in member.php find:
require(ROOT_PATH.'includes/sessions.php');
Insert below:
if ($user_info['user_level'] != ADMIN)
{
$disallow = array("htm", "html"); //list of extensions members may not upload.
$config['allowed_mediatypes_array'] = array_diff($config['allowed_mediatypes_array'], $disallow);
$config['allowed_mediatypes'] = implode(",", $config['allowed_mediatypes_array']);
$config['allowed_mediatypes_match'] = implode("|", $config['allowed_mediatypes_array']);
}