How to develop a time-restricted, secure script in javascript for an online-exam


I am developing an online-exam script in PHP-MySQL and I wish to develop a good javascript script for the online-exam to accurately time exams and allow for forcefully ending exams after the time is over. Moreover I am interested in a really secure and safe way of doing this so as to be able to ensure that it can't be hacked or overridden by someone to be able to by pass the timer.

In my opinion javascript is probably the best option for doing something like this, but I may be wrong, in case anyone thinks that this should be/could be done using some other language, please do let me know that too.

I hope I can get good help on this, if there is some javascript framework/script already available that does this, nothing like it, otherwise I would appreciate if the experts here to give me tips  and pointers as to how I should probably go about doing this. I am an amateur in javascript.
Dhruva SagarTechnical ArchitectAsked:
Who is Participating?
Pawel WitkowskiConnect With a Mentor Senior Javascript DeveloperCommented:
Javascript and security are opposit words ^^. It depends how much security u want to achieve. If it's only time - its no problem, just get time of opening session in PHP and just show it with javascript. Even if someone hax it in javascript you will do all calculations in PHP. But time in exams are not so important like cheating (giving answers to someone else). So what I could advice is to make random order generator of questions with random order of answers in this question (i assume that this is a ABCD test). What more... You have to turn of select and copy on whole page, but ppl always can make screenshots so in fact to make it most secure - everyone have to do it at once. Any other questions?
Pawel WitkowskiSenior Javascript DeveloperCommented:
I got once a classes with teacher that made this test via internet. They got this functionality, but studest found their way to cheat otherway so I dont even know is this worth of effort.
Dhruva SagarTechnical ArchitectAuthor Commented:
Well I am not so much bothered about people cheating, randomizing the questions as well as the answer options is something that I was going to do in the first place. Thanks for that anyways.

My major concern is to ensure that once a user starts a test, the time flow is accurate and that its not easily bypassed and also to be able to detect when the time is over.

Your suggestion regarding using PHP sessions is good in this respect, but I am not sure how to go about using it, if the user is one page and the time is there a way in php to detect that? php doesn't have such event handling, or does it? Can you give me just a few more inputs for the same?
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

sh0eConnect With a Mentor Commented:
If you want to use JavaScript, setTimeout("JavaScript to eval",milliseconds) is more accurate than setInterval.  Just have setTimeout recursively call itself to emulate setInterval.
Counting time using JavaScript will be troublesome, and I don't recommend it.  Refreshing, accidental navigation, human error, will give you headaches.  And anyone with a bit of tech knowledge could bypass it.

The best way would be to count the time on the server side (PHP), and just refuse any more submissions after a certain amount of time.  A straight-forward solution would be to store the starting time in the DB, and then check the time to see if their time is up.  Sessions, if you know how to implement it, would also work.

If you want to ensure the student gets as many problems as he has done submitted, I would recommend submitting (with AJAX perhaps) what they have after each problem they do, or just using a JavaScript timer warning them that the time is nearly over.

Dhruva SagarTechnical ArchitectAuthor Commented:
Thanks a lot!
Pawel WitkowskiSenior Javascript DeveloperCommented:
It depends - do you want to finish user test at once, or do you want to make them finish test BEFORE time ends. In second case - its their problem if they hax javascript or no, but PHP will store absolute number for it. Doing it from javascript... well - it might be really difficult to achieve. Mine idea is to make sure that javascript sends AJAX requests for every 1 min to PHP. PHP stores this information to know how much time left. With this request you could store actuall test progress, so if someone just hax javascript - his test is equal to last sent solution. But this do not solves  problem when someone stops AJAX calls - unless you do not send any other question untill for example first one is answered.

In fact what I would propose is:

- Use AJAX,
- show random question and random order of answers,
- show only one question at once,
- every time your user gets new question, update time counter in PHP

that should do the trick... I think
Pawel WitkowskiSenior Javascript DeveloperCommented:
Last post was for dhruvasagar comment
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.