Search the Community

I have something like this <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="xxxx"; // Database name $tbl_name="xxxxxx"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $username=$_POST['username']; $password=$_POST['password']; // To protect MySQL injection (more detail about MySQL injection) $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $res = mysql_query("SELECT * FROM members WHERE username = '$username' LIMIT 1"); if(mysql_num_rows($res)>0) { $d = mysql_fetch_array($res); if($password == $d['password']) { session_regenerate_id(); //security for changing permissions session_register['id'] = $d['id']; session_register['access_level'] = $d['access_level']; switch($d['access_level']) { case 1: $loc = "home.php"; break; case 2: $loc = "paramedic.php"; break; case 3: $loc = "doctor.php"; break; case 4: $loc = "medprac.php"; break; case 5: $loc = "wardboss.php"; break; case 6: $loc = "consultant.php"; break; } header("Location: $loc"); } } ?> and this is verry correct I suppose. But I am having problem locking the pages. I want doctors and admin to have access to all pages while other to their pages only