PHP & MySQL restricted area per membergroup

Question

I have a table $members that has 4 colums ($id, $username, $password, $usergroup) meaning (1, john, 123, admin). I like the usergroup admin has the access to one page while usergroup member and guest don't have it.

this is my login form on index page:

 <table width="300" border="0" align="center" cellpadding="0" cellspacing="1"      bgcolor="#CCCCCC">
 <tr>
 <form name="form1" method="post" action="checklogin.php">
 <td>
 <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
 <tr>
 <td colspan="3"><strong>Member Login </strong></td>
 </tr>
 <tr>
 <td width="78">Username</td>
 <td width="6">:</td>
 <td width="294"><input name="myusername" type="text" id="myusername"></td>
 </tr>
 <tr>
 <td>Password</td>
 <td>:</td>
 <td><input name="mypassword" type="password" id="mypassword"></td>
 </tr>
 <td>&nbsp;</td>
 <td>&nbsp;</td>
 <td><input type="submit" name="Submit" value="Login"></td>
 </tr>
 </table>
 </td>
 </form>
 </tr>
 </table>

this is my checklogin.php

<?php
////// 
////// Checks for members 
//////
$host="localhost"; // Host name 
$username="#"; // Mysql username 
$password="#"; // Mysql password 
$db_name="#"; // Database name 
$tbl_name="members"; // Table name 


// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];  

// encrypt password 
$encrypted_mypassword=md5($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and                password='$encrypted_mypassword'";
$result=mysql_query($sql);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "manage-post.php"
session_register("myusername");
session_register("mypassword"); 
header("location:../admincp/manage-post.php");
}
else {
echo "Wrong Username or Password";
}
?>

this is placed on each of my pages to check if a person is logged in and allows acess to logged users and restricts access to unlogged:

<?php
////////
//////// Checks are you logged in or logged out
////////
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>

So what in this last chunk of code above should be adjusted in order some page would allow only members with $usergroup = admin and block users with $usergroup=member or guest?

Answer 1

add privilege column to you table, assign (admins, managers) privileges to the members who you want them to have access. then add session privilege variable:

/* in login validation form */   
$data = mysql_fetch_array($results);
$priv = $data['privilege'];

$(!$_SESSION){
$_SESSION(start);
$_SESSION['user'] = $myusername;
$_SESSION['priv'] = $priv;
}
/* in the file which you want to restrict access to */
if($_SESSION['priv'] != 'manager' || $_SESSION['priv'] != 'admin'){
header("location:main_login.php");
}

Answer 2

stored $usergroup in SESSION.
$_SESSION['usergroup']=$usergroup and in this code just add condition you want like, if($_SESSION['usergroup']==admin) { //condition }