OK, here's more code.
<?php
include('funcs.php');
include('dbconnect.php');
session_start();
setDef($userMsg);
setDef($_GET['userMsg']);
setDef($_GET['listNum']);
setDef($_SESSION['uid']);
setDef($_SESSION['viewhash']);
setDef($_SESSION['edithash']);
$selectList = mysql_query('SELECT * FROM the_table WHERE id = '.$_GET['listNum'],$con);
if( mysql_num_rows($selectList) ==1 ){
$userCanView = false;
$userCanEdit = false;
$editPassSet = false;
if( mysql_result($selectList,0,'viewhash') == 'anyone' ){ // for some reason, this line is setting the resultset $selectList to be blank
$userCanView = true;
}
if( $_SESSION['viewhash'] == mysql_result($selectList,0,'viewhash')){
$userCanView = true;
}
if( $_SESSION['edithash'] == mysql_result($selectList,0,'edithash') ){
$userCanView = true;
$userCanEdit = true;
}
if( $_SESSION['uid'] == mysql_result($selectList,0,'owner') ){
$userCanView = true;
$userCanEdit = true;
}
if( mysql_result($selectList,0,'edithash') != 'no' ){
$editPassSet = true;
}elseif(mysql_result($selectList,0,'edithash') == $_SESSION['edithash']){
$userCanEdit = true;
}
// load the list's items
$selectItems = mysql_query('SELECT * FROM the_table WHERE list_id = '.$_GET['listNum'].' AND status = "live" ORDER BY pos ASC, added DESC',$con);
}else{
$userMsg = '<p class="msgError">That list does not exist. </p>';
header('Location:user.php?userMsg='.urlencode($userMsg));
}
// redirect user to passreq.php if list requires a view password
if( mysql_result($selectList,0,'owner') != $_SESSION['uid'] ){
$listViewhash = mysql_result($selectList,0,'viewhash');
if( ($listViewhash != 'no') && ($listViewhash != 'anyone') && ($listViewhash != $_SESSION['viewhash']) ){
header('Location:'.$siteURL.'/passreq.php?l='.$_GET['listNum'].'&type=view');
}
// redirect to login page if user does not have view permission at least
}elseif( !$userCanView ){
$userMsg = '<p class="msgError">You do not have permission to view that list. </p>';
header('Location:'.$siteURL.'/user.php?userMsg='.urlencode($userMsg));
}
?>
Dumping out $selectList before and after the second IF shows that it's happening there.
Driving me nuts!