> Cheating in Spanish

This is mostly me just testing the style and crap but also the web, this is my first time doing much outside of C, needless to say it's very simple stuff. Today I'll show a way to cheat on my spanish quizzes, it's pretty simple so I'll get to the point:

There are 3 main ways of cheating, I have used 2 will display a POC of two of them. The methods are using the console, using a script, and just sending packets

> Console

A very simple way I did this is just to open the inspector and look at the JS, it appears that there is a global named attempts, I suspect it is the amount of guesses (both successful and fails) of answering a problem. This is only confirmed when you look at it through the console, every time I press enter, it alerts something and increments this if we just set it to -.999 we get a final score of thousands of percents.

>>attempt
2
>>attempt = -2
-2

> Scripts

We can easily force the

if(conjugation != conj[verbNum][subjNum])

to be

if(false)

this allows you to enter any text and it will think its correct.

var startTime = 0; // if was timed, is set to time in seconds, secs counts down
var timed = 'no'; // if selected timed, 'yes'
var secs = startTime; // countdown (if timed)
var total = 5; // is never reassinged, practically const
var i = 0; // this is iterator, iterating to total
var attempt = 0; //

Given these vars, especially attempts, i, and total, we can more than abuse these to improve the testing experience,
this is left as an exercise to the reader ;)
after having done fuck all for a bit, I don't really care nearly as much, I reversed it a bit more and found the function endPractice(message);
this opens an alert box with the text of message, and ends the test with the score you had, this is abusable.
Our previous idea of redefining the checkVerb() requires manually pressing ENTER, this is inefficient for our purposes of speedrunning. I wrote up a quick script in tampermonkey to instantly finish the test for me, it

i = total; // set iterator to total, bypasses all
attempt = total; // score = total/attempt
secs = Math.round((startTime * .6) - ((startTime * Math.random()) *.4));
// set secs, it may be odd to have it done in 0s, so it's random
endPractice(";)"); // ;)

You may find this script on my github

> Networking

With this site being HTTP, it's not just possible to change your own results in transit BUT others aswell, this is beyond asinine and should definitely be fixed before school resumes. A MITM attack should'nt ever be feasible, so if anything just get an SSL certificate for this site and make it HTTPS.
PS: you can force this site to be HTTPS, but the fact it connects fine with HTTP and doesn't upgrade by default is very bad. Another issue is that the actual test scores are sent all at once and are very easy to spoof, you can change the score and such as it's all in plaintext; I know: POC || GTFO, but this shouldn't even be theoretically possible

> How 2 fix????

this is a somewhat complex issue that has no easy solution, it would require more server validation, pretty much a total rewrite of the system.

currently, there is no information sent between the client and server (other than just downloading the page), what I think could work, is storing a hash of every solution, hashing the input from the user checking if they're correct, and then giving it to them if they are, they will also upload the solution to the server in as close to real time as possible, and go on, if the server tells them they're wrong (which the client would've already known unless something funny is happening) then they will be put back. This seems to be the best compromise between security and speed as it punish noones unnecessarily, at least it'd make it harder for me to just Ctrl + Shift + I it, I'd have to write a script to actually solve the problem.

> Closing thoughts