This will hopefully solve the src/src problem. I am a bit concerned about

auth.php, since it's in functions and is, therefore, included. $PHP_SELF
can be anything in it.

functions/auth.php

@@ -15,9 +15,8 @@
  * $base_uri isn't set because it the session is invalid.
  */
 
-if (! isset($base_uri)) {
-    ereg ('(^.*/)[^/]+/[^/]+$', $PHP_SELF, $regs);
-    $base_uri = $regs[1];    
+if (!isset($base_uri)) {
+    $base_uri = dirname(dirname($PHP_SELF));
 }
 
 function is_logged_in() {

src/login.php

@@ -66,9 +66,10 @@ require_once('../functions/page_header.php');
  */
 set_up_language($squirrelmail_language, TRUE);
 
-/* Need the base URI to set the cookies. (Same code as in webmail.php). */
-ereg ("(^.*/)[^/]+/[^/]+$", $PHP_SELF, $regs);
-$base_uri = $regs[1];
+/**
+ * Find out the base URI to set cookies.
+ */
+$base_uri = dirname(dirname($PHP_SELF));
 @session_destroy();
 
 /*
@@ -76,7 +77,8 @@ $base_uri = $regs[1];
  * we get a new one.
  */
 $cookie_params = session_get_cookie_params();
-setcookie(session_name(),'',0,$cookie_params['path'].$cookie_params['domain']);
+setcookie(session_name(), '', 0, $cookie_params['path'], 
+          $cookie_params['domain']);
 setcookie('username', '', 0, $base_uri);
 setcookie('key', '', 0, $base_uri);
 header('Pragma: no-cache');

src/redirect.php

@@ -36,8 +36,7 @@ if (get_magic_quotes_gpc()) {
 
 /* Before starting the session, the base URI must be known. Assuming */
 /* that this file is in the src/ subdirectory (or something).        */
-ereg ("(^.*/)[^/]+/[^/]+$", $PHP_SELF, $regs);
-$base_uri = $regs[1];
+$base_uri = dirname(dirname($PHP_SELF));
 
 header('Pragma: no-cache');
 $location = get_location();
@@ -54,7 +53,8 @@ if (! isset($squirrelmail_language) ||
 }
 set_up_language($squirrelmail_language, true);
 /* Refresh the language cookie. */
-setcookie('squirrelmail_language', $squirrelmail_language, time()+2592000,$base_uri);
+setcookie('squirrelmail_language', $squirrelmail_language, time()+2592000, 
+          $base_uri);
 
 if (!isset($login_username)) {
     include_once( '../functions/display_messages.php' );

src/signout.php

@@ -34,9 +34,8 @@ if (!isset($frame_top)) {
 
 /* If a user hits reload on the last page, $base_uri isn't set
  * because it was deleted with the session. */
-if (! isset($base_uri)) {
-    ereg ('(^.*/)[^/]+/[^/]+$', $PHP_SELF, $regs);
-    $base_uri = $regs[1];
+if (!isset($base_uri)) {
+    $base_uri = dirname(dirname($PHP_SELF));
 }
 
 do_hook('logout');
@@ -76,7 +75,8 @@ CELLPADDING="2" ALIGN="CENTER">
     <TD ALIGN="CENTER">
       <?php do_hook('logout_above_text'); ?>
       <?php echo _("You have been successfully signed out.") ?><BR>
-      <A HREF="login.php" TARGET="<?php echo $frame_top ?>">
+      <A HREF="<?php echo "$base_uri/login.php" ?>" 
+           TARGET="<?php echo $frame_top ?>">
       <?php echo _("Click here to log back in.") ?>
       </A><BR><BR>
     </TD>

src/webmail.php

@@ -21,8 +21,7 @@ require_once('../functions/plugin.php');
 require_once('../functions/i18n.php');
 require_once('../functions/auth.php');
 
-ereg( '(^.*/)[^/]+/[^/]+$', $PHP_SELF, $regs);
-$base_uri = $regs[1];
+$base_uri = dirname(dirname($PHP_SELF));
 
 session_start();
 is_logged_in();