Jump to content

User Referral System PHP, MySQL ?


PHPFAN10

Recommended Posts

Hi,

 

I have a fully pledged membership system and want to integrate my own user referral system but want some tips, advice really on the logic of it. Basically already registered users on my site will have the option to refer people, only registered users. I will try to explain my logic and what i have done so far.

 

My current registered users table is something like

 

    users (table)

    - id (user id)

    - email (user email)

    - password (hash of users password)

    - reg_date (date user registered)

 

I have some other fields but not relevant to what I want to do and to keep things as simple as possible I left them out.

 

I am thinking of creating a new table called referrals and for example when a registered user on my site from the users table goes to a member only page called referral.php it will display a form so they can enter an email address of someone they want to refer and it also displays the people they referred.

 

My referral table is like this so far and not sure if it's best way to go about the database logics and php logic.

 

my table so far looks like this:

 

    referrals (table)

    - id (auto incremented every time a new referral (row) is added to referrals table)

    - referrer_uid (id of referrer, this would be the unique id of a registered user from the users table)

    - referred_email (email address of person who has been referred)

    - status (when someone is first referred default will be `referred`, if they signup to site via referral link this will update to `completed`)

    - created_on (date the referral was made, unix timestamp)

    - updated_on (date the referred person actually clicks the referral link and completes signup)

 

Currently i added the database table above to my site on local. added some sample data for testing and created a referral.php page where there's a form so a registered member can enter a persons email and refer them to my site to signup. On referral.php there is also  the total people they referred and a table showing all the people they referred as follows:

 

Referred Email | Referred Date | Status | Completed On

 

Now so far everything is seems fine. I have my sample (pretend referrals i made) data showing in my test account. The part i am now not sure about is this:

 

Obviously to stop abuse i do my usual validation checks like: check to ensure the email being entered on referrals page does not exist in users table (registered member), check to ensure the email has not already been referred previously (for spam reasons) only allowed to refer an email address once and not allowed to refer someone who has previously been referred by someone else to (again for spam reasons)

 

Now onto the tracking the referral and link building.

 

I was first thinking this:

 

on sign up form have a hidden field. The sign up form would do a simple check to see if isset $_GET['ref'] like signup.php?ref=something_here

 

if it is prefill the hidden field, when user then signs up if the ref=something_here matches what's in the database then update referral to complete so the referrer knows that their friend for example signed up via their referral, unix timestamp of when referred person completed signup.

 

Now i was going to use the email address of referred person or username of person who made the referral signup.php?ref=username or signup.php?ref=referred_email . Now what i am thinking is what would be better and i guess stop random abuse is create another column and call it referred_id; this would be a random md5 hash that is unique to that referral and it will be appended to the url like signup.php?ref=md5_hash_here.

 

 

 

So my questions are:

 

1) Is there anything you think i should change, improve on, alter etc ?

 

2) Do you think i am going about it the rite way or making a mess of it ?

 

3) Have i left anything out that i may have not thought of that could cause the system to be abused ?

 

Any suggestions, feedback, help on the whole logic would be great.

 

I coded allot of it last night and won't take me long to do the rest but need some help in terms of ensuring i am doing it the best way possible etc, the logic behind it all.

 

Thanks for any suggestions, help, advice, tips!

 

PHPFAN

Link to comment
Share on other sites

So my questions are:

 

1) Is there anything you think i should change, improve on, alter etc ?

    I think the way your dealing with it is correct.

2) Do you think i am going about it the rite way or making a mess of it ?

    Nope I think your perfectly fine with your current setup.

3) Have i left anything out that i may have not thought of that could cause the system to be abused ?

    From reading what you've validated so far I couldn't think of anything further to suggest.

Any suggestions, feedback, help on the whole logic would be great.

 

You said: Now i was going to use the email address of referred person or username of person who made the referral signup.php?ref=username or signup.php?ref=referred_email . Now what i am thinking is what would be better and i guess stop random abuse is create another column and call it referred_id; this would be a random md5 hash that is unique to that referral and it will be appended to the url like signup.php?ref=md5_hash_here.

 

If your members list isn't freely available I would certainly encrypt any values passed from the form, MD5 a mt_rand add some values and then use SHA1().. can never have too much!

 

It seems  like you have the psudeo flow of your code down pat, and I can't see any issues with it.

 

Thanks for any suggestions, help, advice, tips!

 

PHPFAN

Link to comment
Share on other sites

Hi,

 

Thanks for replying. Nice to here that i seem i'm on the rite track :)

 

When you say:

 

If your members list isn't freely available I would certainly encrypt any values passed from the form, MD5 a mt_rand add some values and then use SHA1().. can never have too much!

 

What do you mean exactly please if you don't mind explaining ? Not sure i understand what form your talking about i should be doing this.

 

> User logs in to their account

 

> User goes to referral page and enters a friends email for example

 

> after all checks are made, if ok it send out an email with a message and unique referal link like signup.php?ref=md5_unique_hash_here (the md5 hash is the referred_id which is unique to that person who was referred)

 

> The recipient clicks the link, this takes them to the sign up form and if php detects a referral link and it's a md5 hash and exists in database etc

  the referral status is updated from 'referred' to 'completed' and complete_on will contain a timestamp when recipient signed up. The referrer can see the status of a referral  they made in there account.

 

> If recipient want's to, they can decline the referral by clicking on another link that also contains another get like signup.php?ref=md5_unique_hash_here&status=declined link, if they do the status is updated to 'declined' and the referrer will see that it was declined and on what date.

 

> Once all this happens if the referral link is clicked again; checks are made to ensure it was not used more than once, and if the status comes back as 'completed' or 'declined' meaning the referral has been completed or declined previously the person with the link will get a message to tell them the referrer link is invalid or no longer valid etc.

 

I know how to do all this etc but not sure what you mean by above.

 

Thanks for any reply.

 

PHPFAN

 

Link to comment
Share on other sites

> User goes to referral page and enters a friends email for example

 

I'm not an expert when it comes to encryption but from my understanding $_GET values are posted clearly and anyone sniffing your network traffic can grab those values. So you'd possibly be sending valid email addresses to spammers. $_POST send the data encoded until it reaches the server so it's a bit more effor to capture and decode the information.

 

So depending on how you plan on executing the script, example: your using a html from within the PHP script you'd most likely use $_POST but if your using HTML from and action="dothis.php" you'll most likely use $_GET.

 

So either passing the username of their friend or the email address of their friend via $_GET leaves it open for bieng intercepted.

 

Sorry I'm just paranoid! :)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.