Should I add a sanity check or just redo this remote

Help and Feedback Scripting Support
#1

I made a remoteevent that fires when a user presses a button in a point shop alongside two variables. The first variable was the ‘merit’ which is just how much their ‘Increased’ or ‘Decreased’ value in leaderstats change by, and the ‘pointCost’ variable which is just how much the button costs.

image
image362×563 13.8 KB

Each button (+1, +5, -5, etc.) has a localscript that runs the function (Image 2)
image
image880×94 13.4 KB

(Image 2)

The remote event script is as follows

image
image1048×258 35.8 KB

Except because I opted for convenience with the variables, people could run the event on their client as game.ReplicatedStorage.Remotes.shopPurchase:FireServer("+1000000", 1) to add 1 million leaderstats value while only paying 1 point. I’m not sure what kind of check I could do to prevent this since it’s not like I can just check their value since they are able to modify it in the event.

#2

You should probably redo it, at least partially.

Don’t trust the client for the costs - have some other place that it is stored which the server can access. Just have the client tell the name of the item (or the merit in this case) to the server, with which the server can determine the price.

#3

Yea I can’t brain right now so I’m just gonna have it strictly outlined in the server script like this so if a change is detected I can just kick them or whatever.

image
image1233×768 89.6 KB

Probably a better way to do this but oh well at least this way they cant change it

#4

reading this made me think… should i kick a player if their xp/cash value is not the same as the server? i haven’t included a client amount to be sent to the server but it could be quickly added. but is it a good idea?

#5

Doesn’t sound like a good idea. If there is a discrepancy you should simply just update it for the client as there is a lot that can go wrong with a system like that.

1 Like
#6

Yeah, there is an easier way to do this:

local prices = {
	["+1"] = 2,
	["+5"] = 10,
	["+10"] = 15,
	["+15"] = 20,
	["+20"] = 30,
	["+50"] = 50,
	["+100"] = 95,
	["+200"] = 180 
}

game.ReplicatedStorage.Remotes.shopPurchase.OnServerEvent:Connect(function(plr, merit, price)
	if kPoints.Value >= price and prices[merit] == price then
		-- do thing
		local amount = tonumber(string.sub(merit, 2))
		print(`added {amount}`)
	end
end)
#7

Yea I’ll reformat mine when I get back to it. Thanks.

#8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.