Geek Answers Handbook

JavaScript for an online quiz?

Maybe the question is about noob, but I'm really confused.
I am trying to make an online quiz where the user must choose one of 4 possible answers. But I'm stuck, well, because one question really bothers me. So:

I have a JavaScript function that changes the background color of a button and disables it when the user clicks on the wrong answer. And the right submit button requires a non-existent function, just to confuse people if they decide to take a quick look at the source code. Everything went great, but then I started to think. What if the user decides to take a deeper look at my source code? He will be able to see my JavaScript functions, and perhaps he will probably find the correct answer without playing.

Is there a way to hide the source (as I understand it, this is not possible with JavaScript), but maybe I could use something else? What do other developers use in these situations? Any suggestions? :)

+6
source share
4 answers

If you want to be truly secure, you must do this on the server side (e.g. PHP). What you could do to make it more difficult for scammers is to obfuscate your javascript code with one of various jf obfuscators such as this one that can never provide complete security.

+6
source

The reason users can cheat is because the answer is in JavaScript code.

Solution: Do not put the answer in JavaScript code . Store it on the server instead.

Something like this: whenever a user changes his answer to a question ...

  • JavaScript sends a response to the server.
  • The server responds with YES or NO.
  • JavaScript displays the response to the user.

The user never sees the answer, only if it was true or false.

tl; dr Learn AJAX.

+5
source

This is a good question and one that every web developer should ask himself ...

This is a serious problem that we, as web developers, face daily. Our JavaScript is available and sometimes edited. Do not trust ANYTHING that comes from the customer!

What I usually do is

  • Generate some type of unique hash on the server
  • Paste this hash into HTML and JavaScript.
  • Send this hash along with any request to the server.
  • Confirm the hash on the server by creating the hash again and making sure that it matches the hash that was sent.

A hash can be a concatenation of the element identifier, session identifier, some salt, and any other identifiable piece of data that can be restored to verify the request.

+2
source

To complete the other answers, to find out how to set up the server can cost you several days, I will sign you a 5-minute installation guide for a simple node.js server that will hide your answer.

Install node.js.

Create a file called server.js with the contents below.

 var express = require("express"), app = express(); app.get("first_answer",function(req,res){ res.send("b"); }); app.listen(8080);

Open a terminal, enter

 npm install express cd path_to_the_folder_you_placed_the_file node server.js

This will install the express.js module and start the server.

Now, on your site using jQuery, just request a response from the server. An example of using jQuery:

 var user_answer = ... $.get("http://localhost:8080/first_answer",function(answer){ if (answer == user_answer) alert("you got it right!"); });

For more complex examples and better server utilization, just read the express.js documentation. (

0
source

More articles:


All Articles