How do i make an Login System for my Admin Panel??
How do i make this work?
2 Likes
I am not an expert at this but, an admin panel locked by only a username and password would seem like a bad idea. Is there any protection against brute-force attacks? What about only granting access to specific users?
Looking at it,
For the password system, I would have a dictionary storing the name of the Admin as the key and their password as the value
Example
local admins = {
["EmbatTheHybrid"] = "ThisPassword"
}
Adding more as I add more admins,
When they input their Username and their Password, do some validation on the server side to ensure that an authorised person is trying to log-in, and if an authorised person is logging in, clone the admin gui and place it in their PlayerGui. It’s recommended you do not put the admin gui in the StarterGui because Exploiters can simply make it visible
Examples of Validation can include checking if the Usernames match up with who requested a login and if so check if the passwords match
1 Like
Ok maybe that one is a bad idea…Any Suggestions?
1 Like
By the way…Where do i put the GUI?..I putted the Script in ServerScriptService and the GUI?
You’d need a Script in ServerScriptService that has a Remote Event connected for validation,
The Admin Gui should be in ServerStorage so only the server can see it so far, the login screen should be in StarterGui,
A local script for logging in and communicating with the server and of course other scripts and local scripts for the Admin gui itself
But…About that…I don’t know how to script
Yeah we cannot assist you with code if you dont understand what the code does or means. I suggest learning the basics first before making any projects.
Well i have month of Experience on Lua but on scripting i don’t know that
Well. It depends on how you want to make your system function. Like @EmbatTheHybrid shows above. You could store the usernames and passwords in a table
Well yeah i did what he said to put a script in ServerScriptService
hello, if you are going to make a login system, you cannot do this with a password registered in the system because even if you send the codes in the local to the server, the exploiters can reach the outgoing and incoming remote controls, so you have to do it. Take vds for example, you are making a bot and when you type !newpassword in a room in discord, it generates a random password for you and you can transfer it to any roblox you want. (discord2roblox, mongodb…)
1 Like
Wait what? i can’t seem to understand.
You’re not allowed to have systems where passwords are part of it. [and data store is involed]
Reason:
Some people might put their account password, and you could easily get those passwords using data store and keys. And this can be very problematic.
What you could do alternatively:
Simply make a unique code , and only people who know that code, are able to use that panel.
1 Like
local passwordtextbox = --Reference the textbox for the password here
passwordtextbox:GetPropertyChangedSignal("Text"):Connect(function()
if passwordtextbox.Text == "you put the pass here" then
-- put your code here
end
end)
1 Like
getting banned from roblox speedrun
4 Likes
Don’t do this.
It seems a lot of people have more or less already told you this, but let me shed some light and actually explain why this is a horrendous idea, in hopes to change your mind.
First and foremost, password protection in theory, isn’t necessarily the worse idea; (by no means do I recommend it, and I will get to that later), but this is only true if everything locked by the password is stored on the server, and the checks to see whether or not the password is correct, is also maintained on the server.
Which the code sample you marked as a solution, nullifies that, and the password is checked on the client, DONT DO THIS!!!
Why? The client is exactly that; the client, it’s the individual player who is on your game. Everything on the client is accessible to the person on the other side of the computer, they can view your code on the client, they can even go as far as to save your maps, scripts (locally), etc…
Meaning anyone who has very minimal knowledge of ‘exploiting’, can very easily check what your password is, if it’s stored and verified on the client.
STOP USING PASSWORDS!
Really, what’s the point in password protecting anything, when you can protect it via UserId’s, or other indentifiers (realistically speaking, you should just use UserId’s, but group ranks, etc… also work; dont use usernames / display names)
Why bother risking someone guessing your password, or manually checking to see what it is, when you can just show your GUI based on whether or not you’re a particular player (jn this case, the game administration, owners, etc…)
This also prevents people from outright leaking your password, I’m sure you don’t want that.
Finally, every single action you do with your ‘admin panel’ should be verified by the server anyways, which would relay back to a valid USERID.
Side Note
Not sure why people are saying this breaks terms of service, assuming you have one static username & one static password, and don’t store any information inputted, then it doesn’t violate any terms of service; and if you really want to play it safe, add a label to tell people to never enter their ROBLOX information, as it wont be correct.
2 Likes