First of all, you should know that you should be storing user information in the database. Then, when someone logs in and you verify the login, you can store his or her user ID in the session, and then to get all other user information, like user_type, you would query the database based on that ID. Not sure if you're doing that yet, but you should be if you aren't.
As far as user rights go, you have two options.
The OOP Way
This is the one I recommend. It entails creating a User class that encapsulates all of the logic for retrieving a user from the database and subsequently checking if that user has a specific right.
class User {
protected static $_rights = array(
'admin'=>array(
'create_page','remove_page', etc...
)
);
public static retrieve($id) {
// Call to your database or persistent storage to retrieve user info based on id
return new static($retrieved_user_data);
}
public function has_right($right) {
return in_array($right, static::$_rights[$this->user_type]);
}
}
The Non-OOP Way
This is much lower-level and may be better for you in the meantime. Basically you would create an array of rights per user level that you store in the same file as the function you use to check them. Then this function must in turn be included on every page you plan to use it.
E.g., say you put the function in a file called functions.php, and it looks like this:
$user_rights = array(
'admin'=>array('create_page','remove_page','edit_user',...),
'veteran'=>array('ban_user','edit_page'),
// Other rights here
);
function has_right($user_id, $right) {
global $user_rights;
// Retrieve information from persistent storage about the user
// which I'm assuming you will store in $user_info
return in_array($right, $user_rights[$user_info['user_type']]);
}
Then you should include this file on any other file that you want to check user rights, and then all you need is the user ID (Stored in the session after log in) and the user type, which you can get from the database or other persistent storage.
