Referrals

[Central]

Hello, at the moment I have been adding some stuff to the hotel and I have a section on the /me page about referrals and I want to add something to the register page when they type in a username of a person on the hotel who referred them to the hotel, i want their referrals to go up 1.

So what im saying is when people go to index#registration (thats where they register) i want a box for people to type in the name of who they referred them (of course it will be optional).

Can anyone help me?

 

[JynX]

Just copy the form for it change some shit on it and edit the regsubmit.php to +1 the column on submit..

 

[MayoMayn]

Just copy the form for it change some shit on it and edit the regsubmit.php to +1 the column on submit..

Really good pseudo explaining haha

Sent from my SM-G928F using Tapatalk

 

[JynX]

Really good pseudo explaining haha

Sent from my SM-G928F using Tapatalk

Well it's not entirely hard to take:

                                        <span>
                                        <label for="registration-email">Email</label>
                                        <label for="registration-email" class="details">You'll need this <b>email address for future reference</b>. Please use a valid address.</label>
                                        <input type="email" name="registrationBean.email" id="registration-email" value="">
                                    </span>

and copy and paste it and make it:

                                        <span>
                                        <label for="registration-referral">Referral</label>
                                        <label for="registration-referral" class="details">Who referred you to {hotelName}?</label>
                                        <input type="text" name="registrationBean.referral" id="registration-referral" placeholder="OPTIONAL">
                                    </span>

Then in your regsubmit (revcms) add (inside the count($errors) == 0):

if(!empty($_POST['registrationBean_referral'])) {
            mysql_query("UPDATE users SET `refs` = `refs` + 1 WHERE `username` = '". filter($_POST["registrationBean_referral"]) ."'");
}

Edit: Added filter() to the username for purposes

 

[MayoMayn]

Well it's not entirely hard to take:

                                        <span>
                                        <label for="registration-email">Email</label>
                                        <label for="registration-email" class="details">You'll need this <b>email address for future reference</b>. Please use a valid address.</label>
                                        <input type="email" name="registrationBean.email" id="registration-email" value="">
                                    </span>

and copy and paste it and make it:

                                        <span>
                                        <label for="registration-referral">Referral</label>
                                        <label for="registration-referral" class="details">Who referred you to {hotelName}?</label>
                                        <input type="text" name="registrationBean.referral" id="registration-referral" placeholder="OPTIONAL">
                                    </span>

Then in your regsubmit (revcms) add (inside the count($errors) == 0):

if(!empty($_POST['registrationBean_referral'])) {
            mysql_query("UPDATE users SET `refs` = `refs` + 1 WHERE `username` = '". $_POST["registrationBean_referral"] ."'");
}

Wouldn't even recommend that code for a rookie. It screams sql injection all over it, plus you could easily exploit it by creating several smurfs and referrer your main user.

 

[JynX]

Wouldn't even recommend that code for a rookie. It screams sql injection all over it, plus you could easily exploit it by creating several smurfs and referrer your main user.

I just took part of the normal regsubmit and edited it. Not my fault RevCMS is complete shit lol
 

Wouldn't even recommend that code for a rookie. It screams sql injection all over it, plus you could easily exploit it by creating several smurfs and referrer your main user.

Yea he could but if he has any knowledge in PHP he can edit the check for it or make a function for it in RevCMS. That's just something it inspire him as a start and go off of it. Too much spoon feeding happens so people need to learn how to take something little and make it better than before with their own knowledge and Google if you really are struggling.

 

[Central]

I'm not using that code if it's gonna make my hotel insecure and prone in sql injection so why would you give a hotel a death sentence?

If anyone has the code THAT won't provide my hotel being insecure would you spare a few mins and provide me it? Thanks.

 

[MayoMayn]

I'm not using that code if it's gonna make my hotel insecure and prone in sql injection so why would you give a hotel a death sentence?

If anyone has the code THAT won't provide my hotel being insecure would you spare a few mins and provide me it? Thanks.

Then you'd have to switch to PDO, so wouldn't really matter, since MySQL_* is vulnerable to SQLi no matter what.

Sent from my SM-G928F using Tapatalk

 

[MasterJiq]

Paste your regsubmit and your ref column name. I will code for it.

 

[Central]

regsubmit.php

<?php
    global $users, $core, $engine;
    
    $errors = array();
    $messages = array();
    
    if(empty($_POST["registrationBean_username"]))
        $errors["registration_username"] = "<br/>Please enter a username!";
    elseif(strlen($_POST["registrationBean_username"]) > 25 || !ctype_alnum($_POST["registrationBean_username"]))
        $errors["registration_username"] = "<br/>Please enter a valid username!";
    elseif($engine->num_rows("SELECT null FROM users WHERE username = '" . $engine->secure($_POST["registrationBean_username"]) . "' LIMIT 1") != 0)
        $errors["registration_username"] = "That username is already taken!";
    elseif(!preg_match("/^\s*[a-zA-Z0-9,\s]+\s*$/", $_POST["registrationBean_username"]))
        $errors["registration_username"] = "You cant use special characters!";
    
    if(empty($_POST["registrationBean_email"]))
        $errors["registration_email"] = "<br/>Please enter an email address!";
    elseif(!preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $_POST["registrationBean_email"]))
        $errors["registration_email"] = "<br/>Please enter a valid email address!";
    elseif($engine->num_rows("SELECT null FROM users WHERE mail = '" . $engine->secure($_POST["registrationBean_email"]) . "' LIMIT 1") != 0)
        $errors["registration_email"] = "<br/>That email address is taken!";
    
    if(empty($_POST['registrationBean_password']))
        $errors["registration_password"] = "<br/>Please enter a password!";
    elseif(strlen($_POST['registrationBean_password']) < 6)
        $errors["registration_password"] = "<br/>Please enter a password with more than 6 characters!";
    
    if(empty($_POST['registrationBean_password_confirm']))
        $errors["registration_password_confirm"] = "<br/>Please enter your password again!";
    elseif(!($_POST['registrationBean_password'] === $_POST['registrationBean_password_confirm']))
        $errors["registration_password_confirm"] = "<br/>Please enter a password with more than 6 characters!";
    
    if($_POST['registrationBean_termsOfServiceSelection'] != "true")
        $errors["registration_termsofservice"] = "Please accept the terms of service.";
    
    $return = array(
        "registrationErrors" => $errors,
        "registrationMessages" => $messages);
        
    if(count($errors) == 0)
    {
        if(isset($_SESSION['ref'])) // Use Session instead of form, incase input was changed
        {
            $referrer = $engine->secure($_SESSION['ref']); // Secure Session
            if($users->nameTaken($referrer)) // Recycled function, checks if the referrer exists
            {
                if(!$engine->num_rows("SELECT * FROM users WHERE username = '{$referrer}' AND ip_last = '{$_SERVER['REMOTE_ADDR']}' OR username = '{$referrer}' AND ip_reg = '{$_SERVER['REMOTE_ADDR']}'"))
                {
                    $credits = 5000; // Amount user gets from referring
                    $engine->query("UPDATE users SET credits = credits + {$credits}, refs = refs + 1 WHERE username = '{$referrer}' LIMIT 1");
                }
            }
        }
        
        $users->addUser($engine->secure($_POST["registrationBean_username"]),$core->hashed($_POST['registrationBean_password']),$_POST["registrationBean_email"],$_CONFIG['hotel']['motto'],$_CONFIG['hotel']['credits'],$_CONFIG['hotel']['pixels'],1, $_CONFIG['hotel']['figure'], "M", 12345);
        $users->turnOn($engine->secure($_POST["registrationBean_username"]));
        $return['registrationCompletionRedirectUrl'] = "{$_CONFIG['hotel']['url']}/me";
        
        if($engine->num_rows("SELECT * FROM users WHERE ip_reg = '" . $_SERVER['REMOTE_ADDR'] . "'") == 5)
        {       
            $return['registrationCompletionRedirectUrl'] = "{$_CONFIG['hotel']['url']}/clones";
        }
    }
    
    header('Content-type: application/json');
    echo json_encode($return);
    exit;
?>

Table name: referrals