Help with PHP logic needed

[eluser]mdcode[/eluser]
That's got rid of the errors but I think we're getting wires crossed somewhere down the line as a non-admin user can see edit all records.

Information in the session variables user_state and user_dept should never equal false. If either equals 0, it is effectively Admin access to the information (and the page should display. If it's anything else, they can only see/edit the information for their state and department.

If the information in the database does not match user_state or user_dept AND neither equals 0 (Admin access), then the error message should be displayed.

Is that any clearer?

[eluser]Thorpe Obazee[/eluser]
Errr... FALSE is 0 when not checking for data type.

[eluser]mdcode[/eluser]
Okay, so, do I need to choose another Admin code, as right now, even though the user account shouldn't have edit rights to a particular project, they do.

[eluser]Thorpe Obazee[/eluser]
I don't think so.. just look at the logic... there's probably something we are missing.

[eluser]mdcode[/eluser]
Well I couldn't go along with how it was being put so have had to revert to a mixture of the posts above. Earlier in the page (where I set a list of variables for the form), I have also declared the $user_state and $user_dept and set them to the information in the user session data. I then have this line just above the form code:

Code:

if ((($user_state == $project->state_code) OR ($user_state == 0)) AND (($user_dept == $project->dept) OR ($user_dept == 0)))

...and the the error message under the form. Testing various accounts this is now working perfectly. Thanks for the help and prompting, and apologies for being a bit stupid today, I'm not feeling too well.

[eluser]Thorpe Obazee[/eluser]
no worries. I am not feeling too well myself(I came home immediately after I posted the second post).