Need advice - linking .htpasswd / MySQL

Anon

I'm currently building a membership-based paid site. I'm planning to go with 2checkout as 3rd party cc processing, and use Membership Client Pro to automatically assign username/passwords, renew memberships, delete expired users, etc. However, I'm quite uncertain on a few things and I hope you guys can give me some pointers.

From what I understand, with Membership Client Pro, the 'database' which stores the username/password is actually a plain text file (I think it's like a .htpasswd file). Now, I need to have a MySQL database which stores some other info about the paid users (for example, address, phone#, gender, etc). Is it possible to 'link' these two databases together using a PHP script? Basically what I want to do is, I want to make it so that after the member pays (and hence his username/password is written into the text file), the MySQL table is also updated with this user's username/password.

To achieve this I'm planning to do this: write a PHP script that checks the text file and, for every username that it finds in the text file, check for a possible match in the MySQL table. If the username exists in the text file but not in the MySQL table, then the user is added to the MySQL table. So then I would have the newly registered username in both the text file and the MySQL table.

I'm planning to run this PHP script when the user's payment is accepted by 2checkout and the user is directed to the 'thank you' page (the page that would be shown immediately after the payment is accepted). I suppose that the script will run automatically once the user "lands" on this php page, am I correct?

Similarly, to delete expired users from the MySQL table, I'm thinking of running a cron tab perhaps every day and check the text file against the table, like what I described earlier. That is, because Membership Client Pro will automatically delete expired users from the text file, I can use a PHP script to check for any username that appears in the MySQL table but not in the text file - and delete the entry from the MySQL table if one is found.

Do you guys think this strategy will work? Is there any security loopholes? What should I be aware of? Is there anyone using similar strategies?

Any suggestion would be much appreciated!

Anon

that sounds like a fair strategy. Your only concern would be the latency between the time the info is removed from the .htacces file and the time it's removed from the database.

This would only be an issue if it were possible for a user to log in without a presence in the .htaccess