How to make a whitelist system like this

aelurein · September 2, 2021, 9:49pm

Greetings, devforum!

I am making a whitelist system for my administration system and thought of a cool idea for whitelist, so basically. There would be a table with codes that if once used, they will not be able to be used again & the players username gets put into the whitelisted table.

Anywho, I tried this and failed horribly.

script.Parent.TextButton.MouseButton1Click:Connect(function()
	local codes = {"test"}
	local whitelisted = {}
	if script.Parent.TextBox.Text == codes[string.find(#1)] then
		table.remove(codes, "1234")
		table.insert(whitelisted, game.Players.LocalPlayer.Name)
		print(whitelisted)
		end
end)

D0RYU · September 2, 2021, 10:04pm

local codes = {
    ["test"] = true
}

script.Parent.TextButton.MouseButton1Click:Connect(function()
    if codes[script.Parent.TextBox.Text] then
        codes[script.Parent.TextBox.Text] = false

        print("code accepted")
    else
        print("code denied")
    end
end)

assuming this is a local script, this should work

if you want it to work for a server script then I could change it

aelurein · September 2, 2021, 10:07pm

What about the whitelisted players part?

D0RYU · September 2, 2021, 10:08pm

well if it is a local script, you don’t need that
you need it if you have a server script though

aelurein · September 2, 2021, 10:09pm

As I stated, this is for an administration. panel.
I need a whitelist system, let me see what I can create first & I’ll come back to ya.

aelurein · September 2, 2021, 10:12pm

This is what I have got.

game.ReplicatedStorage.RemoteEvent.OnServerEvent:Connect(function(plr)
	local whitelisted = {}
	table.insert(whitelisted, plr.Name)
	print(table.find(whitelisted, plr.Name))
	print("added, whitelist. " .. plr.Name)
end)

local codes = {
	["test"] = true
}

local whitelisted = {}
local plr = game.Players.LocalPlayer
script.Parent.TextButton.MouseButton1Click:Connect(function()
	if codes[script.Parent.TextBox.Text] then
		codes[script.Parent.TextBox.Text] = false
		local target = plr.Name
		game.ReplicatedStorage.RemoteEvent:FireServer()
		print("code accepted")
	else
		print("code denied")
	end
end)

ellienonekomimi · September 2, 2021, 10:12pm

if you want to make a whitelist admin panel, you’ll need to use datastores to keep track of valid codes.
Here’s how I’d go about it.

Make a remote event that the client sends codes through
Make a table in a datastore which holds all the codes
Have a server script listen for the event, and check if the given code is in the table
Give the player admin clearance or whatever, I’d also recommend you put that data in a datastore

D0RYU · September 2, 2021, 10:49pm

local script

local TextBox = script.Parent.TextBox
local LocalPlayer = game.Players.LocalPlayer
local RemoteEvent = game.ReplicatedStorage.RemoteEvent

local Codes = {"CodeOne", "CodeTwo", "CodeThree"}
local CodeCheck = {}

for _, Code in ipairs(Codes) do
    CodeCheck[Code] = false
end

script.Parent.TextButton.MouseButton1Click:Connect(function()
    if table.find(Codes, TextBox.Text) and not CodeCheck[TextBox.Text] then
        CodeCheck[TextBox.Text] = true
        RemoteEvent:FireServer(LocalPlayer.Name, CodeCheck)

        print("code accepted")
    else
        print("code denied")
    end
end)

server script

local RemoteEvent = game.ReplicatedStorage.RemoteEvent

local WhiteListed = {}

RemoteEvent.OnServerEvent:Connect(function(Name, Codes)
    WhiteListed[Name] = Codes

    print(Name)
    print(WhiteListed[Name])
    print(WhiteListed)
end)

if a player has entered a code before then they will be in the whitelisted table

I added prints so you can see how the dictionary works, but let me show an example

{
    ["Player1"] = {
        ["CodeOne"] = true,
        ["CodeTwo"] = false,
        ["CodeThree"] = false
    },
    ["Player2"] = {
        ["CodeOne"] = false,
        ["CodeTwo"] = true,
        ["CodeThree"] = false
    },
    ["Player3"] = {
        ["CodeOne"] = false,
        ["CodeTwo"] = false,
        ["CodeThree"] = true
    }
}

basically if the player hasn’t entered any code they won’t be listed on there, but if they did enter a code then all the codes equal to true are the codes they entered already

sorry if this is a long reply
also I recommend using a datastore to help save it

devaleporbet · September 2, 2021, 11:30pm

To add to this, check the codes are valid on the server.

I would also make sure the client cannot read the codes. (saying that the codes are meant to be private unless you’re a staff member etc…) => to-do this we could use a remotefunction, we don’t check the code on the client but rather we check it on the server => then we have a callback from the remotefunction to preview if the code was successfully used or not (and to add to the table that the code has been used)

In all fairness, I would have most of the logic within the localscript on the server,
exploiters can easily (as of giving the client more control) =>

Fire the remote (bypass all logic, no check on server for if the code is valid)
Get the codes (easily get the codes from the table.)

TL;DR: have the client only fire to the server => server does all logic (including checking the code) => have a callback that says if the code was successful or not => if successful then we add to table of codes used.

aelurein · September 3, 2021, 7:29am

Hi, sorry for the late reply once again.
Yes, the client will not be able to read codes & remote events will be protected meaning that they cannot be abused, they have to be inside a group with a specific rank. & Then job’s a gooden.

{Datastores will have security adding onto this} - Datastores will be simple, and I am definitely eligible to do so, this includes checking codes & getting clients data > server, and vise versa.

Thank you for the replies!

gato_todomenso · September 3, 2021, 8:10am

Well, this it’s a cool idea, but I see that you’re saving the keys in the client, that it’s very dangerous as exploiters can decompile your client scripts and stole the data from tables, I recommend just passing the code that the player used to the server remote and in the server-side, check the codes(ONLY LISTED IN SERVER).

D0RYU · September 3, 2021, 12:42pm

local script

local LocalPlayer = game.Players.LocalPlayer
local RemoteEvent = game.ReplicatedStorage.RemoteEvent

script.Parent.TextButton.MouseButton1Click:Connect(function()
    RemoteEvent:FireServer(LocalPlayer, script.Parent.TextBox)
end)

server script

local Players = game:GetService("Players")
local RemoteEvent = game.ReplicatedStorage.RemoteEvent

local Codes = {"CodeOne", "CodeTwo", "CodeThree"}
local WhiteListed = {}

AddPlayer(Player)
    WhiteListed[Player.Name] = table.create(#Codes, false)
end

Players.PlayerAdded:Connect(AddPlayer)
for _, Player in ipairs(Players:GetPlayers()) do
    AddPlayer(Player)
end

RemoteEvent.OnServerEvent:Connect(function(Player, TextBox)
    if table.find(Codes, TextBox.Text) and not WhiteListed[Player.Name][TextBox.Text] then
        WhiteListed[Player.Name][TextBox.Text] = true

        print("code accepted")
    else
        print("code denied")
    end
end)

this should be more secure then the last one I gave, still not perfect though, you could do more checks