Enable href depending on the user with session started for certain permissions

In addition to making a menu for certain roles, you should make sure that the pages also validate the role since you can access the direct page by url.

So, I know two ways of doing this:

Of the two, the second is much better for maintenance reasons. Imagine that suddenly you need to modify or add a role, it would be hard to enter the code. It is better to make the changes in a table or to create a panel where an administrator can assign those roles.

Obviously this post is not fit for this option by its nature. So I'll give you how to validate the sessions to create a menu and to give access to a page. It is your decision whether you choose to do so or with option 2 (you would have to investigate or create a new question).

To show menu links:

function get_menu( $usuario)
{

  $menu = array();

  // O haces un swith

  if ( $usuario === 'A' )
  {
    $menu = array( 'link1' => 'opcion1', 'link2' => 'opcion2', 'linkN' => 'opcionN');
  }

  if ( $usuario === 'B' )
  {
     $menu = array( 'link1' => 'opcion1', 'link2' => 'opcion2', 'linkN' => 'opcionN');
  }

  if ( $usuario === 'C' )
  {
     $menu = array( 'link1' => 'opcion1', 'link2' => 'opcion2', 'linkN' => 'opcionN');
  }

  return $menu; 

  }

And print it like this:

session_start();

$menu = get_menu($_SESSION['usuario']);

// O haces una funcion para imprimir 
foreach( $menu as $link => $opcion){

  // ya lo imprimes con tu formato para estilos, aquí es sólo una demostración
  echo "<a href=\"$link.php\">$opcion </a>";

}

So far so nice, now you just have to validate on each page the following way always at the beginning of each file:

session_start();

if (!isset($_SESSION['usuario'])){
  // Terminamos o redirigimos con header location
  die('Acceso denegado');

}

$menu = get_menu($_SESSION['usuario']);

// Flag para el acceso
$acceso = false;

foreach ( $menu as $link => $opcion){
  if ( $link === $_SERVER[PHP_SELF])
  {
    $acceso = true;
  }
}

if (! $acceso)
  die('Acceso denegado');

And this should be enough. The important thing is to understand the logic. As you can see, the nature of doing it with pure code is to make the system complex and that is ultimately suicide.

I hope it serves you!

Note:

It is also necessary to add that $ _SERVER [PHP_SELF] will give you the exact path of the file, with everything and its path if it is not in the root. Then you should do this inside the foreach:

$array_opcion = explode('/', $link);
$pagina = array_pop($array_opcion);
if ( $link === $pagina)

What you could do is create menus depending on the user logged in. Here is an example:

<?php
            //En el if va la variable con la que identificas al usuario
            if($_SESSION['user'] == "A"){
        ?>
    
    Escribes el menu o <href> que necesitas mostrar al usuario de ese tipo 

<?php } else if($_SESSION['user'] == "B") { ?>

Escribes el menu o <href> que necesitas mostrar al usuario de ese tipo  


<?php } ?>

And so depending on the logged in user will show you menus with links to different parts of your application.

I'll give you an example Menu depending if you are logged in or not

Thank you all for your contributions. What I did was create a table with the username and assign them a role.

Subsequent to the moment of login, if the user agrees with the message, he will show the menu Administrative Management

That is, in the menu bar you will only see Administrative Management and not Human Resources as well as Systems

This is because in php, place CASE so that depending on the username it shows you the Href to validate and give you access to the next page

Later it redirects it to validar.php to find the username in the alternate table that shows them in the first image called users_mb and verifies the role or account

In this part if the username exists and the role is 1 then it gives the step to the index_ga

In summary I validate both a case and a validation to a bd