What I do it set a sessions when they log in and a session with thier security level. I can later test those values to decide what to display or if they should redirected away (like back to login page).

On login page I set 'validX' (tells me they logged in)
$_SESSION['validX'] = 'validX';

I also check a table for thier security level
$rs = $db->Execute("select * from user_table where name = '$user';");
while (!$rs->EOF) {
$level = $rs->fields[3];
$_SESSION['level'] = $level;
$rs->MoveNext();
}

Than on a html page I can check the value to decide to display it or redirect them. I use the same method for setting search terms as well.

// Authorization check
if (!isset($_SESSION['validX']))
{
$redirect_url = "index.php";
header("Location: $redirect_url");
}

// Security level check.
if ($_SESSION['level'] <> 14) {
$redirect_url = "index.php";
header("Location: $redirect_url");
}



http://us2.php.net/manual/en/book.session.php