Code redeemable after player rejoins even though they redeemed it already?
Hi, Im trying to make a feature in my game where you can enter a code and it will give you points. All of that works, but if the player has redeemed the code and rejoins, they can redeem it again, so they can keep getting points. I know this has something to do with datastores, but I barely know anything about them lol. Anyways, I would really appreciate some help. Thanks!
Here is the script in serverscriptservice which gets activated once a remote event gets fired, which is when they redeem the code
local remoteevent = game.ReplicatedStorage.CodeEvent
remoteevent.OnServerEvent:Connect(function(Player,reward,code)
if Player:FindFirstChild(code) == nil then
local redeemed = Instance.new("BoolValue", Player)
redeemed.Name = code
redeemed.Value = false
if redeemed.Value == false then
Player.leaderstats.Points.Value += reward
redeemed.Value = true
end
end
end)
0
0
1 answer
Problem
Yes, we need to use DataStoreService.
Solution
We don't need to create the BoolValue Instance, we can simply store a bool value in DataStores.
When using Data Stores you always need to use a pcall AKA protected call because Roblox DataStores can fail sometimes.
Fix
local DataStoreService = game:GetService("DataStoreService")
local DataStore_CodeName = DataStoreService:GetDataStore("RedeemCode", "CodeName")
local DataStore_CodeName2 = DataStoreService:GetDataStore("RedeemCode", "CodeName2")
local CodeRedeemed = game.ReplicatedStorage.CodeEvent
local function OnCodeRedeemed(Client, Code)
local Success, Result
if Code == "CodeName" then
Success, Result = pcall(function()
return DataStore_CodeName:GetAsync(Client.UserId)
end)
if Success and not Result then
Client.leaderstats.Points.Value += 100
Success, Result = pcall(function()
DataStore_CodeName2:SetAsync(Client.UserId, true)
end)
if not Success then
warn(Result)
end
end
end
if Code == "CodeName2" then
Success, Result = pcall(function()
return DataStore_CodeName2:GetAsync(Client.UserId)
end)
if Success and not Result then
Client.leaderstats.Points.Value += 250
Success, Result = pcall(function()
DataStore_CodeName2:SetAsync(Client.UserId, true)
end)
if not Success then
warn(Result)
end
end
end
end
CodeRedeemed.OnServerEvent:Connect(OnCodeRedeemed)
EXPLOITING PROBLEM
I've found a way to easily exploit your game.
I see that you passed a Reward argument through the RemoteEvent. So I can exploit it with an executor and do this
game.ReplicatedStorage.CodeEvent:FireServer(1000000, "CodeName")
And there we go, I just gave myself 1M points. So how do we fix this? Just don't pass stuff like that to the server and do the rewarding on the server.
You can understand DataStores here. It explains everything about DataStoreService and how you can use it. BTW, you don't need to read the whole article all at once. You can read bit by bit otherwise, you'll get overwhelmed. If there's any problems with the code, you can reply to me in the comments on my answer. You should play around with DataStores too, so you can understand and feel comfortable using them.