I have a client who runs a health club and wants to create a private website for the use of all club members. He currently maintains the membership database in a mySQL database (about 500 members) and has some CRUD screens to maintain it online. He wants to keep that CRUD setup.
If I create a WordPress website for his health club, he wants it to be - in effect - a private intranet website for club members only. This means that he doesn't want anyone to gain access into the private website unless they are valid members (i.e., have an active account in his CRUD-maintained mySQL database).
My current plan is to have an opening splash page that is non-WP (probably written in PHP) and will ask the web visitor for a valid username/password. Once the web visitor authenticates correctly then I would give them the option to review and/or update certain membership info contained in that database.
(FEATURE NOTE: there are probably about 50 data fields in this mySQL database, and the health club owner wants the members to be able to view and/or update about half of those fields; the other half of those fields are for back office use only and thus not viewable by the members. My plan would be to create a mini-CRUD system that lets the users view and maintain the data fields for their own account that they have permission to do so, but when the club owner logs in he will have access to all the fields for all the members)
Note that all accounts will be pre-loaded by the health club office staff: no self-registration is allowed on this private website.
After a web visitor authenticates, I would then redirect them into the home page of the private, WP-based website. I am guessing that I would have a single WP "subscriber" account in the WP user list which everyone would use once they pass thru the opening PHP-based splash page verification process.
If anyone has any opinions on this plan then my questions are:
1. How do I programmatically login each authenticated user from my PHP splash page as a valid WP subscriber and redirect them into the private site's HOME page?
2. Are there any "gotchas" or other issues in my plan that I am overlooking?
3. Am I losing anything either now or down the road if I have all splash-screen-authenticated users use the same WP user account?
Any alternative membership solutions welcomed as well.