**NOTE** I very much need to hear back from users of this testing system. email: online_tools@att.net Below may well be all you need to know except the address of the zip file itself. : http://home.att.net/~online_tools/NOnline_Test_Bldg_Kit7.zip These are Brief Directions AND yet they are VERY LIKELY alone sufficient for you to know how to use the TestBuilder and everything else. This document also contains additional directions, perhaps not found elsewhere in the zip . One thing you need to know is how the answers are to be put into the textarea on the right in the encryptor (cipher7.html). The format of test answers is to be like this :answer one:answer 2:answer 3 (i.e. each answer is simply preceeded by a colon and with no extra spaces before of after the answer. The answer must be exact.) (The actual answer string will more likely look like: :a:c:d:ad:word:couple words) Answers to things that can be a,b,c are to be such answers (as you can see by a quick look at how the code on the TestBuilder generated pages "works"). Do NOT do any returns in the textarea and let it appear to "wrap" as it will In the left testbox of the encryptor (cipher7.html) put the name of the quiz (like: Quiz Number One)(Remember this EXACT name, it is needed in the enc7.js file.) Now you hit the encrypt button. The name of the quiz is pasted in the enc7.js file about 4 lines from the top. The encrypted answer set is pasted in the obvious place about 21 lines from the bottom. (When you copy the encrypted answers out, get no extra spaces at the end) Resave a new copy of enc7.js with these changes, giving it a new name (like: enc7Q1.js) Persons not submitting results to a server will use there enc7NS.js file, rather than the enc7.js ---- After you use the TestBuilder7.html test generating program, put the properly named js file (as indicated on THAT web page) in the head. (Of course you will use enc7Qx.js -- your version there.) This is presently for your use and that of your students only. Also Note: When automatically generating the test using TestBuilder7.html, the buttons that are paired must be used in pairs in the logical order. Also, you simply copy what appears in the textarea at the bottom into NotePad or SimpleText and Save it as whatever.html Your whatever.html (your test) must be in the same place (folder) as the enc7quizx.js file. Both must be saved with the proper extension: .html and .js, respectively and you must use a raw text type program, like SimpleText or NotePad for the processing and saving of these file. NO MS Word, etc (which are rich text). It would probably be helpful if you have access to the information in my original announcement. It contains some important info. not found elsewhere: >To: "AP Computer Science Teachers" >Subject: [apcs] Auto. Generated Self-Scoring Student Testing JS Software >Date: Mon, 29 Sep 2003 14:58:25 -0500 > >Dear List, > >I am willing to send some interested individuals a zip file that >contains a Test Builder, Answer Encryptor, js Scoring File, and directions. > >The TestBuilder web page is javascript and is tested cross-platform >and cross-browser (and cross resolution). >It generates test items with any number of options and will >generate: >(text box) short answer (fill in the blank) items (these can have >only one answer); select box; multiple choice (single answer); and >multiple choice (checkbox) multiple-answer items. > >This TestBuilder builds all the html for you and then just needs a >line added so it imports the >js scoring file. This scoring file contains the encrypted answers >and another key line (and those >are the only 2 lines that need to be altered per test !!). > >The encryptor generates the encrypted answer string (which may >contain all usual characters >EXCEPT " and : plus single quotes must be "escaped" (typed in as \' >though they will appear as ')). > >Thus the test builder is suitable for textboxes that take almost any >sort of exact answer and are >suitable for many math courses where the answers may be of the sort >x=y^5+(6*z) etc. >Other exact answers (like 'photosynthesis') may also be the required >answer for a text box OR >a line of programming code (though no " or : are allowed). > >Anyone interested in all these sorts of functionality may write to >me and I will send you the zip, >plus one more paragraph of directions (not found here or elsewhere). > Those receiving a copy >may use it only themselves and for their classes. They will also >be expected to report back how >it works for them. > > Added Security: All the changes for security that could be thought of HAVE BEEN MADE FOR YOU as much as possible. The few things you are responsible for changing are easy. One thing that was realized is that for NON-submitted tests (where results are not sent to a server), a cookie to be set only once _must_ be used. This is now done. TestBuilder7.html will build the more secure code with extra input areas needed and secure things as needed. The new enc7NS.js will also help secure things as needed for non-submitted forms, and should be used instead of enc7.js for non-submitted tests. The reason changes were necessary was because: The test is setup so the grade button can only be clicked ONCE without corrupting the answer set (which will result in a very low score). Still, one thing a student could have done is reload the whole test. This possibility of reloading had to be dealt with. ALSO the possibilities of a student loading his own bogus "test" to be scored by the js routines or a student loading 2 copies of YOUR test web page had to be dealt with. All these things have been taken care of in version 7 so a student who attempts to cheat in these ways will be caught. There is code (of course) disallowing editing of the results textboxes. In short, provisions to do what is necessary have been done. (By the way: the cookie made for non-submitted tests is made by and read by JavaScript and involves no server traffic; the cookie set is based on random numbers and related routines run on the first load of the test page.) Again, Final Security Measures (simple changes to add the final measures of test security) are actualized in version 7, partly in TestBuilder 7 and partly in enc7.js (or enc7NS.js) as much as possible. Still (again), part of what is done to as much as possibly defeat any other test or copy from working does involve you. I cannot do this for you because I cannot know what web address you will use for your test html page. All this works only when the location is NOT local and you specify the location, i.e. I assume whether you submit results to a server or not, the test is coming off of some web server. In all cases (submitting resuts or not) add this line to the top of gradeQuiz function in the enc...js file, right after the curly brace: if(window.location != "http://whereever/wherever/whatever.html") return false; (this "sample line" appears in the code and it is commented out with 2 /'s You need to delete the 2 /'s and put the actual address of your whatever.html test !!) You are also involved in a couple other way **IF** you submit results for storage on the server. Those directions is in the note: toSubmitToServer.txt -------------- -------------- Remember: enc7NS.js is provided as a separate file (and it is not simply a new version of enc7.js). If the form was submitted AND cookie was set to allow only ONE load of the page (as it would be with enc7NS.js), the student who submited the form could NOT go back and see his answers. He cannot go back and see his answers UNLESS the you use the regular enc7.js file (which does NOT set a cookie). The enc7NS.js file is needed for security ONLY when then results are NOT submitted to the server. When not submitting results for storage on a server, the student never has to "go back" to see his answers because they do not disappear (as they do with a submit followed a submit confirmation). *** Historical notes *** Until recently there still remained some other clever things the dishonest student could do. A delete cookies routine combined subsequently with loading two copies of YOUR test page is one thing he could do. This might defeat some protections for non-submitted tests. _But_ I have thought of this and this has been made extremely difficult by the program in its present form. The supposed-to-be unchanged cookie is set early and checked late. Also, there is a time stamp for the start time on a test (that appears in the last textbox of the form after grading). Any change to the cookie that WOULD occur if the student openned any other copy of the test would have to undone by the student running the delete cookies routine a second time at the appropriate point during the test taking. This is unlikely he would/could do this, yet the effectiveness of this tactic has now been totally defeated unless a student does this in combination with changeing the clock and disabling ALL sound. The non-submit version of the js file provide complete practical security for real tests given in the classroom. Still, this author can only conclude that the only way to fully prevent all possible dishonesty is to submit the test form results. Now, things are set up (as you will see) that will allow you to catch all instances of dishonesty, but only submitted tests can PREVENT it. You can read more about submitting results to a server in toSubmitToServer.txt I have provided ALL you need if you want to do this (incl. the Perl scripts). On the html test page itself: To have this happen, just add an appropriate action= param to the last form on the page and uncomment the line in the js file that has a submit command in it. The submit happens immediately when the test is scored. Then, the student can go back (using "Back" button of the browser) and see what he missed, etc. THIS IS THE ONLY 100% SECURE TESTING SOLUTION to prevent cheating -- but now catching it in any case is assured. With this last paragraph in mind, not only the instructions for submitting the test results form are included but (again) the Perl scripts needed to submit test results are included in the version 7 zip file. **************************************************************************** **************************************************************************** ** A delete_cookies.html file is now included, because it is hard to ** ** test the version using enc7NSQx.js without being able to delete ** ** cookies. Simply call up that delete_cookies.html page from your ** ** web server and it will delete the cookie so you can test again. ** ** ** ** The top line of each *.pl file is called the shee-bang line. ** ** It is presently in the form for use with Personal Web Server. ** ** It may need to be revised for use with your web server, if ** ** you elect to submit test results. ** ** ** **************************************************************************** ****************************************************************************