What i’m attempting to achieve is a way to get players UserIds without checking the event and if their UserIds match on the Server Side, they’ll be considered an admin.
I am also attempting to achieve a way to stop a script from continuing if they aren’t an admin. Hence the break function.
Issues
The issue is no matter what I try, everyone is deemed an admin.
I was told by another person that exploiters are able to change their UserId through the Client which in theory supposedly would give them the ability to change their UserId to one of the Admins UserIds which would give them access to the controls and would also give them the ability to access everything else that’s linked to this Module Script.
--[Made By MillerrIAm]--
--------[Variables]-------
local Players = game:GetService("Players")
---------[Admins]--------
adminIDs = {4947564}
--[[UserIds in order = {"MillerrIAm":678299,"NemesisY2J"}]]
--------[Main Code]------
local adminCheck = {}
function adminCheck.Activate(plr)
for i,Admin in ipairs (adminIDs) do
if Players:GetNameFromUserIdAsync(Admin) then
print("Admin Started")
return true
else
--Notification Sends
--Kick Function Sends
print("No Admin")
break
end
end
end
return adminCheck
The Command inside Scripts
--Made By MillerrIAm
-------------------Variables------------------
Event = game.ReplicatedStorage.ColorEvents.ExampleEvent
adminCheck = require(game.ServerScriptService["Scripts|Admins"]["ModuleScript|AdminCheck"])
------------------Main Script------------------
Event.OnServerEvent:Connect(function(plr,Change,Color)
if adminCheck.Activate(plr) then
end
end)
function adminCheck.Activate(plr)
for i,Admin in ipairs (adminIDs) do
if Players:GetNameFromUserIdAsync(Admin) then
print("Admin Started")
return true
else
--Notification Sends
--Kick Function Sends
print("No Admin")
break
end
end
end
I really don’t know what you are trying to do. Just use table.find to see if their user ID is in the table.
function adminCheck.Activate(player)
if table.find(admins, player.UserId) then
-- Code
return true
end
-- Code
return false
end
And remember to always use local variables since there is no reason to use global variables. Consistency is key when writing clean and maintainable code.
So, what I was told is that you can’t trust a RemoteEvent’s Player Event which is what I go off of.
A exploiter can change their UserId to access the controls and so on of what I use.
What i’m trying to do is make a solution where I can just search for the UserIds through the server instead of the Client.
So then, would this script work perfectly fine and not be exploitable?
Original Admin Module
--[Made By MillerrIAm]--
--------[Variables]-------
local player = game:GetService("Players")
---------[Admins]--------
adminIDs = {678299,4947564}
--[[UserIds in order = {"MillerrIAm","NemesisY2J"}]]
--------[Main Code]------
local adminCheck = {}
function adminCheck.Activate(plr)
for i,Admin in ipairs (adminIDs) do
if plr.UserId == Admin then
print("Admin Started")
return true
end
end
end
return adminCheck
Yes, but no need to over-engineer what already exists; table.find was made for this.
function adminCheck.Activate(player)
return table.find(adminIDs, player.UserId) and true or false
end
Since table.find returns the index of where the element is, we return true, but table.find returns nil if the element doesn’t exist in the table. So then false would be returned.
function adminCheck.Activate(plr)
for i,Admin in ipairs (adminIDs) do
if Players:GetNameFromUserIdAsync(Admin) then
print("Admin Started")
return true
else
--Notification Sends
--Kick Function Sends
print("No Admin")
break
end
end
end
return adminCheck
if Players:GetNameFromUserIdAsync(Admin) then
You should use if plr.UserId == v then instead of the searching for their UserId through their names
