Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Senior Coder
    Join Date
    Dec 2002
    Location
    Arlington, Texas USA
    Posts
    1,062
    Thanks
    4
    Thanked 8 Times in 8 Posts

    location.replace

    When using location.replace method to move to a new page, is this supposed to be like opening a new window as far as the back button not showing anything in history? or does it have a history with the 1st page back in the history as being that page?

    I am still trying to prevent cheating when a user takes one of our timed exams. I have almost everything eliminated except for the keyboard combinations alt + left arrow and alt + right arrow. Alt + left arrow will move them back 1 page and then using alt + right arrow will move them forward. This has the effect of resetting the timer and leaves answers in place for those questions that are answered.

    Before anyone else responds that we need to move this to a server side solution that is not what my boss wants.

    Here are the steps in place right now.
    1. open new window with no toolbars
    2. capture and prevent these keyboard events
      1. Ctrl+R //refresh screen
      2. Ctrl+P //print screen
      3. Ctrl+N //load new window
      4. F5 key //refresh screen
      5. Back Space key //move back 1 page in history
    3. disabled right mouse click
    4. use location.replace to load each new section // isn't working like I wanted
    5. added code in onload event to move user forward if history>0 //works but essentially resets the clock for the user.


    before anyone says the user can simply disable javascript and then none of this will work, if they disable javascript the button wont submit the form as we do not use input type=submit instead we use input type=button with an onclick event that submits the form
    Last edited by miranda; 05-24-2006 at 03:18 PM.

  • #2
    Regular Coder
    Join Date
    Mar 2006
    Posts
    725
    Thanks
    35
    Thanked 132 Times in 123 Posts
    You and your boss are bailing a very leaky boat. Javascript is transparent to the user, as are all of your workarounds.

    If this is an important application for someone, I expect you'll be getting a new boss soon.

  • #3
    Senior Coder
    Join Date
    Jul 2005
    Location
    New York, NY
    Posts
    1,084
    Thanks
    4
    Thanked 19 Times in 19 Posts
    ----relevant answer---

    document.location is a string. document.location.replace returns a string. You're probably doing document.location = document.location.replace('');

    As for whether or not changing document.location leaves a trail in the history, why don't you test it and let us know what the behavior is in FF, IE, Moz, NN, and Opera. It's not that hard to test it yourself and get the answer.

    What have you tried so far to answer your own question and what have been the results?

    ---rant---
    Yeah, seriously, Miranda, all I need to do is write my minor web site that posts back to your test and all of your "security" is entirely moot.

    Please, have your boss consult with other professionals if he doesn't want to listen to you. If you need us to write up simple scenarios of how you can get burned by this in a matter of minutes so you can present him with professional opinions of why this is a bad idea, we'll do that.

    But the reason nobody answers your questions in a way that is effective for you is because no one ever writes code like this. No one. Ever. Because it's an excercise in futility and we all know it. Trust us. You really should talk to someone higher than your boss about this if you can, or do something to increase the number of people that support a server-side solution (IT'S NOT EXPENSIVE!!!! IT'S FREE!!!!) and convince him that he's paying you to do something that will crash and burn.

    There's tons of other reasons to go server-side as well. When new versions of browsers (or entirely new browsers) are released, there's no garauntee that your code will still work perfectly or at all. We all run that risk when we develop for the web. Some browser might prevent you completely from stopping users from using the back button because the back button is part of the browsing experience.

  • #4
    Senior Coder
    Join Date
    Dec 2002
    Location
    Arlington, Texas USA
    Posts
    1,062
    Thanks
    4
    Thanked 8 Times in 8 Posts
    Quote Originally Posted by mrhoo
    You and your boss are bailing a very leaky boat. Javascript is transparent to the user, as are all of your workarounds.

    If this is an important application for someone, I expect you'll be getting a new boss soon.

    Javascript is transparent to the user but the other options are to write a Java app, to write it in flash, or to write something that requires active x. I can do the last two and my boss can do the 1st and last but we also have many other projects on the table and need a short term solution until there is time to rewrite it completely. As well as money to revalidate it. When the test was validated last time it was at a cost of $1 Million.

    The test in question is not difficult and very few people cheat as it is. If the person is smart enough to find workarounds then they don't need to cheat.

    Without knowing what the exam is, who uses it, or what reasons there are to use a client side solution , if you don't have an answer to the question why not keep the comments to yourself!
    Last edited by miranda; 05-24-2006 at 06:41 PM.

  • #5
    Senior Coder
    Join Date
    Dec 2002
    Location
    Arlington, Texas USA
    Posts
    1,062
    Thanks
    4
    Thanked 8 Times in 8 Posts
    Quote Originally Posted by Beagle

    You're probably doing document.location = document.location.replace('');

    actually I was writing previous section's results to the database serverside and then on page load doing a location.replace to go to the next page.

    Quote Originally Posted by Beagle

    There's tons of other reasons to go server-side as well. When new versions of browsers (or entirely new browsers) are released, there's no garauntee that your code will still work perfectly or at all. We all run that risk when we develop for the web. Some browser might prevent you completely from stopping users from using the back button because the back button is part of the browsing experience.

    I agree with you 100% on what you are saying but
    1) he Is the boss
    2) I am a woman he is a man, and men think they are always right (even when wrong and proven wrong)
    3) he feels that going to a server side solution, removes one part that is user friendly, (the timer doesnt start until the user clicks ok on the alert that is used at the beginnings of each section.)
    4) I wanted to rewrite to scramble questions and answers. Then let people cheat as they may well be answering the wrong question with that answer. but, they are afraid that we may have to revalidate the exam (see my last post about the cost.)
    5) very few people cheat anyway. Timed parts are very easy anyway(IMHO)


    I am trying to get them to move away from classic ASP and to start using .Net and haven't been able to convince the SysAdmin or my boss that we need to do this. (Small company currently the three of us are the IT department)

    Javascript is something that I am only soso at which is why I very seldom post in this forum.

  • #6
    Senior Coder
    Join Date
    Jul 2005
    Location
    New York, NY
    Posts
    1,084
    Thanks
    4
    Thanked 19 Times in 19 Posts
    Well, inspite of your recommendation to keep the comments to ourselves, if you have ASP at your disposal, then why do you believe you either need a JAVA applet, a flash application, or active x?

    Why not use ASP to keep track of some simple session variables, like current question, and time left so that you don't have to worry about what the client is doing?

    The solutions are rather simple in ASP.

    keep a session variable that stores the question number. Whenever an answer is sent, apply it to the question number in the session and incremement the question number. Never ask the client what question they are on, that way, they can't skip around (if they try to, they'll get wrong answers, hence, anti-cheating).

    Also, keep a session variable to say what time the test was started on. Every time an answer is posted, check the current SERVER time and make sure it's within the total time allocated for taking the test. If not, the test is over and put blank answers for the rest of the questions.

    This is what we are suggesting. I don't think anyone here believed you needed JAVA, Flash, or Active X.

    Lot's of simple, fast, cheap solutions to what you're trying to do. Certainly a lot faster than trying to short-circuit every single standard browser feature that doesn't jive with your test-taking model.

    Good luck, and if you still want us to keep our comments to ourselves, don't be surprised when your requests for help running a fool's errand go unanswered. You have to pay people to work on things that they think are mindless.

  • #7
    Senior Coder
    Join Date
    Dec 2002
    Location
    Arlington, Texas USA
    Posts
    1,062
    Thanks
    4
    Thanked 8 Times in 8 Posts
    Beagle you at least have provided feedback each time. MRhoo did not

    The tests consist of different sections Depending on which test you are taking there are between 2 and 7 sections of the tests. We do keep track of when the person starts the test and when they finish. However, we do have an option for a person to complete sections and quit then login and complete the remainder. So looking at time difference alone isn't an indication of cheating, as the person may have taken a break on an untimed section. We also keep track of each time the user logs back in. Multiple logins are an indication the person cheated. (we have discussed logging the time each section is started and when it is finished but that may not necessarily mean that they have cheated, because if they dont click the alert's button (which is shown at pageload) the questions aren't visible and the timer won't start so the person may have taken a bathroom break etc..., yet server clock started)

    Now that said, each section's questions are shown all at one time. Not one question at a time.

    The first questions are easier than the last ones. Although quite often the difficulty level doesn't increase much. So this prevents me from scrambling the order that the questions are given in. (this was one of my first suggestions)

    The sections are multiple choice except for one section. I can scramble answers so that they aren't always in the same order, but that in itself doesn't prevent someone from resetting the timer multiple times while they write down answers. And then go through and take test when they know all of the answers.

    As to your making your own page to circumvent the javascript controls, I already look to make sure that the referring page is coming from our server and if it isn't, then no answers are registered. (very easy to do using server side code) That prevents the user from trying to write a site on their server and pointing it to ours. And as I mentioned before simply disabling javascript prevents the buttons from working.

    Creating an ActiveX control/Java Solution/Flash Solution will limit the number of Companies who will use the test.

    The point I am trying to make is instead of replying that this is a waste of time, why not try to help with a solution? I admit my javascript skills are only adequate at best. But I wasn't hired for them I was hired for my VB, ASP, XML, HTML and database skills. I will be looking to buy some new books this weekend on Javascript as my old ones are seriously outdated. In the meantime if anyone can help great, I will appreciate it.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •