Security. Menu items that have a non null permission value in the menu table...

Security. Menu items that have a non null permission value in the menu table will now only be visiable to people with that permission, unlike before where it kinda half worked and everybody could see everything.

components/menu.php

@@ -7,7 +7,7 @@ function getPageID($name) {
 
 function translate($word) {
 	global $language, $DB;
-	
+
 	if ($language['code']!="en") {
 		$query=$DB->GetRow("select title, title".$language['db']." from menu where title='".$word."'");
 		if ($query['title'.$language['db']]!="") return $query['title'.$language['db']];
@@ -60,9 +60,25 @@ $res = $DB->GetAll($query);
 $menu = parseMenu($res);
 
 // this needs to choose the actual current one
-$res = $DB->GetAll("select * from menu where parent=".getPageID($pagename)." order by menuorder");
-if (count($res)>0) {
-	$submenu = parseMenu($res);
+// subpages/submenu items can have permissions attached to them as well!
+
+$query2  = "select * from menu where parent=";
+$query2 .= "'";
+$query2 .= getPageID($pagename);
+$query2 .= "'";
+$query2 .= " and (permission is NULL";
+
+if ($session->loggedin) $query2 .= " or permission='users'";
+
+foreach ($session->groups as $group => $value) {
+        $query2 .= " or permission='$group'";
+        }
+
+$query2 .= ") order by menuorder";
+
+$res2 = $DB->GetAll($query2);
+if (count($res2)>0) {
+	$submenu = parseMenu($res2);
 	$menu[translate($pagename)] = $submenu;
 }