I have a website with typing test. User can take a test after login. At the end of the test it sends an ajax and shows the result with accuracy, key per minute, wrong key press etc..
I noticed that somebody created an account on my site and he is always on top score with key per minute 2000 or more than that. I found only one thing to do the trick which is the ajax. Anybody can run the ajax from the console panel with new value like this -
$.ajax({ // this is the main code we have to prevent
type: 'POST',
url: '/typingtest',
//dataType: 'json',
data:{
"corrects":2000,
"incorrects":0,
"netwpm" : 2000,
"FixedMistakes" : 0,
"TotalEntries" : 20000,
"ErrorRate" : 0,
"RawSpeed" : 50000,
"KeySpeed" : 50000,
"CompleteWords" : 2000,
"TotalTime" : 1,
"accuracy" : 200,
"ajaxSubmit" : "ajaxSubmit"
},
success: function(data) {
window.location.href = data;
},
complete: function() {
// Schedule the next request when the current one's complete
}
});
And he will get this result -
I have tried with some flag variable to validate on ajax page. But anything done with the js still anybody can see it and easily debug this process to change the values. And then finally he can run the ajax.
Has anyone any idea to prevent this thing to be happen?
