Solved

How to develop a time-restricted, secure script in javascript for an online-exam

Posted on 2008-10-27
7
328 Views
Last Modified: 2010-04-21
Hi,

I am developing an online-exam script in PHP-MySQL and I wish to develop a good javascript script for the online-exam to accurately time exams and allow for forcefully ending exams after the time is over. Moreover I am interested in a really secure and safe way of doing this so as to be able to ensure that it can't be hacked or overridden by someone to be able to by pass the timer.

In my opinion javascript is probably the best option for doing something like this, but I may be wrong, in case anyone thinks that this should be/could be done using some other language, please do let me know that too.

I hope I can get good help on this, if there is some javascript framework/script already available that does this, nothing like it, otherwise I would appreciate if the experts here to give me tips  and pointers as to how I should probably go about doing this. I am an amateur in javascript.
0
Comment
Question by:dhruvasagar
  • 4
  • 2
7 Comments
 
LVL 18

Accepted Solution

by:
wilq32 earned 65 total points
ID: 22811229
Javascript and security are opposit words ^^. It depends how much security u want to achieve. If it's only time - its no problem, just get time of opening session in PHP and just show it with javascript. Even if someone hax it in javascript you will do all calculations in PHP. But time in exams are not so important like cheating (giving answers to someone else). So what I could advice is to make random order generator of questions with random order of answers in this question (i assume that this is a ABCD test). What more... You have to turn of select and copy on whole page, but ppl always can make screenshots so in fact to make it most secure - everyone have to do it at once. Any other questions?
0
 
LVL 18

Expert Comment

by:wilq32
ID: 22811235
I got once a classes with teacher that made this test via internet. They got this functionality, but studest found their way to cheat otherway so I dont even know is this worth of effort.
0
 
LVL 3

Author Comment

by:dhruvasagar
ID: 22811287
Well I am not so much bothered about people cheating, randomizing the questions as well as the answer options is something that I was going to do in the first place. Thanks for that anyways.

My major concern is to ensure that once a user starts a test, the time flow is accurate and that its not easily bypassed and also to be able to detect when the time is over.

Your suggestion regarding using PHP sessions is good in this respect, but I am not sure how to go about using it, if the user is one page and the time is over...is there a way in php to detect that? php doesn't have such event handling, or does it? Can you give me just a few more inputs for the same?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 16

Assisted Solution

by:sh0e
sh0e earned 60 total points
ID: 22811654
If you want to use JavaScript, setTimeout("JavaScript to eval",milliseconds) is more accurate than setInterval.  Just have setTimeout recursively call itself to emulate setInterval.
Counting time using JavaScript will be troublesome, and I don't recommend it.  Refreshing, accidental navigation, human error, will give you headaches.  And anyone with a bit of tech knowledge could bypass it.

The best way would be to count the time on the server side (PHP), and just refuse any more submissions after a certain amount of time.  A straight-forward solution would be to store the starting time in the DB, and then check the time to see if their time is up.  Sessions, if you know how to implement it, would also work.

If you want to ensure the student gets as many problems as he has done submitted, I would recommend submitting (with AJAX perhaps) what they have after each problem they do, or just using a JavaScript timer warning them that the time is nearly over.


0
 
LVL 3

Author Closing Comment

by:dhruvasagar
ID: 31510237
Thanks a lot!
0
 
LVL 18

Expert Comment

by:wilq32
ID: 22811868
It depends - do you want to finish user test at once, or do you want to make them finish test BEFORE time ends. In second case - its their problem if they hax javascript or no, but PHP will store absolute number for it. Doing it from javascript... well - it might be really difficult to achieve. Mine idea is to make sure that javascript sends AJAX requests for every 1 min to PHP. PHP stores this information to know how much time left. With this request you could store actuall test progress, so if someone just hax javascript - his test is equal to last sent solution. But this do not solves  problem when someone stops AJAX calls - unless you do not send any other question untill for example first one is answered.

In fact what I would propose is:

- Use AJAX,
- show random question and random order of answers,
- show only one question at once,
- every time your user gets new question, update time counter in PHP


that should do the trick... I think
0
 
LVL 18

Expert Comment

by:wilq32
ID: 22811882
Last post was for dhruvasagar comment
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

When you need to keep track of a simple list of numbers or strings, the Array object is your most direct tool.  As we saw in my earlier EE Article (http://www.experts-exchange.com/A_3488.html), typical array handling might look like this: (CODE) B…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now