Hi. I'm trying to set up a website that registers people for a conference. I'd like to restrict access to the conference registry form to people who have already paid to a PayPal account (i.e., registered). What's the most effective way to do this? The solution I've come up with so far (I'm not a programmer by profession) is to have PayPal send customers who have paid to a dtml script that sets a cookie value and then redirects the customer to a form viewable only if the cookie has the correct value. But this model is insecure because there's nothing to prevent someone who *hasn't* paid to PayPal from running the script if they know what its URL is; and if I set some security block on it in Zope, then it wouldn't run when people who *have* paid were directed there. Obviously I'm missing something or just not looking in the right place. Maybe PayPal's confirmation email could be used in some way? Any pointers/help would be greatly appreciated. Cheers, Anthony