Fix queries and make sure we have a session

website/auth.php

@@ -1,4 +1,5 @@
 <?php
+session_start();
 
 // Demo site using Auth_BrowserID for authentication
 

website/internals.php

@@ -3,6 +3,7 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+session_start();
 
 function init_database()
 {

website/overview/data-suite.php

@@ -26,7 +26,7 @@ $overview["stamp"] = $row[1];
 $overview["suiteVersion"] = $suiteVersion;
 
 if (!has_permissions()) {
-	$query = "SELECT id FROM `awfy_suite`
+	$query = "SELECT awfy_suite.id FROM `awfy_suite`
               LEFT JOIN awfy_suite_version on suite_id = awfy_suite.id
               WHERE awfy_suite_version.id = $suiteVersion AND
 				    visible = 1

website/overview/data.php

@@ -46,6 +46,16 @@ if (!$results || mysql_num_rows($results) < 1)
     die();
 $suiteIds = Array();
 while($row = mysql_fetch_array($results)) {
+	if (!has_permissions()) {
+		$query = "SELECT awfy_suite.id FROM `awfy_suite`
+				  LEFT JOIN awfy_suite_version on suite_id = awfy_suite.id
+				  WHERE awfy_suite_version.id = ".$row[0]." AND
+						awfy_suite.visible = 1
+				  LIMIT 1";
+		$perm = mysql_query($query);
+		if (!$perm || mysql_num_rows($perm) != 1)
+			continue;
+	}
     $suiteIds[] = $row[0];
 }