Referrals

Status
Not open for further replies.

Central

Imagination is more important than knowledge.
Feb 22, 2015
709
107
Hello, at the moment I have been adding some stuff to the hotel and I have a section on the /me page about referrals and I want to add something to the register page when they type in a username of a person on the hotel who referred them to the hotel, i want their referrals to go up 1.

So what im saying is when people go to index#registration (thats where they register) i want a box for people to type in the name of who they referred them (of course it will be optional).

Can anyone help me?
 

JynX

Posting Freak
Feb 6, 2016
710
438
Really good pseudo explaining haha

Sent from my SM-G928F using Tapatalk
Well it's not entirely hard to take:
Code:
                                        <span>
                                        <label for="registration-email">Email</label>
                                        <label for="registration-email" class="details">You'll need this <b>email address for future reference</b>. Please use a valid address.</label>
                                        <input type="email" name="registrationBean.email" id="registration-email" value="">
                                    </span>
and copy and paste it and make it:
Code:
                                        <span>
                                        <label for="registration-referral">Referral</label>
                                        <label for="registration-referral" class="details">Who referred you to {hotelName}?</label>
                                        <input type="text" name="registrationBean.referral" id="registration-referral" placeholder="OPTIONAL">
                                    </span>
Then in your regsubmit (revcms) add (inside the count($errors) == 0):
Code:
if(!empty($_POST['registrationBean_referral'])) {
            mysql_query("UPDATE users SET `refs` = `refs` + 1 WHERE `username` = '". filter($_POST["registrationBean_referral"]) ."'");
}


Edit: Added filter() to the username for purposes :p
 
Last edited:

MayoMayn

BestDev
Oct 18, 2016
1,423
683
Well it's not entirely hard to take:
Code:
                                        <span>
                                        <label for="registration-email">Email</label>
                                        <label for="registration-email" class="details">You'll need this <b>email address for future reference</b>. Please use a valid address.</label>
                                        <input type="email" name="registrationBean.email" id="registration-email" value="">
                                    </span>
and copy and paste it and make it:
Code:
                                        <span>
                                        <label for="registration-referral">Referral</label>
                                        <label for="registration-referral" class="details">Who referred you to {hotelName}?</label>
                                        <input type="text" name="registrationBean.referral" id="registration-referral" placeholder="OPTIONAL">
                                    </span>
Then in your regsubmit (revcms) add (inside the count($errors) == 0):
Code:
if(!empty($_POST['registrationBean_referral'])) {
            mysql_query("UPDATE users SET `refs` = `refs` + 1 WHERE `username` = '". $_POST["registrationBean_referral"] ."'");
}
Wouldn't even recommend that code for a rookie. It screams sql injection all over it, plus you could easily exploit it by creating several smurfs and referrer your main user.
 

JynX

Posting Freak
Feb 6, 2016
710
438
Wouldn't even recommend that code for a rookie. It screams sql injection all over it, plus you could easily exploit it by creating several smurfs and referrer your main user.
I just took part of the normal regsubmit and edited it. Not my fault RevCMS is complete shit lol
 
Wouldn't even recommend that code for a rookie. It screams sql injection all over it, plus you could easily exploit it by creating several smurfs and referrer your main user.
Yea he could but if he has any knowledge in PHP he can edit the check for it or make a function for it in RevCMS. That's just something it inspire him as a start and go off of it. Too much spoon feeding happens so people need to learn how to take something little and make it better than before with their own knowledge and Google if you really are struggling.
 

Central

Imagination is more important than knowledge.
Feb 22, 2015
709
107
I'm not using that code if it's gonna make my hotel insecure and prone in sql injection so why would you give a hotel a death sentence?

If anyone has the code THAT won't provide my hotel being insecure would you spare a few mins and provide me it? Thanks.
 

MayoMayn

BestDev
Oct 18, 2016
1,423
683
I'm not using that code if it's gonna make my hotel insecure and prone in sql injection so why would you give a hotel a death sentence?

If anyone has the code THAT won't provide my hotel being insecure would you spare a few mins and provide me it? Thanks.
Then you'd have to switch to PDO, so wouldn't really matter, since MySQL_* is vulnerable to SQLi no matter what.

Sent from my SM-G928F using Tapatalk
 

Central

Imagination is more important than knowledge.
Feb 22, 2015
709
107
regsubmit.php
PHP:
<?php
    global $users, $core, $engine;
    
    $errors = array();
    $messages = array();
    
    if(empty($_POST["registrationBean_username"]))
        $errors["registration_username"] = "<br/>Please enter a username!";
    elseif(strlen($_POST["registrationBean_username"]) > 25 || !ctype_alnum($_POST["registrationBean_username"]))
        $errors["registration_username"] = "<br/>Please enter a valid username!";
    elseif($engine->num_rows("SELECT null FROM users WHERE username = '" . $engine->secure($_POST["registrationBean_username"]) . "' LIMIT 1") != 0)
        $errors["registration_username"] = "That username is already taken!";
    elseif(!preg_match("/^\s*[a-zA-Z0-9,\s]+\s*$/", $_POST["registrationBean_username"]))
        $errors["registration_username"] = "You cant use special characters!";
    
    if(empty($_POST["registrationBean_email"]))
        $errors["registration_email"] = "<br/>Please enter an email address!";
    elseif(!preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $_POST["registrationBean_email"]))
        $errors["registration_email"] = "<br/>Please enter a valid email address!";
    elseif($engine->num_rows("SELECT null FROM users WHERE mail = '" . $engine->secure($_POST["registrationBean_email"]) . "' LIMIT 1") != 0)
        $errors["registration_email"] = "<br/>That email address is taken!";
    
    if(empty($_POST['registrationBean_password']))
        $errors["registration_password"] = "<br/>Please enter a password!";
    elseif(strlen($_POST['registrationBean_password']) < 6)
        $errors["registration_password"] = "<br/>Please enter a password with more than 6 characters!";
    
    if(empty($_POST['registrationBean_password_confirm']))
        $errors["registration_password_confirm"] = "<br/>Please enter your password again!";
    elseif(!($_POST['registrationBean_password'] === $_POST['registrationBean_password_confirm']))
        $errors["registration_password_confirm"] = "<br/>Please enter a password with more than 6 characters!";
    
    if($_POST['registrationBean_termsOfServiceSelection'] != "true")
        $errors["registration_termsofservice"] = "Please accept the terms of service.";
    
    $return = array(
        "registrationErrors" => $errors,
        "registrationMessages" => $messages);
        
    if(count($errors) == 0)
    {
        if(isset($_SESSION['ref'])) // Use Session instead of form, incase input was changed
        {
            $referrer = $engine->secure($_SESSION['ref']); // Secure Session
            if($users->nameTaken($referrer)) // Recycled function, checks if the referrer exists
            {
                if(!$engine->num_rows("SELECT * FROM users WHERE username = '{$referrer}' AND ip_last = '{$_SERVER['REMOTE_ADDR']}' OR username = '{$referrer}' AND ip_reg = '{$_SERVER['REMOTE_ADDR']}'"))
                {
                    $credits = 5000; // Amount user gets from referring
                    $engine->query("UPDATE users SET credits = credits + {$credits}, refs = refs + 1 WHERE username = '{$referrer}' LIMIT 1");
                }
            }
        }
        
        $users->addUser($engine->secure($_POST["registrationBean_username"]),$core->hashed($_POST['registrationBean_password']),$_POST["registrationBean_email"],$_CONFIG['hotel']['motto'],$_CONFIG['hotel']['credits'],$_CONFIG['hotel']['pixels'],1, $_CONFIG['hotel']['figure'], "M", 12345);
        $users->turnOn($engine->secure($_POST["registrationBean_username"]));
        $return['registrationCompletionRedirectUrl'] = "{$_CONFIG['hotel']['url']}/me";
        
        if($engine->num_rows("SELECT * FROM users WHERE ip_reg = '" . $_SERVER['REMOTE_ADDR'] . "'") == 5)
        {       
            $return['registrationCompletionRedirectUrl'] = "{$_CONFIG['hotel']['url']}/clones";
        }
    }
    
    header('Content-type: application/json');
    echo json_encode($return);
    exit;
?>

Table name: referrals
 
Status
Not open for further replies.

Users who are viewing this thread

Top