This looks wrong to me.... I think you would want to use or: '||' and not and:'&&'
Because if any one of those conditions fail you would want it to redirect. The statement you have would only redirect to the login page if
person_id is in the url AND the session_id matches the person_id
AND
the household_position value of the user is less than or equal to two
AND
the household values match in the two recordsets
AND
the user is not logged in
THEN
take them to the login page
I think it should probably be something like:
<?php
if( !isset($_GET['person_id']) || ($_SESSION['userlogin_id'] !== $_GET['person_id'] && $user_household_id->getColumnVal("household_position") <= 2) || $user_household_id->getColumnVal("household") !== $household_id->getColumnVal("household")) || !WA_Auth_RulePasses("People Directory Manager")) {
WA_Auth_RestrictAccess("../../../login.php");
}
?>
Which reads:
if there is no person_id in the url
OR
if the session variable user doesn't match the user AND the household position is less than or equal to 2
OR
if the household values don't match
OR
if they aren't logged in
THEN
take them to the login page
