GUI Whitelist Not Working + Unban Command Help

Earlier my team was testing my Admin Panel which is in development, anyways It uses a whitelist that checks your UserId. Anyways, when I die/reset my character I cannot access the button to open it. Please help, also the Whitelist is built into the ban script. I also need help with coding the UnBan part, what happens is when I use the ban GUI when they try to join back they are banned. But if they do it a second time they are unbanned, how do I fix this?

Main Script which Includes Whitelist and Ban Sys

Here's the code
local configModule = require(script.Admin.panel.Config)
local data = game:GetService("DataStoreService"):GetDataStore(configModule.DataStoreKey)
local configModule = require(script.Admin.panel.Config)
local admins = configModule.adminIDs

local BanMsg = "You have been permenantly banned from this game."

game.Players.PlayerAdded:Connect(function(player)
	for _, adminId in pairs(admins) do
		if player.UserId == adminId then
			local cloneUI = script.Admin:Clone()
			cloneUI.Parent = player.PlayerGui
			break
		end
	end
	local prevData = data:GetAsync(player.UserId)
	if prevData == nil then
		print("Player does not have to be banned!")
		prevData:SetAsync(player.UserId, false)
	elseif prevData == true then
		print("Player is banned.")
		player:Kick(BanMsg)
	end
end)

game.ReplicatedStorage.Admin.Ban.OnServerEvent:Connect(function(player, victim, reason)
	local found = game.Players:FindFirstChild(victim)

	if found then
		data:SetAsync(victim.UserId, true) -- that inserts the player ban to DataStore
		victim:Kick(tostring(reason))
	end
end)

game.ReplicatedStorage.Admin.UnBan.OnServerEvent:Connect(function(player, victim, reason)
	data:RemoveAsync(victim.UserId)
end)

Plus this fires the ban Remote Event & the unban event

Ban Event
local button = script.Parent

button.MouseButton1Click:Connect(function()
	game.ReplicatedStorage.Admin.Ban:FireServer(script.Parent.Parent.Parent.upper.Target.Text, script.Parent.Parent.Parent.upper.Reason.Text)
	script.Parent.Parent.Parent.upper.TextLabel.Text = "Player banned."
	script.Parent.Parent.Parent.upper.TextLabel.TextTransparency = 0
	wait(3)
	script.Parent.Parent.Parent.upper.TextLabel.Text = "Teleport failed, please try entering the username again."
	script.Parent.Parent.Parent.upper.TextLabel.TextTransparency = 1
end)
UnBan Event
local button = script.Parent

button.MouseButton1Click:Connect(function()
	game.ReplicatedStorage.Admin.UnBan:FireServer(script.Parent.Parent.Parent.upper.Target.Text, script.Parent.Parent.Parent.upper.Reason.Text)
end)

Please help me, nothing to complicated please

1 Like

This script could be used to nuke ban a whole server by exploiters since there isn’t server side verification on the remoteEvent. A exploiter could call FireServer as your localscript do and the server would still execute it.

Other than that, the script to remove the data from the datastorage look good so i don’t really see how there could be a issue. You may want to try something like this to see if it fix your issue

local DataStoreService = game:GetService("DataStoreService")

local nicknameStore = DataStoreService:GetDataStore("Nicknames")

local success, removedValue, keyInfo = pcall(function()
	return nicknameStore:RemoveAsync("User_1234")
end)
if success then
	print(removedName)
	print(keyInfo.Version)
	print(keyInfo.CreatedTime)
	print(keyInfo.UpdatedTime)
	print(keyInfo:GetUserIds())
	print(keyInfo:GetMetadata())
end

(Source : GlobalDataStore:RemoveAsync)

1 Like

Okay! So, how can I secure it so exploiters cannot use this?
Also I’ll try your method and say how it goes.

1 Like

You need to add a verification on the server side (script) so you could for exemple checking on the server side if the userID match a admin userID

1 Like

Do you have a recommendation as to how I can do it?
I was thinking probably before doing the original code I do an if statement smth like im on mobile don’t judge any typos

RemoteEvent.OnServerEvent:Connect(function(player)
If player.UserId == config.admins then
*run code*

else

player:Kick(“Attempting to Expliot.”)


end)

Only thing is idk how to get th player function in there when it’s gonna be serverside.

The first variable of a remoteEvent when it come from a client firing the server is the player object.
Its mean that in your Connection

RemoteEvent.OnServerEvent:Connect(function(player,otherstuff1,otherstuff2)

end)

The player variable is = to the player object that fired the remote event.

But now you may ask yourself, but how do I check if the ID match a admin ID, to do that, you will need a table with all the admins ID and you will check to see if one of the value of the table is = to the player ID that fired the remote event.

So, to archive that, you need to create a function that will verify the table for you

local function isAllowedUserWithID(userID)-- Need Player ID
	for _, v in pairs(PUT THE TABLE HERE) do
		if v == userID then
			return true
		end
	end
	return false
end

And now you can compare the ID by using our new function. Note that this function will only return true if one of the ID is matching a value in the table.

RemoteEvent.OnServerEvent:Connect(function(player)
 if isAllowedUserWithID(player.userID) then
      -- will only execute if the userID is the table
 end
end)

(Note that I copied your script witch mean that there probably syntax error in it)

1 Like