FjM)IWN#<pk4gUlcxa+X^U$?>VZ0vWSD)TXvpVLqaNaQ8OONE)l
zH(7Lw7?=ig;Yz5?cfb_*yyYv9Z-_YxbzMJ&?4J1!DxplirwTX$DuEf6bD#qHVSBjT
zaupm%d~+8a9fn<&Z$o^V(@>Rga^lx)EL16{Lj|ga+RFy00JmCuBOHmn3sPM38C2!^
zu{v#KDbyjH0;3vOKt~f?*a@zO`d~b2?Y&Tm9D%y;r=Y%&37&ZAQ=uxAX_*IAsq^gb
zGodP4XYB~=fW6W~{k4*H43MPR1Xa4DP~*p;Zo?_4Qg_RX&ntr3^BSm%EVWz%^RXX>
z6wkb6$J;Qd_j^Na)i{_0XXjIYRiKIiWi%hkZnSn3s#L3>?(r6=1b0KN_!X!`j>1mx
z6W9^{18QE|f_TL`LscLHDuFDhc@v{_<Y0!SAGX217V1#0fSR}qDzR6g0v)mZ5b}*O
zf46pz5%J##LA^Huro!>ouCVk%`HP0=s8o&ihmDrop#trJI<<#kXZRkJ!xK;y`v!J_
zDTVPB_l2@Ep%NGg<!1s^#VV{l8!|6y>gdSPb+9|U1?IpFknJ;vpfddqs-*4s&MH7E
z90CVGRbVpYvu;9Aw`ncx4!1%jvKN-YH=u4yFRn;W-Tz!Va##j6@iIs(Qw_EEcS9w(
z6UyO!Yrkjt31qv?=WrYxGAcf=2I~D~Fc;oy`5L?i`zu&XeA6&G9(Ws6sh)>AEC->k
z<x!}6{Iwk)#KF*3WJ6WvJgE7lmXjfW++yE=MNq9Ay%g)kABw9MeU?X4tV;=@56!c-
za0{A^RN@QK>u5JBMQS~f&d0CO3+Pd#roWmy(Pc7d=b<~1uJf(ve6&{k&-pP&QA<-P
zwHmb}=$TlL|Jz%>1|P8f4VJaA5<P@|i8doHM6CUc=fkKidJ{d5w2f*#wEuJIgwTy>
z0y>DoNPD&nEkP}9rtM_FZ1fXUZO1mjVJIE-wqvs_wOwlZDz>z4bnYd-nS(Atze1Oy
zLnsqHhtwWK<6}KzHo{)EzXPs7y1uR3&oLU24zt=#am1cC@Z5)vp$eq<<_e?}xeisK
z8R!C}mWQ^Z`;Z46KrbV;!Kf(Ki$A7=X7n_ghV-Rt-7d1m8}KmVut&{mI<KNDk=j*A
zr<!XTYpFcPpxe+`Gyticg|0={p-G6#VOFBI(Gc_`T8e^bAySLP5qkz=Pu9Pj&U$n^
zx*VyMq5IKq(OXC#o>j<?7Nf_}UewYYI^(Rd4c=q>TVV(EE}D;CL~1!me^E<R|0$@Y
zZK2Zz-Hp1Uspt`;Ru@O?`3lcpSbINQgOaR$HM|R5j}nm={RZ8P)b2nH=p7W>|2A~g
zYEXTw7k~5xDQFa0fYQ+K(8XvX+J#(HjMRRLo<dnNTD3j&hoVCC7&2qrNH`R%DVY{(
znw5I6yVFq5fX`d!Oqf>TxW4crU$}Wt*EtD2YC|E{=XjmkkQ?z;xBPT{w`qw{CsONo
zolt$m9|}7DdCrnhgVX2@Mx0B%ZvFUjClYeTRF$~CV0Fyv!UkX1?{hUAsr6Y;t}{0j
zoae7;2;;oU7YH>vzQuC`4X%HYFR)~cr>Z2^xnPM??VIOq2z>9^8*oETPJ@d#f5dH-
z{G`%y>v)Lk1if|NhskX^&|_2EP`J(;X%6&UlX#9ZL36`CvT`G?nHs8Ton-Tww2=wf
z!N3y7M<pDkzNA%YewcOB@IHl!6;qmK_xY@OYTqr16IzwVTV3rsW9EjceI>zAPT1#$
z0*l6YVs=Y0s)KHw*IoF1F}$j2Zqpb2S9bluzPQax&nZr5e^GE=Y&lG9+MIq(+x*;u
z-2A3&r*e3HQBHndPQkfO{;1-@g6uq6%2cl#$*Bx`gKoeZ35AQD%l(0X-&@yop);s_
zxKogqU&NeXO@p__ms80>D0ZfVI1oW6t2Pp;cZ)rq#>U3nh&=e``4;ES4b^#q-kcF5
z^E?rzyPo{K!h+G~dKQE{L!18U%<9nMt=L%*YMPjl+4OG4=e@>PSGU@&e;>6&10G1|
zS^A&PT3}F0QnW1StqS=5Zzpbq6FYK0?!+|=`9t!B@grA}RgjbsJ7fR#)ZLJM;K!Z1
z$vLx<$}6TcZ_IHLns?`xCzVzHPYzzEf^FSr{P2_DHa}PJenRre4eL%cKiRal@b-TJ
DE~Py0

diff --git a/locale/ko_KR/LC_MESSAGES/messages.po b/locale/ko_KR/LC_MESSAGES/messages.po
index 9f3a8aa3..2879edcf 100644
--- a/locale/ko_KR/LC_MESSAGES/messages.po
+++ b/locale/ko_KR/LC_MESSAGES/messages.po
@@ -1,26 +1,19 @@
-# RaspAP Portable Object file
-# Project home: https://github.com/billz/raspap-webgui
-# Licensed under the GNU General Public License v3.0
-# This file is distributed under the same license as the RaspAP package
-# FIRST AUTHOR billzimmerman@gmail.com, 2017
-# 
-# Translators:
-# William Zimmerman <billzimmerman@gmail.com>, 2019
-# 
-#, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: 1.2.1\n"
+"Project-Id-Version: raspap\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2019-10-25 17:42+0000\n"
-"Last-Translator: William Zimmerman <billzimmerman@gmail.com>, 2019\n"
-"Language-Team: Korean (https://www.transifex.com/na-360/teams/104285/ko/)\n"
+"PO-Revision-Date: 2020-04-14 08:51\n"
+"Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
+"Language-Team: Korean\n"
+"Language: ko_KR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Language: ko\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
+"X-Crowdin-Project: raspap\n"
+"X-Crowdin-Language: ko\n"
+"X-Crowdin-File: /master/locale/en_US/LC_MESSAGES/messages.po\n"
 
 #: index.php
 msgid "RaspAP Wifi Configuration Portal"
@@ -41,6 +34,12 @@ msgstr "WiFi 클라이언트"
 msgid "Hotspot"
 msgstr "핫스팟"
 
+msgid "Memory Use"
+msgstr ""
+
+msgid "CPU Temp"
+msgstr ""
+
 msgid "Networking"
 msgstr "네트워킹"
 
@@ -101,7 +100,7 @@ msgid "Client settings"
 msgstr "클라이언트 설정 "
 
 msgid "SSID"
-msgstr "SSID"
+msgstr ""
 
 msgid "Channel"
 msgstr "채널 "
@@ -115,9 +114,7 @@ msgstr "암호 "
 msgid "Wifi settings updated successfully"
 msgstr "Wifi 설정이 성공적으로 업데이트되었습니다"
 
-msgid ""
-"Wifi settings updated but cannot restart (cannot execute 'wpa_cli "
-"reconfigure')"
+msgid "Wifi settings updated but cannot restart (cannot execute 'wpa_cli reconfigure')"
 msgstr "Wifi 설정이 업데이트되었지만 재시작할 수 없습니다('wpa_cli reconfigure'를 실행할 수 없습니다)"
 
 msgid "Wifi settings failed to be updated"
@@ -147,11 +144,8 @@ msgstr "숨기기 "
 msgid "Not configured"
 msgstr "환결설정 안됨"
 
-msgid ""
-"<strong>Note:</strong> WEP access points appear as 'Open'. RaspAP does not "
-"currently support connecting to WEP"
-msgstr ""
-"<strong>주의:</strong> WEP 접근점은 'Open'으로 표시됩니다. RaspAP은 현재 WEP 연결을 지원하지 않습니다"
+msgid "<strong>Note:</strong> WEP access points appear as 'Open'. RaspAP does not currently support connecting to WEP"
+msgstr "<strong>주의:</strong> WEP 접근점은 'Open'으로 표시됩니다. RaspAP은 현재 WEP 연결을 지원하지 않습니다"
 
 #: includes/dashboard.php
 msgid "Interface Information"
@@ -187,8 +181,8 @@ msgstr "전송된 패킷"
 msgid "Transferred Bytes"
 msgstr "전송된 바이트량"
 
-msgid "Wireless Information"
-msgstr "무선 정보"
+msgid "Wireless Client"
+msgstr ""
 
 msgid "Connected To"
 msgstr "연결"
@@ -330,31 +324,31 @@ msgid "Dnsmasq is not running"
 msgstr "Dnsmasq가 실행 중이 아닙니다 "
 
 msgid "Upstream DNS servers"
-msgstr "Upstream DNS servers"
+msgstr ""
 
 msgid "Only ever query DNS servers configured below"
-msgstr "Only ever query DNS servers configured below"
+msgstr ""
 
 msgid "Enable this option if you want RaspAP to <b>send DNS queries to the servers configured below exclusively</b>. By default RaspAP also uses its upstream DHCP server's name servers."
-msgstr "Enable this option if you want RaspAP to <b>send DNS queries to the servers configured below exclusively</b>. By default RaspAP also uses its upstream DHCP server's name servers."
+msgstr ""
 
 msgid "This option adds <code>no-resolv</code> to the dnsmasq configuration."
-msgstr "This option adds <code>no-resolv</code> to the dnsmasq configuration."
+msgstr ""
 
 msgid "Add upstream DNS server"
-msgstr "Add upstream DNS server"
+msgstr ""
 
 msgid "Format"
-msgstr "Format"
+msgstr ""
 
 msgid "Choose a hosted server"
-msgstr "Choose a hosted server"
+msgstr ""
 
 msgid "Log DHCP requests"
-msgstr "Log DHCP requests"
+msgstr ""
 
 msgid "Log DNS queries"
-msgstr "Log DNS queries"
+msgstr ""
 
 #: includes/hostapd.php
 msgid "Basic"
@@ -379,7 +373,7 @@ msgid "Encryption Type"
 msgstr "암호화 유형"
 
 msgid "PSK"
-msgstr "PSK"
+msgstr ""
 
 msgid "Advanced settings"
 msgstr "고급 설정 "
@@ -438,18 +432,17 @@ msgstr "로그파일 출력"
 msgid "WiFi client AP mode"
 msgstr "WiFi 클라이언트 AP 모드 "
 
+msgid "Bridged AP mode"
+msgstr ""
+
 msgid "Hide SSID in broadcast"
 msgstr "방송 중에 SSID 숨기기 "
 
 msgid "Maximum number of clients"
 msgstr "클라이언트 최대 개수"
 
-msgid ""
-"Configures the max_num_sta option of hostapd. The default and maximum is "
-"2007. If empty or 0, the default applies."
-msgstr ""
-"hostapd의 max_num_sta option을 구성합니다. 기본값 및 최대값은 2007입니다. 비었거나 0인 경우 기본값이 "
-"적용됩니다."
+msgid "Configures the max_num_sta option of hostapd. The default and maximum is 2007. If empty or 0, the default applies."
+msgstr "hostapd의 max_num_sta option을 구성합니다. 기본값 및 최대값은 2007입니다. 비었거나 0인 경우 기본값이 적용됩니다."
 
 #: includes/networking.php
 msgid "Summary"
@@ -673,6 +666,10 @@ msgstr "TOR 시작 시도 중입니다 "
 msgid "Attempting to stop TOR"
 msgstr "TOR 중지 시도 중입니다 "
 
+#: template/dashboard.php
+msgid "Bridged AP mode is enabled. For Hostname and IP, see your router's admin page."
+msgstr ""
+
 #: common form controls
 msgid "Save settings"
 msgstr "설정 저장"
@@ -694,3 +691,46 @@ msgstr "작동"
 
 msgid "down"
 msgstr "다운"
+
+msgid "adblock"
+msgstr ""
+
+msgid "Ad Blocking"
+msgstr ""
+
+msgid "Start Ad Blocking"
+msgstr ""
+
+msgid "Restart Ad Blocking"
+msgstr ""
+
+msgid "Blocklist settings"
+msgstr ""
+
+msgid "Enable blocklists"
+msgstr ""
+
+msgid "Enable this option if you want RaspAP to <b>block DNS requests for ads, tracking and other virtual garbage</b>. Blocklists are gathered from multiple, actively maintained sources and automatically updated, cleaned, optimized and moderated on a daily basis."
+msgstr ""
+
+msgid "This option adds <code>conf-file</code> and <code>addn-hosts</code> to the dnsmasq configuration."
+msgstr ""
+
+msgid "Choose a blocklist provider"
+msgstr ""
+
+msgid "Hostnames blocklist last updated"
+msgstr ""
+
+msgid "Domains blocklist last updated"
+msgstr ""
+
+msgid "Update now"
+msgstr ""
+
+msgid "Statistics"
+msgstr ""
+
+msgid "Information provided by adblock"
+msgstr ""
+
diff --git a/locale/ru_RU/LC_MESSAGES/messages.mo b/locale/ru_RU/LC_MESSAGES/messages.mo
index 8c5c4d55e7715a66ea7cd1d1a5b6a64b947ab720..2dd711b080ee8b4b92ccbb31d32fc6aee754385e 100644
GIT binary patch
delta 4749
zcmYk<3vf+$0>|<HjYtSdJR*${E=|NMA%qY@xmB7Hk47wsYFZIAf`oea7S*C!+C#1P
zW9zxPlAbE<Qjeun?KT;<x;vImS36eMv}TMhyS4lM-SgMkGx^=m|NQSg|M$Jd@~yt=
zmx5QDgs(GP7f4I8Fv6H-K4Y#lRIM>x8yi!O85o1xQEwf@CU_KE;1^g2zsF|y14d$9
zJ`|79SPzqtw@ezw851=9DX8Imd<36IHMqdK9@T)0iFn@nE$TVb)O#)#>vEfls!u}=
zpf9T9$58_xX6wgcefl@gQHbJ=GHifzFcz0$1v;n^M=)G9kbr79#oni3XYRAH5tgFb
znT!0HS9nqT8&Cs$*VgaH`t)y(+Yfw(TDnW90o+7(!`#Q_=;KYzqy=`wWYo$GM;60O
zLO;$!t-waqK=+~At42-aBx-;cF{mZKMnMhzgsm}#n^u^P^>G-6;~3=66xsSpd%p-Z
zfVHRr?m=~2g_^(-q-k>;wSs@PeiP67x1-_*D%5d2qmex^0}Jf^a@3jFiyGKz)WH6Z
zYWNmv#&r_BC2xW>X;M)$?uS}|5vTz^i+X-a0_(4eN-FfgLev8eYR`6|MqGs&z%f)u
ze?cwb4eK4$7U@OxiKrE5hiW$+)!rafdm~VXd3=z91~3=(z+&XQnH9*kn=RJ&Q5~Pf
zX#5h@&~?<nZlgMird4f4GOEKY)PM$}wlELX-_z*FU=am9un4tRYfulaM|HRpb*igT
z13ZN~#pmt&HK^yVp$7h)y}yrIav!5pePe8oDX0nLAp;4TA_`ja68pv+?7;mpTYnHW
zkdvqZ)Sw3Z6>6a0qdK~anqdULVr{SiYNlzZmFkJ=IDp#wk)eC`ztFxh1+`RjP$OQ7
z`rvxh0C%7oa8V7OM0M~ddw<z_9W}7qsP_JY{F!=5o++q_48#cfH@Orvqmii7JQ3MW
zGvC&)MXkUd>xZZTov~g<4fr4S{hu+J`-Xf~^tlYw76q)isDY2fAlqcdQRs%VQ6t`q
zYVZSORn0kUi`Q{DM)Doi{TS4W%ttN#a^#z6-mvbn^~X>vc?vc23)V}m+5a#qu2AtJ
zg==_>`vO|m3dB9?J(!N_uorg6Le!yLjlFR@YRUhK+4wE$+u&yzbe6I(4T~`aSEJ6z
zq2wTMQn+m2h~?c>?t5Skj>k^83Dw|P?1EQO1Bl_*i@r>2)D{I$U)xcrl_*6GEQs2Q
zm8ccnjO>y*qBk^>FYyxo3pLU|G72^DZ&brg+k0Em7RPbl6ZPC%sD@qSQF8`0uzw=I
zN#<wd&&0C~EUxK~n&1TNi^10@XsJ)5I=YJKcnftXTXy86Vi(kiD^Lxu!F=3@8t?;D
z$DLU&%`gW!E@mw1xw)uz-@&eU2J`g&zf0k9Dh74-2Cx$K_1b`HcsFW>mrxCThZ;aQ
zZ>l~CHGwXu0Y8cCjwwR@E-bOWjXEnkQHT9XNcKOLVU40<AnNd}!=6}!eK3*@SHl6M
z$`qhxxC~h&vjdsD`5bi??xMCPk!fm0`l7aS7}moQ<j<7zl0^Sz8wGvukD*3>5w%D6
zP#v|&@Kz?rIu!d+Ux@nrMr?#9ki{{z7=sT`9Y-@=#$-}30!O31-bEPHp_oCzk86-s
zG1aICuc4OqCu?KAd$egfp|)Z?YAY6?2D%nCkt)<oKSd4f3uKqg*Qn1o%=Eq`DVglQ
z9>}Ib9gRRO-Bi?rt582sTTmSzLCx$YYRT`RRw}uNF%->E)M;OggK$4;g?>bJ9M8UL
zAYD*fSJ;#F*XdqHg=TyXo8s4~0o_6EX-t+k!)~Yn=Ai~S1GN>4u?e0)t;|K#z;9zb
zHtgli_)*l?v={306M_`{6e>_1I;cbT9tQ9V>K_k(Z*K-UsD=wrdp*<EZ^h=^A4aW6
zEov+8VM9#iWNYOzQ3D8|`Uy_86&vsoDo$V=eudi8Tc{<g-^c5q2Wka|qdJ<2xwrwf
zq}Nd^6T`2I+G~wEV_B#PjlpMd6SC4lbDx45jLG3=7rP>pHk0s8+=fiTq_fVN@nqED
zT8C<QD{7BFvGvzcOM4475YykAP-BeZwjKIZAG)0Lu~AM<Y`7BCLTR^`d+&vgly*<o
z3q;M<)eYB+WD6-G`$!A2hUg0S_~msxrD(F393fg4UCT)GP$~4!ThM%FZ)W2mqN8|>
zyiW#@A!HEI{B`N*>S{@zCxdmvwTeWBO5XS66Uqtp{sgWd3&~o-zkH#qn7uF?D4w<z
z`!SK|$N3#{o^&OXNd<X$ZKLoxIYo3*o*<2hu5RQb@~UpQ@;%H%>m<|{dkR@e|DhjV
zFr`GlSwqP>qO+<~q8;5uenrlZ`lO6(Cc1``k)e|J;($&On{L*VDx%~4@G7*0IT&2b
zOKTNu<sw{a%WvUo(tyN}nZ!@R$ZJH`67m$8Pkv8kkOf57Mvu_z7+$N%R5B`56Z-#m
zQ2!u?t}I?7$j9ETc@O82t@eJdRh%WgNoVpY`5ie-&XJ>J2l+K=MLr-O5`E8f=@(*m
zsH7imJMEXLNFt-j9`XlroRkn<Z;)~1B$-BZ&GInYt+CeEt)e~YLq?EtQb~0EhNO_k
z)c*leKyt}25=9<f(<y8s6Kq8Q$C8)GlVm4(hP+K4Ue8fDNcxiQqytGMx_(P?LM87<
z{4tf^wH2by|CLqDCN6oJJWF)7BfZEg#3}BO;M{1s!dVoT<z9&E>q`oZ80{ZAy?CMt
zOfD`jE%E11E}2#mx+yOyb1%jxggH^o+eem7FD;!?Uh4ceakq1z#Y88g<!1L*%Qt<_
zmR3WYA6wmYV*MSR9Dl9TwvFE%+{W*7=Cz&gJZO6-TJ8BOOJ>dD@k*yUdAU0_CCe8+
zZ2H6!=RmvjiJ55`nf|W5vU_Ai4K1#mm6l&oTwYmLJZpM|(>=A5yEFAnm~%U)sq<>b
zX>PMl3&I-JxV10WF0DCS^Kng;pW!=~)05pPUHswBH{B;W<(aAO{j7YSQ`mc#J3Kqe
z=dS8=Bh2}z-)gtC{{f#fdq9?3HK4}l><Q$$cLN1s?h8*O`P?moFZk#tE^<lDp_-$$
Yue+7G2|o94PYnrkvhvcLvb@dz12p#<SpWb4

literal 20232
zcmb`O4V;}-ediAq5rV~v*iu0`sE`CRNhTnKkVJ+|Lb7C%F*D)C($Z(<J~MO6oqMnM
zC6fW^=0yY{CcY3r1!4e;Zgrc440$CfEvswQ^-c>_E43@SYNf6VyY};G?S9<v@0|18
z``nk2`uXf7|M@-7dHtXN`M;fWFW)`;)ZK>9KSAe1A9$TH%T6)og|k#@Ozlm^<iTlB
zMOU9=%<IAR;Mw5K;F(|nJP*7bd=2;j_-63a;O~I@L54P80e>5u22Tfn489S38RVaN
z4V^U4xuE*Z1~u+`0{$MT{uAI^z?}g<531j@p!)p{_*(F#Q2sKg`PEr`pANnOJP%w4
zz6%sTw*}k|YMnbk_4_0!KK6qAGf(s94DdN{7WiFIa`;D3<Nh2hfv<%bt#31^@$LaN
z-UH!%4>*taFMz)VejC&{KLI6=e+D)FndkcT{5Gia^Fhtu4XXYskR_T`pyt0BJPpi&
zzYCT@t?wh?CE)!aEShIP$>Uq#+rXDV3(lgG_<k2Cxh~Tn=*3#_0FQkL-^ml9Xui`y
zwLcdW|CfNUZY~Ek&pPk|Fa|ZxouK%89Mn4g6g(B20@eO#D4!1R-vPzvE1=f#T9nm-
zXMy5l0jTk=040azpyWLmFaj^;Jr9bH-2tZpJ`Z+N{`2rY`>lSzuLZ^LFepB^ff|1Y
zD7iceYCraa;`>XW<nZ^P<nl96{QeSD|I-;v?`MN*e;%mzi$LvTFDSm(gDlnD9O^fN
z8t)!Z^L`4HoIf9M3e*-o18SV_gz_JPlFuuk=KI%B|3-wMdCmuAM{_~()eEY9ABf4D
zjiA<-4fw~P=Klovo8Y6M#@Ppo->1QO;I~1IbDH(@o&{?EE&}Br7K7q*DX4W^3u^xd
zK=E-S$UhVDNBy>e+TY!v`aJ}Sk0(Ic%~PP}`!XoI{|2b~=Rx)R0jTx76yARs-cP&G
z%k?dw>MsGs$8vBExB}EVbD;RT4b*;Z59PbTxx7CX%D)b3-hTka&;JC)|38D``;52y
z`OX0~&pSb?%v@08Uk6H_gP`V#K+RtUr9WH4`@I1_2}*uXfa3p2Q0=}9s{b^o{@({R
z|I47p|2I(co$(I;es;hMK((6(YTPS8Ov0=P_=lj@bq6T9-U(`bJ3!gR9#DEX70SN>
zN**tQ;_Kz`{tGbTebzgTSqbJq@p~ZPv!K@Vx1jp}1mvIj7yhW-+b;6+F9gN!6`=I=
znoxcNsP+8;DE%G<7lGSAt!oO@_|JgS+vh<<VqON<gXdiA-!q`>?k-Srd;rw?KMS4;
zei4+PI}q@%LivlJ*83w+?OzV~FW_(Re#&fPexHX^!KZm2n(O6eFY*1Bfa0eY6u+b3
zrC=G9zCQt82_6QeKd*qZz;oVZ%o6YdQ1<>lkfF`{!7lLAAWJk~0oCtk;1%E-F<O<c
z0b$7$z-8bAAWh8kpvF6eK^B1Lg5qN}$X1%0K<(2Vp!)9s)$Snp7vK*-?aveQy}XZu
zlH0dH@%_KR9`F~S=37Q*?Q<5?{@f0}6?^~`-&5do;5R{rHeXoi$NM|*EZ$!MwZEry
zBLncwp!yX-jr(zstuT*+TE|yGLZ5j7oCE$G#D$r+p)^|0a&Rd)0!qIh12xanAS|1&
zfoFri0IvbhVzb2WdqIs`0B;2E1_#0Kfs*&-mwEng2G2$x?g8I>iZKsg?)mx|o1^uc
z#Xb(54{F@2K+Ss-$WqPS;5zUK*bAPHa=aew1I6e2!h05!yf%Sv1Rn=A-c#VY;B%q;
zr=Z6BCHTAGI+RN58w17n?cf{0y#e=wG&RqFh`{_J;QXundjxKv{63H>^COTYnztiV
z9?eal#@`KUU7rKb1HTDMfB!d#ikr7C^ZK?L)PCkb?cYvN`m_g>-5&xamp=#J3cd`=
zKfPhO=l>#5`+6NHJ1c`4?|xA89tI`1=K_8o<ezzkKW_uO-{Z&W2Q~jD5EC(Xf$Db<
z6hD6nqN3(I;A!BQS9`rY8@zz`i$M#n0<|xrp!)3wCHF4|{4$72n(u)(fp6;Zeq|ig
z`l_Jz?-Sr_z%PJW$39T&{u(H`ya<Zlmq6Lszk%vE2c<m+>;cvOdQkJ{zze|-f$H};
z@GamGQ2aaxYQ3ke@cZ*-P;$K*lzokXsI=Jy%C4RT<u`u{t^{8JrB91dTJiA*p!k{q
zweOFCOkutbN-n=er#FFfK=HQ}d<S?vsP*0kir@P|@p~B5zI_Fhex1I`%j-N)`*<a&
z_1p-`zm-AB;U4f}a1W?{Uji-oZBX<6D=0lZ=UQSTxB^tayTJ3ohd{082&nP@8kBzg
zG?c$(wIAnFa5m+Ap!UBC%5EP6CD(o6#o$R$^ZhWqzj=+9$5K%94uWTZSx|B)gSUgb
zz%lU5|KR0X0mc7kK*{MSsQF(2`DaeO&dYs0DEUo-(yx0!T$cG9sC{?=l>Yu7Q0qTu
zEqe#v2x@;0fg1m-;Jd+}f{Vd-^kJ*u&ES>bOQ8JFMeDqLt^i-hdj>om%z>Jx3SI>6
z4&}!{?aQ;E`1~d)Is6!$1^!>~6tMO4MG9UE-2i<A(q8R=^!XNa$UPbJLGUSP3-tHU
z1JKu?en_92p|83p|3^H`fhy4Vp<AHj^T#|q2K^269_VW5H=*?Bzwz=gbU*Y1=s!ar
zgY?+|Nv8Td4gD#kz0im4ZTraI4206}fX_o;fj$9A=RXeVlYz>R<Ru-@=gS_PE*#|f
zSx9z~eEuRld<vAG*a*EB(jMz`1#}XUZ>U18AMN%2RN-=-4?s&G>G@}&AqaPGZiV#u
z2DA-A_01;ezd*?cwQ~L>dH+Km3edICUC@1y>_8vc#f?x2lCInhErWg!`a4MatIu|5
zmwWQMzlY~<Lwh0F^nZsw59zZW`ZMSq(Dl$?LdgdgVMd{@P|z3f4Dd_PR_F=n_0Zo!
zcR<NUHu@s;PtY5n3!ooC$>%5!`=Ccc!G8h=!?WNX=$+8lp{t<NptGT!(38-E(A%L!
z(7jOdna9Hv^qNqx8T<^i5SkCAKbP_HIP_Q0Bs32FKBP|(`V;6Zz3@2!T>~xF3!j^y
zJE2%Fd@hGpx+m{1YdrrW^bphoT?qXH^hc0BAAmj${W-K7`Yv=E^gp0ypfjQ5^E*6z
z6PkwJ59OibkUswr`mfN3p$|b3^b_cGNS`AfTujP^=MnHx=zZaR1vn9&e<R?P;4$bT
zXc!uUz5x9-^aAu8l!f&99MtQc{GaauhoK)s7WyHi&qtw`pt*YCa|v`E^hszP^g75a
zEmul~{OIy^g-X0+>4NZPZ&=xHqv7GWT(-qRHeV^*s921nl8wrC_WEL+pFQ7hh|0yD
zew!)8Wt%Tl>~OVIiu0A+q%BvA#X^aaLOvf4SF-t0TPbKvL;JpH*!E;HCB`;ALxpN3
z3}kv}xhb~2t5@{fTpX2S>NED5Tw(ZDM&LOrR^pOf)1P#=193%zt6fH9%ay2-9Zn75
zN~=Yd6-VQ?cin(3$E8hiN#&k{%y>3$i&42eQ7C0>wU~)2u?E`|<%d%b^h@T-!9|`{
zZn%LkT(PKi*V|Mo@pv&=I9wr&!Sx$VPlxicLZw_RR65obko2ZvzOAlM>^L07GmS=7
zeXwd}jD5-uBdY>qH@!C2a7|Rs4jcD3RhX@mSh{h$lFODWsj5;oGa6?sTRdLK(4_g@
zX3I9tM?<+dGvBT%l<ew4xss2@V;ki&Z0bBlitS{fTCydSA}-BF=fdWU#`DdJ{*88R
zA<DRiL8NO|j79m;*ba`x<FR|m$2qW2C^M!VlHNEDi>1P*Y=%9r*NrhXoCZ}`k;@_u
zyQbHKr?rLA<WU18&-LA1QOJ*EN2}<MMUr+r+I&mCI(`e=jEp5yTNq&@crUV6__LXK
zB&y~rZmBfSj#tMek3|a?UNPUU8L?89NsCYx&T~W7+oM+5xXkLkCBbxWyeW%arb-42
zdMOujNTE>8S4xw1g*G608Ro@~SJ|tf7_mh8TQyT<qF{%|qEa-BtQpQ5Z(}>183yfk
z&t6)o1{hOPA7yisrdNM0`Y|$s4MyYQg~IaKP$4R1ctSqaax@yJ9#NHiwo)j`z<Yy`
zu0_EnBF2kzF{;*^WxUv~j&r&3NTymsX&leJ*|O6o)0;1kN9Fg+-?)u&ik;Xp-pDz!
zk!ns%hNehgKC4vC=iS_m;(AeGJj&+FDMiXf$T0B`E1fReRZ%WC6b;`h2RGoo&w8f=
zCN!w)VL2(u6-GxjXJ}9vgO{K;*%4WQoruuK;9ePb>CkdFigP%n`2E$mj6)t_6QfKS
zg<%inA)R&=(8!YAlr2@NQO=G=r6B~qbivT_`QDRCp)ssdOr4sdQ6r_oIQo&RWQ)0Y
z9&TT5n4Q$}E08P&vqb6K3{ka$WaK`OXCjVyb{LmU(|K+w<JsHjCBv30kjKba%p$TG
zrz1nS7L@we5kNU+F!^s*U&16LZyBH0%5r_{nP@1^6((%Fc{o=syOo6HPu9&ah&IZV
z3uq*RWsylEN+<yNaq&UUMTJ=smNT$ET$=Q@J~&y7dCzDE8nMZ&++55e<w_Rkw2D>3
z7%clxkn!5qRE~pgFZRk-_k%u2rMiXsiR?(WVVF2q_Q$Mpnvx%$G^_D`?vEW9Skr5X
zcS9vS=`iYS<b~ZD-BV9L)y<Zn2BA2y3>8T%u8SUKG?LXJwyj2gFg_2hE@Dmprps&+
zk9oPg@sdZ$rEBO;@ZxOmq+L*+EH4<w9Lo#xamB2ep;@r?8SA5rGpiZvgA1RrK3jAu
zo}F;u%m~Ja{4@4QLhwu+;|XW%yD5+IXtDUdk!Uz>JlWK6snT`YqIz@hoyyp4IaL_t
zNQ^RAMqwhKDn<v|OR7cRVpEhe*Tr$MCx>;JwFKd+oO<$*D55P#n@FHqi_2!MayvUH
z!&sXo7`+!ym90z~MRys|?F;X)L->w~Y^E~iVpN5?QJ>W%?$4Jr{DIy_urf>TP^?x=
zU(brV8l^MNz7Ty0*h4r<0`;&9|7Ft`j~57?8_RL(F=P4)`N|l&8?aS**Tn?Vl1ot6
z#S`^J(xhJ`Oc!lX<>4{2E<1dyGoN(@tDtDWhT|YNs^&8)OD&;MI8Yrz<w>H;x7G_?
zqU|#hb*$&zNPm4U)8Hxn(n#AqQ|t3M^O(%oIoL_(YG?ATMhAfF``0Dd>M}yLiW8U7
zKX9Gt$6kwLB{tvmXYB^^n6mQEeohLezf`Cch6_0pT=Na`Xi1*s9e~=QdFcj8Q9M*2
zf!+`g$2vgtU6VX=dYG(`D}|bj?I%*k6%~w-y^Vo65)Jn^QCn4x7f|dCF$W%eV|rIN
z#O2{APnGxM>ElUKmL%XCV9BoNvBPnx!eU6aV<Y$L{xs4t)F+Pfw%fUoOBbb6vH|R;
z!PP*_`ATMzJhWHYibBx<Y144UCY#Wl6FC!^Grz#0Vs6qhvgCx`hC|;-p%wESP|!u3
z1MZO1ycAzVE|b*O)8m1$!i3SE#F&YDw|CzmTf2SH9UKBG3gEP;R-BU=$d2a8Ro0??
zIYSP`St%`8Uy`Vtf74mYKP55Kza_%=ZxgI*p>Nj`oT=A2aZSH!{SyLHoPjT2;=ELN
z^ImhHLX2+k!HZ`j6}erL1{2f-9vW6_22$y$&j&~i>dR=ZEO6*fSB{TIB{aYX84ot?
z{6o<OXAoNRy28YTp}m#B-I25xXYXrRK&$bFqQr3ZO6c7@X$GYd4W%1QrL9pWQ?^TW
z&R8yW>ynl&UEtoGUi&Iq<+~J9%Sm0x;lkqUIh?ci`ApbIj8ik@3tiZ5A-Cz@ISSb}
zVId!F%98QQ;S83de0e11vLf*h>5{}nxU%tV#r78_;*#0u(|x6IGE0|ng^g~=WMlr;
zyktw>9AflFcb{N95CbN7Y`csoQ|R(UVh=Y97+&(={e%uG9NpX@(cIAA<2<_eq-~C5
zu@m^^m!=)b4cS%M5avwkxqec2&UUp=)#{50;oH?Erfo;+i7fp1<TJyNsq8Z;wL@I&
z;49rBE4a%!;XU4rFXR4X_Cztdh45=japI-o*>h(Yujv$b1F3aRms9@4PM7fBr-N^j
z*Xb(9B+8X!I*DSpmY1<^jLkTg)Y!nJc~VUhM6CKFJZ#sROxN`sol&VJmZ(;YinE9r
zM5(U6@@O{Gbxn1&+%;HOVz0^Oa`t`M@$r~sHqUX6_uG=!t4BF!<>n6;#+T3PU*DC4
z#V#^~cnLQIixze*e0Nv(mA3ocOBP)@Yi(4nbUEG3MP!RhxDUu<CW9q5A)l=d)4==k
zu0d|Rme>u|ayc92>&38Iy=BA3S$%8zRyNr0p1*Jw(YAtb?$UW?iLJz&D+`LbD4V~^
zsS+x%Y~$dnuEmXZ!Hl{%3l)^OEwPJ-vXxo=xoRoOb?FpRUSjh__gY?d*;Up*E}Jta
ze^K|sWy`wl#TQ#WF1&DAclTWT9=p&kvA)(WUuG92^>*p9%k=E}EwoE*_agg&5BRQj
zx$VAet~z%&IxkzsP_%FzG}OCOLtRPhq;8=qyBmx!Q!?BlhP!m`+^c5Y*tMcmm|%fj
zVdLw&-Ka@~F6pK^tilg2u?x7Hz#lB&LMqC|3*!7O8wVDwU2#j_%7KBNYgY~|-~gp-
zk@EavVb)9+veVmYC#LVJ9jzU<wSzovo!&ORy>_y;PuHrJhZEH8s~v)#p1#+*m!o!e
z?GZX2o!&BiFYWKGO*O7<YX>wCt<}DE#MX{8#PQk`uiGr8Q-08cG@6>;QhTa)xORZ%
zQ>xW$2btp7^iFu93zbu1#E@!t(dr;Qrlz;r2G^$cNVw53wU5HlHaDK8W}<y+&L{`r
zTz5?-9sg?&Q?KQ2Vb&u~0&DtHlOO`k2%Th9@w(5{?xXE~iVoBc({o2#fz^nN3maO&
z^j28fKD{%|%6896>rnJ`lN``rrO8@PSg)z=acen&WOjJ2j<Zh06BeKePl!Y7_<Nea
z2WrQ(c2oO|Tjt%g^}=wnnW0!4)FKqI!K^_9s&0t*i1_SEGY+RrbJ%aVmr=(t_rT#v
zDUTG&I`uk<pb!_YN`F}KuV~?x+evF*rC%Z3d$*46^qy_?f^%Ejk&EVbGMZLSSVLk#
zZM-!1_OsMELZ{qVk{;GJ{UPwM>7b<4ZKtI(C?xzr+99;0{UgZGuOjSoOF_ro_?X)%
zsmGD&Z5`*_k2c8@NQtCdJV}M7oc$hmM(#D=)*h`rQhTEIsoH}U6@R3*mx9NT_eV|b
zA@5(@0GOP03MmJ`05kQnZnC;Vn6E*PP4BYPcZR{xp2H;E&4!B*j?Z_t$Q;_%!_yy{
z-rmV_k_GujyR;I##`N8gr0n-17}tC!n%a}9V~?b&e0yNveTr@;y^qlDYf@YLliD7`
z@}2K<0^T8Qq3QH?gM2jOzS=QU`#8>Ozw3-j1pnxTiAsFfZ?ARUWQ*I{Cu=9<EKV|}
zvlm=oZ9fgCa8^#moCEjXx6MAer-SihjOrB#pLV}v*fG;qw>M0~-Z$5w1RWKnW$cHM
zruVV?m@?()<(l_NHgdpCUv&^b!UY+djTf*iM=|6WBJjI}J0)7NQ8?GF42wWfp%=H@
z7rywY?WUL|5>Qy09P$ZzxDvhxp-?vFL((qCz*ZEB4V80igdIhr4s)Xfa!t))%Euc&
z8Ka}zZd%scsWsdjl?I$3CT?{rBarCzU`l1D@9k9Pf;206O511IcEw*pLRcu8gf01{
z!r}oqy3>mY*}LfBqVjRCvkFbpFCwLu?)NFgLgT)hp|1j;i%FffJ6(^;yBMp>^mMtG
zzyTG(5(xmqX}Vnsp2@4+0SxY+zK8nb*oo95@okLYwrszPajvg&1u4UnVw0&o$mndB
zUf4%DD5oh}Sv?n-zSDUiI?2owEfqnZL|mOaODCE-r#vZB;J)r=zMZv0ruLX?h{kC%
zwB9D|R@!tQbsyAvZ0)mRn*XG~tOe_ZopjD~BGC=G_9xjRiGpwdL%reaBxxE8o`MCO
zeOu6H)TAZ#2tnzaR76ffbJlBHE2P^Dt<=Hq6`hswq%sPpFmC$be^5g@v_uE5sNVNE
zU-9w!8hzlS!%4TQolfalVk&2%(s?<Bq(eakTRk<GEVZ^l+c=T0ZEN+E6Dop$@1|jE
zQ!T9#-t<S<Rboe-UtEY1JLg~yu(>W2iFus&JRG&OOO}~@)5h0qZ4zQ;cNH3TW{Y#&
z=*dA;ir}Vo%ah_Er|)IH6R_ZSCCQhi#V9EHM2?96LtIW|s6Hza$66icpq-N}<s})z
zWr_ZatJ=pJ+eY2a;0sb)OL`;!wBHG7A1&a*&00Go|Er;KM2V}j%vevrHKQ!DEzj4A
zrtfrCCqdzGSqh6qN!)Tm9whT<(g;?XQpD+92{%qUcfsL@=@2+n8QP`rtvvaV6Ny%s
z@GtJgo1B}(m8w%plPJF&)d?JalLGz!QVI4H9u);i)u(rPh3INg2#LsTBLZ?>y2-UV
z-H<;_T(_*-$08?HRuZ-vv+fYf5)EY*woVIo`_gcwXpuXZ5j>cKlnZU!74)PvwMdv@
z1!Bnu(hwMR6mqugLPV29#WEi6QTFMiT&nye=8(8>g$Wla839#sN6MybkKJ)YAD3dv
z2`Q>3nF5_3)_!eguVw67#g2wMRBGV8QMk3~++4jRA?bTK_|-2~)8i|barV(r)Zps~
zR&G%kq^#tiQ%jk!-?;km&CTz*b%sHd4Eaiv_M@OO8cd>j^N+gwLsNU)nYptdQ+vYe
z2Su#G)b?Vd{@6~WO1=2+aGgf#R0F##81qLple5Kx*ls%Wu79-)8y$j-zRuM*yg{WK
z(WllnkV@R5_Wi0v*Lf7NR5#Gh(Mj6mFEz-*(>XEA$0tcU7)5(Y828z8r?kT{E`Dfj
z^ks7DjG_0-)9<X{Y2v%wtK{y(bugsujN#%go5(ds%eTzGM$Zto$#?$Ull6q}qJNDp
z$=B1Jy5L#mvv82XCc-s?Q^Z}I!{o!)+~7Ppj#u8wDLFmx`yCm7l_Bc~<PK|om9F~M
z`&Tc5{qUyUyo~Ubxa&($$6h|j0?6q*4(Cjh6|*Nzjg?GzP47@AOO!!EUO?^?-)R(D
zYUxcw%cD7OEu&85j-8rH=U%l<BXXmtsZpF8=8P&Y+B6W1E7kq8+96yrr<sRkCC+Vx
z1B4}{xjN1TvNjGP&ZWo_qzS*OgJiP><K)aKzbV_{3QvK+#TB<_7_S?b+Jlm>Yei0E
z^fkZE=(KfrBi{c|;AG}*8X17dkUsb7<kA#-<sMp^aMhKL&c4M1xJiE!#~Y{f%6<B&
zK-xnzUt#JjQa``)l%#5iSs_e$se-1oQ!CX5vP#KL83C+4h)|VawI6vl^z_YC?UFJj
zmAe>*8=QyS6uX$pMb@?gr`j!NGA~shN{D#yL=r4re^`vU01adHc-JUrY4vg+yNJx*
z4^yrPtqe`=u?2xkJ<><8rogY@$B;xoZf{BD(A#E-cW5A?Go@~Bobd2snkC^TJ(w2g
zw7xmSx@5(b`|LJld`e@yO%q>ro~^G|mNHX~=dxK2;;G{n%IFBrVcV4x&Xk2obDRyy
zczhPd!(n-i<mVL$1`cGMI$<l*(fr{XX&pwIEA*QSOfk8W<E*W$Kv|pno<Qecm+i48
zvTU(o`?KyA02^doI?QVtpRD0rNKREl_hW89>%9A0`P45nn%lNigcOru!d0?s4WCK;
zMf)GB?e9?fG5WZhPdG`n4`P#Y9+gPsf*wIesXS1F`FW*>NjmScKB-TuPedi!Tf2LD
z>>ZcXc99^9LQ+U9WRh;~PU<D4)(%U!^4d;SoRTLaIMq$qO%DEYFn;K!??z^5rd(R=
zbiR5gPiJ<l(q~pOZdU6iNN%aO@za&m&sC%#Qb~RJQ@_jN4D1}bzZ0UW+huW<U$HRa
zVfrX>(~Sdea4&Nvk)<x87O@*ny1GZ;Oz6xXK{yq|Dm!cuSF!DF<t&{AvphK}R;6o?
z8Ctg9=;AWvq|k1EJZZVu!Tlu0mi&aqUkW2lzmG{Q)nP}M#mHG35t6D$cuZ8!D^sHB
zdpm4^-xXviO~lEi!(eM&yLeh#$YP{<=#w<g-)3?C(b(Eqsid@KtNZz#^wIrhhr&bd
zS35qUqJp{}BpKKG5}z8(=rP8UN-Ox`{iFg<GOW&Xu<rt}t~Q*W$v-wJa(i_Ub*G;0
zi>G=I(vSMFFkQ$*Gg&~ong4~3(=Z)JU4VCn+Z4ruS~=!jz-RS`2_CxL>Lh&{B5355
zH1@YUYOe1lbq$1dpr2eOrE(|4*4Fc|u3?C~h*$Sn-kj>KoIJI)+EUjUnQL%wWpycb
zs&sN}u29IWOS8R-X=jpYd*dM4nPNF^l;z0NhTG9YtTJ``+2Et4-HE1kdP_=iy;qXO
z`khSnN@d|16O@QL98SocoU+!NO|jSMUP=&rG)Ne9nF(d?8sWmW=1Q&-+o<QU7aIMP
zioGEhO2%>5ysq4tVLGa-vH#swC-thklrKsTSOIbiM_JC%IG*IP%6V)q>^l0h>79v)
zXZrCL9&d)<ZgDrHxycWb{HgIR5wdUP!H?4R(=FX4z6xthlmxj%rirt1&ILusn(E)H
zCT)E>ihoVz41N>qiK=#@DQ9?y<$PGyBUR81P_pleB-^lLclLAXrc<#)AuQ5E8uaP`
z&RzR-HEhTarHfB_d8w&O?>n3>J0vtM8ICy6+1Fo#C|7f?EPTtt(C#Z38p&@>b;w84
z7jzAE^p^qd(vFzWVMwx}J;AM?kVL~ty7T<pk}2(wez@EZwv;D?Z&Fm;nx$I(-Yv-a
zRnm{eKK<agZ>+L8{cyi}lTB*v2pOYEe=W}cvZfYYtu5LeyMF7I+Q8;**T@}D%<dO*
z-t@_y#Dz>YNl={wYwmc2YW4}P_-S2xQ|?owb9Mbp{0W=u1uO@cXeV6RIezj~J3K`2
zUo-s-uY=!l>}a#y%$>i}Vj*qPPRm-^m<B+_TnI!N6tDQ2PFX1Wz>k0Y|CT|GLg+pd
y;!*uFC0R!DEm>=Q$M|4SE#)|T4cK-AWE%SJ<zl=K;6=REf1-21+36O(q5OY;x-NwP

diff --git a/locale/ru_RU/LC_MESSAGES/messages.po b/locale/ru_RU/LC_MESSAGES/messages.po
index 8516ff52..b50f2805 100644
--- a/locale/ru_RU/LC_MESSAGES/messages.po
+++ b/locale/ru_RU/LC_MESSAGES/messages.po
@@ -3,8 +3,8 @@ msgstr ""
 "Project-Id-Version: raspap\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2020-05-19 15:29\n"
-"Last-Translator: Denis Trifiniuc\n"
+"PO-Revision-Date: 2020-04-14 08:51\n"
+"Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "Language-Team: Russian\n"
 "Language: ru_RU\n"
 "MIME-Version: 1.0\n"
@@ -35,10 +35,10 @@ msgid "Hotspot"
 msgstr "Точка доступа"
 
 msgid "Memory Use"
-msgstr "Использование RAM"
+msgstr ""
 
 msgid "CPU Temp"
-msgstr "Температура ЦП"
+msgstr ""
 
 msgid "Networking"
 msgstr "Сетевые"
@@ -47,10 +47,10 @@ msgid "DHCP Server"
 msgstr "DHCP сервер"
 
 msgid "OpenVPN"
-msgstr "OpenVPN"
+msgstr ""
 
 msgid "TOR proxy"
-msgstr "TOR proxy"
+msgstr ""
 
 msgid "Authentication"
 msgstr "авторизации"
@@ -100,7 +100,7 @@ msgid "Client settings"
 msgstr "Настройки клиента"
 
 msgid "SSID"
-msgstr "SSID"
+msgstr ""
 
 msgid "Channel"
 msgstr "Канал"
@@ -182,7 +182,7 @@ msgid "Transferred Bytes"
 msgstr "Передано Байт"
 
 msgid "Wireless Client"
-msgstr "WiFi клиент"
+msgstr ""
 
 msgid "Connected To"
 msgstr "Подключено к"
@@ -324,31 +324,31 @@ msgid "Dnsmasq is not running"
 msgstr "Dnsmasq не запущена"
 
 msgid "Upstream DNS servers"
-msgstr "Пользовательские DNS-серверы"
+msgstr ""
 
 msgid "Only ever query DNS servers configured below"
-msgstr "Использовать только DNS-серверы, настроенные ниже"
+msgstr ""
 
 msgid "Enable this option if you want RaspAP to <b>send DNS queries to the servers configured below exclusively</b>. By default RaspAP also uses its upstream DHCP server's name servers."
-msgstr "Включите эту опцию, если вы хотите, чтобы RaspAP <b>отправлял DNS-запросы только на серверы, настроенные ниже</b>. По умолчанию RaspAP также использует восходящие DNS-серверы, назначенные через DHCP."
+msgstr ""
 
 msgid "This option adds <code>no-resolv</code> to the dnsmasq configuration."
-msgstr "Этот параметр добавляет <code>no-resolv</code> в конфигурацию dnsmasq."
+msgstr ""
 
 msgid "Add upstream DNS server"
-msgstr "Добавить сервер DNS"
+msgstr ""
 
 msgid "Format"
-msgstr "Формат"
+msgstr ""
 
 msgid "Choose a hosted server"
-msgstr "Общедоступный DNS-сервер"
+msgstr ""
 
 msgid "Log DHCP requests"
-msgstr "Журнал DHCP-запросов"
+msgstr ""
 
 msgid "Log DNS queries"
-msgstr "Журнал DNS-запросов"
+msgstr ""
 
 #: includes/hostapd.php
 msgid "Basic"
@@ -373,7 +373,7 @@ msgid "Encryption Type"
 msgstr "Тип шифрования"
 
 msgid "PSK"
-msgstr "PSK"
+msgstr ""
 
 msgid "Advanced settings"
 msgstr "Расширенные настройки"
@@ -433,7 +433,7 @@ msgid "WiFi client AP mode"
 msgstr "Режим AP WiFi-клиента"
 
 msgid "Bridged AP mode"
-msgstr "Режим моста ТОЧКИ ДОСТУПА"
+msgstr ""
 
 msgid "Hide SSID in broadcast"
 msgstr "Скрыть SSID при трансляции"
@@ -668,7 +668,7 @@ msgstr "Попытка остановить TOR"
 
 #: template/dashboard.php
 msgid "Bridged AP mode is enabled. For Hostname and IP, see your router's admin page."
-msgstr "Мостовой режим ТОЧКИ ДОСТУПА включен. Для хоста и IP-адреса см. страницу администрирования маршрутизатора."
+msgstr ""
 
 #: common form controls
 msgid "Save settings"
@@ -693,44 +693,44 @@ msgid "down"
 msgstr "вниз"
 
 msgid "adblock"
-msgstr "Adblock"
+msgstr ""
 
 msgid "Ad Blocking"
-msgstr "Ad Blocking"
+msgstr ""
 
 msgid "Start Ad Blocking"
-msgstr "Запустить Ad Blocking"
+msgstr ""
 
 msgid "Restart Ad Blocking"
-msgstr "Перезапустить Ad Blocking"
+msgstr ""
 
 msgid "Blocklist settings"
-msgstr "Настройки блокировки"
+msgstr ""
 
 msgid "Enable blocklists"
-msgstr "Включить блокировку"
+msgstr ""
 
 msgid "Enable this option if you want RaspAP to <b>block DNS requests for ads, tracking and other virtual garbage</b>. Blocklists are gathered from multiple, actively maintained sources and automatically updated, cleaned, optimized and moderated on a daily basis."
-msgstr "Включите эту опцию, если вы хотите, чтобы RaspAP <b>блокировал DNS запросы для рекламы, отслеживания и другого виртуального мусора</b>. Блокирующие списки собираются из множества активно поддерживаемых источников и автоматически обновляются, очищаются, оптимизируются и модерируются ежедневно."
+msgstr ""
 
 msgid "This option adds <code>conf-file</code> and <code>addn-hosts</code> to the dnsmasq configuration."
-msgstr "Эта опция добавляет в конфигурацию dnsmasq <code>conf-file</code> и <code>addn-hosts</code>."
+msgstr ""
 
 msgid "Choose a blocklist provider"
-msgstr "Выберите поставщика черного списка"
+msgstr ""
 
 msgid "Hostnames blocklist last updated"
-msgstr "Имена черного списка последнее обновление"
+msgstr ""
 
 msgid "Domains blocklist last updated"
-msgstr "Последнее обновление списка блокировки доменов"
+msgstr ""
 
 msgid "Update now"
-msgstr "Обновить сейчас"
+msgstr ""
 
 msgid "Statistics"
-msgstr "Статистика"
+msgstr ""
 
 msgid "Information provided by adblock"
-msgstr "Информация получена от Adblock"
+msgstr ""
 

From ef70e3938b450c311363423645b28b029db9cf6c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 31 Dec 2021 14:39:11 +0000
Subject: [PATCH 296/300] Add new Romanian translation - thx Drago!

---
 locale/ro_RO/LC_MESSAGES/messages.mo |  Bin 0 -> 24207 bytes
 locale/ro_RO/LC_MESSAGES/messages.po | 1206 ++++++++++++++++++++++++++
 2 files changed, 1206 insertions(+)
 create mode 100644 locale/ro_RO/LC_MESSAGES/messages.mo
 create mode 100644 locale/ro_RO/LC_MESSAGES/messages.po

diff --git a/locale/ro_RO/LC_MESSAGES/messages.mo b/locale/ro_RO/LC_MESSAGES/messages.mo
new file mode 100644
index 0000000000000000000000000000000000000000..817e42f9d45adaed3a03e60100dd40dca83dc4ab
GIT binary patch
literal 24207
zcmbuH34k3{nePi(goG_&lfBroK)RDo07D4DPG^NIO*$b63Rd4+-Cg9~s_U(LyVC(g
zCMr)<bkrGH^x+IHPf!HM{f!O|0pm8#h&ltl(Q$dmL!Zkq;tYy2zyDcoRd=URnJcIN
zbxxf+=R4o|wzI_V&OYGJ0)9*O3xbotj~@~QxAVN=D3u1m{l^EvJn#W91s?|w2iKnv
z1c!oGfCqyycpR958^AY!o54rH+29!`2Ek15e31WwmHgQsyc#?P90c|KPVmLx+rVSN
z+d#GdQE(RcX;AHa89W;NHYj?20_yu`!IQz+42H*Gk;4t3+8Y7+FSwCEkQTh#;io{g
z^9@k#eBa@JfCrMFMWcFu9C!pc2Na#>gBsroSAH3|iF^c#?)x2n20V!T--6=Xm%usT
zw_W}@Q0>h)#nL?+6usRbQxdEOXMmf*G4M)IeE0?^dcF%@1^x^ay_cM7u^$wDmxH1|
z0ma9ipy;>-RKM?X`Mbac<Ub4^2|fm{0iOb4MbH!4em8;Q|CONTF#|<k4yymxfO`Kr
zQ1ssp>iylI=KDTSbngLQ2YwS2e_no?eg7(O3HebFkqhnt&jR;=;_Fl3+2GTl_;kwY
zcAV#dqIVq#D}uLzs(+u$e+mrAe;X7Zehq5A4>`l~=QL1!T?8HmE(d$SOTb{iAh;fE
z^LWFVLGUr~X>dFE0f@T-{2jOy+|J|*-v)}mUjjAWe*o3*_d)UZX;5-{z+6jj2&(^!
zLD6+7sPR=mrXbh_YFu}K2Z5gf#oq_P1HdnXs{eIY{)Ef_0+bxQc%J3Q31CS64DiL^
zDp2ih05v}Ypyn$9B_}P1H-V5G+zN`GPdNOR!(V~o*D>?$`?a9PHw=pI-5^sI{3Un@
zxCc~!e+NoFe*{Wyo(46JgPCOU>r_zu>j7n&dclLiZ6I9+SA$Gta5H!ac#nJkaZv4i
z4pcke1ZRLxfEvdyL5=Sv=U6(=0`<NZ)ckA!_1!B$^`C*F^G0wcc&o!ZK*{L`Kz;w9
zEB^{8zWyU9K7SV!Jx_qD_Z+DH4@T)^kB$K~u0^2gUjUl%g5t|Ihu4CJ4p4G>D|jgQ
zZczOG5XgVQ!~9V@{|c(#XF<uqtS+m!XM&<*9w_-)0&1K~LG`x|oC&_ty-&dF$fuy_
zd<qP~r$M!QbT_^MoC|8)uLjlrPVjJWHz>Zo9TZ)6g9n25f`@|-fcox1P~-lh%YVn^
ze*lWUXB-~1(AGN^6#Zv|l81%hVc-?ua&QO~y?29}&kwuzp9c}O;H$3u8SrrO2QRYp
z9S3S$r-B;CV(<v?B2fKp1SQW~K(*fj4+U=kUkly>s=t{%mY$PA$>%ws+BwgauXZ>9
zir*2a@z+7szX_ZLz6sR0-UEuBdqMU0Nl^Vi1d9Hzy7KQhd=gasUx8{rSZwY2p$_MR
znvXT0_`eC94Q>OapCh2;`!%loHc<WC3yQway8Iq+J^4q$2t0WSJOXb7*MeUISA)l#
zi;V%V0(0=A;4JWr^DLeR9z}jFsD7>j#jk6@Gr?V;>fZ&5-UmR9@6({<_90jPPoVhn
zJ@6RtNl<$BI}j3s<IlHtb_1yPtDyMP0@eR(LFv;wLD`r4!Oh^KE`P>Lt)8uMn1gEP
zy`bjleo%b<JScg21UwG>io+ke^51~sqnyS?zzk5|t#jB9zKHx4U=I&hf%C|}Wf`#(
z_(||c@c0XDzh{Hu$5K%J^?{=MDsU5cFDQOI3yR(&Q4;Yb1l8|_;2f|IJQ2LsmA?TL
z|8E7=-(NZ018SbW1*+X2x$<X0wL6nRh2R`eu5>LZf3O3TT-^f7pS%wgpZ9<#gFgnv
z#{*Yjqrsy<jb{O<{#QBN2CCm7Q1o99s{ZRh(e)m%3Vs-re9XGoem@5k-(L!9-g`mu
zbt5RgjDoUHZvf|mZ+7LM1dk>E2q^mg8N3<%iF=>F%=WVzRKK@@lEddf(RWa<{r+%J
z-=77F{w1L3SP!cHHuwH&a2@#?D7pUxC_VZj*aIH6(zbIkD7oDT?hi(w<RAv6Ck;^j
zje+9J>%rOJJ3-C!2SM@mA@Kd+H$l<6tIzWDPrysb-wA5oehi)i?zhVJ(*-KO6cim*
zQ0?smnabdeU^n<hP~&_CRQ(q*m<zyeQ1UVYo(=8>)z5vP#=RF*yN`pHf<FUK+b;-~
zt-&^uf5lqrfKP%|@Bx^Xg2!T%2Ef;YTfoOajcdUrw%v0<@nH?9_FoQazU!dm?OmY8
z@ljCpJP1m@9tXR?r$On<X%HnouLEa*n?dz+C8+NPLCMwip!#_;sCM5A&IBI-F)hL8
zKz;Xb4u1=3z7E)6+dT@D-9N?QIpAFKOTiF)6?i&$lgqyk6rB&d{L|n`<d5EH^{xjD
z$zKM}1e>77{Tfhw`EyY6{vlA~eh`$rJ_c$WKX>{4H(9wo9@KoE4xSCZ0#v&<gW}IS
zK(&7dcsTemQ1kl*@I3HQQ0*Rq(dq(E2F1@yLD6wJDEm+cPXpfss@;!(>gVI2>OTmI
z-micf$B!KT8dUum{Z_wcfrpYm4iw+dbom9K=)3?t1iTD90=x=51>6Ci3f=;W|M!4u
z=Nq8<{~oA*p90SWp959z^vi5Nmw=LsE#Q%04cs5R!M(o;lpS~@C_3H_%6{GB%KrvD
zfc#$YX7FpSeA^Z~|5t<R|0a+r3f>8dz8`?Iz@LNacfSEUuGygSr-KKAOTfdx3qbK@
zEhsy&8PxYXK#l(fQ1bL1P;&8Ea5nh&py>M{xCDF>6#q`zYVFqoP<(2F`tAnsDDWMi
z>VFUvJ>LP<-cLcz?|*{of95tz-^rll=p0b(Ed!;$t3lD7f%<+7d@FbhDET?za@)>Q
zP~*G=RR33iqO%6d9$oL=zY9E;{QE)4!(W4H_YqL@^BAc9e+i22--6=zVcTuJ6F||~
z1!~@xgL;2CsQML9^4bEA1K$E_9^Ma1Uhf6f-^W1F^{~T#0Y&d`K(#mX3QONhK#l8k
z5S0oRfkWVpAfyFPfE&PzUe4ITTR@6}Z-EW4`%257yTGH#KLCn9kGTBfpxXaANGK6J
z2fhTn;3_*$TR_dz)u6s_ID9>*aoho(2z~_Y2EPPe0RB4|f{R~a<zfKTxDxOLa1>k!
z{wa7i_yv&vf}ir|EO7lRtzXQ*F7kf?ia%cmrBB}jB^OVE;_oj&jq4dubj`ThzCRh1
zyqyK&N`f9x-|qtT-EN0(1otEFe~Eu^_)_pFD#YOJq-#hQk@Txu2<`xHBppFL(I$Sq
zhV+*t{WLE9PT>8m;M1hnkz`l=?=w6cNBTMGf0Hza`hA{s6X|AU`2B|T&*sU_*ZJ;Q
z@LSR^N&la83rTXKUv9y~9eVse=~B`%lIG@Y=+f`cEd)oBmkxf5bOxzOI+t_~=?f(N
z{+0BP=E>^Smw5g^q_2@q<olO_b4X{pws{PmBmFN@FG;@tSkgy${s8GkJbw(-PySE8
zlPS~hIB*{6F`nOUO6;G{x#z{M-cItbC%v3>52-@Z?^NFJ0%w3Hxw=ey@Q7ZzpJd}F
zq&d8Q7x*Aa_HPyG-$}0~y@YpL!M`KjN%||&T+$Hf!=(3+eocBO=^do<?;B+P!xg*_
z{1oXvl6=NbN%KfOq=QIfq$f!0NoUb#3)Js^(kn?HSH}IWboe2MqoDN5|3=)yL2le9
z_!nSESqf?o`C#|{Z^@&=W^e2n@H?chl8z@G?&>V%c?W5L^e3c?Nv|dS1L+f_e<IBw
z{Tpck-~1V<pY;7#q-T|x^jqNad%z`=-W^iPU%>Mfq>ZGfNV7<@NwOiw)7PWm-;+)u
z{ea|up?i1{xJ}R0{To-d4*XNn4KDBD4Ll5!4s+u^kLQn)enismuPp?p@P0GT-y<DG
zdcP~5>G0FwBI+Ctex39rX@BzH1g|AkNwdjc4=yL2!L$E;nTJzJ5$R-K2(BOvlD_N8
zz775-X%^r9&XrvP{*ZJX=~X2C-fbb+4gQSu|40v!E+gr80N?)t{32-!=|J+I1ox88
z;aR^v3ueFeEj(``okn^q>0e0t?MK}VJdku4>3@*ELRv`qy`X-7L7GecLU1jqi_}fN
zi*y&y|C4kC=_Jx3(tAnzeUS99c?yDYhYx^<@|}JgESUY?l{~-6<&Oc6c6GX4*^v$f
zZzla;(qhsf)SFNGEYJS;V;)X)nHu;uQa|Z&(u=A4M({S$-K1m4pH7-d>LCTo2Uo1`
zA3ZmWcSiL_Enc>K;oypJQMdVDI2ct&vb@z@$?C!Kyw%Lo;T4;*mTI|NxP5hh7*#59
zo`;PrNn3dsH5zf$45K`pySWjkbGySWQQqk7535<6hiTRdEA3`8PFuC{FmE>+S(B11
zP2)-{Nr%H$rZxlWZ;UEoZ?)Q_?VxusYqwlOK`%8&qgLE`2-VT${hPu{EurC}+~(E%
zP%_+ZMy(`EFAlekBzZWN)M_DZw<7v)jl^L_8>5Z1%YBo_&C#S1cl*XfTU2T(OQ$xm
zypmPp6%!j;zR(ng6Wfc!RqOit!&)5WF{7)7D{EP02Yv7yHCk~qT;J~p9}dJVu}1Z(
zN+CqIl1ixwQ`&AYDREQ}S8W<F-Nj9nTmDt+Ng6hyJRi%N)v(>D!ap@O8l{!e1K;_+
zYPD=Eu0jX>)}Scm3)A!foKe$_hGwu+ztxKC4L^mJty?#533~TYzCCHiYuiy10`~EC
zBx~i3j9J{rJIC88@3Ka?ug)l*zAs)**A=fiJ+%>z6m}co33?}FOT%~NL#|@DF>Z}y
z)nH|mCl&j*sJt?c5XlgAft67$Sedkt%{VYZP)qVwscJK+4l@ntLmlA?R!+=^NOGJ;
zgSEKY9j?im;X3p+jp}h2rJB11v=oQqS-TlF(V)0F7X@{)FpO~b^=}I|WKq>TY-Iw2
zJ_$rE=!=`J#0&=cEN7tFsLKSM3Wt(f9Q2Ju>2QpC#dVuW)zC<m<&YB&O2W<H8qI7p
zsUkw1cd{}JQaYkyqs8I+RsLy1HtZiO1zq91MtiV^9_)z6=ZEv+?&0pxYM@o&?n<-e
zv~T`0xKyb@NLBRPT61cx3)S3;u)DiERBoZkdW~&G!#NzX#E5YJ+>v?vPPU{q!U!9f
zlBCkEVf{uB?y;yDhZ}qQV7O7juo9(VR2z%N^KcN3pkN3U6v_JJnlp6X)m6Vx8}wzh
z42G2LSGdOTx?IEzSp!OAt74h0a>>?Auk%bZl(o}Vb3E*mDEW-+Q&?{!bx<`}i_#q-
zg47zz!V1HPDo72@S({x5rYpb%M59qslL$^S!zE*h*+uSPM>WYCwP+kV2V?9D!=&G=
zUJ?#Dh-y5Pq*x_mBb~W1&sIPRBCvFUtevj|A>+X+{SDEmA>=oV>KZeJ`N&`<ld~#n
zMPWOShU3yB%9SRqtSJk;Djtg3wN|*6$zigThZ?+=p;V%p%S#z%A<`PlIN}AHjE_i}
zMjR?E1kd*q8V+U7pi((X$HTFaq!s6ls1k?s4CIFE(O^E`=&po9eTCBIZiuMGSO^P~
z80|}~*iU4;^LB`y7z@qqw3?-AFo8XBxGt{M>c}OsOFw3+S0%ZbO{*o$7+xc*T*Gu-
z6IFIN?cjS;3x1|~J<4A_v0Lw9@bD%$7;4uvGp;H|OVl*mX=)f=6nBa;Q^R+j$oCkp
zCqWv-X;woFXuMN_M=}~~wrM0GL-7y-(8ldC$gCbE`l4fdY7s2;?r&8#meyqbRvQy)
z9qN#TUlD>a&qGX*f4v5k9fSp%{Q>KOH{<cL)K}<qllu}UG@Tc|yp|0QYv``yMvU2W
z&&~+C9Abd=%uF{%?D*2s>2v}8Oh%K|c(?!F&~85nlOfsua4brF@Fd!a`3ym!RHqrg
zx=j?6BcKFr)qH_?X+jYrh8YAj!_lPKYDcwjIBE`}I0_QG!<C+?R<(yCRb^s^nkaM~
z4N3?o7Z4pnV2nm;Dq19}<Txaz&h!wqF#w8Z;O@AengxV%aYWSxX6*H37hlPx$qC9=
zn)#2ys?l`>B4M^WEMxM19|Mx%G{YWA6Rq0hCh|oqE0}WLNI>&OT)_#_nR9wB@UmfB
zD4+1h^_s^FL0pID%>)K88&Y&Tmw88r=+W3mNqDU-39pSirjN@y8vEqJ>Zq1y*fSbS
zn8hLpRD5aM#pj!l!1eM+kc{TTsFGiz7Zl8rTq9yPtiftXP4?L?1H|(-#~TFM&LU#~
zE5xZLRE)wFMj);++}2ner+%%VsWyTv&6uuXse(09GL%uH>OJ@K>I4)OAG#=Sx({U;
z4Dm86TgMwR1yx!3B05)zS^0QNPXP?kj1V%rK+Ff;!RnoHrENy;W>0g1zm{=pws_qj
zG!9z{0n{2q8}>r3c^6i#m7GvcoI17GS~tikhy10_-1{*kyYQsMjwoTU#+ZY&G9IiW
zLNkBDfr0g_qyU3WOl1Z88Labu$vpM;^LnC1R|Qw>ExL-t5A%s0rnSoJT>QTdBZ1Sf
z(2*YJ&r1_v+^t{e7@yn8q!=~X7G}={oyJ)&%*XSE6<k5SFpXQm`e~{;cQx(%sA|mU
zwC|l%PWwJ-7?YNa88BuO!dOO4`-NYWOh+*h%(UN*rm|ksz8*vHhRvF6z2w*Uz0Olu
z>W~)P`*4%yv&as}C+1l4yi^#~(Df=-3tw9*Mqs9vv>UbtlOj`Swgm95rU$K))~EbU
zsy-Ae!eyKnag9t<O`+Q4ikgVYRW6O=MsE$v8f;+I(pEU=AG}r&l#ddHPA<-a4O+H`
zTcxENl6pdnhV{ytJN!<F)ma$feGAoysxQNZ;;92IxMW1GTXX}lOj;dFs;nOrY`1ua
z9}N516mgHm8ixYs`n}J#C51atUMsPXrCy`m3bgp}y0Eddo3b(5nbh0$Fm2ZdF;&@6
zht7?0J!5^ajipENSmn9ZWEs0LOIstTq{GQNxyf=tam}W9th3uNA){$Gz7@5sj0BsK
z$_`@{Hf5m#^8hSVn-wk7s<P5Zio${Rpd@8ul<(*i8o@D}J<QxDe7KV%a+_<_f~In&
z*qO3KZB7Y9VpgKYO^=6i*v@xO@zB9$yY=L8vL$q{RqQQc|G=d|Kenea(nO4ce#L(J
z6PBjBpEVb%#HxbTZQMX^5Y+x8+`{TkF>YWaq`ztQ!L$I@B+4!OH9&cpJauKv2hQb9
zyE3LqX<@9KcanBp+~3SvStY9l&XH}GJ7Jw!Y_u6EMr+FzM0Qc+w*QEG3UYA^<9Hjw
z9-||SsqUjMrn1z!1id@h5)WqV6>W(tF)RwXr{W&jQX6N1Rb=~#YU7p)hFBYnfGkAq
zU$5|bS<m3~mY6+EsdY(;x5PQCC|+52T;8+uWqvzJdGw{_>_M;v62rdU@-PE=Rr9A<
zdb<#)$GC$fi_6RJ0W48L<$!h)On7wJ79^78yV-#-+dNJHFhNf8ZH$Th*+?rGAOdO1
z4EcvryY5xkQm8Y)l9Mrb37*RRa9(%Dj_G_~GYZ)}u%^^~OL%8Cg9a4$GB*QegJ&Wi
zY!M-uf7{t!85qgN0{!vEl0jY9bAv?vy2UqW$*mZg8ts<xB?H8&7|#u;ZY@wo-xZ>z
zD1gPr2&??ocsQ@GcYf(5tMIa#M1RocQB=~9N;FA9@P_Oxm&L@Ec!Obc+O@P##YUyg
z`@qiTylC0n7>r(Iztb2Ci>WgCo%Q|26Emm?2u9g=#(TM(_0|I|0?C3dGL|eJ%2bu2
zP4h)T6K@<zg-H$uN=ttm!xGMRMm6ze#-Ty^WxXCXkx&~ASqRH9h%2(%FBWXd#!hqf
zLkWb5v9-RpZy3*H%j}B0RaTZ5ap!ojRU%s`#a8VFxaB0fbNQq_Mr=~YFxtgjhh-gS
zVIt6O8s2wHG|?q%=G)QY$F6JWFYQwF!s^r>BcK8@^Nx*wU=P)iO2ahcTXCx6m!B`7
zHM@TH?Y$tX(yXf)vn@IL0$afbPRFGx!K~SK_(Mk6VlSq~azuQ!4YHM?oj*s{LR*+-
z6N|k}Ox-W?{z_YxeXFL-k?D>V`Dj9e^5t8#c{LPsDCV73xy1V|Q>I|EpL3aJu+^@c
zJH~RG-NIrf6t&_IaK}zT3t8Tl?ntE*i4Wm}ZRRA%0fE^Vk5i73ath6wl(^6=Y6JgZ
zTvdZ$M#oA;so70-8;&{^8V|Pj_nP3#20c@J-cr-h`Af<^Z+kol<vI}v2NP5RWk6o?
zpj58I!(e-|CUJ33`MGmsVj`1uc2U`3g^TUYJI_P2acGy^+9-8rWD~2n(r}RDNVlm9
zQO4BIbNSe;@#AprSR=Xycgz->_nq<F`H)yzcl%x@?vqYqL8hb69i~kbwCP($*7LB>
zo|LL5li#Ql0l%Qt;b7p6f?vRSLpiyeU2z%jz_{Q-u-HvhiMCfunq{LC4wMV4X%;Mq
zt%+W$=JcXF@SXX_Ss4;=UW-z9t*>@nuIM;RmxTn-ji@n$a1BA|+L#X~)vlH8;k;{W
zwk%w!6W%M6dOc<j09!FgewWX_Y?$rHnohP?%;?|T<>Tru79sJnaPgwWJzYJEyO#8X
zJ?Ac4e8G$jQQqn@8d!^1Wd9M3`_*IDR*q(ug<II`Op_?3MH?zHi0qmzn`dlXzj1Xj
zu%7NkGx}I<VW_*b@3bsz#XDOIIXg+x3yqQ>v=?pLx~6MsQO}u?F7~W41<%XErGrUp
zMn9Y3QLRfmJo&OPZJ2C+(UJ>8`*_j3^rDM;!i&R2;j&QAi^A)#=i#iLMT=G}3g^rT
z&ExXLi{{U#Ru8on&%bcS6<vMJY>a-o+{|>QW6GPZ^{bYJOD;HX>7t&}XJrnQir3%?
zmxT*CQ(&86q0Y!^@xnO0X4}BR4Sm;aTs<(*yLR=!LN<_ehLd+UvPmDC-g*|z(A@@f
zk!uZY;-S%V|Dd}Kdv=#DH}tntwm4Z&6JeW64!WAa1qTlJD$(TY4QbodX|(q2mL?*q
z5j!7*#QKPncFY8Cv<#0hO`O@}4YvC1;>cbyh@)M5cDwrqymFDekIQ<^t%tpLV(a`m
zNbTEN?OHpzIP9&kF~RB9XoSr{B~oqhX@4<k*Kk+m`wjkHgPLfkaj8*yNcP==^@9`J
zaXymfG(gxyOg`A=Xv-W@1Ue&t4Kjf>Z59p0u&0?|%Pl+177iC4*thDfM(tsZ-=eKz
zHbx0(6_3diXq>iXU(I<4t<nA7w`Vr1>}FPj>6$+6hO(k=iW>HZwH31~f|!CNu0rH8
zd>tBn!TSC#R!m_7JCd+qAFw`2Jx1<gL^8^C2#%uFIEtwuQZ0PwKF-pkW(5+=Y>3$=
zvflTrj@h5?Tj$Ta#D(eVxapbnI%_ns^!w`FznQLc|NeRU_Emh>+>yX;;pW5-2(eSH
zNtp10O{J{L5zgfD(g%Y^Bc>Gi4MBKaXT_(9M1cG)3aUp;mriF)>)ND^kZQKA*!}I?
zpHLRH;9^CC1L8QuiyO(%mP&WnuMoK%Zfdg>7>;&TnZmudC)kk%A$x+c)UXk8glFlW
zAYAUIg(j&xc<9!Y>2DgzV0poz7nJIvg-)^BO`7EjM$ntKIa8AM_Z2%K<!6Z!mn<Mb
zIv}2vj6g6@8A<Ac5<WJM)kp+axU~}x8$#QB+Qt~{l24BJ!5C8$GvJggSYOrrv09v9
zUxG_$g!Q$xI3?;JsIWreyvj(-!Lr@V+OwOR8T1+Ne7?IGX1gahV~kPu5ze78y4KwM
zo?9B-!3O3THW~^v%T8KopdiZL+~6&@DcC&@Gs4X_u{7U#OQapf&aDlCHf&iVg9F~8
ziMm$Ss>V^9NslUV97!Pj=j;3JT#xA3q_0ibgXpiZ6E=CeaO`#;3xX0Iq&Ko%i4IA<
z-@ph_M;@ew|IjnbB+aXl*u8hkz9bWK?8U~|UCa+-(!oBTXS&g+Hu9*g<6U+)xqy)p
zm$k*P$lmSfXs9^Gu{pY+9t#R5aMEuRn428jnINd5PZTJOB%WdzfmL{I#(At}rqIBa
zv7mY86c!5bm`3T$bq`Gjb7zgbHSu2Wy@_Wz6<~E;Ep5vNS0=TTjcFn?-Sybza$H~F
z)EluIG^>(UA`>C=r@&ShYS_Rww>?xEavo>jo7cfw>ah3=6S#-x<m!m-e<TmzoftzP
z$wYZO<A7;u#IxNP8<>E-HOs6fQ^pn)eH$-p#6=f<xFMohF~?PH%?$j2VD_fu>lzW=
z5l_?x&E*g>2qe{8(IB2^e)#ZRi8k*=i;Po@q1k&I;Sz@!4k5{kzn?JwLYAxIr&n|p
zTH*r;NQo-cgJR8*RRb0+=nT>Cp55JYtax)=J<fQ-JrbC;%O3d4nmHBrw>YL;A#rs%
zmFftbnI(50r0k}pwe~Ja=N1X1VGFI<T;)FL6l`Mt6Rxc!k+z<sXlC9xZ`l=vaT7kv
z6u@yJ0&{Z&l`+>zP{ZzE8<!XA(sCCkz)d1K#F;>eZ>m{6P8qwKY{hck$d@8HBgDvx
zaU>WFLNi$6R!CCfV4IaZO$ipsg+!2x4U{-U`fG(B6RY9w*`4F8urR$Q7=)~;Ue3HS
zT$%Ke+GW9||58<~8|QzFPytd@v`?&yGiSe{RM(T_YKeS?C-<2(jMzxi?WkoneY;|(
zuBxD4Ov=P?&WEF}Ez2s`8vHh#s4{7KPw4HA6r^<SGRsK33yDY3m{?*@VlzjAi#!*E
zXqoILTrhT<$SoXhr&+|ryX!6PUW?3@3;KQNU@aV{9mXa@5XzmmoA`+0o{RiLQ~ow3
z$}zr-yDE0fwnr~ayd@CQofmGoC<NGhCoJh)bm7_5=WBD*#aXrg7KiL^owF|9Q<@7e
z#&{uG#)P~3E+$$sBj`vMYL;u8)e7f-ix#Yg^}I$CGD3cWHBA^RB`XzTe#b<?4d+lg
zmtpKp7$Pg(2I|=91zsw+X~)&cy|+6)7H#INB&|~VmBI@jh+F3{m3H03LZ%TH%B`VT
zVUf8sx+5bbJ((oi9Zjh;lLqb*1;mx1@5Y1ZqKr&pJ7wL&0S-51tepA58d;X|5sq3-
zb=_GDQ0h+}1%uw{Z#vDiVVAqRP%Q5{tItxCjOdSO(k%}rHQ5TbCJh(T8V(RQ^%ko`
zTyLb%#}{G#IFmA^obvNe669XRS?3O&GiN<ulnAC|L{R-&3#0jx1+9i1_vpIL4H{W~
z?%lv>Uy(?``=Ag>YU80cyA{-w7fh~QOlqD?f7VG%TygqlCe+UD(ny|Yd(y=&Ca%f$
zrp+2U<vLDfG)^%PL2q8MmfxcHTR45XHHV3-V#TzK(t7mH-JG(YT<0$4l>B68f#c#e
z!$>G{s~#WF=sq7Vkq8Q-izP1>&~9s$Gi(eDQ{{p&)WKx^%yA@DJdU1Q&YaIwn)sB7
zOx#*UW{{cL_f?&#^;`hp8$#IQq9Hj`X{yGu!&jNwhLd?;!9-nl;pB)(8Vf>h>nQr7
zJ##?cxvMj^wqFjru}!U@MeDRLCtlYvA7`8qXlI4K$C&2{w{=WBQEtqvk%x#QnUPI4
zRJ5T7+7h!$Qk0?7zoal))O24Va0E#aubAm%wEO~I?z`02B$SJH8oPi&H(hc`!#1ot
zJcSGxi)HW2+pQSZEarX>UEmdRvpmB}5yqs<CV{zGhEI%PO5c>K?!80TfDA=Qb$yTl
zm|X!>rAF37(>2!lw%m9im6P=r!P$3Ag1O=2ttplkTgAZS>80;B&hajlDBVPFEY2dX
z`bcb8gzwpHR{D@2<Bi8vT&K%F!`{|o;Sk3<bTPNO5(FjKELMNo{^Z|DlvmWYkQ#VE
z7h75KittA(rO9v2R9JUwBP6$;@5~4*VEY_tmr_ClV{pFQ6%tu~jP_y>6XH!Rl$g6h
zlZ$Zlm0$y_Wi~wQ`mAO$TjGcB#yQ&Exrj3-R--l}$Dd}h<@kR#1(IsepT})3tS5Eo
z!Av8vQf3&deBKo~NeNj6CPfU5t$DuJ8tJ~?v*&CAZ*;poXlIzqOGPMRGbRS~)N`{M
zrDV15$H1zgDAGvGMgqJTH6aQ8Dx4{T5=A~m51n8Ke`Eehn@6=YgzrO4&@Z!9<Z2X)
zAbYXMY<Y@28@ErA9UmoNt@m-mh%GT9jQ+$3pAkDm+*~q(>ns&Jn^R^V*7_OqxX(SF
z3Ac=X-yYAj_l;O>`m07#2{xc4jKvDpM?%Jf8p5e!4%yt^x?3!01K)1WcSg}!rt7wm
zains^vLn-NwdukUDh_YW6l~nAo$Xkw9`-f(8*Jvl02J5iTCFe<W<SdoAhuiLhwiJh
z6PPzJ3ko^7hZMJEo{SmNaa`N4)p>{37BP;EW}L?85|Gt<twzuyYHOF-M!qZU#yd+T
zyYsGHkAie&RdJLJyUfXkd5OZ>kq|`K(!LI_IJq*Hm`WFy%3DrRg7x&VX^)A$xWS~E
ziaOg&5hm9JVP>f8TCz<kUYW%sQ(6smoeAAHXOjwn{VEa<q$!u?$@tn2OgIeV%ylMN
z1kXcy&5P1bcv&j5*ORo#!c61N_pzz!_e~~Uaxw(VS44DYB78N%r3|z2iaeO*4N-Ye
zVx84?zklj-o?4gfmB?AC!cUmZG&{R;6pUFHpES|B`6Qu`wBS|Q`DHs`6V{~$!|Z;z
zKORudwoz8xaBh)9YKtpTbM2j|Nvb^QCe-g!W3EA!{yAOeP83S~yrNmW^>(i)(TPcs
zE6yoYrf}DXenp)r!tJZtOG>2>1W}Poj&)m>C7ku%*j&W2&FNWDWWHfum|lCl<*E*J
z;wZktWoXsuhtMg|2s)W!0Cq{?ml{QlDdf9~mU^zcnth>;hjQb$M@-yGn6gopVT{V<
z1Gu0j7v$LH=!CBfI0;>m1;oi7BE}Ej#h{`}yUq<O^O2D>!#GKwd!-9hIH}IcLitVx
z6TWlYoqbtDXBDQmSP!E|T1-an_|GmwttpsrUjSX`Sbx6ZcoiX7tDEau`A%M5PihXg
zG2yC}me01QsaLJa9l@T?ns7ol`=olxeJii9axdj(4gGFKIiXo2f0LPEnw@y@s@&ML
zH14ypDYvg)NK+Xm2?uDF2rqz-eObM&cn%fBm$(Kd-m;qR@|AZDe!@+3YnMA}Zjy-D
zn^^p7Q`e!re8tMS<FDCvF?X<x6Zby5Q;2iv*T0@NYcEsENpMnl9P5f~NXdqIyT$Dw
zcAGed&)pKgv+*)nx$VloSa`t>{2UvTtn=ZG_Ky7aLh;Ou8m+?z>A=Kpc=}DP&Kjl@
zFXD9-cN*$_)J{BLii&)(VM4chM>LLhmnxJUzRs9BCrmyX)-A7cr3q2NQnPU8ju(v<
zQGqwc6c$S*7axaX@t}$5jKS%g|Esjm{<CZw^bxk|9Jg~eX+l!_%6VCa;uz09nlV|d
z<lLr<-TKsQ6)^<$?T!o<jdK?}qdEfdv$2n=rFX1Qnlgs`-xxR}nsA}Utp&6yw0Fd~
zLo)S_7?Z^<v4U<(N4fFB!uJ(naLEp;XGM6D!U;4puhV={G_Odj<3SvkwcDUuV%jxG
z8Co^)dnsl+sB=}!oB=fCmRp^&YJ6?Pxd0w0aQg-zsx*YAL61(gs{Z&yVqHYu(|Q1Q
ZmN?sSho*=|b(F)#j;pbKF(58w{1-*J26O-b

literal 0
HcmV?d00001

diff --git a/locale/ro_RO/LC_MESSAGES/messages.po b/locale/ro_RO/LC_MESSAGES/messages.po
new file mode 100644
index 00000000..11fcbe73
--- /dev/null
+++ b/locale/ro_RO/LC_MESSAGES/messages.po
@@ -0,0 +1,1206 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: raspap\n"
+"Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
+"POT-Creation-Date: 2017-10-19 08:56+0000\n"
+"PO-Revision-Date: 2021-12-31 14:29\n"
+"Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
+"Language-Team: Romanian\n"
+"Language: ro_RO\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : (n==0 || (n%100>0 && n%100<20)) ? 1 : 2);\n"
+"X-Crowdin-Project: raspap\n"
+"X-Crowdin-Project-ID: 395801\n"
+"X-Crowdin-Language: ro\n"
+"X-Crowdin-File: /master/locale/en_US/LC_MESSAGES/messages.po\n"
+"X-Crowdin-File-ID: 10\n"
+
+#: index.php
+msgid "RaspAP Wifi Configuration Portal"
+msgstr "Portal de configurare RaspAP Wi-Fi"
+
+msgid "Toggle navigation"
+msgstr "Comută navigarea"
+
+msgid "RaspAP Wifi Portal"
+msgstr "Portal Wifi RaspAP"
+
+msgid "Dashboard"
+msgstr "Tablou de bord"
+
+msgid "WiFi client"
+msgstr "Client Wi-Fi"
+
+msgid "Hotspot"
+msgstr "Hotspot"
+
+msgid "Memory Use"
+msgstr "Memorie utilizată"
+
+msgid "CPU Temp"
+msgstr "Temperatură CPU"
+
+msgid "Networking"
+msgstr "Reţele"
+
+msgid "DHCP Server"
+msgstr "Serverul DHCP"
+
+msgid "OpenVPN"
+msgstr "OpenVPN"
+
+msgid "TOR proxy"
+msgstr "Proxy TOR"
+
+msgid "Authentication"
+msgstr "Autentificare"
+
+msgid "Change Theme"
+msgstr "Schimbare temă"
+
+msgid "System"
+msgstr "Sistem"
+
+msgid "About RaspAP"
+msgstr "Despre RaspAP"
+
+#: includes/admin.php
+msgid "Authentication settings"
+msgstr "Setări de autentificare"
+
+msgid "New passwords do not match"
+msgstr "Parolele noi nu coincid"
+
+msgid "Username must not be empty"
+msgstr "Numele de utilizator trebuie să fie completat"
+
+msgid "Admin password updated"
+msgstr "Parolă de administrare actualizată"
+
+msgid "Failed to update admin password"
+msgstr "Actualizarea parolei de administrare a eșuat"
+
+msgid "Old password does not match"
+msgstr "Parola anterioară nu se potrivește"
+
+msgid "Username"
+msgstr "Nume de utilizator"
+
+msgid "Old password"
+msgstr "Parola anterioară"
+
+msgid "New password"
+msgstr "Parola nouă"
+
+msgid "Repeat new password"
+msgstr "Reintroduceți parola nouă"
+
+#: includes/configure_client.php
+msgid "Client settings"
+msgstr "Setările clientului"
+
+msgid "SSID"
+msgstr "SSID"
+
+msgid "Channel"
+msgstr "Canal"
+
+msgid "Security"
+msgstr "Securitate"
+
+msgid "Passphrase"
+msgstr "Parolă"
+
+msgid "Wifi settings updated successfully"
+msgstr "Setările Wi-Fi actualizate cu succes"
+
+msgid "Wifi settings updated but cannot restart (cannot execute 'wpa_cli reconfigure')"
+msgstr "Setările Wi-Fi actualizate dar nu pot reporni (nu se poate executa 'wpa_cli reconfigurare')"
+
+msgid "Wifi settings failed to be updated"
+msgstr "Setările Wi-Fi nu au putut fi actualizate"
+
+msgid "Failed to update wifi settings"
+msgstr "Actualizarea setărilor Wi-Fi a eșuat"
+
+msgid "Rescan"
+msgstr "Scanează din nou"
+
+msgid "Update"
+msgstr "Actualizare"
+
+msgid "Add"
+msgstr "Adaugă"
+
+msgid "Delete"
+msgstr "Șterge"
+
+msgid "Show"
+msgstr "Afișează"
+
+msgid "Hide"
+msgstr "Ascunde"
+
+msgid "Not configured"
+msgstr "Neconfigurat"
+
+msgid "Connected"
+msgstr ""
+
+msgid "Known"
+msgstr ""
+
+msgid "Nearby"
+msgstr ""
+
+msgid "<strong>Note:</strong> WEP access points appear as 'Open'. RaspAP does not currently support connecting to WEP"
+msgstr "<strong>Notă:</strong> Punctele de acces WEP apar ca 'Open'. RaspAP nu acceptă conectarea la WEP"
+
+msgid "No Wifi stations found"
+msgstr ""
+
+msgid "Reinitializing wpa_supplicant"
+msgstr ""
+
+msgid "Click 'Rescan' to search for nearby Wifi stations."
+msgstr ""
+
+msgid "Click 'Reinitialize' to force reinitialize <code>wpa_supplicant</code>."
+msgstr ""
+
+msgid "Reinitialize"
+msgstr ""
+
+#: includes/dashboard.php
+msgid "Interface Information"
+msgstr "Informaţii Interfaţă"
+
+msgid "Interface Name"
+msgstr "Numele interfeței"
+
+msgid "IPv4 Address"
+msgstr "Adresă IPv4"
+
+msgid "IPv6 Address"
+msgstr "Adresă IPv6"
+
+msgid "Subnet Mask"
+msgstr "Mască subrețea"
+
+msgid "Mac Address"
+msgstr "Adresa Mac"
+
+msgid "Interface Statistics"
+msgstr "Statistici interfață"
+
+msgid "Received Packets"
+msgstr "Pachete primite"
+
+msgid "Received Bytes"
+msgstr "Octeți primiți"
+
+msgid "Transferred Packets"
+msgstr "Pachete transferate"
+
+msgid "Transferred Bytes"
+msgstr "Octeți transferați"
+
+msgid "Wireless Client"
+msgstr "Client wireless"
+
+msgid "Connected To"
+msgstr "Conectat la"
+
+msgid "AP Mac Address"
+msgstr "Adresă Mac a AP"
+
+msgid "Bitrate"
+msgstr "Bitrate"
+
+msgid "Signal Level"
+msgstr "Nivelul semnalului"
+
+msgid "Transmit Power"
+msgstr "Putere de transmisie"
+
+msgid "Frequency"
+msgstr "Frecvența"
+
+msgid "Link Quality"
+msgstr "Calitate legătură"
+
+msgid "Information provided by ip and iw and from system"
+msgstr "Informaţii furnizate de ip, iw şi de sistem"
+
+msgid "No MAC Address Found"
+msgstr "Nu s-a găsit nicio adresă MAC"
+
+msgid "No IP Address Found"
+msgstr "Nu s-a găsit nicio adresă IP"
+
+msgid "No Subnet Mask Found"
+msgstr "Nu s-a găsit nicio mască de subrețea"
+
+msgid "No Data"
+msgstr "Nu există date"
+
+msgid "Not connected"
+msgstr "Neconectat"
+
+msgid "Interface is up"
+msgstr "Interfață activă"
+
+msgid "Interface is down"
+msgstr "Interfață inactivă"
+
+msgid "Interface already down"
+msgstr "Interfața era inactivă"
+
+msgid "Start wlan0"
+msgstr "Pornire wlan0"
+
+msgid "Stop wlan0"
+msgstr "Oprire wlan0"
+
+msgid "Connected Devices"
+msgstr "Dispozitive conectate"
+
+msgid "Client: Ethernet cable"
+msgstr ""
+
+msgid "Ethernet"
+msgstr ""
+
+msgid "Client: Smartphone (USB tethering)"
+msgstr ""
+
+msgid "Smartphone"
+msgstr ""
+
+msgid "WiFi"
+msgstr ""
+
+msgid "Mobile Data Client"
+msgstr ""
+
+msgid "Mobile Data"
+msgstr ""
+
+msgid "No information available"
+msgstr ""
+
+msgid "Interface name invalid"
+msgstr ""
+
+msgid "Required exec function is disabled. Check if exec is not added to php <code>disable_functions</code>."
+msgstr ""
+
+msgid "Waiting for the interface to start ..."
+msgstr ""
+
+msgid "Stop the Interface"
+msgstr ""
+
+msgid "Connection mode"
+msgstr ""
+
+msgid "Signal quality"
+msgstr ""
+
+msgid "WAN IP"
+msgstr ""
+
+msgid "Web-GUI"
+msgstr ""
+
+msgid "Signal strength"
+msgstr ""
+
+msgid "No Client device or not yet configured"
+msgstr ""
+
+#: includes/dhcp.php
+msgid "DHCP server settings"
+msgstr "Setări server DHCP"
+
+msgid "Client list"
+msgstr "Listă clienți"
+
+msgid "Interface"
+msgstr "Interfață"
+
+msgid "Enable DHCP for this interface"
+msgstr "Activează DHCP pentru această interfață"
+
+msgid "Enable this option if you want RaspAP to assign IP addresses on the selected interface."
+msgstr "Activați această opțiune dacă doriți ca RaspAP să atribuie adrese IP pe interfața selectată."
+
+msgid "DNS Server"
+msgstr "Server DNS"
+
+msgid "Starting IP Address"
+msgstr "Adresă IP de început"
+
+msgid "Ending IP Address"
+msgstr "Adresă IP finală"
+
+msgid "Static Leases"
+msgstr "Adrese atribuite static"
+
+msgid "Add static DHCP lease"
+msgstr "Adaugă adrese statice serverului DHCP"
+
+msgid "Lease Time"
+msgstr "Timp de atribuire"
+
+msgid "Interval"
+msgstr "Interval"
+
+msgid "Active DHCP leases"
+msgstr "Adrese atribuite DHCP"
+
+msgid "Expire time"
+msgstr "Timp de expirare"
+
+msgid "MAC Address"
+msgstr "Adresă MAC"
+
+msgid "Optional comment"
+msgstr ""
+
+msgid "Host name"
+msgstr "Denumire client"
+
+msgid "Client ID"
+msgstr "Identitatea clientului"
+
+msgid "Information provided by Dnsmasq"
+msgstr "Informații furnizate de Dnsmasq"
+
+msgid "Stop dnsmasq"
+msgstr "Oprire dnsmasq"
+
+msgid "Start dnsmasq"
+msgstr "Pornire Dnsmasq"
+
+msgid "Dnsmasq configuration updated successfully"
+msgstr "Configurarea dnsmasq actualizată cu succes"
+
+msgid "dnsmasq already running"
+msgstr "dnsmasq este pornit"
+
+msgid "Successfully started dnsmasq"
+msgstr "Dnsmasq pornit cu succes"
+
+msgid "Failed to start dnsmasq"
+msgstr "Pornirea dnsmasq a eșuat"
+
+msgid "Successfully stopped dnsmasq"
+msgstr "Dnsmasq oprit cu succes"
+
+msgid "Failed to stop dnsmasq"
+msgstr "Oprirea dnsmasq a eșuat"
+
+msgid "dnsmasq already stopped"
+msgstr "dnsmasq deja oprit"
+
+msgid "Dnsmasq is running"
+msgstr "Dnsmasq rulează"
+
+msgid "Dnsmasq is not running"
+msgstr "Dnsmasq nu rulează"
+
+msgid "Upstream DNS servers"
+msgstr "Servere DNS upstream"
+
+msgid "Only ever query DNS servers configured below"
+msgstr "Numai serverele DNS configurate mai jos"
+
+msgid "Enable this option if you want RaspAP to <b>send DNS queries to the servers configured below exclusively</b>. By default RaspAP also uses its upstream DHCP server's name servers."
+msgstr "Activați această opțiune dacă doriți ca RaspAP să <b>trimită interogări DNS la serverele configurate mai jos exclusiv</b>. În mod implicit, RaspAP folosește și serverele sale DHCP upstream."
+
+msgid "This option adds <code>no-resolv</code> to the dnsmasq configuration."
+msgstr "Această opțiune adaugă <code>no-resolv</code> la configurația dnsmasq."
+
+msgid "Add upstream DNS server"
+msgstr "Adaugă server DNS upstream"
+
+msgid "Format"
+msgstr "Format"
+
+msgid "Choose a hosted server"
+msgstr "Alege un server"
+
+msgid "Enable these options to log DHCP server activity."
+msgstr "Activați aceste opțiuni pentru a înregistra activitatea serverului DHCP."
+
+msgid "Log DHCP requests"
+msgstr "Înregistrează cererile DHCP"
+
+msgid "Log DNS queries"
+msgstr "Înregistrează interogările DNS"
+
+msgid "Restrict access"
+msgstr "Restricționare acces"
+
+msgid "Limit network access to static clients"
+msgstr "Limitează accesul la rețea pentru clienții statici"
+
+msgid "Enable this option if you want RaspAP to <b>ignore any clients</b> which are not specified in the static leases list."
+msgstr "Activați această opțiune dacă doriți ca RaspAP să <b>ignore orice clienți</b> care nu sunt specificați în lista de leasing static."
+
+msgid "This option adds <code>dhcp-ignore</code> to the dnsmasq configuration."
+msgstr "Această opțiune adaugă <code>dhcp-ignore</code> la configurația dnsmasq."
+
+msgid "Clients with a particular hardware MAC address can always be allocated the same IP address."
+msgstr "Clienților cu o anumită adresă MAC hardware li se poate atribui întotdeauna aceeași adresă IP."
+
+msgid "This option adds <code>dhcp-host</code> entries to the dnsmasq configuration."
+msgstr "Această opţiune adaugă <code>dhcp-host</code> intrărilor la configuraţia dnsmasq."
+
+msgid "This toggles the <code>gateway</code>/<code>nogateway</code> option for this interface in the DHCPCD configuration."
+msgstr "Comută între <code>gateway</code>/<code>nogateway</code> pentru această interfaţă în configuraţia DHCPCD."
+
+#: includes/hostapd.php
+msgid "Basic"
+msgstr "Setări de bază"
+
+msgid "Advanced"
+msgstr "Setări avansate"
+
+msgid "Basic settings"
+msgstr "Setări de bază"
+
+msgid "Wireless Mode"
+msgstr "Standard"
+
+msgid "Security settings"
+msgstr "Setări de securitate"
+
+msgid "Security type"
+msgstr "Tipul de securitate"
+
+msgid "Encryption Type"
+msgstr "Tipul de criptare"
+
+msgid "PSK"
+msgstr "PSK"
+
+msgid "Advanced settings"
+msgstr "Setări avansate"
+
+msgid "Country Code"
+msgstr "Codul țării"
+
+msgid "Information provided by hostapd"
+msgstr "Informații furnizate de hostapd"
+
+msgid "Attempting to start hotspot"
+msgstr "Se încearcă pornirea hotspot-ului"
+
+msgid "Attempting to stop hotspot"
+msgstr "Se încearcă oprirea hotspot-ului"
+
+msgid "HostAPD is not running"
+msgstr "HostAPD nu rulează"
+
+msgid "HostAPD is running"
+msgstr "HostAPD rulează"
+
+msgid "SSID must be between 1 and 32 characters"
+msgstr "SSID trebuie să aibă între 1 și 32 de caractere"
+
+msgid "WPA passphrase must be between 8 and 63 characters"
+msgstr "Parola WPA trebuie să aibă între 8 şi 63 de caractere"
+
+msgid "Unknown interface"
+msgstr "Interfață necunoscută"
+
+msgid "Country code must be blank or two characters"
+msgstr "Codul țării trebuie să fie necompletat sau format din două caractere"
+
+msgid "Wifi Hotspot settings saved"
+msgstr "Setările punctului de acces Wi-Fi sunt salvate"
+
+msgid "Unable to save wifi hotspot settings"
+msgstr "Nu s-au putut salva setările pentru punctul de acces Wi-Fi"
+
+msgid "Start hotspot"
+msgstr "Pornește punctul de acces"
+
+msgid "Stop hotspot"
+msgstr "Oprește punctul de acces"
+
+msgid "Restart hotspot"
+msgstr "Restarteaza punctul de acces"
+
+msgid "Enable logging"
+msgstr "Activează înregistrarea"
+
+msgid "Logfile output"
+msgstr "Jurnal"
+
+msgid "WiFi client AP mode"
+msgstr "Mod AP al clientului Wi-Fi"
+
+msgid "Bridged AP mode"
+msgstr "Mod bridged AP"
+
+msgid "Hide SSID in broadcast"
+msgstr "Ascunde transmiterea SSID"
+
+msgid "Maximum number of clients"
+msgstr "Număr maxim de clienți"
+
+msgid "Configures the <code>max_num_sta</code> option of hostapd. The default and maximum is 2007. If empty or 0, the default applies."
+msgstr ""
+
+msgid "Beacon interval"
+msgstr "Interval semnalizator"
+
+msgid "Disable <code>disassoc_low_ack</code>"
+msgstr "Dezactivează <code>disassoc_low_ack</code>"
+
+msgid "Do not disassociate stations based on excessive transmission failures."
+msgstr "Nu disocia stațiile pe baza erorilor de transmisie excesive."
+
+msgid "Executing RaspAP service start"
+msgstr "Pornire serviciu RaspAP"
+
+msgid "Close"
+msgstr "Închide"
+
+msgid "Enable this option to log <code>hostapd</code> activity."
+msgstr "Activează această opţiune pentru a înregistra activitatea <code>hostapd</code>."
+
+msgid "Transmit power (dBm)"
+msgstr ""
+
+msgid "Sets the <code>txpower</code> option for the AP interface and the configured country."
+msgstr ""
+
+msgid "dBm is a unit of level used to indicate that a power ratio is expressed in decibels (dB) with reference to one milliwatt (mW). 30 dBm is equal to 1000 mW, while 0 dBm equals 1.25 mW."
+msgstr ""
+
+#: includes/networking.php
+msgid "Summary"
+msgstr "Sumar"
+
+msgid "Internet connection"
+msgstr "Conexiune la internet"
+
+msgid "Current settings"
+msgstr "Setările curente"
+
+msgid "Default Gateway"
+msgstr "Gateway implicit"
+
+msgid "Alternate DNS Server"
+msgstr "Server DNS alternativ"
+
+msgid "Adapter IP Address Settings"
+msgstr "Setări adresă IP adaptor"
+
+msgid "Enable Fallback to Static Option"
+msgstr "Utilizați o adresă statică dacă serverul nu răspunde"
+
+msgid "Static IP"
+msgstr "IP static"
+
+msgid "Enabled"
+msgstr "Activat"
+
+msgid "Disabled"
+msgstr "Dezactivat"
+
+msgid "Static IP Options"
+msgstr "Opțiuni IP static"
+
+msgid "Metric"
+msgstr "Metric"
+
+msgid "Apply settings"
+msgstr "Aplicare setări"
+
+msgid "Information provided by /sys/class/net"
+msgstr "Informații furnizate de /sys/class/net"
+
+msgid "Network Devices"
+msgstr ""
+
+msgid "Mobile Data Settings"
+msgstr ""
+
+msgid "Properties of network devices"
+msgstr ""
+
+msgid "Device"
+msgstr ""
+
+msgid "MAC"
+msgstr ""
+
+msgid "USB vid/pid"
+msgstr ""
+
+msgid "Device type"
+msgstr ""
+
+msgid "Fixed name"
+msgstr ""
+
+msgid "Change"
+msgstr ""
+
+msgid "Settings for Mobile Data Devices"
+msgstr ""
+
+msgid "PIN of SIM card"
+msgstr ""
+
+msgid "APN Settings (Modem device ppp0)"
+msgstr ""
+
+msgid "Access Point Name (APN)"
+msgstr ""
+
+msgid "Password"
+msgstr ""
+
+msgid "Successfully Updated Network Configuration"
+msgstr ""
+
+msgid "Error saving network configuration to file"
+msgstr ""
+
+msgid "Unable to detect interface"
+msgstr ""
+
+#: includes/system.php
+msgid "System Information"
+msgstr "Informații Sistem"
+
+msgid "Language"
+msgstr "Limbă"
+
+msgid "Language settings"
+msgstr "Setări limbă"
+
+msgid "Select a language"
+msgstr "Selectați limba"
+
+msgid "Language setting saved"
+msgstr "Setarea limbii salvată"
+
+msgid "Console"
+msgstr "Consolă"
+
+msgid "Hostname"
+msgstr "Nume gazdă"
+
+msgid "Pi Revision"
+msgstr "Model Pi"
+
+msgid "Uptime"
+msgstr "Timp de funcționare"
+
+msgid "Memory Used"
+msgstr "Memorie utilizată"
+
+msgid "CPU Load"
+msgstr "Încărcare procesor"
+
+msgid "Reboot"
+msgstr "Restartează"
+
+msgid "Shutdown"
+msgstr "Inchide"
+
+msgid "System Rebooting Now!"
+msgstr "Sistemul reporneşte acum!"
+
+msgid "System Shutting Down Now!"
+msgstr "Sistemul se închide acum!"
+
+msgid "Web server port"
+msgstr "Portul serverului web"
+
+msgid "Web server bind address"
+msgstr "Adresă de legătură server web"
+
+#: includes/themes.php
+msgid "Theme settings"
+msgstr "Setări temă"
+
+msgid "Select a theme"
+msgstr "Selectaţi o temă"
+
+msgid "Color"
+msgstr "Culoare"
+
+#: includes/data_usage.php
+msgid "Data usage"
+msgstr "Utilizarea datelor"
+
+msgid "Data usage monitoring"
+msgstr "Monitorizare utilizare date"
+
+msgid "Hourly traffic amount"
+msgstr "Trafic pe oră"
+
+msgid "Daily traffic amount"
+msgstr "Trafic zilnic"
+
+msgid "Monthly traffic amount"
+msgstr "Trafic lunar"
+
+msgid "Hourly"
+msgstr "Pe oră"
+
+msgid "Daily"
+msgstr "Zilnic"
+
+msgid "Monthly"
+msgstr "Lunar"
+
+msgid "interface"
+msgstr "interfață"
+
+msgid "date"
+msgstr "dată"
+
+msgid "Send MB"
+msgstr "MO trimiși"
+
+msgid "Receive MB"
+msgstr "MO recepționați"
+
+msgid "Information provided by vnstat"
+msgstr "Informaţii furnizate de vnstat"
+
+msgid "Loading {0} bandwidth chart"
+msgstr "Se încarcă {0} graficul lățimii de bandă"
+
+msgid "Showing {0} to {1} of {2} entries"
+msgstr "Se afișează {0} la {1} din {2} intrări"
+
+#: includes/openvpn.php
+msgid "OpenVPN is not running"
+msgstr "OpenVPN nu funcționează"
+
+msgid "OpenVPN is running"
+msgstr "OpenVPN rulează"
+
+msgid "Server settings"
+msgstr "Setări server"
+
+msgid "Select OpenVPN configuration file (.ovpn)"
+msgstr "Selectaţi fişierul de configurare OpenVPN (.ovpn)"
+
+msgid "Client Log"
+msgstr "Jurnal client"
+
+msgid "Port"
+msgstr "Port"
+
+msgid "Protocol"
+msgstr "Protocol"
+
+msgid "Root CA certificate"
+msgstr "Certificat Root CA"
+
+msgid "Server certificate"
+msgstr "Certificat server"
+
+msgid "Diffie Hellman parameters"
+msgstr "Parametrii Diffie Hellman"
+
+msgid "KeepAlive"
+msgstr "Ține activ"
+
+msgid "Server log"
+msgstr "Jurnal server"
+
+msgid "Start OpenVPN"
+msgstr "Pornește OpenVPN"
+
+msgid "Stop OpenVPN"
+msgstr "Oprește OpenVPN"
+
+msgid "Information provided by openvpn"
+msgstr "Informaţii furnizate de openvpn"
+
+msgid "Attempting to start openvpn"
+msgstr "Se încearcă pornirea openvpn"
+
+msgid "Attempting to stop openvpn"
+msgstr "Se încearcă oprirea openvpn"
+
+msgid "Configurations"
+msgstr "Configurații"
+
+msgid "Currently available OpenVPN client configurations are displayed below."
+msgstr "Configurațiile clientului OpenVPN disponibile sunt afișate mai jos."
+
+msgid "Activating a configuraton will restart the <code>openvpn-client</code> service."
+msgstr "Activarea unei configurații va reporni serviciul <code>openvpn-client</code>."
+
+msgid "Delete OpenVPN client"
+msgstr "Ștergere client OpenVPN"
+
+msgid "Delete client configuration? This cannot be undone."
+msgstr "Ștergeți configurarea clientului? Această acțiune nu poate fi anulată."
+
+msgid "Activate OpenVPN client"
+msgstr "Activare client OpenVPN"
+
+msgid "Activate client configuration? This will restart the openvpn-client service."
+msgstr "Activați configurarea clientului? Aceasta va reporni serviciul openvpn-client."
+
+msgid "Activate"
+msgstr "Activează"
+
+msgid "Cancel"
+msgstr "Anulează"
+
+msgid "Enable this option to log <code>openvpn</code> activity."
+msgstr "Activați această opțiune pentru a înregistra activitatea <code>openvpn</code>."
+
+msgid "Authentification Method"
+msgstr "Metoda de autentificare"
+
+msgid "Username and password"
+msgstr "Nume utilizator și parolă"
+
+msgid "Certificates"
+msgstr "Certificate"
+
+msgid "Enter username and password"
+msgstr "Introduceți numele utilizator și parola"
+
+msgid "Certificates in the configuration file"
+msgstr "Certificate în fișierul de configurare"
+
+msgid "RaspAP supports certificates by including them in the configuration file."
+msgstr "RaspAP acceptă certificate prin includerea lor în fișierul de configurare."
+
+msgid "Signing certification authority (CA) certificate (e.g. <code>ca.crt</code>): enclosed in <code>&lt;ca> ... &lt;/ca></code> tags."
+msgstr "Se semnează certificatul 'certification authority' (CA) (de ex. <code>ca.crt</code>): inclus în etichetele <code>&lt;ca> ... &lt;/ca></code>."
+
+msgid "Client certificate (public key) (e.g. <code>client.crt</code>): enclosed in <code>&lt;cert> ... &lt;/cert></code> tags."
+msgstr "Certificatul clientului (cheie publică) (de ex. <code>client.crt</code>): inclus în etichetele <code>&lt;cert> ... &lt;/cert></code>."
+
+msgid "Private key of the client certificate (e.g. <code>client.key</code>): enclosed in <code>&lt;key> ... &lt;/key></code> tags."
+msgstr "Cheia privată a certificatului clientului (de ex. <code>client.key</code>): inclus în etichetele <code>&lt;key> ... &lt;/key></code>."
+
+msgid "Configuration File"
+msgstr "Fișier de configurare"
+
+#: includes/torproxy.php
+msgid "TOR is not running"
+msgstr "TOR nu rulează"
+
+msgid "TOR is running"
+msgstr "TOR rulează"
+
+msgid "Relay"
+msgstr "Releu"
+
+msgid "Relay settings"
+msgstr "Setări releu"
+
+msgid "Nickname"
+msgstr "Pseudonim"
+
+msgid "Address"
+msgstr "Adresă"
+
+msgid "Start TOR"
+msgstr "Pornește TOR"
+
+msgid "Stop TOR"
+msgstr "Oprește TOR"
+
+msgid "Information provided by tor"
+msgstr "Informaţii furnizate de tor"
+
+msgid "Attempting to start TOR"
+msgstr "Se încearcă pornirea TOR"
+
+msgid "Attempting to stop TOR"
+msgstr "Se încearcă oprirea TOR"
+
+#: template/dashboard.php
+msgid "Bridged AP mode is enabled. For Hostname and IP, see your router's admin page."
+msgstr "Modul AP punte este activat. Pentru Nume gazdă și IP, vedeți pagina de administrare a routerului."
+
+#: common form controls
+msgid "Save settings"
+msgstr "Salvare setări"
+
+msgid "Refresh"
+msgstr "Reîmprospătare"
+
+msgid "running"
+msgstr "rulează"
+
+msgid "stopped"
+msgstr "oprit"
+
+msgid "Remove"
+msgstr "Șterge"
+
+msgid "up"
+msgstr "activ"
+
+msgid "down"
+msgstr "inactiv"
+
+msgid "adblock"
+msgstr "adblock"
+
+msgid "Ad Blocking"
+msgstr "Blocare reclame"
+
+msgid "Start Ad Blocking"
+msgstr "Pornește Blocarea Reclamelor"
+
+msgid "Restart Ad Blocking"
+msgstr "Repornește Blocarea Reclamelor"
+
+msgid "Blocklist settings"
+msgstr "Setari lista de blocați"
+
+msgid "Enable blocklists"
+msgstr "Activare lista de blocați"
+
+msgid "Enable this option if you want RaspAP to <b>block DNS requests for ads, tracking and other virtual garbage</b>. Blocklists are gathered from multiple, actively maintained sources and automatically updated, cleaned, optimized and moderated on a daily basis."
+msgstr "Activați această opțiune dacă doriți ca RaspAP să <b>blocheze cererile DNS pentru reclame, urmărire și alte gunoaie virtuale</b>. Listele de blocați sunt colectate din surse multiple, întreținute în mod activ și actualizate automat, curățate, optimizate și moderate zilnic."
+
+msgid "This option adds <code>conf-file</code> and <code>addn-hosts</code> to the dnsmasq configuration."
+msgstr "Această opțiune adaugă <code>conf-file</code> și <code>addn-hosts</code> la configurația dnsmasq."
+
+msgid "Choose a blocklist provider"
+msgstr "Alegeți un furnizor de lista de blocați"
+
+msgid "Hostnames blocklist last updated"
+msgstr "Lista numelor gazdă blocate ultima dată actualizată"
+
+msgid "Domains blocklist last updated"
+msgstr "Ultima actualizare a listei de domenii blocate"
+
+msgid "Update now"
+msgstr "Actualizați acum"
+
+msgid "Statistics"
+msgstr "Statistici"
+
+msgid "Information provided by adblock"
+msgstr "Informaţie furnizateă de adblock"
+
+msgid "Enable custom blocklist"
+msgstr "Activează lista de blocare personalizată"
+
+msgid "Define custom hosts to be blocked by entering an IPv4 or IPv6 address followed by any whitespace (spaces or tabs) and the host name."
+msgstr "Definiţi gazdele personalizate care să fie blocate prin introducerea unei adrese IPv4 sau IPv6 urmată de orice spaţiu alb (spaţii sau taburi) şi numele gazdei."
+
+msgid "<b>IPv4 example:</b> 0.0.0.0 badhost.com"
+msgstr "<b>exemplu IPv4:</b> 0.0.0.0 badhost.com"
+
+msgid "This option adds an <code>addn-hosts</code> directive to the dnsmasq configuration."
+msgstr "Această opțiune adaugă o directivă <code>addn-hosts</code> la configurația dnsmasq."
+
+msgid "Custom blocklist not defined"
+msgstr "Lista de blocati personalizată nu este definită"
+
+msgid "Invalid custom IP address found on line "
+msgstr "Adresă IP particularizată nevalidă găsită în linie "
+
+msgid "Invalid custom host found on line "
+msgstr "Gazdă personalizată nevalidă în linie "
+
+msgid "Tunnel settings"
+msgstr "Setări tunel"
+
+msgid "Configuration Method"
+msgstr ""
+
+msgid "Upload file"
+msgstr ""
+
+msgid "Create manually"
+msgstr ""
+
+msgid "Upload a WireGuard config"
+msgstr ""
+
+msgid "This option uploads and installs an existing WireGuard <code>.conf</code> file on this device."
+msgstr ""
+
+msgid "Apply iptables rules for AP interface"
+msgstr ""
+
+msgid "Recommended if you wish to forward network traffic from the wg0 interface to clients connected on the AP interface."
+msgstr ""
+
+msgid "This option adds <strong>iptables</strong> <code>Postup</code> and <code>PostDown</code> rules for the configured AP interface (%s)."
+msgstr ""
+
+msgid "Select WireGuard configuration file (.conf)"
+msgstr ""
+
+msgid "Create a local WireGuard config"
+msgstr ""
+
+msgid "Enable server"
+msgstr "Activează serverul"
+
+msgid "Enable this option to secure network traffic by creating an encrypted tunnel between RaspAP and configured peers."
+msgstr ""
+
+msgid "This setting generates a new WireGuard <code>.conf</code> file on this device."
+msgstr ""
+
+msgid "Local public key"
+msgstr "Cheie publică locală"
+
+msgid "Local Port"
+msgstr "Port local"
+
+msgid "IP Address"
+msgstr "Adresă IP"
+
+msgid "DNS"
+msgstr "DNS"
+
+msgid "Peer"
+msgstr "Partener"
+
+msgid "Enable peer"
+msgstr "Activare partener"
+
+msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and this peer."
+msgstr "Activați această opțiune pentru a cripta traficul prin crearea unui tunel între RaspAP și acest partener."
+
+msgid "This option adds <code>client.conf</code> to the WireGuard configuration."
+msgstr "Această opţiune adaugă <code>client.conf</code> la configuraţia WireGuard."
+
+msgid "Peer public key"
+msgstr "Cheie publică partener"
+
+msgid "Endpoint address"
+msgstr "Adresă punct final"
+
+msgid "Allowed IPs"
+msgstr "IP-uri permise"
+
+msgid "Persistent keepalive"
+msgstr "Persistent keepalive"
+
+msgid "Display WireGuard debug log"
+msgstr ""
+
+msgid "Enable this option to display an updated WireGuard debug log."
+msgstr ""
+
+msgid "Scan this QR code with your client to connect to this tunnel"
+msgstr "Scanați acest cod QR cu clientul pentru a vă conecta la acest tunel"
+
+msgid "or download the <code>client.conf</code> file to your device."
+msgstr "sau descărcați fișierul <code>client.conf</code> pe dispozitivul dvs."
+
+msgid "Download"
+msgstr "Descărcare"
+
+msgid "Start WireGuard"
+msgstr "Pornește WireGuard"
+
+msgid "Stop WireGuard"
+msgstr "Oprește WireGuard"
+
+msgid "Information provided by wireguard"
+msgstr "Informaţii oferite de wireguard"
+
+msgid "Attempting to start WireGuard"
+msgstr "Se încearcă pornirea WireGuard"
+
+msgid "Attempting to stop WireGuard"
+msgstr "Se încearcă oprirea WireGuard"
+
+msgid "WireGuard configuration updated successfully"
+msgstr "Configurarea WireGuard actualizată cu succes"
+
+msgid "WireGuard configuration failed to be updated"
+msgstr "Configurarea WireGuard nu a putut fi actualizată"
+
+msgid "Client Firewall"
+msgstr ""
+
+msgid "Firewall is ENABLED"
+msgstr ""
+
+msgid "Firewall is OFF"
+msgstr ""
+
+msgid "The default firewall will only allow outgoing and already established traffic."
+msgstr ""
+
+msgid "No incoming UDP traffic is allowed."
+msgstr ""
+
+msgid "There are no restrictions for the access point <code>%s</code>."
+msgstr ""
+
+msgid "Exception: Service"
+msgstr ""
+
+msgid "allow SSH access on port 22"
+msgstr ""
+
+msgid "allow access to the RaspAP GUI on port 80 or 443"
+msgstr ""
+
+msgid "Allow incoming connections for some services from the internet side."
+msgstr ""
+
+msgid "Exception: network device"
+msgstr ""
+
+msgid "Exclude device(s)"
+msgstr ""
+
+msgid "Exclude the given network device(s) (separated by a blank or comma) from firewall rules."
+msgstr ""
+
+msgid "Current client devices: <code>%s</code>"
+msgstr ""
+
+msgid "The access point <code>%s</code> is per default excluded."
+msgstr ""
+
+msgid "Exception: IP-Address"
+msgstr ""
+
+msgid "Allow incoming connections from"
+msgstr ""
+
+msgid "For the given IP-addresses (separated by a blank or comma) the incoming connection (via TCP and UDP) is accepted."
+msgstr ""
+
+msgid "This is required for an OpenVPN via UDP or Wireguard connection."
+msgstr ""
+
+msgid "The list of configured VPN server IP addresses: <code><b>%s</b></code>"
+msgstr ""
+
+msgid "Disable Firewall"
+msgstr ""
+
+msgid "Enable Firewall"
+msgstr ""
+
+msgid "Apply changes"
+msgstr ""
+

From c06bd30fedce922c7f26140310ad080e768284e9 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 31 Dec 2021 14:59:55 +0000
Subject: [PATCH 297/300] Added Romainian language support - thx Drago!

---
 includes/system.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/includes/system.php b/includes/system.php
index 7cd53b24..db7f3c48 100755
--- a/includes/system.php
+++ b/includes/system.php
@@ -147,6 +147,7 @@ function DisplaySystem()
         'pl_PL.UTF-8' => 'Polskie',
         'pt_BR.UTF-8' => 'Português',
         'ru_RU.UTF-8' => 'Русский',
+        'ro_RO.UTF-8' => 'Română',
         'sv_SE.UTF-8' => 'Svenska',
         'tr_TR.UTF-8' => 'Türkçe',
         'vi_VN.UTF-8' => 'Tiếng Việt (Vietnamese)'

From 34ae762e5a2f73fd655e3c6b8327060f83f7ae08 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 31 Dec 2021 17:49:35 +0000
Subject: [PATCH 298/300] Abbreviate msg to fix sidebar layout

---
 locale/ro_RO/LC_MESSAGES/messages.mo | Bin 24207 -> 24199 bytes
 locale/ro_RO/LC_MESSAGES/messages.po |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/locale/ro_RO/LC_MESSAGES/messages.mo b/locale/ro_RO/LC_MESSAGES/messages.mo
index 817e42f9d45adaed3a03e60100dd40dca83dc4ab..13768252203a8d9ba9d16c886fe6be75f6d2f486 100644
GIT binary patch
delta 2161
zcmXZddq~z-9LMpmIV~@F*Xk*km0Ie`%T_~1d1=mRX{KgZ$D*edZCFGuoVXuaA<f7r
z#ugN@h8xBfu@*CiR>W9z`9sHOtk~QZxzVs-Nz@{Ge>^{kUg!J!J?EV7`JV6d*xet}
z*&lM|X{0yF%rcA2A}|-Dun^~A8OCB0hT(^pg?s(yr!j?i04L+m*olAn@82ypOCoN?
zARa>PH-;1OS+RNJ3xt=r1yV7Y7dfazN>CH3{Pzv`CUFqs@oOx@3z&~#rEZ;9F_E|o
zLvbxeVk3s*R#d{<OFgp~25me@zymlPPhcE=k3D!DmGRD{W>fJ4T!u$*8vc$s_!zZO
z#_KN5LnX2SwcZX~jP1ApFL(@e(oxg`Pp}X(IaUDQ#%ydwZS)1|<QGv351|sdi?c$^
z3f?g5BCantyMn_Q#9qqQgfSInb=Zcr=nXQ^$<iy`!Y`pJu>`fjO3cE|I0d^=C;1YU
zP#>xyLpUGrVJ1!^E0ww!Be5K{Pc3TRI;6Ke+r>Z|?L{s8DMn#0F2ZxDiU0aOL|xfa
z)WT8A&7v{IcMi@a&cifZgR`;4kB^}e?H`Z1|9cE(@F2R%Y$j%58dhKwZbO~?eN<%*
zqPqSw)XDo$O*@D>$cP{Rk80ldYImgp%qFf!t?OYp`&$<SZEzT4@D%Ef&*MV8hFUme
zh08n{b@HXCM5-|rH{&eagDQOwYNM}EpYKB@d>M6++vsU<pMfS!sBz!(2#h9<MU{Sr
zAE%=d&Bq9=z*wxq7jYA+f*q(UIEh;4Dk_1SsQv!LbR4VU{`JAYO1DudsyQk#4ucqq
z&HnoqR7u-WiF}0mfjQ|v{|;XuzKEUpga5p$*7ZOGDuEW{cI-ec^;d?!@*o~ZP#Zr+
zoh-7>#Q_W>&cVr;kE%=&>i41?HGdPT0?nwN`WV$4-(Uh>K_z$#U&djNfi_C2cfVxm
zs8Vf1O>D+Q>_SaAflBZv)Pi?Vcl-#IK<Fx$U^1$g=AhOqKz)rDqY~eOn(u9A(9NI&
z)kFymZlOHXNlQ@))Swa#qJEfm`R}_ih4?tCC%#23Jb=2QK~w_&pb~$Gs(9Gy@y~gd
zz(AR1pzi(^)Ca0j6V{`;_C1_}`%qVL9M!a+qc%K+O03`a7gWOkq1Fps;}VQR9V~#=
z^q<XR@D2}lBgxrsxEvR*r4g|Md1N<m2WGBw75W5|h<i~L8t~&G)CME?8jj&q%wO-W
zsuFco4Vc9Kwp9acL!IO>PRAZxfS0fkA7C10Z*aY_40W=N7{DgX#r>F#=aGMQhyOCL
zq|yDA+=BCok7A=r^dkd(t!|>4V;EK9zfmU}MI|=jE%!bd)pV)I-xbS3&EJWd*XrAT
Pwj%M5oU;W*jWeGE@CpHx

delta 2170
zcmXZddq~z-9LMqV%yRiWX_=;GS^AK*yp_3&Pg^)^UDV8coUV&X7mFfW;#x&yKTJ%t
zBD%0fV{Abp8Ex5Re~ihDmNmv$booOgx{W1U%tcW_N_&4iKZsuEdw#!j&i8!Jd44u^
zdJc4Y&J1{+(Z-l5ImU$Hd+5Vld<zS46mG@gxCf`<KDYk|j3MsEaJ+*}_>cSivk#4l
zCT_qg{1QjtAijyAxyBiqAR^aJkc?w_kcCPl4>h3FeO`$RiK{UZFW@}9f|(dT$Ig?3
zQN)E9f~(MrYcUjSPzi6F;}{b`qmhm=cm&5|8>%vwuoZ8jGTt%Qm^j>x1^5+?!$+8k
zo{#K8>8Lmxl}Ht8zU??0n=u2gI5f1==coa1u$=&AU_7qJ6l_2(^c`yFS5Xu9Vgde(
zNgiWn%{OK*arpw?!9J|Q4$Af^#^f1Of{hqNr-z1imX>cPej8PZ`KSe!q0W30#^O=b
zPQFJa)P<@@FQ(&DoPtSYrBW|MFBYNJS&kaF8o67J*-1kS?L$rcE&8wn-^EVUz-O)l
zs3RM;$W9!EBZ()vrs7oMY)r(J=*N0DK7mT~@=(nAKcz8&j_5*TCSfKfVln!#7Pa$T
zsLFhSy7ebfJMThW+8)$K`rSBWvAw+GP)F*=6f8&0+k~O4Zw}MY0>>}{&!W!wBEEw+
zP!oq0*~}AAB`rWDQich*36pRys`RH(3!O*3--Sx}H`GS{L`RJmG&I1w#Qx4BaU^jp
zs`QiHI1QC(0K>2tN8t*bh#OHAY(X7CJ8GWms08k!*83YL<KPm`UoZNL?Lzse%MrxU
zSdAfA=RU7TeGi&Zi5x<GVA|dOpK%!RRcylF-Tu;`y#tk~1nQAfGDm{cUl~52BNF>j
z3wuiJ&c>i(KMuz%495VfG7C`Oiz3wcji?ILq3+bzsJrnaYT;|B1Rr7+_Bk|E!U-SS
zFIgI@RJEvqbr^+*Q3Kjg3Ef6b_!xD@uTcs3N^OD(sJoPknr{~BXFLy;_-532XB&+J
zG+I!XD89^2l#SYHJ}QBws6?w#AEuq|^P?C;+={vrKcOb>MjcTPDuE}c#0O9n5C3H7
zJ;%h;P^Rgqv;P3~LK$kn8q}@bg0Z+Cbrh|rOM42n;8|2+mtF6n5`Kl6&$rYj7>C-J
z9~X1~%nTaq=x~ta%wM<&XD?&-*n)JKTUdh`%WZ|e!D!+RRE4_TxEHlRKfaHH7>9us
z_NaoWqpHMc);Be3U?XZL$8bEJ#ti%w1NagXab~%_8zrcnZNPZkiqr8Rrr<^7pLxuG
z$(UDR|4MGgbmHS!p%VQ;LqDs#sLRoZD)E1)ojpe-=B>2P6Hu2f8Tq?nGEw7qpvE=0
aHlNFjx}Q2?ZSATppV$7<a4sdMV$%O^MF+$H

diff --git a/locale/ro_RO/LC_MESSAGES/messages.po b/locale/ro_RO/LC_MESSAGES/messages.po
index 11fcbe73..3003a48f 100644
--- a/locale/ro_RO/LC_MESSAGES/messages.po
+++ b/locale/ro_RO/LC_MESSAGES/messages.po
@@ -40,7 +40,7 @@ msgid "Memory Use"
 msgstr "Memorie utilizată"
 
 msgid "CPU Temp"
-msgstr "Temperatură CPU"
+msgstr "Temp CPU"
 
 msgid "Networking"
 msgstr "Reţele"

From 669efe4d8c7f5a558624adc1e177cf1da7f69ade Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 31 Dec 2021 19:21:16 +0000
Subject: [PATCH 299/300] Standardize wg logging facility

---
 locale/en_US/LC_MESSAGES/messages.mo | Bin 30827 -> 30851 bytes
 locale/en_US/LC_MESSAGES/messages.po |   8 ++++----
 templates/wg/logging.php             |  20 ++++++++++----------
 3 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index 0fa65aaa5914a0778009fdfa50703b50a984eb90..84b77220b4b858a61a67557f3c256c36e87886af 100644
GIT binary patch
delta 7598
zcmbu@c~n-_8prX2AjlvxC?JBopvfeuh$A?HD5f~z9Ht~V;sAoEsILQ=HegAmmUXf8
zrrFJb(grmvv#y$@S4%S+G>5b_hs@0Met+-TuGL!i&%4)p`0TyUu=jrUIY;o~uWpO3
zxNR<UcP3btbtKWULhvpIVMue!%EWkVjMK0VE;H?w=%BqF>)|mB#Pb-6x6mJhk}S&?
zqp>a~VJl2U%gwSTCs|Ibl=_tWEo&?Oh(mEj3(LyF%Qy@>w6v`DxZJoOi)edrH!qxl
zn#ep1#7YdnYHWmCPz(JGwUC?G0Ns+E_KHK3Evq3N2^feOsDX!|GO!7?l7pxfevQi5
zRg6OK*7kYv7)-ktYC^f_gN0axW$1}Np*Q~Oq~by47P_{;90*CV+YSukcstb0d!qw$
zP%AG%-Ea<SMT<}au0lUtYutj(XzxNz_>9q6yN%s(ACeWThiR9gQnvz?ff|g)!>E~G
z#|C%@wb%9A64(T_koKrd_CsYN&-52zFzqGCf}GZBDsgnI!x%h>8sG}n#y?RjcWY<g
z*avmvXw*tuqgK`#wc-NQ#EZ@GO4PHk3U%FUs0r;rf5x{CP;sZ@1Zt1JGhReJ6ThPd
z3gijY@d#AP<4n5+YKu})8OTO$%@_>9NvQJ|q6S`yt}Q}8#<$i|3CAs{l^#H?=qTz&
zw^1qc=wJ^JW=uj2&>frLa16t_s4aO8_1djNWu^v|ncc`6YJG!F4dC6;zEL1*C2^>f
zrJ`os2bG~*)XYbtCOQfA@Rp#?n}y22QdFj1GRI%Ta@w0P5))JH>$6hHzk`l}bZFq|
zsP}#`DrH}w2K)-OqEo1eUBT&CE6u$Bs1?pb4e&VX+1Y@)ZWHQ$yHJ_@7z^-t8u{0O
zE}iTHnW&YFFitf6vr#LpL_MrksMPL2?q%&mWyGtq{g4Hqj>lj;w!}mnVU90GO>Cu;
zinicYR0cMoR{SAqBA?-4Jc$l$-Nl~BAk^zP95rw`Dgza$8$XS@z8dG_X4HLKb+sp$
zhMJ%=n~GkyT+{_)Q3qxiD^Pp69F@A4Q0H$&y-qt&=O083@C|Ar=TH;7j+)S4sD8h0
zwhfU5JFR9^bYTb7KpB{T{V@W|jVn=^dJDB>J5d?igZdDCg$?l+)9=;Y9ylB|;dtbM
zw_0O1PR2~V|2wE?hVJP+2N;B1aUf=473Sed?2BD8EUPCzi9PTrR$wC<IarMk;dRtN
zIhppu`Z6kGAzUouFqrYJj#M;(Y}D&B615e@sEjPcaID0pxB+#8gQ!e=kILXVR0gi1
zuJh|<z89$Tl2BWcg34GYbn3=ARCK}=OvX}dhU+mDKSxdI9D3pJ=z(`p19^}pJsSbo
z2%BOIcEx@;#<Xj&Iqffv?!C#sE@;`?9-t5EVai1fG!b>Y7+Yc`Zo~Ic6PWRUJ;8Eg
z6{>$DdgEr~&9vS{-S4K+>ch8#cAY-tzl|HKpd*fsZfx)roQT?z<LJQisHfMP4OK=$
zunyjD+U<~ASp85dUX6M<e@0)ti&}^;2i-9iwFQYzD!O4e)C`BCzUg_W0cN81dI4r&
z6-MDP)QxYVo*9q+cIF!5eY9iIAN!*2pNo-Lf||&3qw@_a8gL)#b^8JJOx!Ux9AMul
z1$Coz<AYe6_H=W67S^M^1htTrs0>t_{u(3+)<>v?1r2n`{!`Jz*A$iFMAXCA-t><$
z{bNx#o{m~UIcnl7uqVEO$#?@bk$B!kJp&!k2h*_(vr(Dbi}m#WAEu%kokBgef8c`{
zG00xwOyfKZqQ3&`;|f%YUq`*h@1X`v<$E27Jx~i8ikeV9Y5^ste-1X+g-fYuPq(2?
z{1RjFEC!(e5c}8hDAX2>MXg{FY9h-}57k=KO4p;drp6q92Q{&S=J+veK>IX0HQ*mq
zD$skVy%m+H6Q0G^xY6`~hZ^`Sx;`|hhs|%8J<(*;-lk&$_Q4P=LuIZKGjR<z#`D8S
zoG$PhZg&KrgLVtl#QLLBIT}N;7?twJP!m~&b#WcG!Wy)AozGw?)w3h)zbkUtPv&aX
z%e6o0<B&O6TXM;Ndn!I7ZPT%c_8in+T|!Od25KUneAu-mVW@{N9<|aQsD(^JWo{N~
z#mlfEzKptl2WsGh*cfA-qwJMrqE<K%m9mK#g$qz8uEAj3jhfIA)L#FHn($@RTa-82
z-s|zGFJUpdw!rjPn)XW61f83xXyzZH1NWm={xj-^*HJ6_6E$F9p8Zru7~@f|Yg>%M
zk;b{k7qJ!nJ5BpCDs%N7b}h_lB~po|qc`d)Ekq4C1GU#rpq}y<P%GJtO64c0OdL1;
zKcO;Yjj<P0ALD37Vhm=Y?mq!tA1<t;7k3sF-FPAD#;Z^(-H2M*Hq?835;gM+=D26R
z{VW8cu8ToUC<Qg~40OjF)WbT|I0p4hOhq5Yx0ad%&!AFXZQ8G*_NWGxfxW1$If0t+
zY1H|*Py@Ram@Pt0I0E%4k4J5B25LclQTHi9r&2bDiUxSfxDGYIyVwK|VHo~~TABY?
z`?ZTi4U~w=OnYpOgHQu3K;364Y9ZCAx2Fa*;XPx?zfyFB4yF7UYNn^r1AjIrUO`RJ
zZJeFT5Y+J)EXP=k#8*()e}E3$hZ^`IX5k(5#9rg=@%oJ?|60)qIyAEhI2~uB7hXcG
z@CIrC_X+mH6OFnq7Ink6s7!W3l4K1q{o76dF4T$-8&8@3t4=CfiRVQ7Y4t^Y(NZuC
zyJH=6q8_p(=J@j%PkTKk;$d_A4r*cnlk5dVp)wGQKG+d8ksdf0or9@3sBA<{<N)e*
zJcJtf8Y%;~Q8)H3v~LiG^J&MSZoC0C!8cJ0*o)qH1U2BdrvH-hHu^HY<uln%T?p!e
z1k{aEur6kz1{j2XI0`kfLezvxO@D>)Y1E2eLS4578OYj!3HT}MU(stW+5dnkcB+z4
zd)WqcgEZ8Ks2}QmEinB~^ryWXHQ_bb0XJecp218^nQEU`j$LR!hFx(VW})viKG%Bx
z2UF>b+p#CsE@FSMFIHd`=3rQ{{f9*%YM}k7hc%oZ%2=hb8iQ$XMSt9jdV7vyJ-mR*
z$SrjJ{_k00|6vi0x=|)76T?s`9EHljMAU^9SRbE4owp9PC9k70_7>{Hv)>#)i^;Tq
z!Di?vwg0i}S<3!vMx*G^>oyhj5SF0^nuEc(1oeSgjrx|qjs5V1X(!IGKRnsSa@6_j
zQTN}2b@2#loKxobg&E|(B^{n+_8%7QP!qU>p?J;cJJarOg4**q?1agv8%{IM#9FlH
zqZ^Lo$2{zTt%+XLRhsJ{rA+`o=Bq||l(<lJC@k1{$kpcA<}^0nV!HoRnsO|JUj8+5
zl~epwPTCWdgw{QWbF}VAydPB_BL)(CiE#Qoh(**@E)ubBY)UISRi<IFscR!tUL{%)
z+X-G`YafxtIl07O>N7CHT=PEddxgz+ZHn5xI9`ndu_5s`_1@@D^k;n6WAqS>6&(1D
zAfMJm+8uE*HpS<Nbwmj5XYoDaUir{eN;sx6$i`|*yNl_2n!fSWlL&3*Qer2uS|47O
zndZdyMs4Y%L;;aP=vn@O$fvHNU(~u*y%-+qoJH*^B8h0i(dY4A`N>o^p@VR8yshbb
z0Jjlai8qO<M7Fs*Rck7BeKJ~Nh3U_yJ%IWuok00hr!1h-jLz}cO}&)Hw9AMm?WXlR
zULji0SDWZV{Y4^=`VMS>D#L87MYLa|z5qKB*Quux3Dmpe5LEeEQ+$}l_cZ+QGt~Ek
zx79jHsMMqX3H-#>;_;*%MT{X-s)(CJf77mo51RTz^q(N~k&HHd-l&%;miSAr^hQEu
z8SyJIf~d<$ub>JaPiq6QkiLIa<wXQ%@vghdW`62(rSd6p+g0PY5!8PcbR_mr|HbrY
zU^LN=XhC>Z?Tl#Te1}>XXWqrpgvv4EJP}I&3z$i$B+^zHN(><;6L*MvCCXIXIj=YM
zDTKpZlR({%I8LZsBiiX5R{54#LOj696Yvtz&0P2v^<?V9h>xic#}DvvBAXaWTgA)9
z^_QL-ee+Dex_g@XBRJcf7mlfJjDMO+9S(enY39TU=xgeU^v4s^O`EFKhk7P4!t|9J
zJ7Xa64CjOr>83x9`Yh@>#4YO62v^bi?=vT<V>I;`{I?pE?}$iZx*C+Z9Pf&A)S&1a
zkU`%7Tu2-ye2GU0m4k%8tHwWHm_?j3?HI0$KTBg5v7h+E9QYBvIH*#as31C2{na?s
zd4t*#b7U>`QPd-FC808s2%vAUIcF^PCDQ3HGJQHvC64xRtdCz{Fs{KP#8E;ehuBSA
zCjO%j##kyZ6N5NeWfIZERpVDF>_>kP(TMm5Z6EyH9G{Epi4@`t@dlydX=8QgT$M=}
zW>>9orZ3)QRgfdxxy2k3JxzVKIjx5FVxpWFM@*)FIsU!0rg7DDyo<TSN2YziC<?ju
zpMPslq5YM9WAUc577<8%L(DgWzh3jPBfz)jN@BW4gS0VI^9wqcjY}#joiJunS_@aR
trc+C=@X(&6dBypT{DOx|$2kh8j&qbw%g-w*$gk<ryO#g|aq(`q{{l{-Whnpv

delta 7603
zcmbu?d0bXi9>?(mq9_Q6Y=S5cE{FmyxZ#$#3%DzaW~8DbhKdqys1NR%%QRwUi<V}Y
zWoqG)TDeuz7-?CWnM*a3mZ_O$+G5V<``lx%{-67L{doV*x%Zy+-V4nC$?J#fUOVzD
zxN90?K1(pB5njh|teI#`bxg+Y*bQsra;%K6+VW0xQT`Nz@MjE0pCn@<FdPH1G5TW%
z48SyOhC`B!+ZZonmQqnf#bb?)c>_%oPC^-WK>w!3WMLYn;7040IGJ)Nt@+|2)Ie5Z
zFs{dHxC1rOL#T<KLrtV|GW~~<1SdN)Zh(=L+hQ;dLUlYAwE_oFGdYi%;bqi{c{evE
z1|w0|wZRa~LJcS%{csje#>H3(e|3{oAu%mjHt<6=7=)^iv*o5(opKM<$cLc|b5Jv1
zfNF3#YC@%`4!2-c+-W_8ag>jt2JF6NldzUfMN4FLOr|X_MlIcD)Xa`xEPjI;pie8O
z!$8zt*TYb3j^Wr7wUQ5`R${WPpNk>%Z`P7%Mq4o+cVQhokLtjywJ{aZA9Y<YhGP_}
z;by3rc0tXo4{F9msDaP3=hvg2g)ON2_F<5ozj6|d{47?$A5eSzqxE;xGvUjVr;cJ#
z=Mzy&o?^=#QCpOOT7hiT))b-!T#UMY6>24(LO=R9TSz>6gi(|ap=Np(HKT7)4OMO9
zJXE2m4&tpHP#p}wx|oMGa0O~&FQHz$U8sJJpjPH%bSIKrAyEgBZJmZ<Q8P(FEm;O?
z#KTc5l#g180@Of@Q4j9|)OAZy1AGd#QrqnLeOOHS0M^2G?O1;`FtnZXG><}cJRj3=
z4Qk20LUnivHKQA-fqAuOd9gZb0*g>HT#4%78Pv107j@qORC~vehtHgB&-#xc`QD!B
z%hyIH2BT&&-a6CPKZcs=dW^>xP)l2mG-1x5CKU02^N_hv=aaD^reXq)x98WmNi?#T
zQ8U<sT7d(o8J|E6<Q!(=RdivOj?O?vqh7~6RL9FuE3g{X?grHTJFo-~qT210>I~4`
zi$o*LM!jzNs2irD>K9p8qxNzmYK69;u0M==oyt+ypGS3Y1vQY{sDb%(at0KDs*iSb
zn}#HsaVyk~X{e3{VIv%Y(YVa|GHRvXL+#~9sQW*|Fua73c-PiPbapy!gc@)g<asw;
zu#evV*(BYmD91ny>0%74Wa?llj>0s20Y~Ch?2Uc9@;SzJ*bTqM1(-l#Anw3y^r7)S
zn1hA*25QCPxH*{qO$v#YG#xd7Y}D&B0kswLP%E+uqi{Xe!@a16&SNFKj#|Ons1@+;
z>D(8Mp6><fx(-+wyP{i5)|*5P=b$c_gUPrM<M2(4zze7W-9}&ZWm$YM2sOY^)I?lZ
z6I);%?1z1^(3X#2BIS!|tiO_wbf@7|)I-z{)j>9@p|RK$=izQFLv=hp!x`8l>ta;>
zb65p8A#bGFhHCGM^=I^^{6_}s-_pyNdsM_z(UOgwh}o#E_y}Ei7WLHLMXiJ%8(JCb
zpvno@3%j6Z`Z(&L{0jZ?CTb%0umaZPBCULkn?wz?M2)aF>RX<P>L4Gr$3@r`7h?>T
zqZ+<~+S@xAfC2rCsgE@=5IdpT?}xQ;9BLqotnQ5@>hK-ZYjzU#EZndL^miJHM>W*i
z+7~NQ&b8+!U=Zb5sEI5`t-xwqzZsdl*@K!`r2!t@CWu52T@BO{$Dkg%L|Z@5)(=B9
zoQs;lB-Fr{VGrDh$#@wxkXpQhdIplv4_o6j?2KBuedzi9|2~NtI)!>#ui}GPZICm=
zeCrgfPW^NY#bu}^ejfE2Z%1|5B-7clHmC_@paztMn!q?)Ux10aaW;we^cB>FN3j8(
z!D{F|*!e((ptfijY6jC#1DTI{sMexp`YdW|Hrw;Bp$2x?o-fBR%AccK9bP3_fOk<_
zF>i=-!BT8a`8ibmr>Kt4pgu4cQ4gE`MAks#P<z`NwMD7e2!~@hE=H~3dhCv`XR&a#
zN$yag8zY7~e`LDQMY$ttfFm#%3orubp_cw>)PT02p8j3f43D7UwZ4T#q`wSv{;$Yq
zUm3HB8SZ=+rVVHP>D%n0A_W5<a_oVVDVL!3>;`Hezo7==$A?`rjz-Ni2{qF+)I=Ud
zE%9vBj7u>RUqan~5Y_JqH%V=hgomA(q@!jy7`0>*F$Nc+u6q$f@Lkk^PNVkxJJf)0
zqPA+x2xrgpQD4NVsP>9c&%!EOc0Ws^5tgAw{yw_!IBMqCQ4QWf&FCJg!?2Og)9tb*
zVI1{sF$PCk=UO*lGwKi7@=avr+$Lm{GqWZb%LRQ<BP>95I1{zkkE5RU=TI}*iCW4J
zQ7duI)?Y=fkWY>?p&A%ZITq_+I;#B%SWz$TG!o5xHmc!8sD{^}X1X0Uvwf)d`D@gk
zU$f`^Mmx_!80x+_)PPb@1Mi6ya0u#QebAbVk@Rm0Nz~B_dtxnW$v4^ZtEes7gIa;3
zsI9qx8t^65^?#x|t~kbS5o*9L)F(X&HPN1^3H3*}8k$a`B`ZO7u-du>)xkSh7f)gh
z{1r8`>SLYPE*8~M6V%GI$3)CRwZ9P6&I;5-Hlg00J!4sajrap9v_z*-D{&Sz(o5)r
z*HPEqLJhEDuCtU;sPl1Hj0so^H>2)<4_$Z+)$xy*hTh|x73(#Q^;d@jsnCqFQ6rmx
zg*XR&@dj#!zo9zt&2v7n^-=dFU?pseTFFkxBAHBEzu(p$Mor|D^`hIJ_ysi+zwyq~
z8ie|yrC@vPj+Jpf>LFWh&#%XZl(%96p0ek?A8`g2ikd)O)Cwe^A3lH@h&zoWlVm8m
za64)sAERE!lc<hwqgKG=I}Hb*8i>XcOhh&O8ft)Vq9$+@tKezW_21a~8;-311ZOV;
zQA-zvx}h<up%e_jbW{gfSQT?n11msn!3<l!#QFqk#v4)h?LvP%h>fruqxJsZ_9Q%5
z6P=}MhT6+Es0LC|AEJS%Z+M=qpO1l**PsUcBDTTp*ayGI?wB&kxz3FpDX+v-JceoX
zZ-NS(e=LS#Z_4|z2UeNv{A1A{7f^l@2V(RT9#kwqb#xr{u-4{>R&14Z6NXUUje&R+
z_4a&$L3j<_T9Q9W^nvhu)cMDvKB}Q~)JhCTEnyC71ty~ITY{mu8g<<k)Ryc(t=L{v
zyT|SM%a~00Cyc{-MXbMm+hr6vBg#QNt%azEuo%@*35MWu)CcBy)VKUC?28v{xye-L
z!!y9@M$L392IzWJ`$tjjoS4e`Hzm17#cqt5=5%}tHLx$OH*LNDbZ4)tVF%7fp&HDx
zjzDk9<IoGU^@F23wjg>sMU!OfTUMiDuB}{xKa_q_BgB2e)=cFxHrMlatF8Kr`kV`=
z#BU+b@gII_EmDYo5SsTauF<?}V`J2@j2J-ti>OI`MM6)Pjw?jG7n_nyrH;v1Xmf3V
zj+cpM#G3@Kj`@&C=bDFzO!8@1%ieR4^8JH7@+`W_X`J7H12Kx&OP+y2L_fWhVN^U!
zVJ-eb%pe}2+!hyMJ$#aQiHM-Q2Hzs?A4hCb#5o;<987D<skUwvb$R5C32o+M#5=?~
zeQ<Tmuot$mdf{SXETR7z^$dSQj3L*dKhQdru8WFr&m{XNkwnzv>@#@(xNMUh=px*l
zZ)NK;a1T*N>>~IQn7+1kQd2-)g3WM&tshN!0Qu9X;}4oN^GF&{ISxCimLrDpbYi7b
zG<Wa@(UiJML@)C7#3=H&F&uSdIhgsBUnQT54-mJ=+Yt%mopA{2_);5~L*Z)*0eB4c
z-Iz+8Cv;S!eg%HuDe<=hWfw7;(6O5MmFREF6>zxCv#CEzbR+86IzQCQ)PVT2DL=Ln
zIvyu}B8CxxT(k*w@Xa%?5c8<pRyr~|ByGB?IbJ7{J()58#=ADZimkZ19q}IdHCx{m
zV~N&86T-Lj?dY2BePoebX^0V^;|t<@q6T%(Vs}DEqORi@LJTG*68DJvM~qE;xGtT1
z5)o_fX+*Byhi3>KKNBf>hjm;amJ+?VI1hg$I@=p}lQ$<HO1w`#3=iXSq7RW}uhaKU
zM}5MZx;eI9bv<pq5Q|m85k<83qW}MrRN=(u*uh>n9;@0sf%=BTqqa<HdXx7c9<+7E
z){a=6c!Fyph_1Fio_qrNAmVrO$%N<7{NwCJsu)RL2al@2@fA^v;8&67n9ccAve{12
z^G8=V>iScjPkc)F6N?BP$B95s#)k^ii0^E<F84LOMBxBYPW)z1e2bMisiPvXkZ4<a
zw|0d4HrWz;=0)-m<k9#Pq2nPUn7YCCnq2HdbfJEVt<!Zn8d4sLVfYD#;zm44oFa4#
zBn}bRiO=-G7)$a3k;%n6@`<{hjDNYXAN3(bH1RxTfBe{<pMzV77Q{tjJE5bJgXzMx
zI`XlGlbUh1u93&m>aHmF8}^jwK|Dgtw3qE9Urfv*a*2u5m*U@#<`iz)iv2j8c-NLc
zvI;#KoBvjxL|dozG*qF|n+PV(5hb?s*T~CKdk6SO=M@&@kDTEek~d{ckD`%NM!QCj
u8C8_)%Ab^Lx|VJz2rZ3D4==ly5b0CpuS?33n)*hS^-I4S@c-Ps-|K%8TVw|S

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index 13b3f2f5..723549ba 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -1104,11 +1104,11 @@ msgstr "Allowed IPs"
 msgid "Persistent keepalive"
 msgstr "Persistent keepalive"
 
-msgid "Display WireGuard debug log"
-msgstr "Display WireGuard debug log"
+msgid "Enable this option to display an updated <code>wg-quick</code> debug log."
+msgstr "Enable this option to display an updated <code>wg-quick</code> debug log."
 
-msgid "Enable this option to display an updated WireGuard debug log."
-msgstr "Enable this option to display an updated WireGuard debug log."
+msgid "WireGuard debug log updated"
+msgstr "WireGuard debug log updated"
 
 msgid "Scan this QR code with your client to connect to this tunnel"
 msgstr "Scan this QR code with your client to connect to this tunnel"
diff --git a/templates/wg/logging.php b/templates/wg/logging.php
index d7dfe582..02516139 100644
--- a/templates/wg/logging.php
+++ b/templates/wg/logging.php
@@ -3,16 +3,16 @@
   <div class="row">
     <div class="col-md-12">
       <h4 class="mt-3"><?php echo _("Logging"); ?></h4>
-          <div class="custom-control custom-switch">
-            <input class="custom-control-input" id="wgLogEnable" type="checkbox" name="wgLogEnable" value="1" <?php echo $optLogEnable ? ' checked="checked"' : "" ?> aria-describedby="wgLogEnable">
-            <label class="custom-control-label" for="wgLogEnable"><?php echo _("Display WireGuard debug log") ?></label>
-          </div>
-          <p><small><?php echo _("Enable this option to display an updated WireGuard debug log.") ?></small></p>
-          <?php
-              exec('sudo chmod o+r /tmp/wireguard.log');
-              $log = file_get_contents('/tmp/wireguard.log');
-              echo '<textarea class="logoutput my-3">'.htmlspecialchars($log, ENT_QUOTES).'</textarea>';
-          ?>
+        <p><?php echo _("Enable this option to display an updated <code>wg-quick</code> debug log.") ?></p>
+        <div class="custom-control custom-switch">
+          <input class="custom-control-input" id="wgLogEnable" type="checkbox" name="wgLogEnable" value="1" <?php echo $optLogEnable ? ' checked="checked"' : "" ?> aria-describedby="wgLogEnable">
+          <label class="custom-control-label" for="wgLogEnable"><?php echo _("Logfile output") ?></label>
+        </div>
+        <?php
+          exec('sudo chmod o+r /tmp/wireguard.log');
+          $log = file_get_contents('/tmp/wireguard.log');
+          echo '<textarea class="logoutput my-3">'.htmlspecialchars($log, ENT_QUOTES).'</textarea>';
+        ?>
     </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | logging tab -->

From 78e56ecf880df24ff22f9a80b2cdea3d6113d876 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 1 Jan 2022 00:35:15 +0000
Subject: [PATCH 300/300] Minor: update set_error message

---
 app/lib/uploader.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/lib/uploader.php b/app/lib/uploader.php
index 6e19d9e8..e15e451c 100644
--- a/app/lib/uploader.php
+++ b/app/lib/uploader.php
@@ -338,7 +338,7 @@ class Upload
     {
         if (!empty($object->mimes)) {
             if (!in_array($object->file['mime'], $object->mimes)) {
-                $object->set_error('Mime type not allowed.');
+                $object->set_error('MIME type not allowed.');
             }
         }
     }