Admin Game pass

So I have decided to make a game pass that allows you to have admin commands when purchased

(e.g "Owners admin, Mega admin and so on)

But I am not 100% sure on how to do so. Any help will be a blessing.

Thanks for reading…

1 Like

You could have done a quick google search to find them! I found some for you here:

Hope this helped, and have a great day! :smile:

5 Likes

Ah thank you very much I your help is greatly appreciated! :slight_smile:

If I helped, please mark the post as a solution so others know it’s solved.

1 Like

This may have been said already but I’ll bet most popular admin scripts provide an option to set up a product that unlocks it for players.

A quick way to do it is go into the game. After that, insert Kohl’s Admin Commands into your game. Then make the admin commands gamepass. Copy the Gamepass ID into the script for the Kohls Admin gamepass model, and you are finished. Not sure if this helps though

To check if the user has a gamepass, refer to this documentation on UserOwnGamepassAsync().

Simple usage is in a local script:

local target = game.Players.LocalPlayer
local MarketplaceService = game:GetService("MarketplaceService")
if MarketplaceService:UserOwnsGamePassAsync(target.UserId, gamepassId) == true do
    -- stuff here (this will execute if the player DOES have the gamepass)
else
    -- stuff here (this will execute if the player DOES NOT have the gamepass)

What you’d want to do is probably fire a remote to the server to grant the user admin in your script, perhaps by appending an array of listed admins or if you’re storing them under a datastore, use that!
Definitely watch some tutorials on this, good luck! :grin:

3 Likes

Wouldnt a remote be dangerous and abusable by exploiters?

Not at all. I don’t know what you’re getting at but a lil magical thing called Filtering Enabled exists.
It prevents exploiters from trying to get to serversided events.

While this is true, always, always, always, do server-side checks to make sure a remote event or function hasn’t been abused by an exploiter. While FE does stop most exploits, there are several bypasses.

Go ahead and name them.
The only way anyone could ever abuse anything in your game is by accessing something called backdoor which is obtained by using a free model or someone putting it in there.

A bypass does not affect FE, it just ignores it by having a certain script being activated from the client to the server.

No exploit, without a backdoor, till today, cannot “bypass” FE.

RemoteEvents can be fired from client to server. If adequate server-side checks are not performed, an exploiter can just fire the event at will and do whatever it does repeatedly.

Also, why would you even need a client → server connection to check if a player has an admin gamepass? Just use PlayerAdded to get each player instance as they join.

3 Likes

I don’t know the name of any of the actual exploits, however:

This DevHub article also directly states that it’s possible for an exploiter to fake a remote event.

Remote functions and events are the best option for client-server communication, but they’re not necessarily secure channels. A clever hacker may fake a remote event or change the values that are passed along with it. Because of this, you should use basic server-side validation to confirm that the incoming request is legal.

You referred to a RemoteFunction which is completely different to a RemoteEvent.

Yes it’s possible to “fake” one, but FE usually handles that. Adding additional security is optional for scripts that require a lot of client to server handling,

Yes they can and yes use a PlayerAdded.