I revived “Quizzer”

Quizzer was written by me mostly in between 1999 and 2000. I wrote this system entirely in Perl (CGI script on a Solaris host) because there was no good enough applications out there. As this was a private project, I did no attempts to sell it (even if I had it prepared for that, see the extensive documentation).
You can find Quizzer up and running on https://quizzer.webit.nu/
Documentation updated to some point in time: https://quizzer.webit.nu/docs/

Most of the question databases (plain text following some rules) were rewritten from existing resources, but the questions shown in the video is from what I wrote myself from reading the Solaris 8 System Admin manuals.

Preparing the new server for CGI execution

Besides my standard setup for a Linux server for Apache/PHP/MySQL, I also switched over to using fcgid and php-fpm to be able to use PHP 8.1 as default and use a per-directory or per-vhost configuration to switch over to PHP 7.4 when needed.
Enable CGI-execution module for Apache

a2enmod cgid

Enable CGI-execution for the virtual host
Add these lines to the virtual host configuration. The below additions also adjusts what is considered to be an index page and adds configuration to prevent downloading of files with some specific extensions (this should be done in the server main configuration).

  DirectoryIndex index.cgi index.php index.html index.htm
  <Directory /var/www/quizzer.webit.nu/html>
    AllowOverride All
    Options +ExecCGI
  </Directory>
  AddHandler cgi-script .cgi
  <FilesMatch "\.(?:inc|pl|py|rb)$">
    Order allow,deny
    Deny from all
  </FilesMatch> 

Check that CGI-script works
Use this simple CGI script to check that it works (test.cgi):

#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello, World.";

Also, the script has to be executable, then restart apache to reload configuration:

chmod 700 test.cgi
service apache2 restart

Updating the code for a new Perl version

(Screens from my actual code)
How to make Perl include files in the current directory

At some point in time, Perl got a security fix that no longer allows the current directory (the script directory) to be considered when including other code files. This broke my script badly.

There are several methods around this problem, and I ended up solving it my own way: I wrote a two-line wrapper for ‘/usr/bin/perl’, and saved it as ‘/usr/local/bin/perl’ (which was my command line in all scripts):

#!/bin/sh
PERL_USE_UNSAFE_INC=1 /usr/bin/perl $1

This method required no modification of any of my source files to get them execute correctly and find their included files.

defined not allowed on array anymore
For some reason, it is no longer possible to use ‘defined @array’ to check if the variable has been set. So I had to replace every occurrence of the ‘defined @’ with just ‘@’, which made my code much more unreadable:

Before:

After:

According to Perldoc:

After these modifications everything worked fine, except some small configuration mistakes of the quiz system itself (handling compressed question databases and pointing to some incorrect temporary locations).

Test it, use it if you wish

It took me some to find out how to create new users for storing personal test history. I had made this as simple as you just have to type in anything unique (not already registered) that looks like an email address, and a password you want to use.
The system sets up a demo account for you if that user name is not in use.
“Personal” history for the non-logged in demo user looks like this:
(upper part)

(graphical overview)

(detailed report)

The “Find a hole” challenge is off

As this is old revived code, and no reports of holes in the code were reported at the time it was online (1999-2002), I had to make a hole 🙂
This is valid as long as I make no new databases for the system (then if that happens, I decide what to do at that point).

Get full access to all UNIX questions
All m$ questions are available in demo mode, so no fully activated account needed for these. I recommend you create your own personal ‘demo’ account for the m$ questions to be able to view history.

So: simply use your external IP-address as the user name, and the password “FullAcccess2022” to give yourself a fully enabled user 🙂

Leave a Reply

Your email address will not be published.