I’ve been creating and experimenting an in-game Admin UI for my game, I’ve wanted to create an executor that can execute scripts pretty much as what you see on cheating UIs like JJSploit, Yoink,…
I still didn’t get any ideas on mind on how would you replicate it in-game. I thought this would be the best place that can at least give me ideas on it.
Why would you need to add an in-game code executor? This is something risky in most cases, unless you truly trust your admins. In the event one of your admins’ account gets compromised, anything can be run on the server and that’s something hard to control from that point on.
This is a really bad idea, as wevetments stated. If you do want to do this though, you can set ServerScriptService.LoadStringEnabled to true and then use loadstring("admin input"). Again, I recommend not doing this since it can be a major security flaw
Again…I understand, It’s something I want to have as for me and my game partner, no one else. It’s just something that will be help me control servers alot.
An In-Game code executor is not supposed to be something to help with server control. Just simply create an admin panel with things like:
Kick Player
Ban Player
Server message
Etc
However, if you really want to have an in-game code executor, you have some options. You could either use loadstring, create your own code compiler or use the developer console.
This will not work if you wish to keep the same behavior provided by roblox, as the developer console and other roblox core interfaces cannot be directly modified. You’ll have to rescript them yourself.
It’s hard to create a UI that includes all the stuff I need…
Is it possible to create a discord API so I can use an admin panel from a discord server?
I know its possible with Kick, Ban, etc… but I’m not sure about executor-like stuff.
I didn’t actually do any API stuff before so I don’t have much experience in it.
That opens more vulnerabilities, and I honestly have no experience hooking up discord and roblox as there are bad limitations.
This is actually what I had in mind, so you could follow this setup. You could either use loadstring, or the module @Cinema_Sin linked. I’d also advise creating a blacklist of certain globals and functions to limit the possible amount of vulnerabilities.
Take note that loadstring only works on the server, so you must send the code you want executed over a remote.
I would like to add for this admin system do not use _G to store admins, it’s too easy for exploiters to change whatever data has been stored in there; or even make themselves admin!
I’ll try making it as much secure as possible and if I was unable to have it safe I’ll just blacklist couple of commands. I was trying to achieve something similar to the Developer Console but I’ll see
You could always just use the new team create permissions and give the other user you want to have access to the executor edit perms, then you both will be able to use the console ingame. This is one of the easiest solutions I believe.