PHP login then redirect

I am using the following code to log users in to a series of secure pages - I need to have each user redirected to an appropriate page once submitted, I'm wondering what steps I need to take to single out the three login levels (admin,special,user):

if(isset($_SESSION['username'])){

    function check_login($level) {

        $username_s = mysql_real_escape_string($_SESSION['username']); 

        $sql = "SELECT user_level, restricted FROM login_users WHERE username = '$username_s'"; 
        $result = mysql_query($sql);
        $row = mysql_fetch_array($result);

        $user_level = $row['user_level'];
        $restricted = $row['restricted'];

        $sql = "SELECT level_disabled FR开发者_运维百科OM login_levels WHERE level_level = '$user_level'"; 
        $result = mysql_query($sql);
        $row2 = mysql_fetch_array($result);

        $disabled = $row['level_disabled'];

        if($disabled != 0) { include('disabled.php'); exit();

        } elseif($restricted != 0) { include('disabled.php'); exit();

        } elseif($user_level <= $level) { // User has authority to view this page.      

        } else { include('user_level.php'); exit();

        }

    }

} else {

    function check_login($level) { exit(); }
    include('login.inc.php'); exit();

I would store the login level in a $_SESSION variable and then redirect the user based on that as you'll want to keep track of that login level from page to page. To redirect them, use header() with a Location: string.

For ex:

if ($_SESSION['log_level'] == 'admin') {
   header("Location: admin.php");
} else if ($_SESSION['log_level'] == 'editor') {
   header("Location: editor.php");
} else if ($_SESSION['log_level'] == 'author') {
   header("Location: author.php");
}

I'd move those function calls out of the if statement and keep it somewhere else...

One approach could be declaring the different levels you like in an array: $levels = array('admin' => '/admin/url', 'special' => '/special/url', 'guest' => '/guest/url'); and iterate through the list or see if the key exists ...

Using switch is another approach ...

if (isset($_SESSION['login_level'])) { 
      switch ($_SESSION['login_level']) {
          case 'admin': 
               header('Location: /admin/url');
               break;
          case 'special':
               header('Location: /special/url');
               break;
          case 'guest':
               header('Location: /guest/url');
               break;
          default:
               do_login();
               break;
       }
  } else { 
      do_login();
  }

 function do_login() {
     // do something
 }