PHP - 使用SESSION的权限问题

First of all, I'm completely new at this so be patient.

So there are different roles in my database like admin and safand if the person logged in is an admin I want them to see everything but if the person logged in is saf I just want them to see the DashboardandSAF.

If you need any other code I can provide it but I think this is enough??

<?php 
session_start(); 

$ligaBD=mysqli_connect("localhost","root","","pap"); 

if (!isset($_SESSION['loggedin'])) { 
    header('Location: login.html'); 
    exit(); 
} 

if (!isset($_SESSION['role']) || ($_SESSION['role'] != 'admin')) { 

?>
<ul class="nav navbar-nav">
    <li class="active"><a href="admin.php">Dashboard</a></li>

    <li><a href="biblioteca.php">Biblioteca</a></li>
    <li><a href="conselhoadmin.php">Conselho Administrativo</a></li>
    <li><a href="saf.php">SAF</a></li>
</ul>
<ul class="nav navbar-nav navbar-right">
    <li><a href="#">Bem-vindo, admin <?=$_SESSION['name']?></a></li>
    <li>
        <a href="https:a"><img src="./images/mail.png" alt="la" height="13" width="20" /></a>
    </li>
    <li><a href="./logout.php">Logout</a></li>
</ul>

<?php

}else if (!isset($_SESSION['role']) || ($_SESSION['role'] != 'saf')) {
?>

    <ul class="nav navbar-nav">
        <li class="active"><a href="admin.php">Dashboard</a></li>
        <li><a href="saf.php">SAF</a></li>
    </ul>
    <ul class="nav navbar-nav navbar-right">
        <li><a href="#">Bem-vindo, saf @login</a></li>
        <li>
            <a href="https:a/"><img src="./images/mail.png" alt="la" height="13" width="20" /></a>
        </li>
        <li><a href="./login.html">Logout</a></li>
    </ul>

<?php
    mysqli_close($ligaBD);
?>

What happens to me with this code is that when I log-in as a SAF user I can see the admin features anyway.

I'd be really appreciated if you could help me. Thank you

You are messing up with if conditions.

First if condition should be:

if (isset($_SESSION['role']) && ($_SESSION['role'] == 'admin')) {
 // Show admin role links.

And second if condition should be:

if (isset($_SESSION['role']) && ($_SESSION['role'] != 'admin')) { 
 // Show admin Non-admin/saf role links.

If you want to show Dashboard and saf to all the users, you can use if condition like below:

if (isset($_SESSION['role']) && ($_SESSION['role'] != 'admin')) {
     // Show Dashboard and saf and other links to all users.
     <ul class="nav navbar-nav">
        <li class="active"><a href="admin.php">Dashboard</a></li>
        <li><a href="saf.php">SAF</a></li>
    </ul>
    <ul class="nav navbar-nav navbar-right">
        <li><a href="#">Bem-vindo, saf @login</a></li>
        <li>
            <a href="https:a/"><img src="./images/mail.png" alt="la" height="13" width="20" /></a>
        </li>
        <li><a href="./login.html">Logout</a></li>
    </ul>

}else{
    // Show All links admin users.
    <ul class="nav navbar-nav">
        <li class="active"><a href="admin.php">Dashboard</a></li>
        <li><a href="biblioteca.php">Biblioteca</a></li>
        <li><a href="conselhoadmin.php">Conselho Administrativo</a></li>
        <li><a href="saf.php">SAF</a></li>
    </ul>
    <ul class="nav navbar-nav navbar-right">
       <li><a href="#">Bem-vindo, admin <?=$_SESSION['name']?></a></li>
       <li>
           <a href="https:a"><img src="./images/mail.png" alt="la" height="13" width="20" /></a>
       </li>
       <li><a href="./logout.php">Logout</a></li>
    </ul>

}

Youy need to tidy up your if statements. Many of them are checking two conditions when then only really need to check one.

Also you could replace your if statements with switch statements instead if the choices become numerous.

The below simplified code will show admin details to the admin flagged $_SESSION variable, and SAF details to the SAF flagged variable.

Also use the strict comparison tool === as best practise. Check for positive matches not negative matches (look for === not !==).

Please note the argument list is in a different order from your original code.

/***
 * I would suggest using the below line to avoid error report NOTICES.
 * Setting an unset value to false also fits the later test of empty()
 ***/
if(!isset($_SESSION['role'])){
    $_SESSION['role'] = false;
}


if ($_SESSION['role'] === 'admin') { 

?>
Admin Dashboard HTML

<?php

}
elseif ($_SESSION['role'] === 'saf'){
?>

     SAF Dashboard HTML

<?php
}
elseif (!empty($_SESSION['role']) ) {
 ?>
   Some other authentication level dashboard (optional). 
<?php
}
 mysqli_close($ligaBD);
?>