Hello, Probably the only way that you are going to be able to implement something like this is using a database and a scripting language that allows you to track user sessions. As for the login part, you need to set up three database tables: 1: 1 to track the users and their passwords 2: A table to track groups or access levels available 3: a table that ties a user to the groups that they belong to User +--------+----------+----------+ | userID | UserName | Password | +--------+----------+----------+ Groups +---------+-------------+ | groupID | description | +---------+-------------+ User_Group +--------+---------+ | userID | groupID | +--------+---------+ When a user logs in, you verify the username and password against the User table. If they are a user, you then grab the groups that they belong to from the User_Group table and store them in a session variable. That is the easy part. The hard part is protecting the content. The easiest way of doing this may be to section each group of content off to a particular page. At the top of the page, you need to assign the page to a particular group as well. Then when a user tries to access that page, you check to see if the user belongs to the same group as the page. If so, the user is granted access, if not, they get an error page. This is a very simplistic explanation of what you are describing. The important thing is that you have decouple the password from the group that the user belongs to. This way, you can add the user to a new group without affecting the user in any way. From their viewpoint, they are just allowed to access more material than before. As someone has already stated, the best method for doing this is probably to find someone who has already done it and has the code mostly created. This is not a solution you can implement quickly. Hope the above info helps, chris -----Original Message----- From: Audrey Blumeneau I have a client who wants a password protected site. However, what he wants is far more complex (of course). He has four levels of files - partners, committed investors, potential investors and potential buyers. He wants all of these to be password protected. He wants it set so that if "Bob and Jane" call him up and want to be potential investors, he can give them a user ID and password that will give them access to certain files. If they like what they see and become committed investors, he wants me to make it so that their password now allows them to view files that were previously not privy to them. It would be seamless to Bob and Jane. In addition he wants to be able to have a log out and be able to time-out of the session.....AND he wants to track each person on where they go on the site and how long they stayed there...this is all part of some marketing thing and is limited to selected people (this site will not be open to the search engines....).