From cef43c3602c38fe4b49e74bdfa429c66929ada0e Mon Sep 17 00:00:00 2001
From: Karl 'vollmerk' Vollmer <vollmer@ampache.org>
Date: Thu, 19 Jun 2008 06:32:23 +0000
Subject: reorganize the menu a whole bunch and add a confirmation page to the
 catalog deletion

---
 admin/catalog.php                     |  13 +++++-
 admin/users.php                       |  30 +++++++-------
 docs/CHANGELOG                        |   2 +
 images/icon_plugin.png                | Bin 0 -> 591 bytes
 lib/class/core.class.php              |  51 +++++++++++++++++++++++
 lib/ui.lib.php                        |   2 +-
 server/ajax.server.php                |  24 -----------
 server/index.ajax.php                 |  23 +++++++++++
 templates/show_add_user.inc.php       |   6 +--
 templates/show_catalog_row.inc.php    |   3 +-
 templates/show_confirmation.inc.php   |  13 ++++--
 templates/show_edit_user.inc.php      |   6 +--
 templates/sidebar.inc.php             |  14 +++----
 templates/sidebar_browse.inc.php      |  75 ----------------------------------
 templates/sidebar_home.inc.php        |  48 +++++++++++-----------
 templates/sidebar_modules.inc.php     |  54 ++++++++++++++++++++++++
 templates/sidebar_preferences.inc.php |   8 +---
 17 files changed, 206 insertions(+), 166 deletions(-)
 create mode 100644 images/icon_plugin.png
 delete mode 100644 templates/sidebar_browse.inc.php
 create mode 100644 templates/sidebar_modules.inc.php

diff --git a/admin/catalog.php b/admin/catalog.php
index c9b470ff..fb23f7cf 100644
--- a/admin/catalog.php
+++ b/admin/catalog.php
@@ -103,12 +103,23 @@ switch ($_REQUEST['action']) {
 	case 'delete_catalog':
 		/* Make sure they aren't in demo mode */
 	        if (Config::get('demo_mode')) { break; }
+
+		if (!Core::form_verify('delete_catalog')) { 
+			access_denied(); 
+			exit; 
+		} 
 	
 		/* Delete the sucker, we don't need to check perms as thats done above */
-		Catalog::delete($_REQUEST['catalog_id']); 
+		Catalog::delete($_GET['catalog_id']); 
 		$next_url = Config::get('web_path') . '/admin/index.php';
 		show_confirmation(_('Catalog Deleted'),_('The Catalog and all associated records have been deleted'),$nexturl);
 	break;
+	case 'show_delete_catalog': 
+		$catalog_id = scrub_in($_GET['catalog_id']); 
+
+		$next_url = Config::get('web_path') . '/admin/catalog.php?action=delete_catalog'; 
+		show_confirmation(_('Catalog Delete'),_('Confirm Deletion Request'),$nexturl,1,'delete_catalog'); 
+	break; 
 	case 'remove_disabled':
 	        if (conf('demo_mode')) { break; }
 
diff --git a/admin/users.php b/admin/users.php
index a9a5039d..ea717bdb 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -33,19 +33,19 @@ switch ($_REQUEST['action']) {
 	case 'update_user':
 	        if (Config::get('demo_mode')) { break; }
 		
-		if (!$_SESSION['forms']['adminuser'] || $_SESSION['forms']['adminuser'] != $_POST['formkey']) { 
+		if (!Core::form_verify('edit_user','post')) { 
 			access_denied(); 
 			exit; 
 		} 
 
 		/* Clean up the variables */
-		$user_id	= scrub_in($_REQUEST['user_id']);
-		$username 	= scrub_in($_REQUEST['username']);
-		$fullname 	= scrub_in($_REQUEST['fullname']);
-		$email 		= scrub_in($_REQUEST['email']);
-		$access 	= scrub_in($_REQUEST['access']);
-		$pass1 		= scrub_in($_REQUEST['password_1']);
-		$pass2 		= scrub_in($_REQUEST['password_2']);
+		$user_id	= scrub_in($_POST['user_id']);
+		$username 	= scrub_in($_POST['username']);
+		$fullname 	= scrub_in($_POST['fullname']);
+		$email 		= scrub_in($_POST['email']);
+		$access 	= scrub_in($_POST['access']);
+		$pass1 		= scrub_in($_POST['password_1']);
+		$pass2 		= scrub_in($_POST['password_2']);
 	
 		/* Setup the temp user */	
 	    	$client = new User($user_id);
@@ -85,17 +85,17 @@ switch ($_REQUEST['action']) {
 	case 'add_user':
         	if (Config::get('demo_mode')) { break; }
 
-                if (!$_SESSION['forms']['adminuser'] || $_SESSION['forms']['adminuser'] != $_POST['formkey']) { 
+                if (!Core::form_verify('add_user','post')) { 
                         access_denied();
                         exit;
                 } 
 
-		$username	= scrub_in($_REQUEST['username']);
-		$fullname	= scrub_in($_REQUEST['fullname']);
-		$email		= scrub_in($_REQUEST['email']);
-		$access		= scrub_in($_REQUEST['access']);
-		$pass1		= scrub_in($_REQUEST['password_1']);
-		$pass2		= scrub_in($_REQUEST['password_2']);
+		$username	= scrub_in($_POST['username']);
+		$fullname	= scrub_in($_POST['fullname']);
+		$email		= scrub_in($_POST['email']);
+		$access		= scrub_in($_POST['access']);
+		$pass1		= scrub_in($_POST['password_1']);
+		$pass2		= scrub_in($_POST['password_2']);
 
 		if ($pass1 !== $pass2 || !strlen($pass1)) { 
 			Error::add('password',_("Error Passwords don't match"));
diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index 658954a1..4b5d9a06 100755
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -4,6 +4,8 @@
 
 --------------------------------------------------------------------------
   v.3.5-Alpha1
+	- Added Confirmation Screen to Catalog Deletion
+	- Reorganized Menu System and Added Modules section
 	- Fix an error if you try to add a shoutbox for an invalid object
 		(Thx atrophic)
 	- Fixed issue with art dump on jpeg files (Thx atrophic)
diff --git a/images/icon_plugin.png b/images/icon_plugin.png
new file mode 100644
index 00000000..6187b15a
Binary files /dev/null and b/images/icon_plugin.png differ
diff --git a/lib/class/core.class.php b/lib/class/core.class.php
index bd0e422d..4818e39b 100644
--- a/lib/class/core.class.php
+++ b/lib/class/core.class.php
@@ -36,5 +36,56 @@ class Core {
 
 	} // construction
 
+	/**
+	 * form_register
+	 * This registers a form with a SID, inserts it into the session variables
+	 * and then returns a string for use in the HTML form
+	 */
+	public static function form_register($name) { 
+
+		// Make ourselves a nice little sid
+		$sid =  md5(uniqid(rand(), true));
+
+		// Register it
+		$_SESSION['forms'][$name] = array('sid'=>$sid,'expire'=>time() + Config::get('session_length')); 
+
+		$string = '<input type="hidden" name="form_validation" value="' . $sid . '" />'; 
+
+		return $string; 
+
+	} // form_register
+
+	/**
+	 * form_verify
+	 * This takes a form name and then compares it with the posted sid, if they don't match
+	 * then it returns false and doesn't let the person continue
+	 */
+	public static function form_verify($name,$method='post') { 
+
+		switch ($method) { 
+			case 'post': 
+				$source = $_POST['form_validation']; 
+			break; 
+			case 'get': 
+				$source = $_GET['form_validation'];
+			break; 
+			case 'cookie': 
+				$source = $_COOKIE['form_validation']; 
+			break; 
+			case 'request': 
+				$source = $_REQUEST['form_validation']; 
+			break; 
+		} 
+
+		if ($source == $_SESSION['forms'][$name]['sid'] AND $_SESSION['forms'][$name]['expire'] > time()) { 
+			unset($_SESSION['forms'][$name]); 
+			return true; 
+		} 
+
+		unset($_SESSION['forms'][$name]); 
+		return false; 
+
+	} // form_verify
+
 } // Core
 ?>
diff --git a/lib/ui.lib.php b/lib/ui.lib.php
index 68f92a50..1c2c480e 100644
--- a/lib/ui.lib.php
+++ b/lib/ui.lib.php
@@ -35,7 +35,7 @@
  * $text	The details of the message
  * $cancel	T/F show a cancel button that uses return_referrer()
  */
-function show_confirmation($title,$text,$next_url,$cancel=0) {
+function show_confirmation($title,$text,$next_url,$cancel=0,$form_name='confirmation') {
 
 	if (substr_count($next_url,Config::get('web_path'))) {
 		$path = $next_url;
diff --git a/server/ajax.server.php b/server/ajax.server.php
index 82539b6b..5e586895 100644
--- a/server/ajax.server.php
+++ b/server/ajax.server.php
@@ -345,30 +345,6 @@ switch ($_REQUEST['action']) {
 		$results['browse_content'] = ob_get_contents(); 
 		ob_end_clean(); 
 	break;
-	case 'sidebar': 
-		switch ($_REQUEST['button']) {
-			case 'home':
-			case 'browse':
-			case 'localplay':
-			case 'player':
-			case 'preferences':
-				$button = $_REQUEST['button']; 
-			break;
-			case 'admin':
-				if ($GLOBALS['user']->has_access(100)) { $button = $_REQUEST['button']; } 
-				else { exit; } 
-			break;
-			default: 
-				exit; 
-			break;
-		} // end switch on button  
-
-		ob_start(); 
-		$_SESSION['state']['sidebar_tab'] = $button; 
-		require_once Config::get('prefix') . '/templates/sidebar.inc.php';
-		$results['sidebar'] = ob_get_contents(); 
-		ob_end_clean(); 
-	break;
 	default:
 		$results['rfc3514'] = '0x1';
 	break;
diff --git a/server/index.ajax.php b/server/index.ajax.php
index 47d2b45f..e8029de2 100644
--- a/server/index.ajax.php
+++ b/server/index.ajax.php
@@ -34,6 +34,29 @@ switch ($_REQUEST['action']) {
 			ob_end_clean(); 
 		} 
 	break;
+	case 'sidebar': 
+                switch ($_REQUEST['button']) {
+                        case 'home':
+                        case 'modules':
+                        case 'localplay':
+                        case 'player':
+                        case 'preferences':
+                                $button = $_REQUEST['button'];
+                        break;
+                        case 'admin':
+                                if (Access::check('interface','100')) { $button = $_REQUEST['button']; }
+                                else { exit; }
+                        break;
+                        default:
+                                exit;
+                        break;
+                } // end switch on button  
+
+                ob_start();
+                $_SESSION['state']['sidebar_tab'] = $button;
+                require_once Config::get('prefix') . '/templates/sidebar.inc.php';
+                $results['sidebar'] = ob_get_contents();
+                ob_end_clean();
 	default: 
 		$results['rfc3514'] = '0x1'; 
 	break;
diff --git a/templates/show_add_user.inc.php b/templates/show_add_user.inc.php
index e8656586..cfa30ab9 100644
--- a/templates/show_add_user.inc.php
+++ b/templates/show_add_user.inc.php
@@ -19,8 +19,6 @@
  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 
 */
-$form_string = generate_password('32'); 
-$_SESSION['forms']['adminuser'] = $form_string; 
 ?>
 <?php show_box_top(_('Adding a New User')); ?>
 <?php Error::display('general'); ?>
@@ -83,8 +81,8 @@ $_SESSION['forms']['adminuser'] = $form_string;
 </tr>
 </table>
 <div class="formValidation">
-  <input type="hidden" name="formkey" value="<?php echo $form_string; ?>" />
-  <input type="submit" value="<?php echo _('Add User'); ?>" />
+	<?php echo Core::form_register('user_add'); ?>
+	<input type="submit" value="<?php echo _('Add User'); ?>" />
 </div>
 </form>
 <?php show_box_bottom(); ?>
diff --git a/templates/show_catalog_row.inc.php b/templates/show_catalog_row.inc.php
index faf9b406..37546b3a 100644
--- a/templates/show_catalog_row.inc.php
+++ b/templates/show_catalog_row.inc.php
@@ -28,6 +28,7 @@ $web_path = Config::get('web_path');
 	<a href="<?php echo $web_path; ?>/admin/catalog.php?action=add_to_catalog&amp;catalogs[]=<?php echo $catalog->id; ?>"><?php echo _('Add'); ?></a>
 	| <a href="<?php echo $web_path; ?>/admin/catalog.php?action=update_catalog&amp;catalogs[]=<?php echo $catalog->id; ?>"><?php echo _('Verify'); ?></a>
         | <a href="<?php echo $web_path; ?>/admin/catalog.php?action=clean_catalog&amp;catalogs[]=<?php echo $catalog->id; ?>"><?php echo _('Clean'); ?></a>
+	| <a href="<?php echo $web_path; ?>/admin/catalog.php?action=full_service&amp;catalogs[]=<?php echo $catalog->id; ?>"><?php echo _('Update'); ?></a>
 	| <a href="<?php echo $web_path; ?>/admin/catalog.php?action=gather_album_art&amp;catalogs[]=<?php echo $catalog->id; ?>"><?php echo _('Gather Art'); ?></a>
-	| <a href="<?php echo $web_path; ?>/admin/catalog.php?action=delete_catalog&amp;catalog_id=<?php echo $catalog->id; ?>"><?php echo _('Delete'); ?></a>
+	| <a href="<?php echo $web_path; ?>/admin/catalog.php?action=show_delete_catalog&amp;catalog_id=<?php echo $catalog->id; ?>"><?php echo _('Delete'); ?></a>
 </td>
diff --git a/templates/show_confirmation.inc.php b/templates/show_confirmation.inc.php
index fb66ce4b..53bdd493 100644
--- a/templates/show_confirmation.inc.php
+++ b/templates/show_confirmation.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*
 
- Copyright (c) 2001 - 2007 Ampache.org
+ Copyright (c) Ampache.org
  All rights reserved.
 
  This program is free software; you can redistribute it and/or
@@ -18,12 +18,19 @@
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */
+$confirmation = Core::form_register($form_name); 
 ?>
 <?php show_box_top(scrub_out($title)); ?>
 <?php echo $text; ?>
 <br />
-	<a class="button" href="<?php echo $path; ?>"><?php echo _('Continue'); ?></a>
+	<form method="post" action="<?php echo $path; ?>" style="display:inline;">
+	<input type="submit" value="<?php echo _('Continue'); ?>" />
+	<?php echo $confirmation; ?>
+	</form>
 <?php if ($cancel) { ?>
-	<a class="button" href="<?php echo Config::get('web_path') . "/" . return_referer(); ?>"><?php echo _('Cancel'); ?></a>
+	<form method="post" action="<?php echo Config::get('web_path') . '/' . return_referer(); ?>" style="display:inline;">
+	<input type="submit" value="<?php echo _('Cancel'); ?>" />
+	<?php echo $confirmation; ?>
+	</form>
 <?php } ?>
 <?php show_box_bottom(); ?>
diff --git a/templates/show_edit_user.inc.php b/templates/show_edit_user.inc.php
index 56ed7179..3ccd7e8d 100644
--- a/templates/show_edit_user.inc.php
+++ b/templates/show_edit_user.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*
 
- Copyright (c) 2001 - 2007 Ampache.org
+ Copyright (c) Ampache.org
  All rights reserved.
 
  This program is free software; you can redistribute it and/or
@@ -19,8 +19,6 @@
  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 
 */
-$form_string = generate_password('32'); 
-$_SESSION['forms']['adminuser'] = $form_string; 
 ?>
 <?php show_box_top(_('Editing existing User')); ?>
 <?php Error::display('general'); ?>
@@ -85,7 +83,7 @@ $_SESSION['forms']['adminuser'] = $form_string;
 <div class="formValidation">
 		<input type="hidden" name="action" value="update_user" />
 		<input type="submit" value="<?php echo _('Update User'); ?>" />
-		<input type="hidden" name="formkey" value="<?php echo $form_string; ?>" />
+		<?php echo Core::form_register('edit_user'); ?>
 		<input type="hidden" name="user_id" value="<?php echo $client->id; ?>" />
 </div>
 </form>
diff --git a/templates/sidebar.inc.php b/templates/sidebar.inc.php
index 5d94e9b6..42f2b3bb 100644
--- a/templates/sidebar.inc.php
+++ b/templates/sidebar.inc.php
@@ -25,9 +25,9 @@ ${$class_name} = ' active';
 
 // List of buttons ( id, title, icon, access level)
 $sidebar_items[] = array('id'=>'home', 'title'=>_('Home'), 'icon'=>'home', 'access'=>5);
-//$sidebar_items[] = array('id'=>'browse', 'title'=>_('Browse'), 'icon'=>'browse', 'access'=>5);
 $sidebar_items[] = array('id'=>'localplay', 'title'=>_('Localplay'), 'icon'=>'volumeup', 'access'=>5);
 $sidebar_items[] = array('id'=>'preferences', 'title'=>_('Preferences'), 'icon'=>'edit', 'access'=>5);
+$sidebar_items[] = array('id'=>'modules','title'=>_('Modules'),'icon'=>'plugin','access'=>5); 
 $sidebar_items[] = array('id'=>'admin', 'title'=>_('Admin'), 'icon'=>'admin', 'access'=>100);
 
 
@@ -38,18 +38,16 @@ $ajax_url = Config::get('ajax_url');
 <ul id="sidebar-tabs">
 <?php 
 	foreach ($sidebar_items as $item) { 
-	   if ($GLOBALS['user']->has_access($item['access']))
-	   {
-	     $li_params = "id='sb_tab_" . $item['id'] . "' class='sb1" . ${'sidebar_'.$item['id'] } . "'";
-	     ?><li <?php echo $li_params; ?>>
+		if (Access::check('interface',$item['access'])) {
+			$li_params = "id='sb_tab_" . $item['id'] . "' class='sb1" . ${'sidebar_'.$item['id'] } . "'";
+		?><li <?php echo $li_params; ?>>
       	<?php 
         // Button
-        echo Ajax::button("?action=sidebar&button=".$item['id'],$item['icon'],$item['title'],'sidebar_'.$item['id']);
+        echo Ajax::button("?page=index&action=sidebar&button=".$item['id'],$item['icon'],$item['title'],'sidebar_'.$item['id']);
       	
       	// Include subnav if it's the selected one
       	// so that it's generated inside its parent li
-      	if($item['id']==$_SESSION['state']['sidebar_tab'])
-      	{
+	if ($item['id']==$_SESSION['state']['sidebar_tab']) {
       	  ?><div id="sidebar-page"><?php
       	  require_once Config::get('prefix') . '/templates/sidebar_' . $_SESSION['state']['sidebar_tab'] . '.inc.php';
       	  ?></div><?php
diff --git a/templates/sidebar_browse.inc.php b/templates/sidebar_browse.inc.php
deleted file mode 100644
index 0867cde8..00000000
--- a/templates/sidebar_browse.inc.php
+++ /dev/null
@@ -1,75 +0,0 @@
-<?php 
-/*
-
- Copyright (c) Ampache.org
- All rights reserved.
-
- This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License v2
- as published by the Free Software Foundation.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
-
-*/
-
-$ajax_info = Config::get('ajax_url'); $web_path = Config::get('web_path'); 
-$allowed_filters = Browse::get_allowed_filters(); 
-?>
-<ul class="sb2" id="sb_browse">
-  <li><h4><?php echo _('Browse By'); ?></h4>
-  <?php 
-	  // Build the selected dealie
-	  $text = scrub_in($_REQUEST['action']) . '_ac';
-	  ${$text} = ' selected="selected"'; 
-  ?>
-    <ul class="sb3" id="sb_browse_bb">
-      <li id="sb_browse_bb_SongTitle"><a href="<?php echo $web_path; ?>/browse.php?action=song"><?php echo _('Song Title'); ?></a></li>
-      <li id="sb_browse_bb_Album"><a href="<?php echo $web_path; ?>/browse.php?action=album"><?php echo _('Albums'); ?></a></li>
-      <li id="sb_browse_bb_Artist"><a href="<?php echo $web_path; ?>/browse.php?action=artist"><?php echo _('Artist'); ?></a></li>
-      <li id="sb_browse_bb_Tags"><a href="<?php echo $web_path; ?>/browse.php?action=tag"><?php echo _('Tag Cloud'); ?></a></li>
-      <li id="sb_browse_bb_Playlist"><a href="<?php echo $web_path; ?>/browse.php?action=playlist"><?php echo _('Playlist'); ?></a></li>
-      <li id="sb_browse_bb_RadioStation"><a href="<?php echo $web_path; ?>/browse.php?action=live_stream"><?php echo _('Radio Stations'); ?></a></li>
-    </ul>
-  </li>
-<?php if (count($allowed_filters)) { ?>
-  <li><h4><?php echo _('Filters'); ?></h4>
-    <div class="sb3">
-	<?php if (in_array('alpha_match',$allowed_filters)) { ?>
-	<form id="multi_alpha_filter_form" method="post" action="javascript:void(0);">
-	 	<label id="multi_alpha_filterLabel" for="multi_alpha_filter"><?php echo _('Starts With'); ?></label>
-		<input type="textbox" id="multi_alpha_filter" name="multi_alpha_filter" value="<?php echo scrub_out($_REQUEST['alpha_match']); ?>" onKeyUp="DelayRun(this,'400','ajaxState','<?php echo Config::get('ajax_url'); ?>?page=browse&action=browse&key=alpha_match','multi_alpha_filter');">
-	</form>
-	<?php } // end if alpha_match ?>
-	<?php if (in_array('minimum_count',$allowed_filters)) { ?>
-		<input id="mincountCB" type="checkbox" onclick="ajaxPut('<?php echo $ajax_info; ?>?action=browse&amp;key=min_count&amp;value=1');return true;" value="1" />
-	  	<label id="mincountLabel" for="mincountCB"><?php echo _('Minimum Count'); ?></label><br />
-	<?php } ?>
-	<?php if (in_array('rated',$allowed_filters)) { ?>
-		<input id="ratedCB" type="checkbox" onclick="ajaxPut('<?php echo $ajax_info; ?>?action=browse&amp;key=rated&amp;value=1');return true;" value="1" />
-  		<label id="ratedLabel" for="ratedCB"><?php echo _('Rated'); ?></label><br />
-	<?php } ?>
-	<?php if (in_array('unplayed',$allowed_filters)) { ?>
-		<input id="unplayedCB" type="checkbox" <?php echo $string = Browse::get_filter('unplayed') ? 'checked="checked"' : ''; ?>/>
-		<label id="unplayedLabel" for="unplayedCB"><?php echo _('Unplayed'); ?></label><br />
- 	<?php } ?>
-	<?php if (in_array('show_art',$allowed_filters)) { ?>
-		<input id="show_artCB" type="checkbox" <?php echo $string = Browse::get_filter('show_art') ? 'checked="checked"' : ''; ?>/>
-		<label id="show_artLabel" for="show_artCB"><?php echo _('Show Art'); ?></label><br />
-		<?php echo Ajax::observe('show_artCB','click',Ajax::action('?page=browse&action=browse&key=show_art&value=1','')); ?>
-	<?php } // if show_art ?>
-	<?php if (in_array('playlist_type',$allowed_filters)) { ?>
-		<input id="show_allplCB" type="checkbox" <?php echo $string = Browse::get_filter('playlist_type') ? 'checked="checked"' : ''; ?>/>
-		<label id="show_allplLabel" for="showallplCB"><?php echo _('All Playlists'); ?></label><br />
-		<?php echo Ajax::observe('show_allplCB','click',Ajax::action('?page=browse&action=browse&key=playlist_type&value=1','')); ?>
-	<?php } // if playlist_type ?>
-    </div>
-  </li>
-<?php } ?>
-</ul>
diff --git a/templates/sidebar_home.inc.php b/templates/sidebar_home.inc.php
index ced2b9c4..1a44da06 100644
--- a/templates/sidebar_home.inc.php
+++ b/templates/sidebar_home.inc.php
@@ -21,29 +21,6 @@
 $ajax_info = Config::get('ajax_url'); $web_path = Config::get('web_path');
 ?>
 <ul class="sb2" id="sb_home">
-  <li><h4><?php echo _('Information'); ?></h4>
-    <ul class="sb3" id="sb_home_info">
-      <li id="sb_home_info_CurrentlyPlaying"><a href="<?php echo $web_path; ?>/index.php"><?php echo _('Currently Playing'); ?></a></li>
-      <li id="sb_home_info_Statistics"><a href="<?php echo $web_path; ?>/stats.php"><?php echo _('Statistics'); ?></a></li>
-      <li id="sb_home_info_AddStationRadio"><a href="<?php echo $web_path; ?>/radio.php?action=show_create"><?php echo _('Add Radio Station'); ?></a></li>
-    </ul>
-  </li>
-<?php if (Config::get('allow_democratic_playback')) { ?>
-  <li><h4><?php echo _('Democratic'); ?></h4>
-    <ul class="sb3" id="sb_home_democratic">
-      <li id="sb_home_democratic_playlist"><a href="<?php echo $web_path; ?>/democratic.php?action=show_playlist"><?php echo _('Show Playlist'); ?></a></li>
-      <li id="sb_home_democratic_playlist"><a href="<?php echo $web_path; ?>/democratic.php?action=manage_playlists"><?php echo _('Manage Playlist'); ?></a></li>
-    </ul>
-  </li>
-<?php } ?>
-  <li><h4><?php echo _('Random'); ?></h4>
-    <ul class="sb3" id="sb_home_random">
-      <li id="sb_home_random_album"><?php echo Ajax::text('?page=random&action=album',_('Album'),'home_random_album'); ?></li>
-      <li id="sb_home_random_artist"><?php echo Ajax::text('?page=random&action=artist',_('Artist'),'home_random_artist'); ?></li>
-      <li id="sb_home_random_playlist"><?php echo Ajax::text('?page=random&action=playlist',_('Playlist'),'home_random_playlist'); ?></li>
-      <li id="sb_home_random_advanced"><a href="<?php echo $web_path; ?>/random.php?action=advanced"><?php echo _('Advanced'); ?></a></li>
-    </ul>
-  </li>
   <li><h4><?php echo _('Browse'); ?></h4>
   <?php
 	$allowed_filters = Browse::get_allowed_filters();
@@ -93,5 +70,30 @@ $ajax_info = Config::get('ajax_url'); $web_path = Config::get('web_path');
         <?php } // if playlist_type ?>
     </div>
   </li>
+  <li><h4><?php echo _('Playlist'); ?></h4>
+    <ul class="sb3" id="sb_home_info">
+      <li id="sb_home_info_CurrentlyPlaying"><a href="<?php echo $web_path; ?>/index.php"><?php echo _('Currently Playing'); ?></a></li>
+<?php if (Config::get('allow_democratic_playback')) { ?>
+      <li id="sb_home_democratic_playlist"><a href="<?php echo $web_path; ?>/democratic.php?action=show_playlist"><?php echo _('Democratic'); ?></a></li>
+<?php } ?>
+<?php if ($server_allow = Config::get('allow_localplay_playback') AND $controller = Config::get('localplay_controller') AND $access_check = Access::check('localplay','5')) { ?>
+<?php
+        // Little bit of work to be done here
+        $localplay = new Localplay(Config::get('localplay_controller'));
+        $current_instance = $localplay->current_instance();
+        $class = $current_instance ? '' : ' class="active_instance"';
+?>
+        <li id="sb_localplay_info_show"><a href="<?php echo $web_path; ?>/localplay.php?action=show_playlist"><?php echo _('Localplay'); ?></a></li>
+<?php } ?>
+    </ul>
+  </li>
+  <li><h4><?php echo _('Random'); ?></h4>
+    <ul class="sb3" id="sb_home_random">
+      <li id="sb_home_random_album"><?php echo Ajax::text('?page=random&action=album',_('Album'),'home_random_album'); ?></li>
+      <li id="sb_home_random_artist"><?php echo Ajax::text('?page=random&action=artist',_('Artist'),'home_random_artist'); ?></li>
+      <li id="sb_home_random_playlist"><?php echo Ajax::text('?page=random&action=playlist',_('Playlist'),'home_random_playlist'); ?></li>
+      <li id="sb_home_random_advanced"><a href="<?php echo $web_path; ?>/random.php?action=advanced"><?php echo _('Advanced'); ?></a></li>
+    </ul>
+  </li>
 <?php } ?>
 </ul>
diff --git a/templates/sidebar_modules.inc.php b/templates/sidebar_modules.inc.php
new file mode 100644
index 00000000..92183a44
--- /dev/null
+++ b/templates/sidebar_modules.inc.php
@@ -0,0 +1,54 @@
+<?php 
+/*
+
+ Copyright (c) Ampache.org
+ All rights reserved.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License v2
+ as published by the Free Software Foundation.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+*/
+
+$ajax_info = Config::get('ajax_url'); $web_path = Config::get('web_path'); 
+?>
+<ul class="sb2" id="sb_modules">
+<li><h4><?php echo _('Modules'); ?></h4>
+        <ul class="sb3" id="sb_Modules">
+        <li id="sb_preferences_mo_localplay"><a href="<?php echo $web_path; ?>/admin/modules.php?action=show_localplay"><?php echo _('Localplay Modules'); ?></a></li>
+        <li id="sb_preferences_mo_plugins"><a href="<?php echo $web_path; ?>/admin/modules.php?action=show_plugins"><?php echo _('Available Plugins'); ?></a></li>
+        </ul>
+</li>
+  <li><h4><?php echo _('Other Tools'); ?></h4>
+    <ul class="sb3" id="sb_admin_ot">
+      <li id="sb_admin_ot_Duplicates"><a href="<?php echo $web_path; ?>/admin/duplicates.php"><?php echo _('Find Duplicates'); ?></a></li>
+      <li id="sb_admin_ot_Mail"><a href="<?php echo $web_path; ?>/admin/mail.php"><?php echo _('Mail Users'); ?></a></li>
+      <li id="sb_admin_ot_ManageFlagged"><a href="<?php echo $web_path; ?>/admin/flag.php"><?php echo _('Manage Flagged'); ?></a></li>
+      <li id="sb_admin_ot_ShowDisabled"><a href="<?php echo $web_path; ?>/admin/flag.php?action=show_disabled"><?php echo _('Show Disabled'); ?></a></li>
+    </ul>
+  </li>
+  <li><h4><?php echo _('Information'); ?></h4>
+    <ul class="sb3" id="sb_home_info">
+      <li id="sb_home_info_CurrentlyPlaying"><a href="<?php echo $web_path; ?>/index.php"><?php echo _('Currently Playing'); ?></a></li>
+      <li id="sb_home_info_Statistics"><a href="<?php echo $web_path; ?>/stats.php"><?php echo _('Statistics'); ?></a></li>
+      <li id="sb_home_info_AddStationRadio"><a href="<?php echo $web_path; ?>/radio.php?action=show_create"><?php echo _('Add Radio Station'); ?></a></li>
+    </ul>
+  </li>
+<?php if (Config::get('allow_democratic_playback')) { ?>
+  <li><h4><?php echo _('Democratic'); ?></h4>
+    <ul class="sb3" id="sb_home_democratic">
+      <li id="sb_home_democratic_playlist"><a href="<?php echo $web_path; ?>/democratic.php?action=show_playlist"><?php echo _('Show Playlist'); ?></a></li>
+      <li id="sb_home_democratic_playlist"><a href="<?php echo $web_path; ?>/democratic.php?action=manage_playlists"><?php echo _('Manage Playlist'); ?></a></li>
+    </ul>
+  </li>
+<?php } ?>
+</ul>
diff --git a/templates/sidebar_preferences.inc.php b/templates/sidebar_preferences.inc.php
index be018df9..d3703dfa 100644
--- a/templates/sidebar_preferences.inc.php
+++ b/templates/sidebar_preferences.inc.php
@@ -6,7 +6,7 @@
 $catagories = Preference::get_catagories();  
 ?>
 <ul class="sb2" id="sb_preferences">
-  <li><h4><?php echo _('Sections'); ?></h4>
+  <li><h4><?php echo _('Preferences'); ?></h4>
     <ul class="sb3" id="sb_preferences_sections">
 <?php 
 	foreach ($catagories as $name) { 
@@ -29,11 +29,5 @@ $catagories = Preference::get_catagories();
 <?php } ?>
     </ul>
   </li>
-<li><h4><?php echo _('Modules'); ?></h4>
-	<ul class="sb3" id="sb_Modules">
-	<li id="sb_preferences_mo_localplay"><a href="<?php echo $web_path; ?>/admin/modules.php?action=show_localplay"><?php echo _('Localplay Modules'); ?></a></li>
-	<li id="sb_preferences_mo_plugins"><a href="<?php echo $web_path; ?>/admin/modules.php?action=show_plugins"><?php echo _('Available Plugins'); ?></a></li>
-	</ul>
-</li>
 </ul>
 <?php } ?>
-- 
cgit