3

I am presently working on building an user referral tracking script in PHP , MySql . As per the plan , any user who completes the registration will be given a referral link as well as he can share info about my application on Facebook and Twitter .

Now , untill and unless this user brings at least 5 more users to my site , he won;t be allowed to view the home page .

Now , how can I track the number of referred persons that this user brings ?

1.If I use $_HTTP_REFERRER - In this case I can get the link from where the user has landed onto my page . If this is my referral link then I can update the database entry for this user , and the number of referred persons + 1. But , how reliable is $_HTTP_REFERRER ?

2.If I use to track through cookie : Here I am a bit confused as to whether I have to set the cookies for each and every browser or is there any browser independent cookie setting method ? During setting the cookie , how I should save it , I mean should I use only referral id or should I use a combination of referral id and site_id(or any other rcombination).

Also , I should save the referral info in a database . What should be the ideal table schema for this table . I have planned something like : (user_id,user_name,no_of_referrals,referred_by).

deGee
  • 781
  • 1
  • 16
  • 34

2 Answers2

5

To get the referer, you want to use $_SERVER['HTTP_REFERER']. Nearly all browsers will send a referer, but it isn't mandatory that they do. Since this is a client-side thing, it can be easily modified by the user.

Most sites I've seen that use things like this use a variable in the URL to track the originating site. Something like this:

http://www.yoursite.com/someresource?originaccount=12345678

Whether or not this works for you is highly dependent on what you intend to do with that information, as obviously someone could change the ID as well.

Brad
  • 159,648
  • 54
  • 349
  • 530
  • 1
    Agree with Brad's answer. Best practice is to set a cookie with the originaccount# so that if the person meanders about or takes some amount of time to perform the action, you still credit the affiliate. 5 is a pretty low bar to set though -- anyone with working knowledge of TOR or an isp with a dynamic dhcp system would be able to fool you with some bogus referals in very little time. – gview Aug 29 '11 at 14:36
0

Because the $_SERVER['HTTP_REFERER'] has some issue(s)(some browser, eg : IE in some version), you can't relly on this, especially for referal counter functionality, as a universal method. The common alternative for this is sending the referal id via url so you can validate the referal using $_GET. But for security reason, you may considering to use encrypted id in your url (ref : Mcrypt) instead sending it plain.

toopay
  • 1,635
  • 11
  • 18
  • An md5 hash based on some passphrase concatenated with uniqid(time()) would do just as well. – gview Aug 29 '11 at 14:40