I've added a field to mw_user that is membership type: an enum with 'non-member', 'supporter', 'member', 'director'. Only the latter two are allowed to view certain content. I hacked the Security extension to do that. Pages with <security></security> cause the Security extension to check the membership type of the current user and display or not accordingly.
Certainly not 128-bit DES, nor even a full ACL implementation, but enough to allow members to view each other's personal info (phone, address, interests, etc.) without letting the whole world in on it.
:::: News is what powerful people don’t want you to hear; everything else is just publicity. -- Bill Moyers :::: Jan Steinman http://www.Bytesmiths.com/Van