That code does not enforce user levels and does not stop access to the pages. It is simply a conditional redirection script. Anyone can ‘manually’ enter any of those URLs and open the corresponding page.
The correct way of implementing user levels is to query on each page request to get the current user’s information and permissions, and use this data to determine what the user can see and do on that page.