So as many of you might know I have been working on a PHP game as I learn a lot about PHP and I actually just finished implementing a scoring system using PHP Sessions. Now just to go over things for those who do not know anything about my quiz, it works in this manner. If a user gets an answer right and displays certain things one including adding points to the score and then it reloads the page and displays the next question. If the user guesses wrong the same thing happens but it subtracts score. Now I did find one major vulnerability which is that if the user reloads the page it will return to the first question but it will keep the current score.
Now I cannot do something where on page reload it resets score because my quiz after a question is answered right or wrong reloads. This would then mean that the session would end after every question which is not what I want and why I am using session in the first place. Now my first thought was to create an if statement that checked whether or not the question was back to 1 which happens after a page reload. I tried this however it does not reset the score back to 0. Here is the code I tried:
if($currentQuestion==1){
$_SESSION['score'] == 0;
}
This is the only way I can think of to fix this exploit however it currently does not work. Here is my PHP code in the entirety and for the sake of things just skip past the arrays and down into the main code:
<?php
session_start();
$questionsAndAnwsers = array(array("question" => " What early cartoon character created by the Disney Studio was Mickey Mouse based off of ?", "answer" => "Oswald The Lucky Rabbit"),
array("question" => "Who invented the first TV ? Please use full name.", "answer" => "Philo Taylor Farnsworth"),
array("question" => "When was Warner Brothers founded ? Format: Month Day, Year", "answer" => "April 4, 1923"),
array("question" => "When was Superman's first appearance date ? Format: Month Year", "answer" => "June 1938"),
array("question" => "What does the acronym OWN, for the cable television channel, stand for ?", "answer" => "Oprah Winfrey Network"),
array("question" => "What type of dog is Scooby Doo from the cartoon series, Scooby Doo ?", "answer" => "Great Dane"),
array("question" => "What type of food does Garfield the cat love ?", "answer" => "Lasagna"),
array("question" => "How many Pokemon were in Generation I ? Use number not word.", "answer" => "151"),
array("question" => "What popular cartoon/show is Woodstock from ?", "answer" => "Peanuts"),
array("question" => "What was Jim Henson's first puppet series back in 1955 ?", "answer" => "Sam And Friends"),
array("question" => "Who created the Mighty Morphin Power Rangers ?", "answer" => "Haim Saban"),
array("question" => "How many Back to the Future movies were there ? Use number not word.", "answer" => "3"),
array("question" => "What football quarterback had a short-lived television show that premiered in 1969 ?", "answer" => "Joe Namath"),
array("question" => "Where there any R rated movies in 1961 ?", "answer" => "No"),
array("question" => "In what year did the animal-documentary series Wild Kingdom premiere ?", "answer" => "1963"),
array("question" => "What sit-com was about two bumbling police men and their squad car ?", "answer" => "Car 54, Where Are You"));
$_SESSION["count"];
if (!isset($_SESSION['score'])) {
$_SESSION['score'] = 0;
}
// current question
$currentQuestion = 0;
if(isset($_POST["currentQuestion"])){
$currentQuestion = $_POST["currentQuestion"];
if(isset($questionsAndAnwsers[$currentQuestion])){
$currentAnswer = $questionsAndAnwsers["$currentQuestion"]["answer"];
if($currentQuestion==15){
session_destroy();
header("Location: http://students.purchase.edu/martin.mcnicholas/scriptingfortheweb/loginmain.html"); /* Redirect browser */
exit();
}else if($_POST["guess"] == $currentAnswer){
$currentQuestion++;
$guess = $_POST['guess'];
print ("<span class='Stylize2'>Your answer: $guess <br>");
print("The answer expected: $currentAnswer<br>");
print("Answer Correct $answerCorrect<br><br>");
$images = [
1 => 'MickeyMouse.png',
2 => 'Philo.jpg',
3 => 'warner.jpg',
4 => 'superman.jpg',
5 => 'own.jpg',
6 => 'scooby.png',
7 => 'garfield.jpg',
8 => 'pok1.jpg',
9 => 'peanuts.jpg',
10 => 'sam.jpg',
11 => 'haim.jpg',
12 => 'back.jpg',
13 => 'joe.jpg',
14 => 'r.png',
15 => 'wild.jpg',
];
if( array_key_exists($currentQuestion, $images))
echo "<img src='{$images[$currentQuestion]}' alt='$images[$currentQuestion]' height='200'><br><br>";
else
echo "Not found";
$_SESSION['score']+=10;
echo $_SESSION['score'];
print(" points");
echo "<br>";
print("Next Question Below<br></span><br><br>");
}
else {
$currentQuestion=0;
$guess = $_POST['guess'];
print ("<span class='Stylize'>Your answer: $guess <br>");
print("You have failed..<br>");
echo '<img src=angry.gif height="200"><br><br>';
$_SESSION['score']-=5;
echo $_SESSION['score'];
print(" points");
echo "<br><br>";
echo "</span>";
$test = '251993__kwahmah-02__distorted-voice-18.wav';
echo '<audio autoplay loop>';
echo "<source src='$test' type='audio/wav'>";
echo 'Your browser does not support the audio element';
echo '</audio>';
}
}else{
exit("Question not found!");
}
}
?>
Edit: I just realized my when a user gets a answer wrong they are ejected back to question 1 which would also result in whenever a user gets an answer wrong the session should reset which is not good.