Issue with Admin UI system

Hello everyone,

So I am creating an admin UI were you can kick, perm ban and unban someone. Below is what I have done but the issue I am having is it will only let me perm ban myself not others. Not sure why though.

(Script to ban - Server Script):

local DataStoreService = game:GetService("DataStoreService")
local banDataStore = DataStoreService:GetDataStore("banDataStore")

game.Players.PlayerAdded:Connect(function(player)
	local playerUserId = player.UserId

	local banned
	local success, errormessage = pcall(function()
		banned = banDataStore:GetAsync(playerUserId)
	end)
	if banned == true then
		player:Kick("You are banned from this game!")
	end
end)

game.ReplicatedStorage.BanSystem.OnServerEvent:Connect(function(plr, userToBan, reason)
	local plrUserID = userToBan.UserId
	local success, errormessage = pcall(function()
		banDataStore:SetAsync(plrUserID, true)
		userToBan:Kick("You are banned!")
	game.Players:FindFirstChild(userToBan):kick(reason)
	end)


	local playerUserId = plr.UserId

	local success, errormessage = pcall(function()
		banDataStore:SetAsync(playerUserId, true)
		game.Players:FindFirstChild(userToBan):kick(reason)
	end)
end)

game.ReplicatedStorage.UnbanSystem.OnServerEvent:Connect(function(plr, userToBan, reason)
	local playerUserId = plr.UserId

	local success, errormessage = pcall(function()
		banDataStore:SetAsync(playerUserId, false)
	end)
end)

i think that on the OnServer Event script u have put the script thread twice which could cause errors oh wait its different

You are not actually checking if userToBan is an actual player or referring to their player instance when banning them. Id use something like this to get the player when you fire your remote event:

local PlayerToBan = game.Players:FindFirstChild(userToBan) -- I assume that userToBan is a string which you have sent from the client
plrUserId = PlayerToBan.UserId

This code will ban yourself because you are the “plr” variable. Also exploiters could fire this remote and ban people. On the server side, make a table will “Admin” player UserIds, and before banning/unbanning on the server, check if the player who sent the remote event has a UserId that matches the table.

uhhh, you are actually banning yourself with this code:

local playerUserId = plr.UserId

	local success, errormessage = pcall(function()
		banDataStore:SetAsync(playerUserId, true)
		game.Players:FindFirstChild(userToBan):kick(reason)
	end)

Yea I am going to do the admin security system I am not finshed with it yet.

When you fire the server, is the “UserToBan” the player, or the player’s Name?

User to ban is the username you put into the text box from the Client side.

Then this won’t work, you are trying to find the UserId of a string. You want this instead:

local plrUserId = game.Players:FindFirstChild(userToBan).UserId

How would that work for the unban system as the player would not be in the game. Would you have to make the admin put the User ID in directly?

Yes technically. You could make the ban system use their name instead. The problem with that is if they change their name then it won’t save their ban. Now most exploit accounts are alt accounts, and to change your name you need 1000 robux and I doubt that an alt account would have that many roux so that should be fine.

Yes I guess. The reason I did the the user ID is so that if they change there name but yes most exploiters do go on an alt.

When you ban someone, you could put their UserId in a datastore and have their Username as the key. Then when you want to unban someone you can get their UserId out of the datastore using their name.

How would you do that? Sorry I am quite new to scripting and still learning/

I’m in zoom rn and I have to go but I can help you when I finish school.