CODEWITHSUNDEEP
javascript
destripet
destripet

Reputation: 157

JavaScript for online quiz?

Maybe a noob question, but I am really confused.
I'm trying to make an online quiz, where user has to choose between 4 possible answers. But I got stuck, well, because 1 question is really bothering me. So:

I have a JavaScript function which changes background color of a button and disables it, when user clicks on the wrong answer. And the right answer button (submit) calls for non-existent function, just to confuse people, if they decide to take a quick look at the source code. Everything went great, but then I started to think. What if user decides to take a deeper look at my source code? He would be able to see my JavaScript functions and, well, he could probably figure out the right answer without really playing.

Is there any way I could hide the source (as I understand, it's not possible with JavaScript), but maybe I could use something else? What are other developers using in these situations? Any suggestions? :)

Upvotes: 5

Views: 3192

Answers (4)

MaiaVictor
MaiaVictor

Reputation: 52957

To complete the other answers, providing how learning how to set up a server could cost you a few days, I'll shortcut you a 5-min guide to setting a simple node.js server that will hide your answer.

Install node.js.

Create a file called server.js with the contents below.

var express = require("express"),
    app = express();
app.get("first_answer",function(req,res){
   res.send("b");
});
app.listen(8080);

Open the terminal, type 

npm install express
cd path_to_the_folder_you_placed_the_file
node server.js

This will install the express.js module and run the server.

Now, on your site, using jQuery, just request the answer from the server. Example using jQuery:

var user_answer = ...
$.get("http://localhost:8080/first_answer",function(answer){
    if (answer == user_answer)
        alert("you got it right!");
});

For more complex examples and best use of the server, just read on express.js documentation. (;

Upvotes: 0

Anko
Anko

Reputation: 6326

The reason users can cheat is because the answer is in the JavaScript code.

Solution: Don't put the answer in the JavaScript code. Keep it on a server instead.

Something like this: Whenever the user changes their answer to the question...

  1. JavaScript sends answer to server.
  2. Server replies with YES or NO.
  3. JavaScript displays reply to user.

The user never sees the answer, only whether it was true or false.

tl;dr Learn AJAX.

Upvotes: 5

Lix
Lix

Reputation: 47956

This is a good question and one that every web developer should be asking themselves...

This is a major problem that we as web developers face daily. Our JavaScript is view able and sometimes even editable. Trust NOTHING that comes from the client!

What I usually do is

  1. Generate some type of unique hash on the server
  2. Embed this hash into the HTML and JavaScript.
  3. Send this hash along with any request to the server.
  4. Validate the hash on the server by recreating the hash again and making sure it matches the hash that was sent.

The hash could be a concatenation of the item's id, a session id, some salt and any other identifiable piece of data that you can reconstruct to validate the request.

Upvotes: 2

David Müller
David Müller

Reputation: 5351

If you want to be really safe, you have to do it on the server side (e.g. PHP). What you could possibly do to make it more difficult for cheaters is to obfuscate your javascript code by one of the various js obfuscators like this one which can never bring full security.

Upvotes: 6

Related Questions