Menu
I have an exam application where for the user to create an exam they have to go through these pages:
Now what I am worried about is the user can complete some of these pages but then either abandonded creating the exam by leaving out the other pages or they start creating an exam going trough some of the pages above but then be able to either go back on a previous page or pevious pages or skip pages by entering url of other pages which are coming up ahead.
So my question is that is there a way where I can stop the user skipping ahed pages or going back to previous pages? In other words they have to follow the exact steps of going through the five pages above in the exact order to create the exam.
For example if the user is on the the QandATable.php page, they cannot go back to the create_session.php page or they cannot skip ahead to the other pages until the QandATable.php has been successfully submitted? In other words lock out the other pages except the current page. Once the user has accessed the complete.php page then exam is completed and the create_session.php can be removed from the lockout as that is the first page.
If the user abandons a page such as the individualmarks.php, and the user goes back straight to the indivdualmarks.php page, then that is fine, but if they try to access another page, I am thinking of sending a prompt box or something similar stating:
You already have an exam currently in creation, to continue with creating the current exam click on this link (link to current page user is on)
If you want to create a new exam then please click on this link (link to the create_session.php page).
I know what I am asking is not very simple but I don't want the user to mess up creating the exam unless they follow each step (each page) in the correct order so it doesn't mess with any data. Does anyone have a simple sample on how this could be achieved?
I am working with IE, Chrome. Safari, Firefox and Opera
Thanks
UPDATE:
<?php
session_start();
?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="stepsStyle.css">
<title>Follow Steps</title>
<script type="text/javascript">
//if user selects "Create New Assessment" Link, then use jquery/ajax below
//code below will access removesession.php where it will remove exam details which will be overwritten
$(function() {
var link = $("#createLink");
link.click(function() {
$.ajax({
url: "removesession.php",
async: false,
type: "POST",
success: function() {
window.location.href = link.attr("href");
}
});
//cancels the links true action of navigation
return false;
});
);
</script>
</head>
<body>
<?php
$steps = array('create_session.php', 'QandATable.php', 'individualmarks.php', 'penalty.php', 'complete.php');
$latestStep = $_SESSION['latestStep'];
// Track $latestStep in either a session variable or the DB and retrieve accordingly
// $currentStep will be dependent upon the page you're on
$currentIdx = array_search($currentStep, $steps);
$latestIdx = array_search($latestStep, $steps);
if ($currentIdx - $latestIdx > 1 ) {
?>
//set up a div box to display message on wether use should contine or not
<div class="boxed">
You already have an exam currently in creation, to continue with creating the current exam click on this link: <br/><a href="">Continue with Current Assessment</a>
<br/>
If you want to create a new exam then please click on this link: <br/><a href="create_session.php" id="createLink">Create New Assessment</a>
</div>
<?
} else {
// let the user do the step
}
?>
Got couple of questions regarding code above:
$currentStep variable equal to?
752
Go to Manage Settings -> Filters on Google Chrome -> Manage sites -> Blocked. Tap the Add an exception icon. Type in the website or the domain that you want to block. Save and see if the site is blocked.
Security through obscurity is indeed a naive scheme: you should always assume that your URLs are public. Here you require a wizard-like interface, which in turn is a finite-state machine. Assuming your system already has users, you need to find a workflow engine (or a FSM implementation, or develop a simple one yourself) and track the user submissions inside every flow.
At the beginning of each and every page you must validate the user's position, ie you must say if the user in the current state can access the requested resource. If he can't just redirect him, otherwise show the requested page.
BTW, it seems you are building your application from scratch. The fast track is using a framework, for example CakePHP. I'm suggesting Cake because I just found this nice plugin (never used it myself, but the API is really nice and Cake itself is great for learning purposes)
182
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
