I’m trying to simply write some code to give players money. The problem I have with this is that it would be incredibly easy for exploiters to just fire the remote event and give themselves loads of money. Is there a solution that would make the code more secure, so exploiters couldn’t get into it?
script.Parent.MouseButton1Click:Connect(function()
game.ReplicatedStorage.GiveMoney:FireServer(100)
end)
The answer is… Don’t do it on the client.
Have a serverscript with the players name and with the mouse button clicked event.
Ik that’s not for guis but it’s not worth having exploiters getting millions of coins while you can just secure it.
So, how would I actually detect mouse clicks on the server?
Put a serverscript in the button with a localscript and a temporary remoteevent in the serverscript, then localscript will fire the remoteevent to send the name and serverscript will store the name, then delete remoteevent and localscript, therefore you can do
local player = game.Players:FindFirstChild(playername)
In serverscript.
And serverscript will just
script.Parent.MouseButton1Click:Connect(function()
With the serverscript in the buttongui.
Yeah it does work for me
However, wouldn’t that give the same problem? The exploiter could fire that remote event.
Uhh no? The remoteevent will just send the player name and will later be deleted anyway.
I don’t understand. If there is a local script, a remote event and a server script, it could easily be fired?
I’ll reexplain the structure.
Remoteevent will not give the coin, but will send the player name in the remoteevent.
Because serverscript cannot access the player in GUI, we need that .
You handle the coin giving in serverscript.
And the client can’t read or edit or delete serverscript. Because they’re exploit is clientsided
So if it sends the player’s name, and the server script gives them the coins, the exploiter could just fire the event with their name?
a player cannot access another players client, and the remoteevent will later be deleted anyway
Plus the remoteevent is in the serverscript bc it’s in the guis button, so it should work as intended
script.Parent.RemoteEvent:FireServer(game.Players.LocalPlayer)
script.Parent.RemoteEvent.OnServerEvent:Connect(function(sender, playerToSendTo)
playerToSendTo.leaderstats.Cash.Value = playerToSendTo.leaderstats.Cash.Value + 500
end)
This could be easily exploited, could it not?
I don’t think you get my point, connect the mouse button event in serverscript, and the client will just send the players name.
--//SERVER
local playerToSendTo
script.Parent.MouseButton1Click:Connect(function()
-- give coins
playerToSendTo.leaderstats.Cash.Value = playerToSendTo.leaderstats.Cash.Value + 500
end)
script.NameEvent.OnServerEvent:Connect(function(plr)
playerToSendTo = plr
end)
--//Client
script.Parent.NameEvent:FireServer()
-- now get the hell out of here exploiters
I don’t get your point at all. Could you write an example script?
Here, wrote an example code.
You still have to write it yourself tho.
I don’t know if this helps, but I would recommend having a remote even called “GiveMoney”, rather I would have them as random as I can like “GhBDsdVVdhsodd” as it would be much harder to know what each event are called there for enabling them to harder acess the things the events do. It may or may not work, as I don’t really experiment with exploits.
And the hierarchy should be:
Serverscript inside the buttongui
Localscript inside the serverscript
Remoteevent inside the serverscript
I feel like obfuscating your remotes would be worked around by them just printing out the names of all children in replicatedstorage, no? Just a lil trial and error then?