I am using remote events to make an admin panel where admins can override the game’s inventory system by adding cash, etc. On game run, the game checks if the player is an admin, if so, then it clones the admin button to its playergui. Every time a button is pressed, a remote event is fired, checking if the user is an admin again, then executing the code if so. Is this secure? Can exploiters simulate their userid? In both scenarios (playeradded and remoteevents) I am using the default player variable.
Example remote event
local event = game.ReplicatedStorage.AdminEvents.AddCash
local admins = require(game.ServerStorage.Admins)
local DataManager = require(game.ServerScriptService.Data.DataManager)
function AddCash(player, playerName, amount)
if table.find(admins, player.UserId) then
local receivingPlayer = game.Players:GetPlayerByUserId(game.Players:GetUserIdFromNameAsync(playerName))
DataManager:addCash(receivingPlayer, amount)
end
end
event.OnServerEvent:Connect(AddCash)
Loading the admin button
game.Players.PlayerAdded:Connect(function(plr)
local admins = require(game.ServerStorage.Admins)
local adminUIButton = game.ServerStorage.AdminUI.adminMenuButton
if table.find(admins, plr.UserId) then
adminUIButton:Clone().Parent = plr:WaitForChild("PlayerGui"):WaitForChild("Main")
end
end)
The admin panel
