diff --git a/app/Controllers/HomeController.php b/app/Controllers/HomeController.php
index 4a6e4cc..c022c2d 100644
--- a/app/Controllers/HomeController.php
+++ b/app/Controllers/HomeController.php
@@ -11,6 +11,11 @@ class HomeController extends Controller {
         $category = $_GET['category'] ?? null;
         $search = $_GET['search'] ?? null;
         
+        // Store referral code if present in landing
+        if (isset($_GET['ref'])) {
+            $_SESSION['global_ref'] = $_GET['ref'];
+        }
+
         $apkService = new ApkService();
         $apks = $apkService->getAllApks($category, $search);
         
@@ -31,9 +36,11 @@ class HomeController extends Controller {
             $this->redirect('/');
         }
 
-        // Store referral code if present specifically for this APK
+        // Store referral code if present specifically for this APK or take from global session
         if (isset($_GET['ref'])) {
             $_SESSION['ref_download_' . $apk['id']] = $_GET['ref'];
+        } elseif (isset($_SESSION['global_ref'])) {
+            $_SESSION['ref_download_' . $apk['id']] = $_SESSION['global_ref'];
         }
 
         $this->view('apk_detail', [
@@ -57,10 +64,17 @@ class HomeController extends Controller {
         $stmt = $db->prepare("UPDATE apks SET total_downloads = total_downloads + 1 WHERE id = ?");
         $stmt->execute([$apk['id']]);
 
-        // Referral logic
+        // Referral logic & Anti-Cheat
         $ref_key = 'ref_download_' . $apk['id'];
-        if (isset($_SESSION['ref_download_' . $apk['id']])) {
-            $ref_code = $_SESSION['ref_download_' . $apk['id']];
+        
+        // If not set for this specific APK, try global referral
+        if (!isset($_SESSION[$ref_key]) && isset($_SESSION['global_ref'])) {
+            $_SESSION[$ref_key] = $_SESSION['global_ref'];
+        }
+
+        if (isset($_SESSION[$ref_key])) {
+            $ref_code = $_SESSION[$ref_key];
+            $ip_address = $_SERVER['REMOTE_ADDR'];
             
             // Find the user who owns this referral code
             $stmt = $db->prepare("SELECT * FROM users WHERE referral_code = ?");
@@ -68,10 +82,28 @@ class HomeController extends Controller {
             $referrer = $stmt->fetch();
 
             if ($referrer) {
-                // Award points/money to referrer
-                // For example, 100 rupiah per download
-                $stmt = $db->prepare("UPDATE users SET balance = balance + 100 WHERE id = ?");
-                $stmt->execute([$referrer['id']]);
+                // Anti-Cheat: Check if this IP has already downloaded this APK for THIS referrer today
+                $stmt = $db->prepare("SELECT COUNT(*) FROM referral_downloads WHERE referrer_id = ? AND apk_id = ? AND ip_address = ? AND created_at > DATE_SUB(NOW(), INTERVAL 24 HOUR)");
+                $stmt->execute([$referrer['id'], $apk['id'], $ip_address]);
+                $already_downloaded = $stmt->fetchColumn();
+
+                // Anti-Cheat: Check general download frequency from this IP (max 10 rewarded downloads per IP per 24h across all APKs)
+                $stmt = $db->prepare("SELECT COUNT(*) FROM referral_downloads WHERE ip_address = ? AND created_at > DATE_SUB(NOW(), INTERVAL 24 HOUR)");
+                $stmt->execute([$ip_address]);
+                $ip_total_daily = $stmt->fetchColumn();
+
+                if ($already_downloaded == 0 && $ip_total_daily < 10) {
+                    // Reward amount
+                    $reward_amount = 500.00;
+
+                    // Record the referral download
+                    $stmt = $db->prepare("INSERT INTO referral_downloads (referrer_id, apk_id, ip_address, amount) VALUES (?, ?, ?, ?)");
+                    $stmt->execute([$referrer['id'], $apk['id'], $ip_address, $reward_amount]);
+
+                    // Award balance to referrer
+                    $stmt = $db->prepare("UPDATE users SET balance = balance + ? WHERE id = ?");
+                    $stmt->execute([$reward_amount, $referrer['id']]);
+                }
             }
 
             unset($_SESSION[$ref_key]);
diff --git a/assets/pasted-20260224-235212-4dbae770.jpg b/assets/pasted-20260224-235212-4dbae770.jpg
new file mode 100644
index 0000000..3793516
Binary files /dev/null and b/assets/pasted-20260224-235212-4dbae770.jpg differ
diff --git a/full_schema.sql b/full_schema.sql
index e3fbd68..dc1bb83 100644
--- a/full_schema.sql
+++ b/full_schema.sql
@@ -1,10 +1,19 @@
 -- Full Schema for APK Portal
 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
+SET AUTOCOMMIT = 0;
 START TRANSACTION;
 SET time_zone = "+00:00";
+SET FOREIGN_KEY_CHECKS=0;
 
 -- --------------------------------------------------------
 
+-- Table structure for table `settings`
+CREATE TABLE IF NOT EXISTS `settings` (
+  `id` INT AUTO_INCREMENT PRIMARY KEY,
+  `setting_key` VARCHAR(255) UNIQUE,
+  `setting_value` TEXT
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
 -- Table structure for table `users`
 CREATE TABLE IF NOT EXISTS `users` (
   `id` int(11) NOT NULL AUTO_INCREMENT,
@@ -83,7 +92,17 @@ CREATE TABLE IF NOT EXISTS `referral_downloads` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 -- Default Data
+INSERT IGNORE INTO `settings` (`setting_key`, `setting_value`) VALUES 
+('site_name', 'ApkNusa'),
+('site_icon', ''),
+('site_favicon', ''),
+('meta_description', 'Download the latest APKs for free.'),
+('meta_keywords', 'apk, download, android, games, apps'),
+('head_js', ''),
+('body_js', '');
+
 INSERT IGNORE INTO `users` (`username`, `password`, `role`) VALUES ('admin', '$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi', 'admin'); -- password: admin123
 INSERT IGNORE INTO `categories` (`name`, `slug`) VALUES ('Games', 'games'), ('Apps', 'apps'), ('Tools', 'tools');
 
+SET FOREIGN_KEY_CHECKS=1;
 COMMIT;