Nancy

You will also have to alter create_account_success.php to keep the registrar from automatically being logged on when the account is created successfully. Replacing the code in create_account_success.php with the following will accomplish that: <? include('includes/application_top.php'); ?> <? tep_session_destroy(); include('includes/counter.php'); //header('Location: ' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL')); //tep_exit(); ?> /*<? $include_file = DIR_WS_INCLUDES . 'application_bottom.php'; include(DIR_WS_INCLUDES . 'include_once.php'); ?> */ <html> <head> <meta HTTP-EQUIV="Refresh" CONTENT="0; URL=http://www.yourdomain.com/catalog/revised_success_page.php"> <title>TITLE</title> </head> <body> </body> </html> This destroys the logged session (logs them off after automatically logging them on) and redirects them to a custom made success page. -nan

based on ver 2.1 1. Remove the password fields on the create_account.php form. 2. Disable the requirement (validation) for passwords on the create_account.php form. New user fills out form and submits it without a password - all information except a password is written to the database (you will need to disable the lost password function - or they could have a system generated password e-mailed to them). Make sure login.php will not accept null passwords. Add password editing to the admin side of editing customer information. Now you have all the registration information - but a customer can't login until you e-mail them a password. hth -nan