Shutdown and Unban Command Help

Right, so people have advised me that I should add verifications to my admin panel’s remote events so hackers cannot use it against us. Anyways it has been an amazing bit of code the person recommended for me to use but I have having issues using it with the last 2 functions. No errors so I have no Idea as to why they are not working.

    if not table.find(modList, player.UserId) then
        -- user using the remote is a bad actor, punish them and drop the request
        return player:Kick("Tampering with Remotes");
    end

I do have a pretty good idea as to why it is not kicking the person who is not an admin who fired the server. I believe its because it actually does but its to late because it follows through with the function to kick everyone in the server. So basically I am asking how to cancel kicking everyone from the server. I know it has to go in the then part of the script but thats it for that.

local config = require(script.Parent.Parent.Parent.Config)
local admins = config.adminIDs
local shutdown = false

script.Parent.Parent.ShutdownEvent.OnServerEvent:Connect(function(player)
	if not table.find(admins, player.UserId) then
		-- user using the remote is a bad actor, punish them and drop the request
		return player:Kick("Tampering with Remotes");
	end
	
	for k, value in next, game.Players:GetPlayers() do

		value:Kick("This server has been shutdown by an Admin.")
	end

	shutdown = true
end)

function onJoin(player)

	if shutdown then

		player:Kick("This server has been shutdown by an Admin.")
	end
end

game.Players.PlayerAdded:Connect(onJoin)

But yeah it just shuts down the server anyway even if your not an admin.

As for the unban script I have no idea why it is not working.

local config = require(script.Parent.Config)
local admins = config.adminIDs
local datastoreservice = game:GetService("DataStoreService") -- These two lines are the datastores
local bandata = datastoreservice:GetDataStore(config.DataStoreKey)


script.Parent.Unban.OnServerEvent:Connect(function(plr,plrtounban,status)
	
	if not table.find(admins, plr.UserId) then
		-- user using the remote is a bad actor, punish them and drop the request
		return plr:Kick("Tampering with Remotes");
	end	
	
	local uid = game.Players:GetUserIdFromNameAsync(plrtounban) -- They won't be in the game so we get the id 
	bandata:SetAsync(uid,{".",".","."}) -- Sets it to something without the id in the first column in the datastore
end)

Any help would be amazing as we are on the home stretch to finishing this.

Remove the return from every plr:Kick() that’s whats causing the issue.

I’ll try that out, thanks!!

Erm that did not work for the shutdown script please help.

I suggest having an “Admin Check” Function to check if that player is among the whitelist table, then if they are add a value into some folder inside the player called “ADMINCONSOLE” or something of that sort. Then just check if they have that value (make sure its only created on the server and that the server checks to see if they have it not the client or else exploiters can exploit this into their client)

I do have one which is working perfectly, its just that people have recommended to me that I secure my remotes incase of an exploiter.

Can I see your table of admins? (The one you use to find if a user is an admin.)

local adminConfig = {}

adminConfig.adminIDs = {1482942854, 1485350602}
adminConfig.DataStoreKey = "CHANGEITHERE"

return adminConfig

Its a Module script,

local config = require(script.Parent.Parent.Parent.Config)
local admins = config.adminIDs
local shutdown = false

script.Parent.Parent.ShutdownEvent.OnServerEvent:Connect(function(player)
	if not admins[player.UserId] then
		-- user using the remote is a bad actor, punish them and drop the request
		return player:Kick("Tampering with Remotes");
	end
	
	for k, value in next, game.Players:GetPlayers() do

		value:Kick("This server has been shutdown by an Admin.")
	end

	shutdown = true
end)

function onJoin(player)

	if shutdown then

		player:Kick("This server has been shutdown by an Admin.")
	end
end

game.Players.PlayerAdded:Connect(onJoin)

local config = require(script.Parent.Config)
local admins = config.adminIDs
local datastoreservice = game:GetService("DataStoreService") -- These two lines are the datastores
local bandata = datastoreservice:GetDataStore(config.DataStoreKey)


script.Parent.Unban.OnServerEvent:Connect(function(plr,plrtounban,status)
	
	if not admins[plr.UserId] then
		-- user using the remote is a bad actor, punish them and drop the request
		return plr:Kick("Tampering with Remotes");
	end	
	
	local uid = game.Players:GetUserIdFromNameAsync(plrtounban) -- They won't be in the game so we get the id 
	bandata:SetAsync(uid,{".",".","."}) -- Sets it to something without the id in the first column in the datastore
end)

That should work.

Those worked, Thank you sooo much!!!

Wait thats odd, I tried it and the whitelist for the shutdown was the opposite lol. The admin was kicked for using remote and the nonadmin could shutdown. Could you help with this?

Possibly just remove the not in the if statement, and it should work.

if not table.find(admins, plr.UserId) then
	-- user using the remote is a bad actor, punish them and drop the request
	return plr:Kick("Tampering with Remotes");
end	

Change above to:

if not table.find(admins, plr.UserId) then
	-- user using the remote is a bad actor, punish them and drop the request
	plr:Kick("Tampering with Remotes");
	return
end	

You can change it for the shutdown script.