Basically, I want it so that when the moderator clicks “Ban Player”, a RemoteEvent fires (Server-Side) and uses the BanAsync to ban them, using the info from the ban ui, so like the username section would be username.UserId, the ban length would somehow get converted to a number, the Display/Private reasons are in their own seperate strings, and then the ExcludeAltAccounts finishes off the BanAsync(). Is there anyway I can do it?
This is in the wrong category but anyways you here is how you could do something like that:
Fire a remote function to a script on the server, verify the player is an admin on the server (don’t trust the client)
When you call the function, pass in the user ID along with any of these parameters you want to modify:
UserIds (required; array) — Array of UserIds of players to be banned. Max size is 50.
ApplyToUniverse (optional; boolean) — Whether ban propagates to all places within the experience universe. Default is true.
Duration (required; integer) — Duration of the ban, in seconds. Permanent bans should have a value of -1. 0 and all other negative values are invalid.
DisplayReason (required; string) — The message that will be displayed to users when they attempt to and fail to join an experience. Maximum string length is 400.
PrivateReason (required; string) — Internal messaging that will be returned when querying the user’s ban history. Maximum string length is 1000.
ExcludeAltAccounts (optional; boolean) — When true, Roblox does not attempt to ban alt accounts. Default is false.
I think the best way to do this is by first storing the UI in ServerScriptStorage so no exploiters can just straight up access it even if they modified their client to trick the server. When a player joins, you should check if they’re a moderator, and if they are, the server script that checked that player inside ServerScriptService will copy the stored UI directly into their player.PlayerGui. You can do this by using something like:
Players.PlayerAdded:Connect(function(player)
if not table.find(modIdsTable, player.UserId) then return end --avoid nested if statements
local banUI = ServerStorage.BanUIPath:Clone()
banUI.Parent = player.PlayerGui
local remoteEvent = banUI.RemoteEvent
local closeEvent = banUI.CloseEvent
local banConnection = remoteEvent.OnServerEvent:Connect(function(player, data)
--[[do some things with the data
to convert a string into a number, you can do tonumber(yourString)
you can also add an additional layer of protection by including a special moderator password field in the ban UI to prevent people from "borrowing" the account. it could be stored in a separate table, for example: modPasswords[player.UserId]
]]
end)
end)
So that’s the first step.
The second step is once the “Ban Player” gets clicked, a local script inside the button’s parent grabs all of the relevant data and then fires it to the remote event.
This will cause memory leaks and performance issues especially because you’ll have multiple events instead of just one. You also forgot to check if the player you added the UI to is the same as the player who fired the event.
I would instead check for the validity of the player when the event is fired.
Code:
local Players = game:GetService("Players")
local ServerStorage = game:GetService("ServerStorage")
local remoteEvent = banUI.RemoteEvent
local modIds = {00000, 11111}
Players.PlayerAdded:Connect(function(player)
if not table.find(modIds, player.UserId) then
return
end
local banUI = ServerStorage.BanUIPath:Clone()
banUI.Parent = player.PlayerGui
end)
remoteEvent.OnServerEvent:Connect(function(player, data)
if not table.find(modIds, player.UserId) then
return
end
-- Valid player
print(data)
end)
I don’t think that we need to check the validity of the player twice since the UI is only replicated to that specific player. No other players could see it because it doesn’t exist in their client. The close button event is just an example event. Also, the server side of the UI will get deleted once the player leaves, since the player instance gets destroyed.
Any player can fire remote events regardless of whether they can see the UI. Also, the UI will get destroyed, but the event won’t be disconnected, which leads to a memory leak.
Oh sorry, I didn’t see that you referenced remote events that are under the UI. Apologies for the misunderstanding. Your implementation may still cause memory leaks because of the variable attachment to the event, but once you remove that it would work.
Update: I managed to get it “working”, but now whenever I put in someone’s userID (that is not mine), it bans both the userID and me and the only way to get myself unbanned is to unban the person I originally banned, which defeats the purpose. Is there anyway to fix that?
If that wasn’t the issue, then maybe it’s related to your implementation of the ban function. You can send the ban function here to we can try to help.
