I have been doing everything in local scripts, which has spoiled me because practically everything is easily accessible. But now that I am having to work on game security with server scripts, its far harder to just grab what I need, at least as far as I know.
I need to run checks for every player, but I don’t know how to do this in a server script. It seems like the only way to manipulate things related to players is through events, which surely is not the case.
Am I missing something big?
Your question is quite vague. Which checks do you need to run?
Alternatively, you can also use values to check and store certain data, so it will be existent and easy to access, as well as stand as a global variable. However, one downside is that this information needs to be placed in ReplicatedStorage (for successful client/server interaction) and may be susceptible to tampering by exploiters.
Not really. Client changes to values don’t replicate. It’d be the same as modifying a variable in a frontend script. The server would still hold the original value. The only time this kind of vulnerability would turn up would be if the client sends this value to the server and the server doesn’t validate it.
What kind of values do you need to store? If you give us this information, we can help you better. Otherwise, I don’t know what you are asking about. This may help you.
You’ll need to use RemoteEvents and RemoteFunctions to do the things you originally were able to do with LocalScripts. FilteringEnabled doesn’t replicate changes on the client to the server. For more information on RemoteEvents and RemoteFunctions I recommend you to read this wiki post, which is very helpful and contains a lot of information: https://wiki.roblox.com/index.php?title=Remote_Functions_%26_Events.
Best way to do it is a remote function and return+ compare that with what the server reads. Your only problem, and this is why exploiters have the advantage, is they can disconnect the remote function from firing on the client.
Can you give us more detail into what the security door is doing? If it is like if a player touch door and the player isn’t an admin then kill him, you would use a Touched event and see if the part it made contact with have a humanoid then if it does then use the Player service and use the function GetPlayerFromCharacter() and input the part’s parent. Now check if the part’s parent is a player by seeing if the function returns nil. For Example,
--Player Service
local Player = game:GetService("Players")
--This is the required rank you need to be to pass this door way
local requiredRank = 156 --This is the required ranking to by through the door
--Group ID
local Group_ID = 00000 --Example id
--Say this is the part you want special people to walk through
local detector= script.Parent.Detector
detector.Touched:Connect(function(hit)
--We're going to check for a humanoid to see if this is a player
local character = hit.Parent
local humanoid = character:FindFirstChild("Humanoid")
-- If the humanoid isn't nil then this is a character
if humanoid then
--This function from the Player service give us either two values
-- A player
-- OR
-- a nil value(meaning there is no palyer with this character
local player = Player:GetPlayerFromCharacter(character)
--if the player isn't nil then this is a player
if player then
--By entering the group ID we can see the player group rank
local groupRankNumber = Player:GetRankInGroup(Group_ID)
--If your ranking in this group is less than the required ranking, then you're not allow in this room
if groupRankNumber < requiredRank then
--[[
There two ways to deal with this player
A) Respawn charater
B) Set humanoid Value to 0(making the player die)
Let's be friendly here and do plan B
--]]
--By calling this function directly from the player, it should force he/she to repsawn instantly
player:LoadCharacter()
end
end
end
end)
Certain elements/uses are restricted to client-side, while others are server-side. For example, if you wanted to manipulate a player’s playerGUI via the server, you’d have to fire an event to the player, which then on his local client will manipulate his playerGUI. In these “checks” you’re talking about, depending on what you need, you can grab (limited, as mentioned above) information about players via the server without needing any communication between the two, then act on it as needed in the server.
Do you still need help?