Blacklist Settings for Mod Call Broke

NackerExostylx · June 15, 2020, 4:40am

Recently, I have been trying to create a Mod Call for my game that when pressed, would send a request to a discord webhook. This works perfectly fine but the Blacklist Settings does not work, whenever I try to blacklist/unblacklist someone it just doesn’t work. All and any help is appreciated, so thank you in advance

Code:

local blacklistedusers = {1,1,1,1} -- User id not name
local players = game:GetService("Players")
local player = players.LocalPlayer
local dss = game:GetService("DataStoreService")
local blacklistds = dss:GetDataStore("BlacklistedUsers")
local http = game:GetService("HttpService")
local webhook = "Some link"
-------------------
local groupid = 4170345
local adminrank = 100

for i,v in pairs(game.Players:GetPlayers()) do
	v.Chatted:Connect(function(msg)
		if msg:sub(1,11) == "/blacklist " and v:GetRankInGroup(groupid) >= 100 then
			local msguserid = msg:sub(12)
			blacklistds:SetAsync(msguserid, true)
			local data = {
				["username"] = "User Blacklisted",
				["content"] = "```".."User Id: "..msg:sub(12).. " has been blacklisted by: "..v.Name.."```"
			}
			local newdata = http:JSONEncode(data)
				http:PostAsync(webhook,newdata)	
					if v.UserId == msguserid then
				v:Kick("Your blacklisted from using the Mod Call - NAC :)")
			end	
		if v.UserId == msguserid then	
		local background = v.PlayerGui.ModCall.Background
		background.Call.Visible = false
		background.Reason.PlaceholderText = "You are blacklisted from using this, appeal in the discord."
		background.Reason.PlaceholderColor3 = Color3.new(0,0,0)
		background.Subtitle.Text = "Your are blacklisted"
		end
	end
	
		if msg:sub(1,13) == "/unblacklist " and v:GetRankInGroup(groupid) >= 100 then
			blacklistds:SetAsync(msg:sub(14), false)
			local data = {
				["username"] = "User Removed from Blacklist",
				["content"] = "```".."User Id: "..msg:sub(14).." has been unblacklisted by: "..v.Name.."```"
			}
			local newdata = http:JSONEncode(data)
			http:PostAsync(webhook,newdata)
			local background = v.PlayerGui.ModCall.Background
			background.Call.Visible = true
			background.Reason.PlaceholderText = "Why do you need an administrator to appear? (Explain in detail)."
			background.Reason.PlaceholderColor3 = Color3.new(212,212,212)
		background.Subtitle.Text = "Abuse of this system can have large consequences!"	
	end
end)
	for i,banneduserid in pairs(blacklistedusers) do
	if v.UserId == banneduserid then
		local background = v.PlayerGui.ModCall.Background
		background.Call.Visible = false
		background.Reason.PlaceholderText = "You are blacklisted from using this, appeal in the discord."
		background.Reason.PlaceholderColor3 = Color3.new(0,0,0)
		background.Subtitle.Text = "Your are blacklisted"
		end
	end
end

for i,v in pairs(game.Players:GetPlayers()) do
				if blacklistds:GetAsync(v.UserId, true) then
		local background = v.PlayerGui.ModCall.Background
		background.Call.Visible = false
		background.Reason.PlaceholderText = "You are blacklisted from using this, appeal in the discord."
		background.Reason.PlaceholderColor3 = Color3.new(0,0,0)
		background.Subtitle.Text = "Your are blacklisted"
	end	
end

game.Players.PlayerAdded:Connect(function(plr)
	if blacklistds:GetAsync(plr.UserId, true) then
		local background = plr.PlayerGui.ModCall.Background
		background.Call.Visible = false
		background.Reason.PlaceholderText = "You are blacklisted from using this, appeal in the discord."
		background.Reason.PlaceholderColor3 = Color3.new(0,0,0)
		background.Subtitle.Text = "Your are blacklisted"
	end
end)

Quwanterz · June 15, 2020, 4:44am

Are there any errors in the output?

Also, by reading your code, there is some things I wanna point out.

First, looping through all the Players to attach a Chatted even is not really viable solution, I would just do PlayerAdded event.

Second, you should wrap SetAsync to a pcall. If this function fails to set the data, it will show the error.

NackerExostylx · June 15, 2020, 4:45am

Alright, I have already tried doing this but it says “Attempt to index nil with UserId”.

Quwanterz · June 15, 2020, 4:46am

It means that the player doesn’t exist.

Quwanterz · June 15, 2020, 4:49am

I have not receive this kind of problem, whenever I test it in Studio it says the correct player UserId. But if you do a 2 player test in Studio, I believe their player UserId is 1 and 2.

RemnantsOfSiren · June 15, 2020, 4:49am

This is only a test case, if you’re simply pressing the play button in studio then it’s based on your user id. if you’re using server test then the numbers are negative.

RemnantsOfSiren · June 15, 2020, 4:50am

@Quwanterz was right, I am pretty sure your issue is solely due to practicality, how you set the code up.

NackerExostylx · June 15, 2020, 4:52am

And what are some of your suggestion on how I: set the code up.

RemnantsOfSiren · June 15, 2020, 5:02am

As he stated previously, I’d recommend trying to use Players.PlayerAdded:Connect(function(Player)
Studio has a case where if you’re testing some times your player joins before PlayerAdded can be fired tho. So with that in mind, you’d want to make something along the lines. This would ultimately go on the server.

local blacklistedusers = {1,1,1,1} -- User id not name
local dss = game:GetService("DataStoreService")
local blacklistds = dss:GetDataStore("BlacklistedUsers")
local http = game:GetService("HttpService")
local webhook = "Some link"
-------------------
local groupid = 4170345
local adminrank = 100
local Connections = {} --never hurts to manage your connections

local function HandleBlacklist(Player) -- Only do this if the player is Blacklisted
	local background = Player.PlayerGui.ModCall.Background
	background.Call.Visible = false
	background.Reason.PlaceholderText = "You are blacklisted from using this, appeal in the discord."
	background.Reason.PlaceholderColor3 = Color3.new(0,0,0)
	background.Subtitle.Text = "Your are blacklisted"
end

local function OnJoin(Player)
    Connections[Player] = Player.Chatted:Connect(function(msg)
        -- Code to process chat commands would go here.
        if Player:GetRankInGroup(groupid) >= adminrank then
            
        end
    end)
    local Success, Data = pcall(function() return dss:GetAsync(Player.UserId) end) 
    if Success and Data then -- being Data is just a bool value in this scenario this should be fine.
        HandleBlacklist(Player)
    end
end)

for i,v in pairs(game.Players:GetPlayers()) do
    OnJoin(v)
end

game.Players.PlayerAdded:Connect(OnJoin)

game.Players.PlayerRemoving:Connect(function(Player)
   if Connections[Player] then Connections[Player]:Disconnect() end
end)

32bitPC · June 15, 2020, 5:08am

You just leaked your webhook and this is running on the client.
So even if you didn’t, it would be eventually.

You can’t make requests from HTTPService from the client, and some of this code would be simplified with functions. Also, you’re doing validation from the client, meaning people could just sidestep your check and get elevated access. I’d point out the use of SetAsync and Datastores on the client, but I feel like that’s the least of your worries currently.

RemnantsOfSiren · June 15, 2020, 5:09am

Good catch, I didn’t see the LocalPlayer. The code I sent above, was meant for Server btw.

NackerExostylx · June 15, 2020, 5:10am

I am aware I leaked my webhook, I have fixed it a few moments ago.

32bitPC · June 15, 2020, 5:19am

So here’s what I would do.
Move everything to the server and use remote events to send data to the client.
But that’s if I was being paid to make a system like this and the client was stubborn.

Also, rate limiting.

Design your systems with security in mind, use sanity checks when getting inputs from the client, assume all inputs are compromised, and don’t allow anything to replicate if there’s a possibility that something could be messed with.

In its current state, if this were live, it’d be only a matter of time before someone stumbles upon the vulnerabilities and floods the webhook which is stored in plain text on the client.