How is this PHP authentication function hackable?

[Cabysibly]

This is a recursive function I wrote to determine whether or not a given user is authorized to view content on a page. It is called in essentially the following fashion:\[code\]if(authorize($_SESSION['user']['user_id'], $necessaryClearance)){ //Output restricted content} else{ //Inform user they are not authorized}\[/code\]Every user has a clearance level, as well as a clearance status. This allows an authorize function to be called with $clearance as a clearance level the user has to match or beat, a clearance status that a user has to match, or an array of statuses - any one of which the user can match. Generally, the $user_id is pulled from session data ($_SESSION['user']['$user_id'], which is refreshed from a database each page load), and the clearance is set explicitly either on a per-page or per-module basis.\[code\]//This function checks if the user is authorized to view the page//It returns 1 if access is granted and a 0 if access is deniedfunction authorize($id, $clearance){ //$clearance == array if (is_array($clearance)){ //if yes Iterate array through Authorize($id, $clearance[]) foreach($clearance as $userStatus){ $tally += authorize ($id, $userStatus); } return $tally; //if no check if $clearenance is equal to a string }else if (is_string ($clearance)){ $string = "SELECT status FROM users WHERE id = '$id' LIMIT 1"; //If result returned. if($userData = http://stackoverflow.com/questions/3868516/mysql_fetch_array(Query($string))){ if($clearance == $userData['status']){ return 1; }else{ return 0; } } else{ return 0; } // if no check if $clearance is equal to a number }else if(is_numeric($clearance)){ $string = "SELECT level FROM users WHERE id = '$id' LIMIT 1"; //If result returned if($userData = http://stackoverflow.com/questions/3868516/mysql_fetch_array(Query($string))){ // if number is less than or equal to clearance level allow access if($userData['level'] <= $clearance){ return 1; }else{ return 0; } } else{ return 0; } }else{ //if nothing matches the page dies die('Authorization has failed.'); }}\[/code\]Are there any glaring security flaws in the code?