How to Create a Rank Management System using Glitch

CAP7A1N · April 10, 2020, 8:26pm

As the error says, the site can’t find your cookie because it doesn’t know the correct file that it is in. Is your cookie in config.json? Or did you move it into the .env?

olivesrbx · April 10, 2020, 8:27pm

It is in config.json.
30 charss

olivesrbx · April 10, 2020, 8:37pm

Here is my side bar

sidebarthing

Is it that I didn’t add the _|WARNING:-DO-NOT-SHARE-THIS.–Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items| in the cookie?

Edit: It was! Mines fixed.

Zl3CK · April 16, 2020, 12:19am

You’re trusting the client way too much in your example code. You can check if the user owns the gamepass on the server when they join and you can also use https://developer.roblox.com/en-us/api-reference/event/MarketplaceService/PromptGamePassPurchaseFinished to check for when they purchase it on the server.

Otherwise, an exploiter could easily just fire the remote and promote themselves to the rank right under the bot. I’d advise also adding a maximum promotable hardcoded range by checking the player’s rank before allowing to promote this can prevent a lot of abuse by keeping them within an acceptable range that you don’t have to worry about.

I quickly made a better example

Client Button

local MarketplaceService = game:GetService("MarketplaceService")
local Players = game:GetService("Players")

local LocalPlayer = Players.LocalPlayer
local GamepassId = 0000000

-- Would also use .Activated to allow mobile devices to activate the button innstead of just mouses.
script.Parent.Activated:Connect(function()
    MarketplaceService:PromptGamePassPurchase(LocalPlayer, GamepassId)
end)

Server

local MarketplaceService = game:GetService("MarketplaceService")
local Players = game:GetService("Players")

local Server = require(path.to.Server.module)

local GroupId = 000000
local Gamepasses = {
    {
        RankId = 30,
        Id = 000000
    },
    {
        RankId = 50,
        Id = 000000
    }
}

MarketplaceService.PromptGamePassPurchaseFinished:Connect(function(Player, GamepassId, wasPurchased)
    if wasPurchased then
        for _, Gamepass in pairs(Gamepasses) do
            if Gamepass.Id == GamepassId then
                if Player:GetRankInGroup(GroupId) < Gamepass.RankId then -- We don't want to demote them, but idk why they'd buy a lower rank...
                    Server.SetRank(GroupId, Player.UserId, Gamepass.RankId)
                end
            end
        end
    end
end)

Players.PlayerAdded:Connect(function(Player)
    -- Less than the rank you're about to promote them to otherwise :shrug:
    local HighestRankId = 0
    for _, Gamepass in pairs(Gamepasses) do
        if Player:GetRankInGroup(GroupId) < Gamepass.RankId and MarketplaceService:UserOwnsGamePassAsync(Player.UserId, Gamepass.Id) then
            HighestRankId = HighestRankId < Gamepass.RankId and Gamepass.RankId or HighestRankId  
        end
    end

    if HighestRankId > 0 then
        Server.SetRank(GroupId, Player.UserId, HighestRankId)
    end
end)

CAP7A1N · April 16, 2020, 12:32am

The example usage is not meant to be used line for line in game, as it is merely meant to show that the outcome of this tutorial can allow you to rank a player if they own/buy a gamepass.

Thank you for your contribution, I will add your improved code into the example usage section.

Aiden_12114 · April 16, 2020, 12:19pm

Tysm! This can be useful in many different ways! I owe my life to u

BankrollAbd · April 24, 2020, 6:49am

Thanks for the tutorial, That really helped me!

sureloxx · April 27, 2020, 11:21pm

GlitchAPI is a simple API, it is easy to exploit sometimes, people make ‘xen’ codes or encrypted code to exploit these type of systems and I don’t recommend using it until Glitch gets their act together. Exploiters can easily give themselves free ranks.

(Credit to @e7c)

CAP7A1N · April 28, 2020, 12:52am

Yes, this has been mentioned multiple times in previous reply’s. These reply’s also give suggestions of other hosting services.

Lmethod · April 28, 2020, 1:41am

Where do you add this script into? and “path” is an unknown variable.

EnvisionDev · April 28, 2020, 11:29pm

I have a question about this, for the ‘server’ script under Part 4, were do I put the script?

Aiden_12114 · April 29, 2020, 8:31am

If you read the tutorial properly, the Config and Server script goes inside the Main Script.

LoveTheBears101 · April 29, 2020, 4:03pm

Would it work if I created a bot account that could change group ranks in my groups so if the Glitch thingy got hacked, it wouldn’t expose my real .ROBLOSECURITY code?

CAP7A1N · April 29, 2020, 4:36pm

Yes, and you should. Never use your main ROBLOX account, or any account that you don’t want to lose, with the security cookie.

epitheIial · April 29, 2020, 9:26pm

Yeah, I definitely agree. Putting you .ROBLOSECURITY cookie is extremely dangerous and can be daunting. Exactly what I thought in my mind. If they had a data breach, imagine how badly this would impact our accounts and confidential information.

EnvisionDev · April 29, 2020, 9:49pm

Not those scripts, I am talking about the Server script on PART 4.

Aiden_12114 · April 30, 2020, 7:06am

That’s exactly what i said so read it again

palletenL · April 30, 2020, 11:34pm

He means the part with the Client Button and Server.

palletenL · April 30, 2020, 11:35pm

Where do I put the code in part 4? (Client Button and Server)

CAP7A1N · May 1, 2020, 1:16pm

You put the client part in a UI button, and the server part in your Main server script.

CC: @Hayden_A28