Hello. I am currently working on melee combat for a fighting game. I’ve produced slash VFX for the game that is run clientside. Sadly, in order for the game to run at full performance, all of our effects need to be clientside. The current m1 system works like so:
player clicks > animation and small bodyposition runs on client > client runs slash effect for self > client tells server to run effect on other clients with magnitude and viewport checks.
The problem with this is that an exploiter could just run the remote to fire off any effect they please. How can I prevent this? I know I could do check magnitude as well as other things serverside, although that still presents the opportunity for exploiters to fire effects just as long as they meet those checks(which wouldn’t be that hard). Is there no way I can encrypt the information sent across remotes? Oh, also I’ve tried using a cooldown system, but it kicks when you use two different effects back to back.
This could work with some tweaking. Create a table, add the player username to the table with a number. This number would be how many effects can be played at once.
You mentioned two different effects back to back, let’s say that’s the maximum amount of effects that can be played.
When an effect is played, the number is subtracted by 1. If the number is less than or equal to zero, the effect will not play.
Now for more information regarding this so I can help further, why are the other players needing a slash VFX? Like is it a knockback effect or?
Well as of right now, I’ve solved the back to back effect issue by simply adding a table check for each individual effect(giving each effect their own cooldown). Also probably should note that I’m going to be adding a check to make sure whatever effect the player uses is actually part of one of the skills in their hotbar.
As far as the VFX aspect, I simply need effects to run clientside because they are slow and choppy when run serverside(especially given some of my effects use heartbeat).
This system seems very vulnerable indeed. What I use for my combat system:
Client presses button, sends a Remote Event
The server checks: distance between player and target, the ability’s cooldown timer, the character model’s line of sight, whether the character is performing another action (I use a Module Script which stores this value. Whenever the character is performing an action, I set the value to true and then false upon finishing the action, sort of a global cooldown to prevent spam).
The player gets Anchored for the duration of the cast.
My effects do not look choppy at all since I am using TweenService on Anchored parts.
I would not recommend counting on the password system. It may deter some exploiters, but will be cracked with some determination.
Edit: it is a brilliant idea to check whether the player actually has the ability they want to use on their skill bar. If they fire an ability they do not have, you can be 100% sure they are an exploiter and issue a kick.