Earlier my team was testing my Admin Panel which is in development, anyways It uses a whitelist that checks your UserId. Anyways, when I die/reset my character I cannot access the button to open it. Please help, also the Whitelist is built into the ban script. I also need help with coding the UnBan part, what happens is when I use the ban GUI when they try to join back they are banned. But if they do it a second time they are unbanned, how do I fix this?
Main Script which Includes Whitelist and Ban Sys
Here's the code
local configModule = require(script.Admin.panel.Config)
local data = game:GetService("DataStoreService"):GetDataStore(configModule.DataStoreKey)
local configModule = require(script.Admin.panel.Config)
local admins = configModule.adminIDs
local BanMsg = "You have been permenantly banned from this game."
game.Players.PlayerAdded:Connect(function(player)
for _, adminId in pairs(admins) do
if player.UserId == adminId then
local cloneUI = script.Admin:Clone()
cloneUI.Parent = player.PlayerGui
break
end
end
local prevData = data:GetAsync(player.UserId)
if prevData == nil then
print("Player does not have to be banned!")
prevData:SetAsync(player.UserId, false)
elseif prevData == true then
print("Player is banned.")
player:Kick(BanMsg)
end
end)
game.ReplicatedStorage.Admin.Ban.OnServerEvent:Connect(function(player, victim, reason)
local found = game.Players:FindFirstChild(victim)
if found then
data:SetAsync(victim.UserId, true) -- that inserts the player ban to DataStore
victim:Kick(tostring(reason))
end
end)
game.ReplicatedStorage.Admin.UnBan.OnServerEvent:Connect(function(player, victim, reason)
data:RemoveAsync(victim.UserId)
end)
Plus this fires the ban Remote Event & the unban event
Ban Event
local button = script.Parent
button.MouseButton1Click:Connect(function()
game.ReplicatedStorage.Admin.Ban:FireServer(script.Parent.Parent.Parent.upper.Target.Text, script.Parent.Parent.Parent.upper.Reason.Text)
script.Parent.Parent.Parent.upper.TextLabel.Text = "Player banned."
script.Parent.Parent.Parent.upper.TextLabel.TextTransparency = 0
wait(3)
script.Parent.Parent.Parent.upper.TextLabel.Text = "Teleport failed, please try entering the username again."
script.Parent.Parent.Parent.upper.TextLabel.TextTransparency = 1
end)
UnBan Event
local button = script.Parent
button.MouseButton1Click:Connect(function()
game.ReplicatedStorage.Admin.UnBan:FireServer(script.Parent.Parent.Parent.upper.Target.Text, script.Parent.Parent.Parent.upper.Reason.Text)
end)
Please help me, nothing to complicated please
1 Like
This script could be used to nuke ban a whole server by exploiters since there isn’t server side verification on the remoteEvent. A exploiter could call FireServer as your localscript do and the server would still execute it.
Other than that, the script to remove the data from the datastorage look good so i don’t really see how there could be a issue. You may want to try something like this to see if it fix your issue
local DataStoreService = game:GetService("DataStoreService")
local nicknameStore = DataStoreService:GetDataStore("Nicknames")
local success, removedValue, keyInfo = pcall(function()
return nicknameStore:RemoveAsync("User_1234")
end)
if success then
print(removedName)
print(keyInfo.Version)
print(keyInfo.CreatedTime)
print(keyInfo.UpdatedTime)
print(keyInfo:GetUserIds())
print(keyInfo:GetMetadata())
end
(Source : GlobalDataStore:RemoveAsync)
1 Like
Okay! So, how can I secure it so exploiters cannot use this?
Also I’ll try your method and say how it goes.
1 Like
You need to add a verification on the server side (script) so you could for exemple checking on the server side if the userID match a admin userID
1 Like
Do you have a recommendation as to how I can do it?
I was thinking probably before doing the original code I do an if statement smth like im on mobile don’t judge any typos
RemoteEvent.OnServerEvent:Connect(function(player)
If player.UserId == config.admins then
*run code*
else
player:Kick(“Attempting to Expliot.”)
end)
Only thing is idk how to get th player function in there when it’s gonna be serverside.
The first variable of a remoteEvent when it come from a client firing the server is the player object.
Its mean that in your Connection
RemoteEvent.OnServerEvent:Connect(function(player,otherstuff1,otherstuff2)
end)
The player variable is = to the player object that fired the remote event.
But now you may ask yourself, but how do I check if the ID match a admin ID, to do that, you will need a table with all the admins ID and you will check to see if one of the value of the table is = to the player ID that fired the remote event.
So, to archive that, you need to create a function that will verify the table for you
local function isAllowedUserWithID(userID)-- Need Player ID
for _, v in pairs(PUT THE TABLE HERE) do
if v == userID then
return true
end
end
return false
end
And now you can compare the ID by using our new function. Note that this function will only return true if one of the ID is matching a value in the table.
RemoteEvent.OnServerEvent:Connect(function(player)
if isAllowedUserWithID(player.userID) then
-- will only execute if the userID is the table
end
end)
(Note that I copied your script witch mean that there probably syntax error in it)
1 Like