So i know some html, css, js, php and mysql but my knowledge is very limited regarding security issues and for a website i'm building till now i just used css display:none (triggered with js) to show or not to show some content to the user depending on his type (client, employee, boss). I've understood that if you don't want to have the risk of someone seeing something he should not (inspect page or some other way) you should not send that information(from server-side = php) at all. I'm not sure if the way i have in mind is the right one.

If i have 3 types of users 1)clients 2)employees 3)Boss and i want to show different content (basically the same content but a bit more information to employees and even more to boss) to each of them for 5 of the pages that exist in the website would it be effective to have 3 different php files(one for each type of user) for each page , store at $_SESSION['authority'] different values for each user during the login process and use that value to decide which page he can access?

For example the starting page is index.php and when the user logs in depending on his authority level (retrieved from database) he will be redirected by using header("Location: name_of_page.php"); to index.php if he is a client, to index_employee.php if he is an employee and to index_boss.php if he is the boss. And in each of these pages use something like the following to prevent users with different authority to enter.

index_boss.php

<?php
session_start();
if($_SESSION['authority'] == 2 && $_SESSION['loggedin'] == true) {
?>

page content

<?php
} 
else 
{
    if( $_SESSION['authority'] == 1 )
    {
       header("Location: index_employee.php");
    }
    else
    {
       header("Location: index.php");
    }
}
?>

Is this the correct way to tackle this issue? Are there ways to just use 1 php file for all users and hide or show some of the content with some other secure way?

The appropriate solution here is a role based system. In other words, create 3 roles and put users into those roles. The objects you will need are:

1. User
2. Role
3. Permission
4. Optionally - application
5. Optionally - part of an application (action for example)

Create your role based permissions system using these objects. Hope that helps!

YES it possible in the same page to do this! Just do tit like this: according to: 1)Boss 2)employees 3)clients index.php

<html>// Start the session here
<?php session_start();?>
<head>
//Your configuration
</head>
<body>

<?php
if($_SESSION['authority'] == 1 && $_SESSION['loggedin'] == true) {
?>
Here the Contents of the boss
<?php 
elseif($_SESSION['authority'] == 2 && $_SESSION['loggedin'] == true) {
;?>
Here the contents of employee

<?php }else{ ?>
Here the contents of clients
<?php };?>
</body>
</html>

Your implementation does seem correct for a low level site. However, as you scale it might be difficult to keep track of these for every single part or sub-part of your website.

I would suggest either using a class approach (create a different class for each user and use objects) or even use a framework which would usually encompass usage of classes within its own structure to ease the process of implementation and coding from your side.

Frameworks you might like to implement include CodeIgniter or Laravel (in no particular order) - bear in mind that at the moment, your code is doing these if checks every single reload - a correctly implemented class or framework would in most cases automatically know what to do giving a slightly quicker reaction time but more importantly, a clearer code structure and a good base to develop on.