diff --git a/inc/html.php b/inc/html.php
index 59415f7da0e602f3fb1cd3dde04fe4b4e9ccf4a6..09d1387bd7e325f947b967050ed2cbba507c768d 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -1297,9 +1297,11 @@ function html_msgarea(){
     foreach($MSG as $msg){
         $hash = md5($msg['msg']);
         if(isset($shown[$hash])) continue; // skip double messages
-        print '<div class="'.$msg['lvl'].'">';
-        print $msg['msg'];
-        print '</div>';
+        if(info_msg_canshow($msg)){
+            print '<div class="'.$msg['lvl'].'">';
+            print $msg['msg'];
+            print '</div>';
+        }
         $shown[$hash] = 1;
     }
 
diff --git a/inc/infoutils.php b/inc/infoutils.php
index 92607e4fa8af84db26ac309a8efcdd4e53041c94..3d13266244489a6f3f21ce5f79a561de840ea011 100644
--- a/inc/infoutils.php
+++ b/inc/infoutils.php
@@ -269,7 +269,13 @@ function check(){
  * @author Andreas Gohr <andi@splitbrain.org>
  * @see    html_msgarea
  */
-function msg($message,$lvl=0,$line='',$file=''){
+
+define('MSG_PUBLIC', 0);
+define('MSG_USERS_ONLY', 1);
+define('MSG_MANAGERS_ONLY',2);
+define('MSG_ADMINS_ONLY',4);
+
+function msg($message,$lvl=0,$line='',$file='',$show=MSG_PUBLIC){
     global $MSG, $MSG_shown;
     $errors[-1] = 'error';
     $errors[0]  = 'info';
@@ -279,7 +285,7 @@ function msg($message,$lvl=0,$line='',$file=''){
     if($line || $file) $message.=' ['.utf8_basename($file).':'.$line.']';
 
     if(!isset($MSG)) $MSG = array();
-    $MSG[]=array('lvl' => $errors[$lvl], 'msg' => $message);
+    $MSG[]=array('lvl' => $errors[$lvl], 'msg' => $message, 'show' => $show);
     if(isset($MSG_shown) || headers_sent()){
         if(function_exists('html_msgarea')){
             html_msgarea();
@@ -290,6 +296,33 @@ function msg($message,$lvl=0,$line='',$file=''){
     }
 }
 
+function info_msg_canshow($msg){
+    global $INFO, $auth;
+
+    // is the message public? - everyone and anyone can see it
+    if (empty($msg['show'])) return true;
+
+    // restricted msg, but no authentication
+    if (empty($auth)) return false;
+
+    switch ($msg['show']){
+        case MSG_USERS_ONLY:
+            return !empty($INFO['userinfo']);
+
+        case MSG_MANAGERS_ONLY:
+            return $INFO['ismanager'];
+
+        case MSG_ADMINS_ONLY:
+            return $INFO['isadmin'];
+
+        default:
+            trigger_error('invalid msg show restriction.  msg="'.$msg['msg'].'" show='.$msg['show'].'"', E_USER_WARNING);
+            return $INFO['isadmin'];
+    }
+
+    return false;
+}
+
 /**
  * print debug messages
  *