User Registration including User Levels
I'm a relative newb. Please answer in fairly simple and specific terms. You won't insult me.
I am using DataBridge/SecurityAssist/DataAssist/Cookies, etc. I am following the "Create a Double Opt In Registration System" tutorial and video. I have run through it a couple of times, first following the steps exactly, then "playing" to see if I could modify it somewhat. I'm about to go through a third and (hopefully) final time. The first time it worked. The second time I tried adding in User Level Authentication. It didn't work. In going through the forums and support info I discovered what I think was a post that said I have to place my registration pages at the root level of my site. OK. I don't remember seeing that directive anywhere. That may be one of the reasons the second go through failed. I put the registration pages in their own folder.
Here are a series of questions that are vexing me:
1 - In creating the MySQL database it sets up, by default, a root user with username/password as root/root. For my connection I added an additional username/password of my own creation and am using that for my connection. It works fine. My question is, will leaving root/root expose my database to the world? I tried to change it (newb move) and fried MySQL. Had to reinstall MAMP and do some other stuff. Is my setup typical and secure?
2 - Do the registration.php and login.php and userupdate.php, et al, have to be at the root level of my site? My preference is to create a separate folder (also called a subdirectory, correct?) for the registration pages. I want to have all the pages that are password protected in other folders to keep the site neat and tidy.
3 - If it is a requirement to have the registration pages at the root level, is it possible to have the rest of the protected pages in folders?
I want to have User Levels for my site. Anyone who registers won't get immediate access to my protected pages. I will evaluate their registration information. If I want to give them access I will change their default User Level from 1 to 2. Level 2 users can see my pricing but that is all. Level 3 users have purchased $1K or more from me so they have access to some special stuff. Level 4 users have purchased $5K from me. And so on. The higher the User Level the better stuff they have access to. I think I need to edit the Restrict Access Rule to check for UserLevel. I tried to apply the info from the "SecurityAssist - User Level Authentication" information I downloaded. It doesn't fit exactly - remember, I'm a newb. I'm pretty sure I will need to use SecurityAssist: Authenticate User. I'm certain I will need to work with the Access Pages/Rules/Groups Managers. And I'm pretty sure there are several steps that I don't have a clue how or why to implement.
4 - Can someone tell me what to do to make the scenario above work? It seems so simple but there are so many steps. If there is a tutorial that does all this, great!! If not - Help!!
Thanks for any assistance you can provide.