Well I think you could have a multi-select box in the user screen that allows you to select one or all locations that the user is allowed to see. These could be stored in a comma separated list in a new field in www_users say allowedlocations varchar(50) as the location code is only 2 or 3 characters long (can't recall off top of head).
Then when the user logs in this is exploded and stored in an $_SESSION array variable say $_SESSION['AllowedLocationsArray'] = explode($myrow['allowedlocations'],','); from includes/UserLogin.php then when we have <select "Location" > statements through-out the code (use grep to find them). Modify the SQL to use:
Code:
$SQL = "SELECT loccode, locationname FROM locations WHERE loccode IN (";
foreach ($_SESSION'AllowedLocationsArray'] as $LocCode) {
$SQL .= "'" . $LocCode . "',";
}
$SQL = mb_substr($SQL,0,mb_strlen($SQL)-1) . ")"; //to nobble the trailing "," and add the closing bracket
I am sure there would be a better way - but just my 2c