How to detect who pressed the gui button?

Help and Feedback Scripting Support
, ,
#1 
SaveEvent.OnServerEvent:Connect(function(plr, saveNo, subject, image)

	if plr.Name == tostring(Values.Owner.Value) then
    ...

I created a gui button that performs the save function. When you press this button, the player value and the save data are transmitted through remotevent.

My concern is that if a hacker player puts another player’s value in the plr value, and sends the stored data at their disposal, there is a possibility that other players’ stored data will be compromised. I want to prevent this, but I don’t know what to do.

All that exists now is that poor player verification.

#2

Don’t ask what datastore they are saving, just assume its the LocalPlayer.

#3

You could send that from the client like this:

SaveEvent:FireServer(saveNo, subject, image)

The player is always the first passed value, even if you don’t state it explicitly, and it is always the local player that triggered it from the client script. As at run time every player has a copy of this script locally and only they can click anything on their copy of the Gui.

You can go a bit further by checking the player ID that was sent. From the server script, that would look like this:

SaveEvent.OnServerEvent:Connect(function(plr, saveNo, subject, image)
    local players = game:GetService("Players")
    
    if players:GetPlayerByUserId(plr.UserId) then
    else warn("Invalid player attempt:", plr.Name)
    end
end)

Notice how plr is part of the server connect call even though I didn’t state that from the client.

1 Like
#4

So my code is in good condition? That’s a relief!

1 Like
#5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.