I am writing a short test of 10 multiple choice questions. After the user submits the test, he is shown his result, along with the correct answers. Soon after I did this I realized that he could then simply hit the "back" button, change his answers and re-submit. I'm looking for a convenient way to preventing this.
The test is comprised of randomly-selected questions, but hitting the back button doesn't regenerate the questions since it doesn't reload the page. The test-taker is also limited to taking the test a total of 3 times. The test is located behind a login system so I have a unique ID for each test-taker and an accompanying row in a MySQL database table where I store his information.
I have considered a time limit on how often the particular user can take the test, but that doesn't prevent him from just leaving the page up and then resubmitting it an hour later.
One workable solution I came up with, although it is pretty inefficient, is generating a unique ID for the particular test, storing that ID in the database, and making sure that the same test ID is not submitted twice. Since each test is comprised of the 10 randomly-selected questions (out of a pool of about 30), the chance of the user legitimately loading up an identical test (and thereby an identical ID) twice is rather small, and if this happens he can just reload the test to get a different one.
There has to be an easier way of doing this. Can anyone give me some feedback or point me in the right direction?
Thanks,
Marcus
Preventing a user from resubmitting a form
Moderator: General Moderators
-
mattpointblank
- Forum Contributor
- Posts: 304
- Joined: Tue Dec 23, 2008 6:29 am
Re: Preventing a user from going "back"
Store a $_SESSION variable when the user completes the test, and only show the test questions if this variable is unset. Obviously if the user closes their browser and starts it again they can get around this, but if used in conjunction with your unique ID system (maybe tie it into their email address or something?) it'll be a bit more secure. Ultimately though, a determined user prepared to fake their personal details will always be able to get around this kind of system eventually.
Re: Preventing a user from resubmitting a form
Thank you for the help matt. A $_SESSION variable did the trick.
The way I have it set up is a php page with three sections, created using if statements. The first is a page with a "START" button which leads to the second where the questions are randomly selected. I set it up to reset the $_SESSION variable on the first "page", and if it's not reset (meaning the user tried to re-submit the test) the third page will show a nasty little die() function instead of show him the results
.
And of course this can all be bypassed by someone with enough skills and motivation, but I'm not looking to make it bulletproof. I just want to prevent the average user from throwing a wrench in the spokes and rendering the whole test setup obsolete.
Thanks again for the help and the quick reply.
Marcus
The way I have it set up is a php page with three sections, created using if statements. The first is a page with a "START" button which leads to the second where the questions are randomly selected. I set it up to reset the $_SESSION variable on the first "page", and if it's not reset (meaning the user tried to re-submit the test) the third page will show a nasty little die() function instead of show him the results
And of course this can all be bypassed by someone with enough skills and motivation, but I'm not looking to make it bulletproof. I just want to prevent the average user from throwing a wrench in the spokes and rendering the whole test setup obsolete.
Thanks again for the help and the quick reply.
Marcus