Ah! This is really simple then, all you have to do (on the server) is check if the player has the gamepass when the event is fired! If they don’t, then the script wont perform any actions. Let me know if you need help on how to script this!
No. That is redundant. For starters you need a string, not an instance. player is an instance.
I am not sure why you are trying to prevent exploiters from firing the events. The events need to be accessible to clients so they can fire them.
You should patch your security hole rather than preventing exploiters from firing your remotes.
1 Like
Its not a gamepass, its a dev product
If you’re going to do that then you’ll need your own DataStore to check if a player owns it, because Roblox doesn’t keep a history of owned Developer Products.
Basically the player can buy the dev product and then they get a “VIP plane point”. They can spend these points on the ‘cars’ whenever they want, and they will have access to the VIP car frame, which allows them to do all the actions such as start game.
If I made it check if the player has over 0 points, would that work too?
I haven’t used dev products too much, but keep in mind that dev products can be purchased multiple times, so I assume the car is sort of a one life thing.
Anyways, the Roblox wiki has a really good article on how to use dev products in your game (Developer Products | Documentation - Roblox Creator Hub). Once a player clicks on the gui, you can prompt a purchase for the dev product, and then if the purchase succeeded, you can do whatever you want. Make sure this is all on a server script.
Also yes, you could check if the player has above x points as long as the client has no control over how many points they can receive (making sure events you use to give them points are secure). Make sure to check the players points on a server script, and never rely on information from the client.
3 Likes
I’ll be sure to check it out! Thank you.
Ok, this method isnt perfect but it does work well at preventing exploits;
so what you can do, is when you fire the event, return tick in one of the values:
Event:Fire(something,something,tick())
Then, when the server script detects it is fired, make sure to check if the tick being sent is over or equal to the current tick minus 5, that way it looks like a bunch of random numbers though it is shared throughout all scripts.
Through all this though, in order for this to work it has to be kept secret or hidden from exploiters, BUT you can also encode it with math like saying tick()/2 and to decode it using tick()*2. i thought that would be a good method but lmk if you have any ideas!
so far no response, but let me know how it goes
Exploiters can see what parameters are being sent through events, so technically they could crack the code by sending tick() in their script executer and the server would let it pass.
Although it sounds like a cool idea, I don’t think this method would work all the time. Thanks for the response though!
what i did is i encoded it in a way that would be hard to crack for the exploiter
like doing tick()+1 and then tick-1 to decode it, which, if encoded right, could look like complete mumble and deem it almost impossible to exploit
2 Likes
Is there any way to check if the player who fires the remoteevent has permission to teleport every player in the game?
yes, you can have a bool value inside the player stating true or false given from the server, if its true then they can teleport everyone, otherwise dont teleport