What you need is some Acces Control List implementation. There are some results for "acl php script" in google.
Or simplified - you can have group permissions stored in a database for each user and have them checked after login for each restricted page. PHPLib -- though it concetrated on session handling in PHP3 - had it well implemented. You can read it's documentation for details. There were two possibilities: permissions add up (i.e. when page needs user permissions, it's not enough to have admin perms, you need to have both) or the higher permissioned user can do whatever everyone below in hierarchy can.
