removed extra lines from ajax, down to 86, updated ajax calls, added ldap auth

config/ampache.cfg.php.dist

@@ -63,6 +63,15 @@ sess_cookielife         = 0
 # DEFAULT: 0
 sess_cookiesecure       = 0
 
+# Auth Methods 
+# This defines which auth methods vauth will attempt
+# to use and in which order, if auto_create isn't enabled
+# The user must exist locally as well
+# DEFAULT: mysql
+# VALUES: mysql,ldap
+#auth_methods = "ldap"
+auth_methods = "mysql"
+
 ######################
 #  Program Settings  #
 ######################
@@ -284,6 +293,45 @@ site_charset = iso-8859-1
 # Possible Values: Int > 5
 refresh_limit = "60"
 
+##########################################################
+# LDAP login info (optional)                             #
+##########################################################
+
+# This setting will silently create an ampache account
+# for anyone who can login using ldap (or any other login
+# extension) 
+# DEFAULT: false
+#auto_create = "false"
+
+# Some LDAP servers won't let you search for the username
+# without logging in with an application user account.
+# if this is the case, fill these in here:
+# DEFAULT: null
+#ldap_username = ""
+#ldap_password = ""
+
+# NOT YET IMPLIMENTED!!
+# This option checks to see if the specified user is in
+# a specific ldap group, allowing you to give access based
+# on group membership
+# DEFAULT: null
+#ldap_require_group = "cn=yourgroup,ou=yourorg,dc=yoursubdomain,dc=yourdomain,dc=yourtld"
+
+# This is the search dn used to find your user, uid=username is added on to 
+# This string 
+# DEFAULT: null
+#ldap_search_dn = "ou=People,dc=yoursubdomain,dc=yourdomain,dc=yourtld?uid?sub?(objectclass=*)"
+
+# This is the address of your ldap server
+# DEFAULT: null
+#ldap_url = ""
+
+# Specify where in your ldap db the following fields are stored:
+# (comment out if you don't have them)
+# DEFAULT: [none]
+#ldap_email_field = "mail"
+#ldap_name_field  = "cn"
+
 ##########################################################
 # Public Registration settings, defaults to disabled     #
 ##########################################################

docs/CHANGELOG

@@ -4,6 +4,7 @@
 
 --------------------------------------------------------------------------
   v.3.3.3-Alpha1
+	- Added LDAP auth support (Thx Rubin)
 	- Added ajax support to ratings, no longer requires a refresh, 
 		hello instant gratification. 
 	- Tweaked Kajax, now accepts an array of elements to replace

index.php

@@ -39,11 +39,9 @@ $action = scrub_in($_REQUEST['action']);
  */
 if (conf('refresh_limit') > 5) { 
 	$ajax_url = conf('ajax_url') . '?action=reloadnp' . conf('ajax_info');
-	$ajax_object = 'np_refresh';
 	require_once(conf('prefix') . '/templates/javascript_refresh.inc.php');
 }
 ?>
-<?php show_ajax_js('np_refresh',array('np_data')); ?>
 <div id="np_data">
 	<?php show_now_playing(); ?>
 </div> <!-- Close Now Playing Div -->

lib/general.lib.php

@@ -399,6 +399,11 @@ function clean_tag_info($results,$key,$filename) {
 	$info['track']		= intval($results[$key]['track']);
 	$info['comment']      	= sql_escape(str_replace($clean_array,$wipe_array,$results[$key]['comment']));
 
+	if (strlen($info['comment']) > 254) { 
+		debug_event('catalog','Error: Comment over 254 Char, truncating',4);
+		$info['comment'] = substr($info['comment'],0,254);
+	}
+
 	/* This are pulled from the info array */
 	$info['bitrate']      	= intval($results['info']['bitrate']);
 	$info['rate']         	= intval($results['info']['sample_rate']);

lib/gettext.php

@@ -27,13 +27,25 @@
 function load_gettext() { 
 	/* If we have gettext */
 	if (function_exists('bindtextdomain')) { 
-		bindtextdomain('messages', conf('prefix') . "/locale/");
-		textdomain('messages');
 		$lang = conf('lang');
 		putenv("LANG=" . $lang);
+		putenv("LANGUAGE=" . $lang);
 		/* Try lang, lang + charset and lang + utf-8 */
-		setlocale(LC_ALL, $lang,$lang . '.'. conf('site_charset'),$lang . '.UTF-8',$lang . '.' . conf('lc_charset'));
+		setlocale(LC_ALL, 
-	}
+				$lang,
+				$lang . '.'. conf('site_charset'),
+				$lang . '.UTF-8',
+				$lang . '.utf-8',
+				$lang . '.' . conf('lc_charset'));
+
+		/* Bind the Text Domain */
+		bindtextdomain('messages', conf('prefix') . "/locale/");
+		textdomain('messages');
+		if (function_exists('bind_textdomain_codeset')) { 
+			bind_textdomain_codeset('messages',conf('site_charset'));
+		} // if we can codeset the textdomain
+
+	} // If bindtext domain exists
 
 } // load_gettext
 

lib/init.php

@@ -80,7 +80,7 @@ if (!$results['allow_stream_playback']) {
 
 
 /** This is the version.... fluf nothing more... **/
-$results['version']		= '3.3.3-Alpha1';
+$results['version']		= '3.3.3-Alpha1 (Build 002)';
 
 $results['raw_web_path']	= $results['web_path'];
 $results['web_path']		= $http_type . $_SERVER['HTTP_HOST'] . $results['web_path'];
@@ -113,6 +113,12 @@ if (!$results['raw_web_path']) {
 if (!$_SERVER['SERVER_NAME']) { 
 	$_SERVER['SERVER_NAME'] = '';
 }
+if (!isset($results['auth_methods'])) { 
+	$results['auth_methods'] = 'mysql';
+}
+if (!is_array($results['auth_methods'])) { 
+	$results['auth_methods'] = array($results['auth_methods']);
+}
 
 /* Variables needed for vauth Module */
 $results['cookie_path'] 	= $results['raw_web_path'];

login.php

@@ -71,17 +71,43 @@ if ($_POST['username'] && $_POST['password']) {
 		$username = scrub_in($_POST['username']);
 		$password = scrub_in($_POST['password']);
 		$auth = authenticate($username, $password);
-		$user = new User($username); 
+                $user = new User($username);
-		if ($user->disabled === '1') { 
+	
-			$auth['success'] = false;
+		if ($user->disabled == '1') { 	
-			$auth['error'] = "Error: User Disabled please contact Admin";
+                                $auth['success'] = false;
-		} // if user disabled
+                                $auth['error'] = _('User Disabled please contact Admin');
+                } // if user disabled
+                
+		elseif (!$user->username) { 
+			/* This is run if we want to auto_create users who don't exist (usefull for non mysql auth) */                
+			if (conf('auto_create')) {
+				if (!$access = conf('auto_user')) { $access = '5'; } 
+				
+                        	$name = $auth['name'];
+                        	$email = $auth['email'];
+                        
+				/* Attempt to create the user */	
+				if (!$user->create($username, $name, $email,md5(time()), $access)) {
+                                	$auth['success'] = false;
+                                	$auth['error'] = _('Unable to create new account');
+                            	}
+				else { 
+                        		$user = new User($username);
+				}
+                        } // End if auto_create
+
+                        else {
+                            $auth['success'] = false;
+                            $auth['error'] = _('No local account found');
+                        }
+                } // else user isn't disabled
+
 	} // if we aren't in demo mode
-}
+
+} // if they passed a username/password
 
 /* If the authentication was a success */
 if ($auth['success']) {
-
     // $auth->info are the fields specified in the config file
     //   to retrieve for each user
     vauth_session_create($auth);

modules/kajax/ajax.js

@@ -9,30 +9,6 @@
 	var http_request = false;
 	var IE = true;
 	
-        function ajaxRequest(url) {
-                if (window.ActiveXObject) { // IE
-            try {
-                http_request = new ActiveXObject("Msxml2.XMLHTTP");
-            }
-                        catch (e) {
-                try {
-                    http_request = new ActiveXObject("Microsoft.XMLHTTP");
-                }
-                                catch (e) {}
-            }
-        }
-                else { // Mozilla
-                        IE = false;
-                        http_request = new XMLHttpRequest();
-                }
-        if (!http_request) {
-            return false;
-        }
-        http_request.onreadystatechange = function() { };
-        http_request.open('GET', url, true);
-        http_request.send(null);
-	}
-	
 	// uid is an array of uids that need to be replaced		
 	function ajaxPut(url) {
 		if (window.ActiveXObject) { // IE

modules/vauth/auth.lib.php

@@ -37,8 +37,16 @@ function authenticate($username,$password) {
 		return false;
 	}
 
-	/* Call the functions! */
+	/* Foreach Through the methods we are allowed to use */
-	$results = vauth_mysql_auth($username,$password);
+	foreach (vauth_conf('auth_methods') as $method) { 
+
+		/* Build Function name and call custom function */
+		$function = 'vauth_' . $method . '_auth';	
+		$results = $function($username,$password);
+
+		/* If we find something break */
+		if ($results['success']) { break; } 
+	} // end foreach
 
 	return $results;
 
@@ -88,4 +96,74 @@ function vauth_mysql_auth($username,$password) {
 
 } // vauth_mysql_auth
 
+/**
+ * vauth_ldap_auth
+ * Step one, connect to the LDAP server and perform a search for teh username provided. 
+ * If its found, attempt to bind using that username and the password provided.
+ * Step two, figure out if they are authorized to use ampache:
+ * TODO: need implimented still:
+ * 	* require-group "The DN fetched from the LDAP directory (or the username passed by the client) occurs in the LDAP group"
+ *      * require-dn "Grant access if the DN in the directive matches the DN fetched from the LDAP directory"
+ *      * require-attribute "an attribute fetched from the LDAP directory matches the given value"
+ */
+function vauth_ldap_auth($username, $password) {
+
+	$ldap_username	= vauth_conf('ldap_username');
+	$ldap_password	= vauth_conf('ldap_password');
+
+	/* Currently not implemented */
+	$require_group	= vauth_conf('ldap_require_group'); 
+
+	// This is the DN for the users (required)
+    	$ldap_dn	= vauth_conf('ldap_search_dn');
+    
+	// This is the server url (required)
+    	$ldap_url	= vauth_conf('ldap_url');
+
+    	$ldap_name_field	= vauth_conf('ldap_name_field');
+	$ldap_email_field	= vauth_conf('ldap_email_field');
+
+	if ($ldap_link = ldap_connect($ldap_url) ) {
+
+		/* Set to Protocol 3 */
+		ldap_set_option($ldap_link, LDAP_OPT_PROTOCOL_VERSION, 3);
+
+        	// bind using our auth, if we need to, for initial search for username
+          	if (!ldap_bind($ldap_link, $ldap_dn, $ldap_password)) {
+                	$results['success'] = false;
+                	$results['error'] = "Could not bind to LDAP server.";
+                	return $results;
+            	} // If bind fails
+
+	        $sr = ldap_search($ldap_link, $ldap_search_dn, "(uid=$username)");
+        	$info = ldap_get_entries($ldap_link, $sr);
+
+        	if ($info["count"] == 1) {
+            		$user_entry = ldap_first_entry($ldap_link, $sr);
+            		$user_dn    = ldap_get_dn($ldap_link, $user_entry);
+            		// bind using the user..
+            		$retval = ldap_bind($ldap_link, $user_dn, $password);
+
+            		if ($retval) {
+                		ldap_close($ldap_link);
+                		$results['success'] = true;
+                		$results['type'] = "ldap";
+                		$results['username'] = $username;
+                		$results['name'] = $info[0][$ldap_name_field][0];
+                		$results['email'] = $info[0][$ldap_email_field][0]; 
+
+                		return $results;
+
+            		} // if we get something good back
+        	} // if something was sent back 
+	} // if failed connect 
+
+	/* Default to bad news */
+        $results['success'] = false;
+        $results['error'] = "LDAP login attempt failed";
+        return $results;
+
+
+} // vauth_ldap_auth
+
 ?>

modules/vauth/init.php

@@ -57,7 +57,22 @@ function vauth_init($data) {
 
 	if (isset($data['auth_methods']['ldap'])) { 
 		
-
+		if (!isset($data['ldap_url'])) { 
+			vauth_error('No LDAP server defined [ldap_url]');
+			$error_status = true;
+		}
+		if (!isset($data['ldap_name_field'])) { 
+			vauth_error('No Name Field defined [ldap_name_field]');
+		}
+		if (!isset($data['ldap_email_field'])) { 
+			vauth_error('No E-mail Field defined [ldap_email_field]');
+		}
+		if (!isset($data['ldap_username'])) { 
+			vauth_error('No Bind Username defined [ldap_username]');
+		}
+		if (!isset($data['ldap_password'])) { 
+			vauth_error('No Bind Password defined [ldap_password]');
+		}
 
 	} // if we're doing ldap auth
 

server/ajax.server.php

@@ -79,8 +79,8 @@ switch ($action) {
 		$GLOBALS['user']->update_preference($pref_id,$_GET['type']);
 
 		/* Now Replace the text as you should */
-		$ajax_url       = conf('web_path') . '/server/ajax.server.php';
+		$ajax_url       = conf('ajax_url');
-		$required_info  = "&user_id=" . $GLOBALS['user']->id . "&sessid=" . session_id();
+		$required_info  = conf('ajax_info');
 		${$_GET['type']} = 'id="pt_active"';
 		ob_start();	
 		require_once(conf('prefix') . '/templates/show_localplay_switch.inc.php'); 

templates/javascript_refresh.inc.php

@@ -15,7 +15,7 @@ function refresh()
     //  entry in the visitor's history.  It is provided for
     //  those browsers that only support JavaScript 1.0.
     //
-    ajaxPut('<?php echo $ajax_url; ?>',<?php echo $ajax_object; ?>);
+    ajaxPut('<?php echo $ajax_url; ?>');
     doLoad();
 }
 

templates/show_album.inc

@@ -47,7 +47,6 @@ $title		= scrub_out($album->name) . ' -- ' . $album->f_artist;
 	<div style="display:table-cell;vertical-align:top;">
 		<?php
 		if (conf('ratings')) {	
-			show_ajax_js("r_" . $album->id . "_album",array("rating_" . $album->id . "_album"));
 			echo "<span style=\"display:inline;\" id=\"rating_" . $album->id . "_album\">";
 			show_rating($album->id, 'album');} // end if ratings
 			echo "</span>";

templates/show_artist_box.inc.php

@@ -23,7 +23,12 @@ $web_path = conf('web_path');
 $title = _('Albums by') . " " . $artist->full_name; 
 ?>
 <?php require (conf('prefix') . '/templates/show_box_top.inc.php'); ?>
-<?php if (conf('ratings')) { show_rating($artist->id, 'artist'); } // end if ratings ?>
+<?php 
+if (conf('ratings')) { 
+	echo "<span id=\"rating_" . $artist->id . "_artist\" style=\"display:inline;\">";
+	show_rating($artist->id, 'artist'); 
+	echo "</span>";
+} // end if ratings ?>
 <strong><?php echo _('Actions'); ?>:</strong><br />
 &nbsp;&nbsp;<a href="<?php echo $web_path; ?>/artists.php?action=show_all_songs&amp;artist=<?php echo $artist_id; ?>"><?php echo _("Show All Songs By") . " " . $artist->full_name; ?></a><br />
 &nbsp;&nbsp;<a href="<?php echo $web_path; ?>/song.php?action=artist&amp;artist_id=<?php echo $artist_id; ?>"><?php echo _("Play All Songs By") . " " . $artist->full_name; ?></a><br />

templates/show_localplay_control.inc.php

@@ -23,36 +23,29 @@
 $web_path = conf('web_path'); 
 $localplay = init_localplay();
 
-$required_info 	= "&user_id=" . $GLOBALS['user']->id . "&sessid=" . session_id(); 
+$required_info 	= conf('ajax_info');
-$ajax_url	= $web_path . '/server/ajax.server.php';
+$ajax_url	= conf('ajax_url');
 
 ?>
-<script language="javascript" type="text/javascript">
-<!--
-var lp_control = new Array(2);
-lp_control[0] = "lp_state";
-lp_control[1] = "lp_playing";
--->
-</script>
 <div class="localplaycontrol" style="display:table-cell;cursor:pointer;padding:2px;">
 <?php if ($localplay->has_function('prev')) { ?>
-<span class="prev_button" onclick="ajaxPut('<?php echo $ajax_url; ?>?action=localplay&cmd=prev<?php echo $required_info; ?>',lp_control);return true;">
+<span class="prev_button" onclick="ajaxPut('<?php echo $ajax_url; ?>?action=localplay&cmd=prev<?php echo $required_info; ?>');return true;">
 	<img src="<?php echo $web_path; ?>/images/localplay/prev.gif" alt="prev" />
 </span>
 <?php } ?>
-<span class="stop_button" onclick="ajaxPut('<?php echo $ajax_url; ?>?action=localplay&cmd=stop<?php echo $required_info; ?>',lp_control);return true;">
+<span class="stop_button" onclick="ajaxPut('<?php echo $ajax_url; ?>?action=localplay&cmd=stop<?php echo $required_info; ?>');return true;">
 	<img src="<?php echo $web_path; ?>/images/localplay/stop.gif" alt="stop" />
 </span>
 <?php if ($localplay->has_function('pause')) { ?>
-<span class="pause_button" onclick="ajaxPut('<?php echo $ajax_url; ?>?action=localplay&cmd=pause<?php echo $required_info; ?>',lp_control);return true;">
+<span class="pause_button" onclick="ajaxPut('<?php echo $ajax_url; ?>?action=localplay&cmd=pause<?php echo $required_info; ?>');return true;">
 	<img src="<?php echo $web_path; ?>/images/localplay/pause.gif" alt="pause" />
 </span>
 <?php } ?>
-<span class="play_button" onclick="ajaxPut('<?php echo $ajax_url; ?>?action=localplay&cmd=play<?php echo $required_info; ?>',lp_control);return true;">
+<span class="play_button" onclick="ajaxPut('<?php echo $ajax_url; ?>?action=localplay&cmd=play<?php echo $required_info; ?>');return true;">
 	<img src="<?php echo $web_path; ?>/images/localplay/play.gif" alt="play" />
 </span>
 <?php if ($localplay->has_function('next')) { ?>
-<span class="next_button" onclick="ajaxPut('<?php echo $ajax_url; ?>?action=localplay&cmd=next<?php echo $required_info; ?>',lp_control);return true;">
+<span class="next_button" onclick="ajaxPut('<?php echo $ajax_url; ?>?action=localplay&cmd=next<?php echo $required_info; ?>');return true;">
 	<img src="<?php echo $web_path; ?>/images/localplay/next.gif" alt="next" />
 </span>
 <?php } ?>

templates/show_localplay_switch.inc.php

@@ -1,6 +1,6 @@
-<span <?php echo $stream; ?> onclick="ajaxPut('<?php echo $ajax_url; ?>?action=change_play_type&amp;type=stream<?php echo $required_info; ?>','play_type');return true;">
+<span <?php echo $stream; ?> onclick="ajaxPut('<?php echo $ajax_url; ?>?action=change_play_type&amp;type=stream<?php echo $required_info; ?>');return true;">
 	<?php echo _('Stream') ?>
 </span><br /><br />
-<span <?php echo $localplay; ?> onclick="ajaxPut('<?php echo $ajax_url; ?>?action=change_play_type&amp;type=localplay<?php echo $required_info; ?>','play_type');return true;">
+<span <?php echo $localplay; ?> onclick="ajaxPut('<?php echo $ajax_url; ?>?action=change_play_type&amp;type=localplay<?php echo $required_info; ?>');return true;">
 	<?php echo _('Localplay'); ?>
 </span>

templates/show_object_rating.inc.php

@@ -29,10 +29,10 @@ echo "<ul class=\"star-rating\">\n";
 
 /* Handle the "Not rated" possibility */
 if ($rating->rating == '-1') { 
-	echo "<li class=\"zero-stars\"><span onclick=\"ajaxPut('" . $base_url . "&rating=-1',r_" . $rating->id . "_" . $rating->type . ");return true;\" title=\"don't play\" class=\"zero-stars\"></span></li>\n";
+	echo "<li class=\"zero-stars\"><span onclick=\"ajaxPut('" . $base_url . "&rating=-1');return true;\" title=\"don't play\" class=\"zero-stars\"></span></li>\n";
 }
 else { 
-	echo "<li class=\"zero-stars\"><span onclick=\"ajaxPut('" . $base_url . "&rating=-1',r_" . $rating->id . "_" . $rating->type . ");return true;\" title=\"remove rating\" class=\"zero-stars\"></span></li>\n";
+	echo "<li class=\"zero-stars\"><span onclick=\"ajaxPut('" . $base_url . "&rating=-1');return true;\" title=\"remove rating\" class=\"zero-stars\"></span></li>\n";
 }
 // decide width of rating. image is 16 px wide
 $width = $rating->rating*16;
@@ -48,19 +48,19 @@ else echo "$rating->rating of 5</li>\n";
 //it did not like my "1-star", "2-star" ... css styles, and I changed it to this after I realized star1... would have worked :\
 ?>
 <li>
-	<span onclick="ajaxPut('<?php echo $base_url; ?>&rating=1',r_<?php echo $rating->id; ?>_<?php echo $rating->type; ?>);return true;" class="one-stars" title="1 <?php echo _('out of'); ?> 5"></span>
+	<span onclick="ajaxPut('<?php echo $base_url; ?>&rating=1');return true;" class="one-stars" title="1 <?php echo _('out of'); ?> 5"></span>
 </li>
 <li>
-	<span onclick="ajaxPut('<?php echo $base_url; ?>&rating=2',r_<?php echo $rating->id; ?>_<?php echo $rating->type; ?>);return true;" class="two-stars" title="2 <?php echo _('out of'); ?> 5"></span>
+	<span onclick="ajaxPut('<?php echo $base_url; ?>&rating=2');return true;" class="two-stars" title="2 <?php echo _('out of'); ?> 5"></span>
 </li>
 <li>
-	<span onclick="ajaxPut('<?php echo $base_url; ?>&rating=3',r_<?php echo $rating->id; ?>_<?php echo $rating->type; ?>);return true;" class="three-stars" title="3 <?php echo _('out of'); ?> 5"></span>
+	<span onclick="ajaxPut('<?php echo $base_url; ?>&rating=3');return true;" class="three-stars" title="3 <?php echo _('out of'); ?> 5"></span>
 </li>
 <li>
-	<span onclick="ajaxPut('<?php echo $base_url; ?>&rating=4',r_<?php echo $rating->id; ?>_<?php echo $rating->type; ?>);return true;" class="four-stars" title="4 <?php echo _('out of'); ?> 5"></span>
+	<span onclick="ajaxPut('<?php echo $base_url; ?>&rating=4');return true;" class="four-stars" title="4 <?php echo _('out of'); ?> 5"></span>
 </li>
 <li>
-	<span onclick="ajaxPut('<?php echo $base_url; ?>&rating=5',r_<?php echo $rating->id; ?>_<?php echo $rating->type; ?>);return true;" class="five-stars" title="5 <?php echo _('out of'); ?> 5"></span>
+	<span onclick="ajaxPut('<?php echo $base_url; ?>&rating=5');return true;" class="five-stars" title="5 <?php echo _('out of'); ?> 5"></span>
 </li>
 </ul>
 

templates/show_songs.inc

@@ -146,7 +146,6 @@ foreach ($song_ids as $song_id) {
 	</td>
 	<?php if(conf('ratings')) { ?>
 		<td id="rating_<?php echo $song->id; ?>_song">
-			<?php show_ajax_js("r_" . $song->id . "_song",array("rating_" . $song->id . "_song")); ?>
 			<?php show_rating($song->id,'song'); ?>
 		</td>
 	<?php } ?>

templates/sidebar.inc.php

@@ -184,15 +184,9 @@ $web_path = conf('web_path');
 		<br />
 		<?php $type = conf('play_type'); ${$type} = 'id="pt_active"'; ?>
 		<?php 
-			$required_info  = "&user_id=" . $GLOBALS['user']->id . "&sessid=" . session_id();
+			$required_info  = conf('ajax_info');
-			$ajax_url       = $web_path . '/server/ajax.server.php'; 
+			$ajax_url       = conf('ajax_url');
 		?>
-		<script type="text/javascript" language="javascript">
-		<!-- 
-		var lp_switch = new Array(2);
-		lp_switch[0]	= "play_type";
-		-->
-		</script>
 		<span class="text-action" style="cursor:pointer;" id="play_type">
 		<?php require_once(conf('prefix') . '/templates/show_localplay_switch.inc.php'); ?>
 		</span>
@@ -200,6 +194,6 @@ $web_path = conf('web_path');
 <?php } // if horizontal orientation ?>
 <?php } // if localplay access ?>
 <?php if (conf('use_auth')) { ?>
-	<li><a href="<?php echo $web_path; ?>/logout.php"><?php echo _("Logout"); ?></a></li>
+	<li><a href="<?php echo $web_path; ?>/logout.php"><?php echo _('Logout'); ?></a></li>
 <?php } // end (conf('use_auth'))?>
 </ul>