Home > OS >  How to prevent users from cheating by adding extra seconds to a counter in JS?
How to prevent users from cheating by adding extra seconds to a counter in JS?

Time:01-16

I'm creating a JS counter for an exams website, I found that they can add extra time very easily in console by running sec = 10000, how can I stop this.

I'm using laravel in the backend

runCounter();
function runCounter() {
  let min = 45;
  let sec = min * 60;
  let x = setInterval(function() {
    console.log(secFormat(sec))
    sec -= 1;

    if (sec <= 0) {
      endExam();
      clearInterval(x);
    }
  }, 1000);
}


function secFormat(x) {
  x = Number(x);
  let h = Math.floor(x / 3600);
  let m = Math.floor(x % 3600 / 60);
  let s = Math.floor(x % 3600 % 60);
  m  = h * 60;
  if (m < 10) {
    m = "0"   m
  }
  if (s < 10) {
    s = "0"   s
  }
  return m   ":"   s;
}

function endExam() {
  alert('exma ended');
}

CodePudding user response:

Simple: In your Laravel project you store the time when the user started the exam and you create a cron job that will periodically run and check whether any of the exams' time elapsed. If so, then handle that exam as failed, since the user failed to send in the answers in time.

You will not need to worry then about how the user may change the JS code, since if the server is aware of when the exam has started, then it's irrelevant what the student or the browser claims.

Your main issue is that your website assumes that the user's browser has accurate information. But the user will be able to change the JS code as they please.

You can make it more difficult to your users by wrapping a function around all your Javascript, like

function() {
    //your JS code
}();

in which case at least your functions will not be in global context. But that can be hacked as well.

Let me explain why you cannot prevent this from happening by any means:

  • One can create a small project that has the same HTML, JS as the ones you have on your site
  • Adding a local server that will be used as a proxy
  • And the user's time will simply be a constant

Even easier: The user can simply put a breakpoint somewhere in the Javascript code while he/she thinks about the solutions and then his/her time will never pass.

Never trust user data.

CodePudding user response:

Put your function in self executing function as below

 (function runCounter() {   
   let min = 45;   
   let sec = min * 60;  
 
   let x = setInterval(function() {
        console.log(secFormat(sec))
        sec -= 1;
    
        if (sec <= 0) {
          endExam();
          clearInterval(x);
        }   }, 1000); }
    )();

so its variables becomes private to external enviroment, i.e to console

Page link:https//www.codepudding.com/os/264757.html

Prev:How can I read an array value saved in a data file stored inside Config folder in Laravel
Next:How do I write a bash script that reads a list from a text file and takes user interaction for each
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding