I have a membership based website and im planning on implementing a referral system.
My website is credit based, the idea is that if User X refers User Y, then User X gets 100 bonus credits.
Has anybody built a referral system before and if so what obstacles should I bear in mind? I’ve had a snoop round SO tonight but couldn’t find any suitable answers.
My theory is to give each user a random string which is generated and stored in the DB when they sign up, The user will then be presented with a URL incl. that string which when they pass to somebody (User Z), User Z is then sent to a page, the page then uses the GET method to gather the Random string and update the DB Row they currently occupy, does this sound feasible or could it easily be breached?
Thanks
Typically this is called an affiliate program. You pretty much got it right in your description, but I would also store the referral from the $_GET var into a session or a cookie so the user can be credited even if they navigate away from the referral page.
By this I mean – typically an affiliate program credits user X only if user Y registers or buys something. So user Y can hit the referral page, then look around, then find their way back to a registration page, or purchase page. By that point the referral $_GET var is lost and so is the credit. So your referral page would store the session or cookie for the referral code, and your registration page or checkout callback would check for these vars and act accordingly.
I believe scott’s method is good if there is concern like he mentions, but alternatively you might want the referral to stay static all the time, for cases like business referrals that people might put on business cards. They do that a lot in MLM where the reps are given profiles on a central company website so they don’t need to make their own.
I don’t know what you mean by update the DB row they currently occupy. Are you suggesting something like a count field that holds a number representing the total referrals? If so, I would say that’s not a good idea. You should record each successful referral as its own entry in a relational table with the referrer’s id as the common key. That way you can store all kinds of post data in the referral so you know if you’re being messed with. Like, say, a user making 1,000 yahoo accounts and signing up with their own referral code just to get bonus credits. Your relational table might see the repeating IP address, or referral email being incremental (johndoe1000@yahoo.com, johndoe1001@yahoo.com, etc) and then you know to take action.
The safety of your suggestion ultimately comes down to how you handle the data. If you blindly insert anything into the DB then everything is harmful. Just make sure to properly escape things and keep an eye on behavior, even manually. You should be fine.