Restrict Quizzes by unique tokens for each user.

Restrict Quizzes by unique tokens for each user.

by Majid Rafiee -
Number of replies: 17

Hi,

I have created an exam and for flexibility, I set the start and end point to one week with three hours exam time. 
However, I noticed, my students were registered with fake accounts and tried the exam. I can't limit course resignation due to some policies, so I'm thinking of protecting my exam with a one-time unique tokens for each students.
In other word, I want to import an excel containing students' ID number. Then students must insert it when they are trying to attempt exam, and then, the access code is invalid any more. 

However, a possible bug in this approach is that  it is possible that students try other students ID to check the questions. ( although questions are randomized from question bank, the number of questions is 30 only, 6 for each attempt). One scenario is to insert two access codes (tokens) and moodle check the combination of them if it's correct to allow student to enter the exam, for instant student must enter their first or surname, and then student ID, and moodle checks if the combination is same as the data already imported , and if it's correct, allow the student to enter the exam. I'm using Moodle 3.8.2

Thanks in advance

Average of ratings: Useful (1)
In reply to Majid Rafiee

Re: Restrict Quizzes by unique tokens for each user.

by Majid Rafiee -

I realy need a fast response for my question...any help please?

Average of ratings: -
In reply to Majid Rafiee

Re: Restrict Quizzes by unique tokens for each user.

by Rick Jerz -
Picture of Particularly helpful Moodlers Picture of Testers
If you are allowing fake students into your course, I doubt that there will be any way to fake their entry into your exams. My advice would be to get rid of the fake students, and use an enrollment method that is a little more secure. Also, tell the instructor of the course to pay attention to fake students. Once a course begins, you can prevent enrollment of additional students.

I am not the expert on this topic. I just wanted to reply to your urgent request.
Average of ratings: -
In reply to Majid Rafiee

Re: Restrict Quizzes by unique tokens for each user.

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
3.5 hours is nothing for a community forum. If you need faster response, you should go to a commercial service.

To your topic: You are mixing up two things. a) students (user) registration which is at site level b) enrolment in the course where the examination is. The unique token you are looking for comes in a), it is the log in password!

BTW, if the students do the exam from home and choose the time in a full week, there are many ways of cheating. A good student can travel from one friend's home to the next and since with practice he'll need much less time than the max. 3 hours, he might sweep a class of 100 (and earn some pocket money). smile
Average of ratings: -
In reply to Visvanath Ratnaweera

Re: Restrict Quizzes by unique tokens for each user.

by Rick Jerz -
Picture of Particularly helpful Moodlers Picture of Testers
The kind of cheating that Majid brought up actually got me thinking. In my courses, I use self-enrollment. But I have always left the enrollment period open. So, in theory, a student could self-enrol into my course by a different name, take the exam, know what is on it, and then re-login under their normal login. This would give a student some idea of what is on the exam. It's a kind of "cheating" that I never thought about. So, I went into my current courses and turned "Allow new enrollments" to off. In the future, I will try to remember to do this about one week into the course.

In big courses (I have one at 120 students, and another at 80 students) I might not detect a student sneaking in by another name.
Average of ratings: Useful (1)
In reply to Rick Jerz

Re: Restrict Quizzes by unique tokens for each user.

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
Isn't it fun catching a thief, being a wanna be Sherlock Holmes?
smile

No, seriously. The student enrol himself just prior to the exam? Where did he learn the stuff?
Average of ratings: -
In reply to Visvanath Ratnaweera

Re: Restrict Quizzes by unique tokens for each user.

by Rick Jerz -
Picture of Particularly helpful Moodlers Picture of Testers
Yes I know what you mean. These seem to be very smart students. I don’t understand why they don’t apply their energy to learning course material.
Average of ratings: -
In reply to Rick Jerz

Re: Restrict Quizzes by unique tokens for each user.

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
> why they don’t apply their energy to learning course material

The fog comes at the end of each stage of life. When it clears, the next stage dawned. The previous one disappeared in darkness. smile
Average of ratings: -
In reply to Rick Jerz

Re: Restrict Quizzes by unique tokens for each user.

by David Campbell -
Picture of Particularly helpful Moodlers
Rick,
There is setting where you can set the enrollment period. If you use that you don’t have to remember to go back later and turn off new enrollments.
Average of ratings: Useful (2)
In reply to David Campbell

Re: Restrict Quizzes by unique tokens for each user.

by Rick Jerz -
Picture of Particularly helpful Moodlers Picture of Testers
Yes, I did see that. I will probably start setting that to be one week after my course begins. Certainly set it prior to any first exam.

Thanks.
Average of ratings: -
In reply to Rick Jerz

Re: Restrict Quizzes by unique tokens for each user.

by ali umer -

Hello Everyone

I'm a teacher of botany, and I have to create a quiz on Moodel but in the last paper, some students got 12/12 marks even I set the time limit of 10 minutes and questions are not easy to solve. 

I think some of the students get access to correct answers, kindly let me know is there any chance to see the answers on question bank by inspect element and view page source. 

Kindly tell me the solution of this problem to avoid students from cheating

 Thanks

Average of ratings: -
In reply to Rick Jerz

Re: Restrict Quizzes by unique tokens for each user.

by Ken Masters -
Rick, while this might work the first time you do it, it won't work afterwards, and you will have to build in other safeguards (Because word will soon spread. So, if I wanted to do this with your course, then, when I enrolled legitimately, I would simultaneously enroll a second time. If I'm a little more alert, I will enroll with 5 extra accounts, and then, closer to the exam, sell those other accounts to other students smile.

The only way to prevent this is to set tasks that are unique to each student, and require a passing grade in order to qualify for the exam. That means that I would have to do 7 tasks. But then, you would have grade them sad.
Average of ratings: Useful (1)
In reply to Ken Masters

Re: Restrict Quizzes by unique tokens for each user.

by Rick Jerz -
Picture of Particularly helpful Moodlers Picture of Testers
I probably don't understand. If a student buys 5 accounts, takes the exam under each of these, what value would these accounts have to other students? The exam has already been taken by this student.

Oh well, this probably depends upon what you have set up, and I am over-thinking your needs.

Your post illustrates that "cheaters" might always figure out a way to cheat their way out of any system that might be imposed upon them.

The idea of a unique token wouldn't help, either. A student could sign in, provide the unique token, access the exam, and then have a friend take it for them.
Average of ratings: Useful (1)
In reply to Majid Rafiee

Re: Restrict Quizzes by unique tokens for each user.

by Majid Rafiee -
First of all, I'm gonna thank all for their responses. And sorry for asking an urgent response since I was at the middle of exam smile.
My temporary solution was by blocking new registration and adding lots more questions to my question bank. However, I think this feature is a must in moodle. I know one week period is a huge bug to my examination, but I have some situation that couldn't manage a specific time for this specific exam.
Let me explain it more:
My users can register to my website anytime, since there are other services they can use. They are transferred to moodle by SSO login. So registration is handled outside of moodle. I have over 200 hindered students in several courses and live monitoring on them is almost impossible. What they did, is that they registered with fake accounts, attempted in the exam several times (with different fake accounts) and saved all possible combination of questions which were randomized from question bank. I was so surprised when I saw all my questions in their cheat Telegram group !!
When we are taking a physical exam, usually we ask students to write-down their name and student id, ask a person to verify their photo by the real person participating in the exam, and ask students to sign the attendance sheet. I mean three different approach to verify it's the right student. Approach is almost same even it the TOEFL and IELTS exam.
It is worthy to note that I did something similar even when I was conducting a survey using LImeSurvey (opensourse). I defined a " access code" list which was students id, and imported to limesurvey, then each student should insert his/her student id to make sure no one can participate more than once.
Now, we have several options to restrict the exam in moodle, however, in my opinion, a one-time pre-defined token, is the most important one. However, a bug here is that a student can change just his/her last number, and take apart instead of another student to just check the question, so, the main student can't log in to exam anymore. Hence, we need at least two tokens, One student id, and second one, student name ( or something specific to each student). Because, finding the name of a random student id is not easy (hopefully).

Update:

Another approach that just crossed my mind (which sound more resealable) is that I import student ids list who are eligible to participate in each exam. A student who tries to attempt the exam, is check by exam first, if the student id is in the list I've already imported to each specific exam, they student can attempt the exam. Otherwise, he/she is not eligible to try the exam, even-though he/she is already registered in the course (not exam).
Average of ratings: -
In reply to Majid Rafiee

Re: Restrict Quizzes by unique tokens for each user.

by Rick Jerz -
Picture of Particularly helpful Moodlers Picture of Testers

What you do "in person" is not the same when don't "not in person."  However, this issue of verifying that the student is the real student has all kinds of solutions that you can purchase, and implement, such as fingerprint and photo id systems.

You could always create a group called "real students," then manually add students to this group, and then restrict the exam to only students in this group.

You could try "safe browser" approaches, too.  And you can restrict a quiz to specific IP addresses.

However, since you do not monitor who is in a course, a fake student would still be able to "be a student" in your course, so they could have a photo and id.

You could also use a testing center, where students have to "check-in."  Or you could have students take exams in front of their own selected, and verified proctors.

Or, you can design randomized questions where fake students and real students would never have the same questions.  This is the solution that I would prefer, because if you have the very same question for all students, who you allow to take your exam at different times, how would you prevent a student using their smartphone and texting other students the question?  Even in your face-to-face situation, if you allow students to take an exam with the exact same questions, how do you prevent one student who has taken the exam to not talk with any student who has not taken the exam.  You see, your old manual method falls apart, too.

Average of ratings: Useful (2)
In reply to Rick Jerz

Re: Restrict Quizzes by unique tokens for each user.

by Marcus Green -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers
'And sorry for asking an urgent response since I was at the middle of exam'
Previously I have suggested that 'my pants are on fire' to be a good reason to consider something urgent, but 'I was in the middle of an exam' is quite a good example of urgency.
Average of ratings: -
In reply to Majid Rafiee

Re: Restrict Quizzes by unique tokens for each user.

by Rick Jerz -
Picture of Particularly helpful Moodlers Picture of Testers

I did think about another approach.

You can use the Paypal plugin, and then tell students that there is a fee to join the course, like $200, and then refund their fee at the end of the course.  They would have to prove who they are to get their fee back.

Average of ratings: Useful (2)
In reply to Rick Jerz

Re: Restrict Quizzes by unique tokens for each user.

by Dominique Bauer -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers
In our school, students have to pay registration fees. Early in the term, there is a deadline to drop the course with reimbursement. There is also a deadline to withdraw from the course, that is, after which the student will have a grade in his(her) overall gradebook.

If you place important quizzes after this date and as long as only students duly admitted to the school have the right to register for the course, a fake student would in fact be a real student ending up with an F grade for the course.

So we don't have too many fake students in our school. I think it's more or less the same in all universities.
Average of ratings: Useful (1)