How to Create a Rank Management System using Glitch

As the error says, the site can’t find your cookie because it doesn’t know the correct file that it is in. Is your cookie in config.json? Or did you move it into the .env?

It is in config.json.
30 charss

Here is my side bar

sidebarthing

Is it that I didn’t add the _|WARNING:-DO-NOT-SHARE-THIS.–Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items| in the cookie?

Edit: It was! Mines fixed.

You’re trusting the client way too much in your example code. You can check if the user owns the gamepass on the server when they join and you can also use https://developer.roblox.com/en-us/api-reference/event/MarketplaceService/PromptGamePassPurchaseFinished to check for when they purchase it on the server.

Otherwise, an exploiter could easily just fire the remote and promote themselves to the rank right under the bot. I’d advise also adding a maximum promotable hardcoded range by checking the player’s rank before allowing to promote this can prevent a lot of abuse by keeping them within an acceptable range that you don’t have to worry about.

I quickly made a better example

Client Button

local MarketplaceService = game:GetService("MarketplaceService")
local Players = game:GetService("Players")

local LocalPlayer = Players.LocalPlayer
local GamepassId = 0000000

-- Would also use .Activated to allow mobile devices to activate the button innstead of just mouses.
script.Parent.Activated:Connect(function()
    MarketplaceService:PromptGamePassPurchase(LocalPlayer, GamepassId)
end)

Server

local MarketplaceService = game:GetService("MarketplaceService")
local Players = game:GetService("Players")

local Server = require(path.to.Server.module)

local GroupId = 000000
local Gamepasses = {
    {
        RankId = 30,
        Id = 000000
    },
    {
        RankId = 50,
        Id = 000000
    }
}

MarketplaceService.PromptGamePassPurchaseFinished:Connect(function(Player, GamepassId, wasPurchased)
    if wasPurchased then
        for _, Gamepass in pairs(Gamepasses) do
            if Gamepass.Id == GamepassId then
                if Player:GetRankInGroup(GroupId) < Gamepass.RankId then -- We don't want to demote them, but idk why they'd buy a lower rank...
                    Server.SetRank(GroupId, Player.UserId, Gamepass.RankId)
                end
            end
        end
    end
end)

Players.PlayerAdded:Connect(function(Player)
    -- Less than the rank you're about to promote them to otherwise :shrug:
    local HighestRankId = 0
    for _, Gamepass in pairs(Gamepasses) do
        if Player:GetRankInGroup(GroupId) < Gamepass.RankId and MarketplaceService:UserOwnsGamePassAsync(Player.UserId, Gamepass.Id) then
            HighestRankId = HighestRankId < Gamepass.RankId and Gamepass.RankId or HighestRankId  
        end
    end

    if HighestRankId > 0 then
        Server.SetRank(GroupId, Player.UserId, HighestRankId)
    end
end)
1 Like

The example usage is not meant to be used line for line in game, as it is merely meant to show that the outcome of this tutorial can allow you to rank a player if they own/buy a gamepass.

Thank you for your contribution, I will add your improved code into the example usage section.

Tysm! This can be useful in many different ways! I owe my life to u :rofl:

1 Like

Thanks for the tutorial, That really helped me! :sparkling_heart:

2 Likes

GlitchAPI is a simple API, it is easy to exploit sometimes, people make ‘xen’ codes or encrypted code to exploit these type of systems and I don’t recommend using it until Glitch gets their act together. Exploiters can easily give themselves free ranks.

(Credit to @e7c)

3 Likes

Yes, this has been mentioned multiple times in previous reply’s. These reply’s also give suggestions of other hosting services.

2 Likes

Where do you add this script into? and “path” is an unknown variable.

1 Like

I have a question about this, for the ‘server’ script under Part 4, were do I put the script?

1 Like

If you read the tutorial properly, the Config and Server script goes inside the Main Script.

1 Like

Would it work if I created a bot account that could change group ranks in my groups so if the Glitch thingy got hacked, it wouldn’t expose my real .ROBLOSECURITY code?

1 Like

Yes, and you should. Never use your main ROBLOX account, or any account that you don’t want to lose, with the security cookie.

2 Likes

Yeah, I definitely agree. Putting you .ROBLOSECURITY cookie is extremely dangerous and can be daunting. Exactly what I thought in my mind. If they had a data breach, imagine how badly this would impact our accounts and confidential information.

3 Likes

Not those scripts, I am talking about the Server script on PART 4.

1 Like

That’s exactly what i said so read it again

1 Like

He means the part with the Client Button and Server.

1 Like

Where do I put the code in part 4? (Client Button and Server)

1 Like

You put the client part in a UI button, and the server part in your Main server script.

CC: @Hayden_A28

1 Like