i am using php with mysql, i wish to learn on how i can have multi level security on the back end of a website.

I want certain people to view certain pages, like the admin has complete control, and manager has 80% control, and end user has 40% or something like that.

I have used sessions to currently register the person who has the correct username and password ... below is the code
Code:
//on successfull match in database
session_register("myusername");
session_register("mypassword");
and on every page i check the following


Code:
<?php 
session_start();
if(!session_is_registered(myusername)){
header("location:index.php");
}
?>
but now if i type in directly the url of a file that only the admin should have access to it shows up.
Any help or pointers please.

thanks