mayx/pages
1
0
Fork 0
mirror of https://codeberg.org/mayx/pages synced 2026-01-01 16:43:40 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
3688f93d5d5db0378436241c5c3f73ff943a6ba2
pages/2020/04/19/exam.html
Mayx 3688f93d5d update
2025-12-31 16:00:29 +00:00

424 lines
32 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<!-- Begin Jekyll SEO tag v2.8.0 -->
<title>关于制作考试(答题)系统的研究 | Mayx的博客</title>
<meta name="generator" content="Jekyll v3.9.5" />
<meta property="og:title" content="关于制作考试(答题)系统的研究" />
<meta name="author" content="mayx" />
<meta property="og:locale" content="zh_CN" />
<meta name="description" content="在答题系统的安全性上,没有人胜利……" />
<meta property="og:description" content="在答题系统的安全性上,没有人胜利……" />
<meta property="og:site_name" content="Mayx的博客" />
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2020-04-19T00:00:00+08:00" />
<meta name="twitter:card" content="summary" />
<meta property="twitter:title" content="关于制作考试(答题)系统的研究" />
<meta name="google-site-verification" content="huTYdEesm8NaFymixMNqflyCp6Jfvd615j5Wq1i2PHc" />
<meta name="msvalidate.01" content="0ADFCE64B3557DC4DC5F2DC224C5FDDD" />
<meta name="yandex-verification" content="fc0e535abed800be" />
<script type="application/ld+json">
{"@context":"https://schema.org","@type":"BlogPosting","author":{"@type":"Person","name":"mayx"},"dateModified":"2020-04-19T00:00:00+08:00","datePublished":"2020-04-19T00:00:00+08:00","description":"在答题系统的安全性上,没有人胜利……","headline":"关于制作考试(答题)系统的研究","mainEntityOfPage":{"@type":"WebPage","@id":"/2020/04/19/exam.html"},"publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"https://avatars0.githubusercontent.com/u/17966333"},"name":"mayx"},"url":"/2020/04/19/exam.html"}</script>
<!-- End Jekyll SEO tag -->
<link rel="canonical" href="https://mabbs.github.io/2020/04/19/exam.html" />
<link type="application/atom+xml" rel="alternate" href="/atom.xml" title="Mayx的博客" />
<link rel="alternate" type="application/rss+xml" title="Mayx的博客(RSS)" href="/rss.xml" />
<link rel="alternate" type="application/json" title="Mayx的博客(JSON Feed)" href="/feed.json" />
<link rel="stylesheet" href="/assets/css/style.css?v=1767196818" />
<!--[if !IE]> -->
<link rel="stylesheet" href="/Live2dHistoire/live2d/css/live2d.css" />
<!-- <![endif]-->
<link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="Mayx的博客" />
<link rel="webmention" href="https://webmention.io/mabbs.github.io/webmention" />
<link rel="pingback" href="https://webmention.io/mabbs.github.io/xmlrpc" />
<link rel="preconnect" href="https://summary.mayx.eu.org" crossorigin="anonymous" />
<link rel="prefetch" href="https://www.blogsclub.org/badge/mabbs.github.io" as="image" />
<link rel="blogroll" type="text/xml" href="/blogroll.opml" />
<link rel="me" href="https://github.com/Mabbs" />
<script src="/assets/js/jquery.min.js"></script>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery-ajaxtransport-xdomainrequest/1.0.3/jquery.xdomainrequest.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->
<script>
var lastUpdated = new Date("Thu, 01 Jan 2026 00:00:18 +0800");
var BlogAPI = "https://summary.mayx.eu.org";
</script>
<script src="/assets/js/main.js"></script>
<!--[if !IE]> -->
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async="async" src="https://www.googletagmanager.com/gtag/js?id=UA-137710294-1"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-137710294-1');
</script>
<script src="/assets/js/instant.page.js" type="module"></script>
<!-- <![endif]-->
</head>
<body>
<!--[if !IE]> --><noscript><marquee style="top: -15px; position: relative;"><small>发现当前浏览器没有启用JavaScript这不影响你的浏览但可能会有一些功能无法使用……</small></marquee></noscript><!-- <![endif]-->
<!--[if IE]><marquee style="top: -15px; position: relative;"><small>发现当前浏览器为Internet Explorer这不影响你的浏览但可能会有一些功能无法使用……</small></marquee><![endif]-->
<div class="wrapper">
<header class="h-card">
<h1><a class="u-url u-uid p-name" rel="me" href="/">Mayx的博客</a></h1>
<img src="https://avatars0.githubusercontent.com/u/17966333" fetchpriority="high" class="u-photo" alt="Logo" style="width: 90%; max-width: 300px; max-height: 300px;" />
<p class="p-note">Mayx's Home Page</p>
<form action="/search.html">
<input type="text" name="keyword" id="search-input-all" placeholder="Search blog posts.." />&#160;<input type="submit" value="搜索" />
</form>
<br />
<p class="view"><a class="u-url" href="/Mabbs/">About me</a></p>
<ul class="downloads">
<li style="width: 270px; border-right: none;"><a href="/MayxBlog.tgz">Download <strong>TGZ File</strong></a></li>
</ul>
</header>
<section class="h-entry">
<small><time class="date dt-published" datetime="2020-04-19T00:00:00+08:00">19 April 2020</time> - 字数统计3184 - 阅读大约需要11分钟 - Hits: <span id="/2020/04/19/exam.html" class="visitors">Loading...</span></small>
<h1 class="p-name">关于制作考试(答题)系统的研究</h1>
<p class="view">by <a class="p-author h-card" href="//github.com/Mabbs">mayx</a></p>
<div id="outdate" style="display:none;">
<hr /><p>
这是一篇创建于 <span id="outime"></span> 天前的文章,其中的信息可能已经有所发展或是发生改变。
</p>
</div>
<script>
daysold = Math.floor((new Date().getTime() - new Date("Sun, 19 Apr 2020 00:00:00 +0800").getTime()) / (24 * 60 * 60 * 1000));
if (daysold > 90) {
document.getElementById("outdate").style.display = "block";
document.getElementById("outime").innerHTML = daysold;
}
</script>
<hr />
<b>AI摘要</b>
<p id="ai-output">这篇文章主要讲述了作者对一个学校的答题系统进行研究的经历。作者一开始利用网络考试中常见的将答案隐藏在源代码中的漏洞在答题系统中找到了通过获取已知答案来作弊的方法成功注册了花火学园并因这个发现加入了运维团队。尽管作者随后指出系统的阅卷逻辑存在漏洞可以通过无限重复已知答案的问题来获取满分但问题并未被开发者完全修复。文章的最后提到作者偶然间发现自己的修改并未解决问题实际上漏洞仍然存在被另一位测试者Sora Jin重新发现。作者反思认为设计答题系统时应避免过于精密以避免被轻易破解。</p>
<hr />
<ul><li><a href="#答题系统的来由">答题系统的来由</a></li><li><a href="#修复漏洞">修复漏洞</a></li><li><a href="#参考代码">参考代码</a></li><li><a href="#结尾">结尾</a></li><li><a href="#后记">后记</a></li></ul>
<hr />
<main class="post-content e-content" role="main"><p>在答题系统的安全性上,没有人胜利……<!--more--></p>
<h1 id="答题系统的来由">
<a href="#答题系统的来由"><svg class='octicon' viewBox='0 0 16 16' version='1.1' width='16' height='32' aria-hidden='true'><path fill-rule='evenodd' d='M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z'></path></svg></a> 答题系统的来由
</h1>
<p>在我维护的花火学园上,有一套答题系统。另外我能成为花火学园的运维也是因为这个系统,这件事也是个很神奇的事情。 </p><p>
具体内容也充满了机遇性在我上高中的一天我偶然发现了花火学园论坛发现了之后我就想注册然而这个论坛注册要求挺高需要邀请码如果没有就要去答20道题来获得邀请码。 </p><p>
那个题很难,正常人会的可能只有不到一半,如果有兴趣也可以看看<a href="https://www.say-huahuo.com/answer/">花火考场</a>对于这些题同样我也不会。不过不会没关系我以前在做网上的考试时从来都不会安心看题总会想着按下F12看看有没有什么不答题也能通过的方法。 </p><p>
按正常来说,应该没有人会把答案放到网页源代码中,但是在我做的好多次网络考试中,他们都把答案放到了源代码之中。我想这也许是为了降低服务器的运算压力吧……但是这样考试有点计算机知识的人都能把答案找出来,那考试还有啥意义…… </p><p>
总之就是因为这样奇怪的程序员很多所以我每次在网上答题前都会按下F12看看有没有什么更简单的通过方法。 </p><p>
当时我看了看花火考场的源代码是打包后的vue代码看来是没法从网页源代码这里入手了那第二点就是查看网络请求的数据了。 </p><p>
我大概看了一下这个答题系统的获得题目和提交都是由同一个php程序工作的过程是答题之前获得一组题目答完后将答案和一组表示题目的ID组合到一起提交到这个程序上提交后如果分数超过70分就会生成一个邀请码。看着这个过程我突然脑洞大开想着既然这个程序阅卷时只用ID和答案那么我如果会做其中一道题让这个程序反复批已知答案的同一道题那么我就可以得满分了吧。 </p><p>
结果还真是这样,有点不可思议,于是我就成功的注册了花火学园。 </p><p>
注册后我就给管理员说了这个问题,也是这样的一次机会我加入了花火学园的程序组当中。 </p><p>
这个答题系统是由<a href="https://github.com/you06">you06</a>大佬开发的,不过我反馈了这个问题以后,貌似问题仍然没有被解决……而我一般看代码也是有一定的机遇,只有心情适合写代码或看代码的时候才愿意去写,所以我成为管理员以后我也没有解决。 </p><p>
关于答题系统这个东西我一直觉得开发起来很简单,像客观题就是比对一下答案是不是一致就行了,所以说我上了大学以后,我一直想着和同学一起做个答题系统练练手,可惜现代大学生最喜欢干的事情就是摸鱼,所以一直都没有做答题系统。 </p><p>
不过前几天正好我的心情符合看代码的状态,然后就看了看我能不能解决这个问题。</p>
<h1 id="修复漏洞">
<a href="#修复漏洞"><svg class='octicon' viewBox='0 0 16 16' version='1.1' width='16' height='32' aria-hidden='true'><path fill-rule='evenodd' d='M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z'></path></svg></a> 修复漏洞
</h1>
<p>我闲来无事打开看了看阅卷的这个小程序整个代码很短也很好理解。当时加入程序组后我和you06说用session解决这个问题也许不错虽然问题没解决但是能看到他已经写了一部分了也许是因为调试时出问题了所以写了一半之后就再没管。 </p><p>
我看了看之所以you06的代码出了问题其实主要原因是因为环境变量上少加了下划线所以没读到数据才导致程序出问题的既然问题找到了我很轻松的就改了过来。</p>
<h1 id="参考代码">
<a href="#参考代码"><svg class='octicon' viewBox='0 0 16 16' version='1.1' width='16' height='32' aria-hidden='true'><path fill-rule='evenodd' d='M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z'></path></svg></a> 参考代码
</h1>
<p>既然漏洞解决了,那我觉得即使大家看到程序的源代码也没关系,我检查了很多遍,也没看出问题,所以现在我将阅卷系统的核心代码展示出来:</p>
<div class="language-php highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="cp">&lt;?php</span>
<span class="nb">Session_start</span><span class="p">();</span>
<span class="nv">$filename</span> <span class="o">=</span> <span class="s2">"problem.json"</span><span class="p">;</span>
<span class="k">if</span> <span class="p">(</span><span class="nv">$_SERVER</span><span class="p">[</span><span class="s1">'REQUEST_METHOD'</span><span class="p">]</span> <span class="o">===</span> <span class="s1">'GET'</span><span class="p">)</span> <span class="p">{</span>
<span class="c1">// query problem data</span>
<span class="nv">$json_string</span> <span class="o">=</span> <span class="nb">file_get_contents</span><span class="p">(</span><span class="nv">$filename</span><span class="p">);</span>
<span class="nv">$questionSet</span> <span class="o">=</span> <span class="nb">json_decode</span><span class="p">(</span><span class="nv">$json_string</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span>
<span class="nv">$questiones</span> <span class="o">=</span> <span class="k">array</span><span class="p">();</span>
<span class="k">for</span> <span class="p">(</span><span class="nv">$i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nv">$i</span> <span class="o">&lt;</span> <span class="mi">20</span><span class="p">;</span> <span class="nv">$i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span>
<span class="nv">$index</span> <span class="o">=</span> <span class="nb">mt_rand</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nb">sizeof</span><span class="p">(</span><span class="nv">$questionSet</span><span class="p">)</span> <span class="o">-</span> <span class="mi">1</span><span class="p">);</span>
<span class="nb">array_push</span><span class="p">(</span><span class="nv">$questiones</span><span class="p">,</span> <span class="k">array</span><span class="p">(</span>
<span class="s1">'title'</span> <span class="o">=&gt;</span> <span class="nv">$questionSet</span><span class="p">[</span><span class="nv">$index</span><span class="p">][</span><span class="s1">'title'</span><span class="p">],</span>
<span class="s1">'code'</span> <span class="o">=&gt;</span> <span class="nv">$questionSet</span><span class="p">[</span><span class="nv">$index</span><span class="p">][</span><span class="s1">'code'</span><span class="p">],</span>
<span class="s1">'options'</span> <span class="o">=&gt;</span> <span class="nv">$questionSet</span><span class="p">[</span><span class="nv">$index</span><span class="p">][</span><span class="s1">'options'</span><span class="p">],</span>
<span class="s1">'img'</span> <span class="o">=&gt;</span> <span class="nv">$questionSet</span><span class="p">[</span><span class="nv">$index</span><span class="p">][</span><span class="s1">'img'</span><span class="p">]</span>
<span class="p">));</span>
<span class="nb">array_splice</span><span class="p">(</span><span class="nv">$questionSet</span><span class="p">,</span> <span class="nv">$index</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span>
<span class="p">}</span>
<span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">'questiones'</span><span class="p">]</span> <span class="o">=</span> <span class="nv">$questiones</span><span class="p">;</span>
<span class="k">echo</span> <span class="nb">json_encode</span><span class="p">(</span><span class="nv">$questiones</span><span class="p">);</span>
<span class="k">die</span><span class="p">();</span>
<span class="p">}</span>
<span class="k">if</span> <span class="p">(</span><span class="nv">$_SERVER</span><span class="p">[</span><span class="s1">'REQUEST_METHOD'</span><span class="p">]</span> <span class="o">===</span> <span class="s1">'POST'</span><span class="p">)</span> <span class="p">{</span>
<span class="c1">// check result</span>
<span class="nv">$answers</span> <span class="o">=</span> <span class="nb">json_decode</span><span class="p">(</span><span class="nb">file_get_contents</span><span class="p">(</span><span class="s2">"php://input"</span><span class="p">),</span> <span class="kc">true</span><span class="p">);</span>
<span class="nv">$score</span> <span class="o">=</span> <span class="nf">calcscore</span><span class="p">(</span><span class="nv">$answers</span><span class="p">);</span>
<span class="nv">$pass</span> <span class="o">=</span> <span class="nv">$score</span> <span class="o">&gt;=</span> <span class="mi">70</span><span class="p">;</span>
<span class="nv">$invitecode</span> <span class="o">=</span> <span class="s1">''</span><span class="p">;</span>
<span class="k">if</span> <span class="p">(</span><span class="nv">$pass</span><span class="p">)</span> <span class="p">{</span>
<span class="nv">$invitecode</span> <span class="o">=</span> <span class="nf">invite</span><span class="p">();</span>
<span class="p">}</span>
<span class="k">echo</span> <span class="nb">json_encode</span><span class="p">(</span><span class="k">array</span><span class="p">(</span>
<span class="s1">'score'</span> <span class="o">=&gt;</span> <span class="nv">$score</span><span class="p">,</span>
<span class="s1">'pass'</span> <span class="o">=&gt;</span> <span class="nv">$pass</span><span class="p">,</span>
<span class="s1">'invitecode'</span> <span class="o">=&gt;</span> <span class="nv">$invitecode</span>
<span class="p">));</span>
<span class="k">if</span> <span class="p">(</span><span class="k">isset</span><span class="p">(</span><span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">'questiones'</span><span class="p">]))</span> <span class="p">{</span>
<span class="k">unset</span><span class="p">(</span><span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">'questiones'</span><span class="p">]);</span>
<span class="p">}</span>
<span class="k">die</span><span class="p">();</span>
<span class="p">}</span>
<span class="k">function</span> <span class="n">calcscore</span><span class="p">(</span><span class="nv">$answers</span><span class="p">)</span> <span class="p">{</span>
<span class="nv">$score</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
<span class="nv">$filename</span> <span class="o">=</span> <span class="s2">"problem.json"</span><span class="p">;</span>
<span class="nv">$json_string</span> <span class="o">=</span> <span class="nb">file_get_contents</span><span class="p">(</span><span class="nv">$filename</span><span class="p">);</span>
<span class="nv">$questionSet</span> <span class="o">=</span> <span class="nb">json_decode</span><span class="p">(</span><span class="nv">$json_string</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span>
<span class="k">for</span> <span class="p">(</span><span class="nv">$i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nv">$i</span> <span class="o">&lt;</span> <span class="nb">sizeof</span><span class="p">(</span><span class="nv">$answers</span><span class="p">);</span> <span class="nv">$i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span>
<span class="k">if</span> <span class="p">(</span><span class="nv">$answers</span><span class="p">[</span><span class="nv">$i</span><span class="p">][</span><span class="s1">'answer'</span><span class="p">])</span> <span class="p">{</span>
<span class="k">for</span> <span class="p">(</span><span class="nv">$j</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nv">$j</span> <span class="o">&lt;</span> <span class="nb">sizeof</span><span class="p">(</span><span class="nv">$questionSet</span><span class="p">);</span> <span class="nv">$j</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span>
<span class="k">if</span> <span class="p">(</span><span class="nv">$answers</span><span class="p">[</span><span class="nv">$i</span><span class="p">][</span><span class="s1">'code'</span><span class="p">]</span> <span class="o">==</span> <span class="nv">$questionSet</span><span class="p">[</span><span class="nv">$j</span><span class="p">][</span><span class="s1">'code'</span><span class="p">]</span> <span class="o">&amp;&amp;</span>
<span class="nv">$answers</span><span class="p">[</span><span class="nv">$i</span><span class="p">][</span><span class="s1">'answer'</span><span class="p">]</span> <span class="o">==</span> <span class="nv">$questionSet</span><span class="p">[</span><span class="nv">$j</span><span class="p">][</span><span class="s1">'answer'</span><span class="p">])</span> <span class="p">{</span>
<span class="nv">$score</span> <span class="o">+=</span> <span class="mi">5</span><span class="p">;</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="nv">$matchCount</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
<span class="k">if</span> <span class="p">(</span><span class="nv">$_SESSION</span> <span class="o">&amp;&amp;</span> <span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">'questiones'</span><span class="p">])</span> <span class="p">{</span>
<span class="k">for</span> <span class="p">(</span><span class="nv">$i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nv">$i</span> <span class="o">&lt;</span> <span class="nb">sizeof</span><span class="p">(</span><span class="nv">$answers</span><span class="p">);</span> <span class="nv">$i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span>
<span class="k">for</span> <span class="p">(</span><span class="nv">$j</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nv">$j</span> <span class="o">&lt;</span> <span class="nb">sizeof</span><span class="p">(</span><span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">'questiones'</span><span class="p">]);</span> <span class="nv">$j</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span>
<span class="k">if</span> <span class="p">(</span><span class="nv">$answers</span><span class="p">[</span><span class="nv">$i</span><span class="p">][</span><span class="s1">'code'</span><span class="p">]</span> <span class="o">==</span> <span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">'questiones'</span><span class="p">][</span><span class="nv">$j</span><span class="p">][</span><span class="s1">'code'</span><span class="p">])</span> <span class="p">{</span>
<span class="nv">$matchCount</span><span class="o">++</span><span class="p">;</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span> <span class="k">else</span> <span class="p">{</span>
<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="p">}</span>
<span class="k">if</span> <span class="p">(</span><span class="nv">$matchCount</span> <span class="o">==</span> <span class="nb">sizeof</span><span class="p">(</span><span class="nv">$answers</span><span class="p">))</span> <span class="p">{</span>
<span class="k">return</span> <span class="nv">$score</span><span class="p">;</span>
<span class="p">}</span> <span class="k">else</span> <span class="p">{</span>
<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">function</span> <span class="n">invite</span><span class="p">()</span> <span class="p">{</span>
<span class="c1">//generate invite code</span>
<span class="p">}</span>
</code></pre></div></div>
<h1 id="结尾">
<a href="#结尾"><svg class='octicon' viewBox='0 0 16 16' version='1.1' width='16' height='32' aria-hidden='true'><path fill-rule='evenodd' d='M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z'></path></svg></a> 结尾
</h1>
<p>其实答题系统想让用户钻不了空还是相当简单的事情,不过我个人还是希望那些答题系统能不要写的太精密,这样谁都不会胜利,互相为难也不好嘛……</p>
<h1 id="后记">
<a href="#后记"><svg class='octicon' viewBox='0 0 16 16' version='1.1' width='16' height='32' aria-hidden='true'><path fill-rule='evenodd' d='M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z'></path></svg></a> 后记
</h1>
<p>我的愚蠢超乎我想象这个代码的漏洞应该说完全没有解决看似复杂的代码就如同破铜烂铁一般轻易就能击碎QAQ。 </p><p>
我完全没有测试就胡乱改,改完之后除了让代码看起来更加复杂外没有解决任何问题。今天一位名叫<a href="https://github.com/MoeLoli">Sora Jin</a>的大佬像曾经的我一样测试了这个垃圾答题系统,重新发现了这个漏洞…… </p><p>
不过这次的修复不怎么美观,代码我就不放上来了,不是很难的问题,有兴趣的读者可以自己研究一下。</p></main>
<small style="display: block">tags: <a rel="category tag" class="p-category" href="/search.html?keyword=%E8%80%83%E8%AF%95"><em>考试</em></a> - <a rel="category tag" class="p-category" href="/search.html?keyword=%E7%AD%94%E9%A2%98"><em>答题</em></a> <span style="float: right;"><a href="https://gitlab.com/mayx/mayx.gitlab.io/tree/master/_posts/2020-04-19-exam.md">查看原始文件</a></span></small>
<h4 style="border-bottom: 1px solid #e5e5e5;margin: 2em 0 5px;">推荐文章</h4>
<p id="suggest-container">Loading...</p>
<script>
var suggest = $("#suggest-container");
$.get(BlogAPI + "/suggest?id=/2020/04/19/exam.html&update=" + lastUpdated.valueOf(), function (data) {
if (data.length) {
getSearchJSON(function (search) {
suggest.empty();
var searchMap = {};
for (var i = 0; i < search.length; i++) {
searchMap[search[i].url] = search[i];
}
var tooltip = $('<div class="content-tooltip"></div>').appendTo('body').hide();
for (var j = 0; j < data.length; j++) {
var item = searchMap[data[j].id];
if (item) {
var link = $('<a href="' + item.url + '">' + item.title + '</a>');
var contentPreview = item.content.substring(0, 100);
if (item.content.length > 100) {
contentPreview += "……";
}
link.hover(
function(e) {
tooltip.text($(this).data('content'))
.css({
top: e.pageY + 10,
left: e.pageX + 10
})
.show();
},
function() {
tooltip.hide();
}
).mousemove(function(e) {
tooltip.css({
top: e.pageY + 10,
left: e.pageX + 10
});
}).data('content', contentPreview);
suggest.append(link);
suggest.append(' - ' + item.date + '<br />');
}
}
});
} else {
suggest.html("暂无推荐文章……");
}
});
</script>
<br />
<div class="pagination">
<span class="prev">
<a href="/2020/04/06/self.html">
上一篇Mayx的自我探索之旅
</a>
</span>
<br />
<span class="next">
<a href="/2020/04/21/laptop.html">
下一篇:记一次买笔电的经历
</a>
</span>
</div>
<!--[if !IE]> -->
<link rel="stylesheet" href="/assets/css/gitalk.css">
<script src="/assets/js/gitalk.min.js"></script>
<div id="gitalk-container"></div>
<script>
var gitalk = new Gitalk({
clientID: '36557aec4c3cb04f7ac6',
clientSecret: 'ac32993299751cb5a9ba81cf2b171cca65879cdb',
repo: 'mabbs.github.io',
owner: 'Mabbs',
admin: ['Mabbs'],
id: '/2020/04/19/exam', // Ensure uniqueness and length less than 50
distractionFreeMode: false, // Facebook-like distraction free mode
proxy: "https://cors-anywhere.mayx.eu.org/?https://github.com/login/oauth/access_token"
})
gitalk.render('gitalk-container')
</script>
<!-- <![endif]-->
</section>
<!--[if !IE]> -->
<div id="landlord" style="left:5px;bottom:0px;">
<div class="message" style="opacity:0"></div>
<canvas id="live2d" width="500" height="560" class="live2d"></canvas>
<div class="live_talk_input_body">
<form id="live_talk_input_form">
<div class="live_talk_input_name_body" >
<input type="checkbox" id="load_this" />
<input type="hidden" id="post_id" value="/2020/04/19/exam.html" />
<label for="load_this">
<span style="font-size: 11px; color: #fff;">&#160;想问这篇文章</span>
</label>
</div>
<div class="live_talk_input_text_body">
<input name="talk" type="text" class="live_talk_talk white_input" id="AIuserText" autocomplete="off" placeholder="要和我聊什么呀?" />
<button type="submit" class="live_talk_send_btn" id="talk_send">发送</button>
</div>
</form>
</div>
<input name="live_talk" id="live_talk" value="1" type="hidden" />
<div class="live_ico_box" style="display:none;">
<div class="live_ico_item type_info" id="showInfoBtn"></div>
<div class="live_ico_item type_talk" id="showTalkBtn"></div>
<div class="live_ico_item type_music" id="musicButton"></div>
<div class="live_ico_item type_youdu" id="youduButton"></div>
<div class="live_ico_item type_quit" id="hideButton"></div>
<input name="live_statu_val" id="live_statu_val" value="0" type="hidden" />
<audio src="" style="display:none;" id="live2d_bgm" data-bgm="0" preload="none"></audio>
<input id="duType" value="douqilai" type="hidden" />
</div>
</div>
<div id="open_live2d">召唤伊斯特瓦尔</div>
<!-- <![endif]-->
<footer>
<p>
<small>Made with ❤ by Mayx<br />Last updated at 2026-01-01 00:00:18<br /> 总字数614622 - 文章数178 - <a href="/atom.xml" >Atom</a> - <a href="/README.html" >About</a></small>
</p>
</footer>
</div>
<script src="/assets/js/scale.fix.js"></script>
<!--[if !IE]> -->
<script src="/assets/js/main_new.js"></script>
<script src="/Live2dHistoire/live2d/js/live2d.js"></script>
<script src="/Live2dHistoire/live2d/js/message.js"></script>
<!-- <![endif]-->
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink