HAU's Admin Panel [ALPHA]

Exploiters cannot access ServerScriptStorage, it’s not replicated to their client at all, meaning they cant even get hold of the panel in the first place

Sorry, I forgotted that. It was for a notification gui.

Its disabled and I am going to delete it.

LVL 7 exploits don’t exist anymore since FilteringEnabled got introduced.

Was it a free model? If it was a free model, you are not required to give credit. Also, I did not do the scripting, I am the owner of the module and UI designer and @LuaAlbi is the scripter and UI designer of the kick and ban UI.

To fix this, Click on the ScreenGUI and uncheck the “ResetOnSpawn” box in properties

Maybe this is just me, but something about this is a little suspicious…

If you made something like this, which takes some effort to do, you should be able to know how to do that, it’s literally right there…

Designer for the main page? What does that mean…? It seems that this other person did the scripting and the UI, what did you do specifically. Clarification would be nice.

I think other panels have this. On top of that, where do we view warns?

Actually, if it was a free model, you shouldn’t be putting this here claiming it is your own. It’s against the rules, please review this:

Breaking this rule is an automatic ban from the devforum.

---

Sorry for being harsh, it’s all a bit fishy to me.

Also, HDAdmin have warning and message feature.

;ServerMessage [MSG] ;Message [MSG] ;Hint [Hint].

Hi, I was wondering, what makes this admin panel different from all the other admin panels released on the forums? (e.g. a new feature which other admin panels don’t offer/a different way of storing data/etc?)

No, the design is from @HDAdminUnofficial but I just edited the UIs to make it as his main ui.

It’s already updated and it does not have the module.

This is a warning to those who are considering using this:

This isn’t very well put together - I checked the programming, and it’s a mess.
One of the issues I’ve noticed is that there’s RemoteEvents within the UI, which the LocalScript executes to the Scripts. This is in every UI button for the commands.

This contains a few issues, the biggest being that there’s no admin verification - you could ban another admin, yourself, or even the game owner. This is shown within the code itself for the ban script.

local Ban = game:GetService("DataStoreService"):GetDataStore("Banned")



script.Parent.OnServerEvent:Connect(function(By,To,Rea)
	for i,v in pairs(game.Players:GetChildren()) do
		if v.Name == To then
			Ban:SetAsync(v.userId, true)
		end
	end
	
	game.Players[To]:Kick('\nBanned. \nBanned by '..By.Name..' \n Reason: '..Rea)
	
end)

There is code within the AdminMenu script to prevent this, but this would be after the admin/owner got kicked/banned.

game.Players.PlayerAdded:Connect(function(p)
local Status = Ban:GetAsync(p.userId)
	if Status then
		if table.find(Admins,p.Name) or table.find(Admins,p.userId) or p.userId == game.CreatorId then
			warn('Player: '..p.Name..' is banned but is an administrator.')
			else
			p:Kick("\nYou are banned.")
			end

But even then, this has a major flaw - this doesn’t take into account group owners. This wont detect the group owner of a game as an admin.
Code is also copied and pasted lazily - the ban script’s just the kick script but with the ban data store added.

script.Parent.OnServerEvent:Connect(function(By,To,Rea)
	game.Players[To]:Kick('\nKicked. \nKicked by '..By.Name..' \n Reason: '..Rea)
end)

Something to note with the data store while on the subject - there’s no error handling, and you don’t remove the player’s key from the data store if they’re not banned. Instead, they’re added, but with a saved value of false. I recommend using RemoveAsync instead.

local Ban = game:GetService("DataStoreService"):GetDataStore("Banned")



script.Parent.OnServerEvent:Connect(function(By,To,Rea)
	
			Ban:RemoveAsync(To)
	
end)

But again, there’s a flaw with this: you save the player’s UserId, not the player’s name - even if you got the player’s user id, it would be taken as a string - you can only remove a number data store key with a number value, it can’t be mixed. The unban local script doesn’t tonumber it either.

moduleLocation = script.RippleEffect
guiObject = script.Parent
m = game.Players.LocalPlayer:GetMouse()
RippleEffect = require(moduleLocation)


guiObject.MouseButton1Down:connect(function()
	script.RemoteEvent:FireServer(script.Parent.Parent.UsernameBox.Text,script.Parent.Parent.ReasonBox.Text)
end)

Overall, with all these issues, I cannot recommend this admin panel/script - there’s a lot of (security) flaws that need to be taken care of before this can be seriously be used.

EDIT
I highly recommend checking out my later reply.

Don’t use this admin panel. Find something else that’s better.

Hello, @TheeDeathCaster!

As said in the thread title, this is in alpha. We are still working on this.

But if it’s at the point where it’s released, it should not have this many security flaws. It should be private until these are fixed.

It’s coming soon after we have confirmed that the kick menu nor the ban panel has bugs and the full Admin panel too.

Just because it’s in alpha doesn’t mean it can’t be criticized - especially when it’s released to the public.

First: Good job at Ui Designing.

Second: exploiters can’t access to the Server-Side
So don’t worry about that.

FIX

We’ve fixed where when you die the Admin panel is no longer there. This is live and is in effect in all games where it was added in.

If it was not updated for you, please re-add the Admin panel!

Credit to @SpiralRBX for the help!

His Message

Looking at the previous post showing that RemoteEvents are in every button and in the GUI itself, this thread should not exist until its actually worth being used. The programming is not sufficient to be used as a resource.

I did a bit more digging, as the module script RichText looked awfully familiar - my research turned that it’s a module by @Defaultio, but his credit/changelogs were removed from the original script.

Defaultio’s module can be found here - take a copy and compare the source code from the admin panel. They’re exactly the same.

@HDAdminUnofficial You shouldn’t remove credit from someone else’s hard work - that’s scummy and theft. It’s clear as day that the credit/changelogs from Defaultio’s original module were purposefully removed.

I recommend to everybody - don’t use this admin panel. It’s very shady and doesn’t give credit where it’s due.

I didn’t make the script nor add scripts. I just did the UI design and made the main page (where you can select the menu you wish to see)