The login portion can be done.
you would need to modify the users table and add two new columns. One for clients home page, this column will store the page name of the clients home page (clientSite1.php, clientSite2.php, etc...). The other to indicate if the profile has been updated, set this to a default value of 0. you will need to modify the update record server behavior on the profile page to set this value to 1 when the profile is updated.
Next, on the login page, double click the authenticate user server behavior. On the third page, you can select column from the users table to store in session variables. select the new ClientsHomePage and profileUpdated columns.
In the SecurityAssist Access Rules manager, you can create a new rule for profileUpdated.
Set it to allow if. Click the Lightning bolt next to value and select the ProfileUpdated session variable. Set the Criteria to Equal and set the comparison to 1.
Next apply the SecurityAssist page access behavior to the profile page, use the profileUpdated rule. Click the folder icon next to "if Access denied Go to". In the Select File Dialogue, click the Data Sources radio button and select the ClientsHomePage session variable.
applying this rule to the profile page will make it so the profile page can no longer be accessed if the profile has been updated, you'll probably want to make a copy of the profile page that does not have the access rule applied to it, and link to that profile page in your menu.
As for using the same power store database for each client store, you will only be able to do that if each store sells the exact same items.