View Issue Details

IDProjectCategoryView StatusLast Update
0000520CATS.cacert.orgUser Interfacepublic2012-12-27 17:37
ReporterTed Assigned ToTed  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Summary0000520: Tests with 0 out of 0 questions are counted as 100%
DescriptionMeinrad Rombach schrieb:
> Hi Edu-Team,
>
> I just wanna report the fact, that I was able to reach
> the assurer challenge PDF/print certificate request form without having earned enough credits.
>
> My 1st challenge ended with 68% right answers.
> Restarting the browser, Login with same certificate and https://cats.cacert.org/index.php?site=start_test&action=requestCert
> lead to
> Congratulations 0 of - answers =100% correct
TagsNo tags attached.

Relationships

related to 0001107 new CACert CATS Manual has only one page, which is mostly empty 

Activities

Ted

2008-03-17 20:02

administrator   ~0001037

Not really a problem since those results are not uploaded into the main CAcert database, but it looks ugly.

Ted

2008-03-27 12:24

administrator   ~0001050

Variant to reproduce:

Wenn ich einen Test nicht bestehe, kann ich mit der Browser-Funktion
"Back" die Auswertungsseite erneut aufrufen.
<https://cats.cacert.org/index.php?site=start_test&action=evaluate>

Dort sehe ich dann ein 100% richtiges Ergebnis, unabhängig vom
tatsächlichen Ergebnis.

jandd

2008-09-07 16:37

administrator   ~0001155

Die angehangene start_test.php behebt den Bug. Die Datenbank muss eventuell noch von Fake-Ergebnissen bereinigt werden.

jandd

2008-09-08 21:08

administrator   ~0001160

the bug could be reproduced and the attached start_test.php fixes the broken behaviour.

2008-09-13 04:08

 

start_test.diff (5,395 bytes)   
Index: start_test.php
===================================================================
--- start_test.php	(Revision 967)
+++ start_test.php	(Arbeitskopie)
@@ -14,7 +14,7 @@
   
    // Auswahl der gew�hlten Aktionen
     switch($action){ 
-      case 'getQuestions': { // Fragebogen genererien
+  case 'getQuestions': // Fragebogen genererien
                     
                             // �berbr�fung auf integer / Wertzuweisung
                             $topic=0; if($_REQUEST["t_id"])$topic=abs(intval($_REQUEST["t_id"]));
@@ -35,13 +35,15 @@
                                 $t_id=$myQuiz->getTopicID();  
                               }
                              break;
-                            }
-     case 'evaluate':{ // Fragebogen auswerten
+  case 'evaluate':
+    // Fragebogen auswerten
      
                        //Wertzuweisung und Initalisierung
-                       $selectedAnswers=0; if($_REQUEST['selectedAnswers'])$selectedAnswers= $_REQUEST['selectedAnswers'];
+    $selectedAnswers=0; if($_REQUEST['selectedAnswers']) {
+      $selectedAnswers= $_REQUEST['selectedAnswers'];
                        $_SESSION ['values']['selectedAnswers']=$selectedAnswers;
-                      
+    }
+    if ($_SESSION['values']['selectedAnswers']) {
                        $topic=0; if($_REQUEST["t_id"])$topic=abs(intval($_REQUEST["t_id"]));
                       
                        $myQuiz->setQuestions();
@@ -55,10 +57,25 @@
                        $myQuiz->setQuestionLimit($numOfQu);
                        $myQuiz->setRawToPass($percentage);
                        $myQuiz->evaluateQuiz();
+    } else {
+      // kein Test bearbeitet
+    }
                        break;
+  case "requestCert":
+    $topic=0; if($_REQUEST["t_id"])$topic=abs(intval($_REQUEST["t_id"]));
+    $progress = new progress();
+    $progress->setTopic($topic);
+    $progress->getProgress();
+    $topics->setTopicID($topic);
+    $percentage=$topics->getRawToPass();
+    $haspassed = false;
+    foreach ($progress->progress as $entry) {
+      $currentperc = 100 * $entry['correct'] / (1.0 * $entry['number']);
+      if ($currentperc >= $percentage) {
+        $haspassed = true;
                       }
-      case "requestCert":      
-      {
+    }
+    if ($haspassed) {
         // A paper/PDF certificate for passing the test has been requested.
         echo "<br>".Class_Quiz_12_ExplainCert;
         echo "<br>\n".
@@ -68,10 +85,13 @@
 "<input type=\"hidden\" name=\"encrypted\" value=\"-----BEGIN PKCS7-----MIIHXwYJKoZIhvcNAQcEoIIHUDCCB0wCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYCXEWRJOMuPsPZGydWVaGGnQnDbYOKIDS5j1jhKUE7zF6ut1qs+3Wr+w5XT0VSe//88hnBUx+WH8ZEgo/ZLtsqaf47+jNN234i9ThlRFUxjBvF2HvuHmRrTtXuGVGv6e0sPvQHc4Z0JJH1tPwjSW3N6+AbOkxBkE12qEcTc90u4djELMAkGBSsOAwIaBQAwgdwGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIa3orX0P3bzOAgbgl2itTYigeRCoEnQbyz7Gmzf0A2gZxzLHDJ5rQ52kGfr7zLsXct30yJQQ6nepsQ9qJgurXEZYA/UCt8+/myqc30lZ8cVfEcLu2QxkbCNBG+bhkjhr2Q6os30semO9DGxpe5CFs1XY95BpWZ44u/yTCqYbiyB8Cs0hHNNhIKyCTcbenjNzuu9qiXhbwOPON9c+AURifTHKP4JP9e3ARDSoJ4/dGsqfLuHquhQweLOxUNEQT2yW1CJlvoIIDhzCCA4MwggLsoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMB4XDTA0MDIxMzEwMTMxNVoXDTM1MDIxMzEwMTMxNVowgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBR07d/ETMS1ycjtkpkvjXZe9k+6CieLuLsPumsJ7QC1odNz3sJiCbs2wC0nLE0uLGaEtXynIgRqIddYCHx88pb5HTXv4SZeuv0Rqq4+axW9PLAAATU8w04qqjaSXgbGLP3NmohqM6bV9kZZwZLR/klDaQGo1u9uDb9lr4Yn+rBQIDAQABo4HuMIHrMB0GA1UdDgQWBBSWn3y7xm8XvVk/UtcKG+wQ1mSUazCBuwYDVR0jBIGzMIGwgBSWn3y7xm8XvVk/UtcKG+wQ1mSUa6GBlKSBkTCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCBXzpWmoBa5e9fo6ujionW1hUhPkOBakTr3YCDjbYfvJEiv/2P+IobhOGJr85+XHhN0v4gUkEDI8r2/rNk1m0GA8HKddvTjyGw/XqXa+LSTlDYkqI8OwR8GEYj4efEtcRpRYBxV8KxAW93YDWzFGvruKnnLbDAF6VR5w/cCMn5hzGCAZowggGWAgEBMIGUMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDgwMTA4MjM0NDM0WjAjBgkqhkiG9w0BCQQxFgQUdQnCI4Hkx+hICZb8xREi7hw6SdcwDQYJKoZIhvcNAQEBBQAEgYAc4F/pnHvkuylxNfBhCdk+bo2K3ltBuaHoDy7m1/o896iPum69nOnTyaCUeAgBJnNA6ycblMAea3m7BIIs8lDsfK0fQcTFsubE5+X8NI0U+X0aeQ4Y+vGSQZg9RoVU+SJqH36r3trEowRdRtlGTjL0sVp7m6TgqfADNolZmNiQkw==-----END PKCS7-----\n".
 "\">\n".
 "</form>\n";        
+    } else {
+      // Test wurde nie bestanden
+      echo "<br />" . Class_Quiz_09;
+    }
         break;
       }
     }  
-}
 else echo "<center><h5>".Global_01."</h5></center>";
 
 ?>
start_test.diff (5,395 bytes)   

jandd

2008-09-13 04:09

administrator   ~0001163

the attached patch for start_test.php fixes the problem

Sourcerer

2008-09-17 20:56

administrator   ~0001174

I have reviewed the patch for security and code-quality, and it looks good to me. I haven't fully reviewed the application-logic impact of the patch.

Ted

2008-09-18 20:43

administrator   ~0001175

Checked in to SVN revision 986. Still has to be installed on production system.

Issue History

Date Modified Username Field Change
2008-03-17 20:00 Ted New Issue
2008-03-17 20:01 Ted Status new => needs work
2008-03-17 20:01 Ted Assigned To => MichelleStahl
2008-03-17 20:02 Ted Note Added: 0001037
2008-03-27 12:24 Ted Note Added: 0001050
2008-09-07 16:37 jandd File Added: start_test.php
2008-09-07 16:37 jandd Note Added: 0001155
2008-09-08 10:24 jandd Status needs work => needs feedback
2008-09-08 20:29 Ted Status needs feedback => needs work
2008-09-08 20:29 Ted Assigned To MichelleStahl => jandd
2008-09-08 21:08 jandd Note Added: 0001160
2008-09-08 21:08 jandd Status needs work => confirmed
2008-09-13 04:07 jandd File Deleted: start_test.php
2008-09-13 04:08 jandd File Added: start_test.diff
2008-09-13 04:09 jandd Note Added: 0001163
2008-09-13 04:09 jandd Assigned To jandd => Ted
2008-09-13 04:09 jandd Status confirmed => needs feedback
2008-09-17 20:56 Sourcerer Note Added: 0001174
2008-09-18 20:43 Ted Note Added: 0001175
2008-09-18 20:43 Ted Status needs feedback => solved?
2008-09-18 20:43 Ted Resolution open => fixed
2008-10-27 23:02 Ted Status solved? => closed
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release 8561bf19
2012-12-27 17:37 Werner Dworak Relationship added related to 0001107