I have already shared it with @flabby but I’d like to extend the whole idea and perhaps add more features.
So the level will include a client-side login authentication system using Javascript. The variables for the login might use the substring() function for the values in order to hinder users. Also it might be useful to encode the source code in some encoding (which I won’t tell here so as not to spoil it if the challenge comes true). Another thing is that you might also make a level for brute-forcing http forms. Let’s say give the username and password a range of length and characters and let the users brute-force it.
If I think of anything else I’ll share it here.
