Scripting Helpers is winding down operations and is now read-only. More info→
Ad
Log in to vote
1

Am I checking if player owns Gamepass properly?

Asked by
Soban06 410 Moderation Voter
3 years ago

I have some game passes in my game. I have a local script which checks if the player has the gamepass. If they do, then the local script makes the text button visible.

Here is the local script (inside text button):

local Player = game.Players.LocalPlayer
local WalkSpeedId = My GamePass Id
local MarketPlaceService = game:GetService("MarketplaceService")

if MarketPlaceService:UserOwnsGamePassAsync(Player.UserId, WalkSpeedId) then
    script.Parent.Visible = true
else
    script.Parent.Visible = false
end

Is this a good way to do it? Can hackers change this so that even if they don't have the gamepass, they can still make the gui visible? Can I use remote events here? If yes, then how.

Any help would be appreciated.

0
Hackers can make the GUI visible no matter what. Remember, Filtering Enabled is not in place to prevent hacking. It exists to prevent hackers' actions from replicating to the rest of the server. So yeah, anybody can go into your game and make that GUI visible with a simple injector. It's what you allow them to do when they have that GUI open that's important Gey4Jesus69 2705 — 3y
0
If you were really worried about this GUI in particular, it could be stored somewhere inaccessible to the client, like ServerStorage, and you could use a RemoteFunction to request it. This basically just serves as a buffer. The idea is that the more obscure parameters for your remotes that you have, the harder it would be for an exploiter to figure out the parameters Gey4Jesus69 2705 — 3y

2 answers

Log in to vote
3
Answered by
krowten024nabrU 463 Moderation Voter
3 years ago
Edited 3 years ago

Answer: Use remote events and check for the gamepass in server. Step 1: Add a remote event in ReplicatedStorage. Step 2: Add a server script in ServerScriptService. Step 3: Write this in the server script:

local MarketplaceService = game:GetService("MarketplaceService")
local WalkSpeedId = (gamepass id here)
local RemoteEvent = game.ReplicatedStorage:WaitForChild("RemoteEvent")

game.Players.PlayerAdded:Connect(function(player)
    RemoteEvent:FireClient(player, MarketplaceService:UserOwnsGamePassAsync(player.UserId, WalkSpeedId)
end)

Step 4: Write this in the local script in a text button:

local RemoteEvent = game.ReplicatedStorage:WaitForChild("RemoteEvent")

RemoteEvent.OnClientEvent:Connect(function(bool)
    script.Parent.Visible = bool
    shouldBeVisible = bool
end)

Step 5: Do a while true do loop in the server script's PlayerAdded function to fire to the client about the visibility of the TextButton:

game.Players.PlayerAdded:Connect(function(player)
    -- replace the `:FireClient()` with a `while true do` loop firing to the client about the client's visibility
    while true do
        RemoteEvent:FireClient(player, MarketplaceService:UserOwnsGamePassAsync(player.UserId, WalkSpeedId)
        wait(2)
    end
end)

Explanations: This is for exploit-proofing. Do the check in the server and fire it to the client in regular intervals to prevent exploiters from opening the TextButton and to annoy them into not opening it anymore (strategy may not work). Hope this helps!

1
No... just no... you can't just fire a remote event every millisecond and call it quits. Moreover, if you WERE going to use this god-awful method, why would you not do it in a local script? you don't need to send that over a remote. do NOT fire a remote that often Gey4Jesus69 2705 — 3y
0
you should remove debounce in step 5, it will check faster making it even better!!! imKirda 4491 — 3y
0
added a `2` to the wait to make it better. krowten024nabrU 463 — 3y
Ad
Log in to vote
0
Answered by
WideSteal321 773 Moderation Voter
3 years ago

Is this a good way to do it? This way is absolutely fine, HOWEVER checking if they own the gamepass on the server would prevent some exploiters. (Use remote events!)

Can hackers change this so that even if they don't have the gamepass, they can still make the gui visible? Yes most definitely, you cannot stop this though.

Can I use remote events here? See answer 1.

If yes, then how? Make a remote event in ReplicatedStorage, fire it from the server to the client using :FireClient(player). See more here.

0
Checking if they own the gamepass on the server-side does absolutely nothing, so long as the GUI is accessible to the client. An exploiter can literally just run `game.Players.[YourNameHere].PlayerGui.Gui.Enabled = true`, and they have access to it. Gey4Jesus69 2705 — 3y
0
The only way to prevent this is to store the object in a place, which is secure from client-access, like ServerStorage (see my comment on the main thread above) Gey4Jesus69 2705 — 3y
0
you cannot access `game.Players.[YourNameHere].PlayerGui.Gui.Enabled = true` from the server WideSteal321 773 — 3y
0
But then how should I check if the player has the game pass from the server? From local script it's easy but how from a script? Soban06 410 — 3y
View all comments (4 more)
0
it's the same. WideSteal321 773 — 3y
0
No. I mean how an I going to access the player? I don't have a touched event and I can't use game.Players.LocalPlayer Soban06 410 — 3y
0
Ohhh i see, use a player added event with the first argument being the player, please look this up on the wiki b4 asking another question WideSteal321 773 — 3y
0
@WideSteal321 I know you can't access PlayerGui from the server. That's the point. The client can. So they can just enable the GUI with an injector Gey4Jesus69 2705 — 3y

Answer this question