Chris, Thank you - this was extremely helpful and I think that we just might look into getting an experienced person in on this...as much as I would like to learn....it feels a bit over my head. But what you wrote here will help me not only talk to my client but also help me help him talk to that experienced person. Thank you so much for your time in responding to this. Cheers, Audrey At 04:29 PM 7/8/04 -0400, you wrote: >Hello, > >Probably the only way that you are going to be able to implement something >like this is using a database and a scripting language that allows you to >track user sessions. As for the login part, you need to set up three >database tables: > >1: 1 to track the users and their passwords >2: A table to track groups or access levels available >3: a table that ties a user to the groups that they belong to > >User >+--------+----------+----------+ >| userID | UserName | Password | >+--------+----------+----------+ > >Groups >+---------+-------------+ >| groupID | description | >+---------+-------------+ > >User_Group >+--------+---------+ >| userID | groupID | >+--------+---------+ > >When a user logs in, you verify the username and password against the User >table. If they are a user, you then grab the groups that they belong to from >the User_Group table and store them in a session variable. > >That is the easy part. The hard part is protecting the content. The easiest >way of doing this may be to section each group of content off to a >particular page. At the top of the page, you need to assign the page to a >particular group as well. Then when a user tries to access that page, you >check to see if the user belongs to the same group as the page. If so, the >user is granted access, if not, they get an error page. > >This is a very simplistic explanation of what you are describing. The >important thing is that you have decouple the password from the group that >the user belongs to. This way, you can add the user to a new group without >affecting the user in any way. From their viewpoint, they are just allowed >to access more material than before. > >As someone has already stated, the best method for doing this is probably to >find someone who has already done it and has the code mostly created. This >is not a solution you can implement quickly. > >Hope the above info helps, > >chris > > >-----Original Message----- >From: Audrey Blumeneau > > >I have a client who wants a password protected site. However, what he wants >is far more complex (of course). He has four levels of files - partners, >committed investors, potential investors and potential buyers. He wants all >of these to be password protected. He wants it set so that if "Bob and >Jane" call him up and want to be potential investors, he can give them a >user ID and password that will give them access to certain files. If they >like what they see and become committed investors, he wants me to make it >so that their password now allows them to view files that were previously >not privy to them. It would be seamless to Bob and Jane. > >In addition he wants to be able to have a log out and be able to time-out >of the session.....AND he wants to track each person on where they go on >the site and how long they stayed there...this is all part of some >marketing thing and is limited to selected people (this site will not be >open to the search engines....). > >-- >* * Please support the community that supports you. * * >http://evolt.org/help_support_evolt/ > >For unsubscribe and other options, including the Tip Harvester >and archives of thelist go to: http://lists.evolt.org >Workers of the Web, evolt !