arrow_upward

Poll: Do you think a paid alternative is an good idea?
You do not have permission to vote in this poll.
Yes
0
0%
No
0
0%
Total
0 vote(s)
0%

* You voted for this item.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Features for OpenSource Exam System v2
#11
Yup, you are right. I have used cookies to store the user preferences and save some temp data. laravel remember me and login details also uses a cookie. laravel makes the cookie more secure.
I am adding more data to secure cookies so it eliminates some of the server request, and loads.
Thank you to post4vps and HostDare for my awesome VPS 12!
Check My first ever opensource project Alpana Blood Donation Drive .
#12
(07-06-2021, 08:22 PM)debjit Wrote: I am using Laravel and Livewire for this purpose. I have created already a subject with livewire and laravel. The livewire part is very simple and it takes care of js and ajax without any js code.
Do you actually know JavaScript?.. @debjit

I mean, can you at least read it?.. Using AJAX (Asynchronous JavaScript and XML) techniques without some background in JavaScript will limit its potential usefulness.. You need to be thinking as a full-stack developer (aware of the front-end code and the back-end code and how they interact optimally for the benefit of the App) not as a back-end coder (doing all the logic server-side and dumping the result as is) for it to be of any help.

(07-06-2021, 08:22 PM)debjit Wrote: I will be sharing my journey creating this application on Twitter Facebook and LinkedIn. So follow me there and I am thinking it will be completed within a month.
Would be nice if you share that journey with this community too.. May be we can be of some help.

(07-07-2021, 05:08 AM)debjit Wrote: To be frank I never used cookies. I have always relied on server season, it's more secure and does not take any extra effort. ...
Why PHP sessions are more secure?.. Besides, I hope you're aware that PHP sessions use a particular form of cookies too.. Do you know the difference between Cookies and Session cookies?

(07-08-2021, 03:39 PM)debjit Wrote: Yup, you are right. I have used cookies to store the user preferences and save some temp data. laravel remember me and login details also uses a cookie. laravel makes the cookie more secure.
So, you did actually use cookies :-) Now, can you tell us how Laravel PHP framework makes cookies more secure?..

(07-08-2021, 03:39 PM)debjit Wrote: I am adding more data to secure cookies so it eliminates some of the server request, and loads.
Bad idea!!.. Can you think of the why it's a bad idea to store too much date in cookies?.. and can you think of a better alternative for storing data than in cookies ?

Finally, where is the code of the free Open Source Version?!..

(07-04-2021, 01:00 PM)debjit Wrote: Please share have you used any examination system?
No!.. never used one but I did code one basic quiz WebApp in PHP a long time ago (+10 years ago.)

(07-04-2021, 01:00 PM)debjit Wrote: Do you think this feature set is enough for a standard examination web app?
If not what you wanted to see improved?
What should I add to its paid version?
It's hard to say if you don't layout the whole business logic of the App from start to finish.
VirMach's Buffalo_VPS-9 Holder (Dec. 20 - July 21)
microLXC's Container Holder (july 20 - ?)
VirMach's Phoenix_VPS-9 Holder (Apr. 20 - June 20)
NanoKVM's NAT-VPS Holder (jan. 20 - ?)
#13
(07-06-2021, 06:51 AM)debjit Wrote: *As for the app I'd provide open registration and invited registration. 
Yes, the admin can choose to make registration open or close. There is really a lot of flexibility.

*And by the way,if a student lost connection while on the exam with a time limit, how will you handle it?

This is the only MVP version. People can log in and give exams for the duration of the exam. 

There is not counter cheating mechanism is in place.

This is a bare minimum working Exam application.

Thanks for the reply.
For the continued discussion:
I would store the temporary results in cookie or local storage as in many cases sessions are consuming server resources,which are also more temporarily and as students will want to change their answers often,storing the answers in cookies/localStorage may give the ability for offline-answering in extreme bad connection (if you have prefetched some questions as cache).
I may not encrypt the cookie as if you are not storing these consts you may need to change if often,then it need to be a two-way encryption,thus some additional scripts are needed.Anyway these students can temper with the cookies as long as they don't know the answer.
Or you may try websocket that when their is a property change you send the change to server if you do not like the use of cookies.

For user identity during a exam I prefer sessions,basic user auth might be a strongly-encrypted cookie(or session,I don't think they will stay in the page for days),and for changing the answer or so maybe websocket that sync the changes might be better(authentication first,as always)?
VPS 3 Provided by Post4vps and Racknerd .
#14
(07-09-2021, 06:33 AM)fChk Wrote: Do you actually know JavaScript?.. @debjit

I mean, can you at least read it?.. Using AJAX (Asynchronous JavaScript and XML) techniques without some background in JavaScript will limit its potential usefulness.. You need to be thinking as a full-stack developer (aware of the front-end code and the back-end code and how they interact optimally for the benefit of the App) not as a back-end coder (doing all the logic server-side and dumping the result as is) for it to be of any help.

Would be nice if you share that journey with this community too.. May be we can be of some help.

Why PHP sessions are more secure?.. Besides, I hope you're aware that PHP sessions use a particular form of cookies too.. Do you know the difference between Cookies and Session cookies?

So, you did actually use cookies :-) Now, can you tell us how Laravel PHP framework makes cookies more secure?..

Bad idea!!.. Can you think of the why it's a bad idea to store too much date in cookies?.. and can you think of a better alternative for storing data than in cookies ?

Finally, where is the code of the free Open Source Version?!..

No!.. never used one but I did code one basic quiz WebApp in PHP a long time ago (+10 years ago.)

It's hard to say if you don't layout the whole business logic of the App from start to finish.
Do you actually know JavaScript?.. @debjit
Yes and No. I have finished the course 6 months ago but never used that extensively. Now I am learning React, so yes I know some javaScript. I am just not that confident with it.

Here is how laravel makes the cookie more secure,
https://blog.laravel.com/laravel-cookie-...y-releases

Why PHP sessions are more secure?.. Besides, I hope you're aware that PHP sessions use a particular form of cookies too.. Do you know the difference between Cookies and Session cookies?
Season data stays on the server there is no way normal users get their hands on it.

Finally, where is the code of the free Open Source Version?!..
I am building piece by piece and sharing on Twitter, as a portal I am sharing updates here. Code will be published when I get an MVP version or one month which comes fast. Please remember I have to do a day job and then write this software.

It's hard to say if you don't layout the whole business logic of the App from start to finish.
There is no business logic in this app. It's an app that I am making for my own teachers to use. They will use it to create exam for there students, and evaluate there result. There is no business aspect.

(07-10-2021, 02:17 PM)mzltest Wrote: Thanks for the reply.
For the continued discussion:
I would store the temporary results in cookie or local storage as in many cases sessions are consuming server resources,which are also more temporarily and as students will want to change their answers often,storing the answers in cookies/localStorage may give the ability for offline-answering in extreme bad connection (if you have prefetched some questions as cache).
I may not encrypt the cookie as if you are not storing these consts you may need to change if often,then it need to be a two-way encryption,thus some additional scripts are needed.Anyway these students can temper with the cookies as long as they don't know the answer.
Or you may try websocket that when their is a property change you send the change to server if you do not like the use of cookies.

For user identity during a exam I prefer sessions,basic user auth might be a strongly-encrypted cookie(or session,I don't think they will stay in the page for days),and for changing the answer or so maybe websocket that sync the changes might be better(authentication first,as always)?

The cookie set by the laravel framework is secure.
The auth is also secure.
I am using livewire to perform real time communication via ajax.
Thank you to post4vps and HostDare for my awesome VPS 12!
Check My first ever opensource project Alpana Blood Donation Drive .
#15
(07-10-2021, 06:20 PM)debjit Wrote: Do you actually know JavaScript?.. @debjit

> Yes and No. I have finished the course 6 months ago but never used that extensively. Now I am learning React, so yes I know some javaScript. I am just not that confident with it.
I understand.. But if I were in your shoes, I would refrain from learning anything else till I master JavaScript (JS) first.. Without JS no modern WebDev is possible.. The shortcut of using ready-to-use frameworks is futile!..

JavaScript mastery has to be at 2 levels:
> the core language itself, meaning the syntax, the semantics and the assumptions etc..
> its use as the front-end scripting language which entails understanding the browser's APIs and DOM (Document Object Model) and their scripting with JS.

(07-10-2021, 06:20 PM)debjit Wrote: Why PHP sessions are more secure?..

> Here is how laravel makes the cookie more secure,
https://blog.laravel.com/laravel-cookie-...y-releases
Okay!.. Although they are 5 years late in using HMAc hash as of Jul, 27 2020..
laravel Wrote:Today's fix prefixes cookie values with an HMAC hash of the cookie's name before encryption and then verifies a matching hash on decryption, making it impossible to craft a valid cookie payload even if an encryption oracle is exposed via the application.

(07-10-2021, 06:20 PM)debjit Wrote: Besides, I hope you're aware that PHP sessions use a particular form of cookies too.. Do you know the difference between Cookies and Session cookies?

> Season data stays on the server there is no way normal users get their hands on it.
Indeed!.. Session data are generally stored in the session's table and the Session_ID stored in the session_cookie is what links that data to the user.. Every time the user requests something, the PHP script starts by fetching the user's session_ID from the session cookie then fetches the user's data by looking it up in the session table.

But my question was about the cookie itself!.. What differs it from the other?.. It's the expiry time: session cookies are temporary by definition and are lost when the browser exits, if -of course- they are still valid.

-Worth mentioning-
What this means is that people who don't explicitly logout will continue to have valid session cookies and this is hazardous given the possibility of session cookies hijacking.. Hence why it's always a good idea to logout when we're done with any critical login session!

(07-10-2021, 06:20 PM)debjit Wrote: It's hard to say if you don't layout the whole business logic of the App from start to finish.

> There is no business logic in this app. It's an app that I am making for my own teachers to use. They will use it to create exam for there students, and evaluate there result. There is no business aspect.
There is a misunderstanding here. I asked about the business logic not the business plan. In short, it's the workflow/logic that you want your app to perform from start to finish. Once that is logic is laid out, it becomes easier to add refinements here and there based on that pre-defined workflow. At least that's how I do things.

Good Luck!..
VirMach's Buffalo_VPS-9 Holder (Dec. 20 - July 21)
microLXC's Container Holder (july 20 - ?)
VirMach's Phoenix_VPS-9 Holder (Apr. 20 - June 20)
NanoKVM's NAT-VPS Holder (jan. 20 - ?)
#16
(07-11-2021, 11:18 AM)fChk Wrote: I understand.. But if I were in your shoes, I would refrain from learning anything else till I master JavaScript (JS) first.. Without JS no modern WebDev is possible.. The shortcut of using ready-to-use frameworks is futile!..

JavaScript mastery has to be at 2 levels:
> the core language itself, meaning the syntax, the semantics and the assumptions etc..
> its use as the front-end scripting language which entails understanding the browser's APIs and DOM (Document Object Model) and their scripting with JS.

Okay!.. Although they are 5 years late in using HMAc hash as of Jul, 27 2020..

Indeed!.. Session data are generally stored in the session's table and the Session_ID stored in the session_cookie is what links that data to the user.. Every time the user requests something, the PHP script starts by fetching the user's session_ID from the session cookie then fetches the user's data by looking it up in the session table.

But my question was about the cookie itself!.. What differs it from the other?.. It's the expiry time: session cookies are temporary by definition and are lost when the browser exits, if -of course- they are still valid.

-Worth mentioning-
What this means is that people who don't explicitly logout will continue to have valid session cookies and this is hazardous given the possibility of session cookies hijacking.. Hence why it's always a good idea to logout when we're done with any critical login session!

There is a misunderstanding here. I asked about the business logic not the business plan. In short, it's the workflow/logic that you want your app to perform from start to finish. Once that is logic is laid out, it becomes easier to add refinements here and there based on that pre-defined workflow. At least that's how I do things.

Good Luck!..

I don't think for this small of a project it is necessary to master the Js and then go for it. Mastering a language takes time and I don't have much. After a day job, it is really hard to make it work.
Thank you to post4vps and HostDare for my awesome VPS 12!
Check My first ever opensource project Alpana Blood Donation Drive .
#17
(07-11-2021, 05:32 PM)debjit Wrote: I don't think for this small of a project it is necessary to master the Js and then go for it. Mastering a language takes time and I don't have much. After a day job, it is really hard to make it work.

I never said that the JS and and DOM scripting mastering is for this small 'project' but it's for for YOU to become a fully-equipped WebDev.. But I guess if you're doing those mini-project just as a hobby then it's still won't hurt to know how stuff works!..

My long and ever-lasting advise to anybody reading this:
Never go for shortcuts and always seek to know how stuff works!.. It's the only way you can master what you're doing. whatever that is!..
VirMach's Buffalo_VPS-9 Holder (Dec. 20 - July 21)
microLXC's Container Holder (july 20 - ?)
VirMach's Phoenix_VPS-9 Holder (Apr. 20 - June 20)
NanoKVM's NAT-VPS Holder (jan. 20 - ?)
#18
(07-12-2021, 07:11 AM)fChk Wrote: I never said that the JS and and DOM scripting mastering is for this small 'project' but it's for for YOU to become a fully-equipped WebDev.. But I guess if you're doing those mini-project just as a hobby then it's still won't hurt to know how stuff works!..

My long and ever-lasting advise to anybody reading this:
Never go for shortcuts and always seek to know how stuff works!.. It's the only way you can master what you're doing. whatever that is!..

Very much this. Having the full stack under your belt is going to make your life a LOT easier and make you more marketable as a web developer. Within the last year I learned the ins and outs of JS, DOM and AJAX and the quality of services and products have increased 10-fold. As @fChk said, always keep learning. I will see websites that I like and look at their code to see how something was achieved, that way if I ever need to create a similar solution I have the ability to do so.
Thank you to CubeData and Posts4VPS for the services of VPS 8.
#19
(07-12-2021, 01:42 PM)tbelldesignco Wrote: Very much this. Having the full stack under your belt is going to make your life a LOT easier and make you more marketable as a web developer. Within the last year I learned the ins and outs of JS, DOM and AJAX and the quality of services and products have increased 10-fold. As @fChk said, always keep learning. I will see websites that I like and look at their code to see how something was achieved, that way if I ever need to create a similar solution I have the ability to do so.

OK, So I have some knowledge of JS, and I am doing a js course from udemy. After this js code, I will learn to react. But for now, I wanted to learn more about laravel and livewire, and use it on my project. JS is the next big thing. But I am still a learner. After I finish learning React I will rewrite the code base with it. I will make paid course in React (Maybe react native) and flutter.
Thank you to post4vps and HostDare for my awesome VPS 12!
Check My first ever opensource project Alpana Blood Donation Drive .
#20
(07-12-2021, 02:55 PM)debjit Wrote: OK, So I have some knowledge of JS, and I am doing a js course from udemy. After this js code, I will learn to react. But for now, I wanted to learn more about laravel and livewire, and use it on my project. JS is the next big thing. But I am still a learner. After I finish learning React I will rewrite the code base with it. I will make paid course in React (Maybe react native) and flutter.

That sounds like a solid plan, there are some great courses on YouTube as well.
Thank you to CubeData and Posts4VPS for the services of VPS 8.


Possibly Related Threads…
Thread
Author
Replies
Views
Last Post

person_pin_circle Users browsing this thread: 1 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting