Re: Javascript/Multiple Choice Exam
by Zachary Johnson <zachary(at)zacharyjohnson.com>
|
| Date: |
Thu, 16 Mar 2000 17:20:57 -0500 |
| To: |
Jon Hagee <jhagee(at)pop.uky.edu>,
<hwg-languages(at)hwg.org> |
| In-Reply-To: |
uky |
| |
todo: View
Thread,
Original
|
|
Jon,
You should be aware that any moderately savvy user of your exam site can
easily bypass the quiz altogether, and go directly to the certificate page
without ever even answering a single question!
All one has to do is view the source and look for instances of ".htm" (or
use the Search command if they're lazy like me). In your file, two of them
come up: mctest.htm, and mctest2.htm. One look at the location bar of the
browser reveals I'm already at mctest.htm, and in a fit of curiousity, it
type in mctest2.htm.
Viola!
Even if you found a way to hide the URL's, and desperate (or bored)
test-taker could still easily change the page to fool the encryption
routine into *thinking* that the user scored 70% or better, and thus, cough
up the URL.
The only reliable way around this (at least, that I can see) would be to
have the page only submit the answers (e.g.
Question1=a&Question2=b&Question3=c) and let a server-side script calculate
the percentage, and then have the server-side script re-direct the test
taker to the certification page, or simply print out the certificate page
itself.
The PRO's:
1)Security -- the test-taker can't cheat (unless they are a REALLY savvy
hacker, in which case, they probably aren't pharmacists).
2)Better browser capability -- since you don't need Javascript, any person
with browser that can submit a form can take the test (every body). Of
course, you could still at bells and whistles with Javascript if you like...
The CON's:
1) Gotta learn a server-side scripting language (e.g. perl, ASP,
Cold-FusionMarkupLanguage, PHP, etc.) OR
2) Pay somebody who does know one of the above to do it for you.
The good new is, if you can follow someone else's JavaScript, you shouldn't
have too much trouble learning any of the above. Just grab one of the
tutorial's like Sams.net "Teach Yourself CGI Programming in a Week" type of
books.
Then you can coerce your boss into giving you a raise.
Zack
At 03:18 PM 3/16/2000 -0500, you wrote:
>I'm trying to use this Multiple Choice Exam script from:
>
> http://www.infohiway.com/javascript/mctest.htm
>
>I've got it working just fine at:
>
> http://www.rxce.org/exams/mctest.htm
>
>and now I need to have it pop up a new button (when the user
>passes with 70% or greater) that will allow them to go to a
>new page to fill out info for their certificate.
>
> (http://www.rxce.org/exams/mctest2.htm)
>
>I'd appreciate it if someone could tell me what to put where
>to do this. I am learning JS and have studied this script and
>understand generally what is happening. But am puzzled on how
>to do what I need to do next.
>
> Thanks!
>
> Jon
>
>
HWG: hwg-languages mailing list archives,
maintained by Webmasters @ IWA