I work on this game where each of the achievements are saved on the server
but I have come on a bit of a roadblock
I want the game to have client sided quests but I have no idea how to securely notify the server that the client actually did the quest without being exploitable
I would prefer the solution to be server oriented so that I can give the achievements to the player
Thank you for any replies with helpful intent
Sanity checks.
You’ll have to do sanity checks. When a player completes a quest, fire a remote event, and perform a sanity check to make sure that the player actually completed the quest. If they did, then award the badge.
Hi, I’m sorry I kind of needed to know something like this too, can you explain to me what a sanity check is and how to do it?
Alright mate, A sanity check is some kind of comprobation we do to check if something is according to what we need, For example you have a GUI and when you click on the button it purchases an apple if you have 20 coins, You wanna put a check on teh GUI script that says if Coins == 20 then purchase apple, Well exploiters could just delete this check and still buy the apple even with 0 coins, So what you wanna do is also make the remote event listener check the coins you have from the server, theres a lot of ways a sanity check can be applied, Position, Values, Number, etc.
Here’s how it works:
Imagine this:
You’re making a gear shop. You want to make it so if a player has enough money, they can click the button to buy the gear.
If you check whether the player has enough money on the client, then the player could easily exploit the shop.
To prevent this, you need to fire a RemoteEvent when the player clicks the button. Then you check whether the player has enough money on the server. If the player has enough money, you would clone the gear into the player’s backpack. If they player doesn’t then they get nothing.
What do you mean by “client-sided” quest? Why is it client-sided?
It could be a user interface or something
A general rule of thumb when it comes to scripting is to remember that the client should be asking the server for permission to do something, as opposed to demanding the server to do a task.
Without seeing any code to the quest system you’re referring to, I would imagine that every player has a table of their quests that is backed up to a DataStore. What you could do is create a LocalScript that reads that table and creates UI elements that displays quest progress to the player.
Why does the quest need to be on the client? The client is supposed to only handle user input and the server manages the rest.
Let’s say you are a storekeeper, someone comes in the store, takes a drink, and goes to the counter, that person demands you to allow that person to bring the drink with him outside the store because he wants to drink it, in-order to do this they need to pay with money right? Now that person pays the money and leaves the store with the drink, you then realised that the money you got were fake! You didn’t check if the money was actual money or not before allowing that person to leave the store with the drink. That is what sanity checks are for. If you implemented sanity checks then you should have checked if the money were real or not, in this case the money wasn’t real. What will you do? Call the cops because that person is breaking the law.
Basically checking if whatever the client sent was right (example, client asks to buy a reactor core with the price of 12,391,029 money, server then does sanity checks, does this player have enough money? No? If no then reject the request, otherwise grant the item and subtract the cost of the item within the player’s money)
Wouldn’t you just handle this stuff in the server? For example a player clicks on a button to buy something and the button fires a remote, then a ServerScript handles the rest, like checking the players money and confirming the transaction, or is that what a sanity check is?
This. I cannot think of a reason why you would make quests client-sided
Maybe they mean the GUI is client-sided.
Their question is worried about their solution being exploitable - someone changing the GUI on their own client is not an exploit, so it doesn’t make sense that that’s what they’re asking about
Why have client-sided quests then?
Yes, as the flow goes:
That’s exactly my question lmao
apologies for lack of clarification
i need it to be client sided because i dont want other people to interfere with it
it is not a gui but rather something you have to do in the workspace
i am wondering how to let the server securely know the client did something specific
sorry for lack of clarification
im doing this thing on the workspace where you need to tame a bird and i want to make it so that it is client sided so that other players cannot interfere with the process