1 files changed, 10 insertions, 3 deletions

diff --git a/index.php b/index.php
index fcdd9df6e..980756098 100644
--- a/index.php
+++ b/index.php
@@ -4,12 +4,19 @@ include_once "includes/common.inc";
 
 page_header();
 
-$result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '". node_status("posted") ."' AND timestamp <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY timestamp DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10)));
 
 $theme->header();
-while ($node = db_fetch_object($result)) {
-  node_view(node_get_object(array("nid" => $node->nid, "type" => $node->type)), 1);
+
+if (user_access($user, "view content")) {
+  $result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '". node_status("posted") ."' AND timestamp <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY timestamp DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10)));
+  while ($node = db_fetch_object($result)) {
+    node_view(node_get_object(array("nid" => $node->nid, "type" => $node->type)), 1);
+  }
+}
+else {
+  $theme->box("Access denied", message_access());
 }
+
 $theme->footer();
 
 page_footer();