PHP function to create user_level specific pages

Question

I am using the below code that checks login levels - what would be the most elegant way of creating pages that have to have a certain access level to be accessed?

function check_login($level) {

    $username_s = mysql_real_escape_string($_SESSION['username']); 

    $sql = "SELECT user_level, restricted FROM login_users WHERE username = '$username_s'"; 
    $result = mysql_query($sql);
    $row = mysql_fetch_array($result);

    $user_level = $row['user_level'];
    $restricted = $row['restricted'];

    $sql = "SELECT level_disabled FROM login_levels WHERE level_level = '$user_level'"; 
    $result = mysql_query($sql);
    $row2 = mysql_fetch_array($result);

    $disabled = $row['level_disabled'];

    if($disabled != 0) { include('disabled.php'); exit();

    } elseif($restricted != 0) { include('disabled.php'); exit();

    } elseif($user_level <= $level) { // User has authority to view this page.      

    } else { include('user_level.php'); exit();

    }

}

Answer 1

You're looking for something called ACL, and there are plenty of ways to accomplish it, both in PHP and in Apache. For PHP, Zend_Acl seems to be one of the better ones. Personally, I'm guilty of re-inventing the wheel, but it has always worked out thus-far.

Answer 2

As far as ease of coding is concerned, use mod_rewrite to send all page requests back to a single script that pulls content from a database. The database can correlate content to user level required to view said content and the script can enforce it.