Dude ur dropping gold left and right. When I see these new vids in my notifs I try to script whatever ur making then use the vid to see if I did it correctly/add anything I didn’t think of.
Pro tip: Don't handle collissions nor damage on the client (Local scripts), If I were an exploiter I could just edit my local scripts and spam invoke the function that deals damage to a player. Making a remote that can send a signal from the client to the server for dealing damage is equal to giving an exploiter a tool to start griefing, since the server will think it's completely valid. Remember, always treat the client as a lying bastard when programming
This is my “erm actually 🤓” moment so don’t take this seriously As a former exploiter (no I’m not going to apologize for it because I used it for looking at how certain games i liked were developed) I’m pretty sure it is impossible to edit LocalScripts, let alone a regular script. You can’t even edit health on the client, which took me an unhealthy amount of time to figure out💀 You could tho, remove and add the script back with the stuff you wanted to put on it (because it is possible to read scripts on the client) but then it just comes down to how secure the developer was with their code. So yea, like Diego said, don’t ever trust the client and have security checks for everything. For example, if someone on the client makes a rebirth button visible on their UI without the requirements, don’t allow them to rebirth. If you have a sense of humor or you think anticheats are boring asf to code, crash their game with the while loop method or play a really loud or spooky sound, or one of my favorites: put a spooky PNG image, then after a bit have creepy ambience play and then have a message that says “User has been logged”
you use the client cuz of the delay between the server and the client so sometimes on the client you would have clearly hit someone but cuz of the delay it doesn't actully happen on the server so if you do it on the client then you will 100% all the time hit that person so its a choice of: the server delay ruining the game for some people OR make the game slightly exploitable
I know someone mentioned it here before however I'll be more in-depth, but the problem with having hitboxes set up on the client (and a damage-dealing remote on the server) is that they are extremely exploitable. Exploiters can use the remote to kill anyone, from basically anywhere. This is where "Sanity Checks" come in, and I hope you have a video planned on them soon. Other than that great video.
@@Mr1Lito The way I do it is I use a local script to detect the input, then I fire a remote event to the server with the name of the move. Then the server handles the move cooldown, the creation of the hitbox and the damage dealing. I'm curious to see what Ludius will do in the future.
Something everyone following this tutorial should read: This is NOT safe to do for your game for 2 main reasons, exploits and bad ping. Exploits: Since you are handling the hitbox pretty much exclusively on the client, there are no checks to ensure validity. Moreover, the server isn't checking whether the player making the hitbox is valid. This means that an exploiter could very easily execute a script that fires the RemoteFunction shown in the video with a player or character they would like to damage as a parameter, and any arbitrary numerical value for the damage, and damage anyone or anything on the server. You can fix this multiple ways: Do the hitbox on the server (slower but more secure), or include sanity checks on the server. Bad Ping: Again, another problem with this being client-sided. If I was lagging really badly, and performed an attack, the hit would still go through, but this is not a good thing. Let's say I have 400 ping. To the other player, I'm shown at a distance larger than the hitbox, but to me, I'm right in front of them. Since the script only checks my client to see if their within a boundsbox, then the attack would still go through. This would be unfair to the other player, since I'm still pretty far away from them. There are more reasons than that, and performing backend things like this on the client is just generally a bad practice. With a few tweaks, this could be a great tutorial.
I dont know how to tweak it and i dont know what to do i followed hes last tutorial for m1s and it works great it js doesnt have a hitbox if this is bad then what do i do to get something that works with this script well
I was also thinking the same thing. But i still want to do the hitbox on client for better performance. Therefore i came out with 2 solution, First is to apply debounce to prevent multiple invoke spam and second is to check player and target distance every time remote function is invoked (if they are too far, don't apply any damage).
this is seriously terrible advice, ALL great and responsive combat systems are based on the clientside. & also, if you're 'lagging due to ping', your inputs are still going to be delayed the same REGARDLESS of whether your combat's server-based or client-based.
u dont have any security on ur damage script, im pretty sure exploiters can easily fire that remote function and damage anyone from anywhere. for me i would either check the distance between the two players in that damage script to make sure they were hit properly. but in some cases u cant do that, so u can recheck if the player that got hit is in the hitbox, the downside is that its less efficient
What If I used .touched in this manner: I found it less buggy but that could just be a coincidence local function damage(hit) if hit.Parent:FindFirstChild("Player") then hit.Parent.Humanoid:TakeDamage(100) script.Parent["Sword Hit"]:Play() end end script.Parent.Touched:Connect(damage)
the hitbox will still be inconsistent and not always register. the only thing i personally would use .Touched for is checking to see if a player enters a new area/location of the map.
no not really because the server has a delay from client and server, meaning hitboxes will lag behind you pretty much and you can do security checks to check if the hitbox is correctly positioned/sized too. It's far from slightly smoother, it is smooth and if you purely run it on the server it will be horrible
local t = 0 while t < 1 do --Wait a maximum of 1 second before deciding the animation will never load. if m1Track.Length > 0 then break end t+=task.wait() end add this right after the m1Track variables, should fix the animations playing fast
doesnt work hitbox is fixed in one place and player gets damaged anyways. EDIT: Turns out it was because it was in a module script, but the player still gets damaged and moving that out of the module script will overcomplicate the final solution (I alrd got 5 parameters going into the module script I aint gonna add another one)
i think the local script detects the players in the hitbox, sends those players to a remote function, and a normal script recieves this then does the damage. What if a hacker starts sending random players to that remote function? can they damage random players?
@@TheOriginalPlu yeah thats true, but i think it would be better to add distance check function to the damage script. if the distance between the player hitting and the player recieving the damage has a high distance between them, code will not register the damage. Atleast somewhat prevents range extenders.
i tried to make an else statement inside the for i,v loop that said elseif humanoid == nil then and it prints missed, it would just print out missed anyways.
yo, i used the m1's tutorial you made and then went to this to figure out how to make it do damage and im 100% certain i did everything correct but its refusing to damage anything. any ideas what might be wrong? (also, i realized halfway through i was still in test mode so i had to remake the script and remote function, idk if that effects anything)
Is that good or bad? In any case, I sound a bit different bc I started recording very early in the morning, so my voice is kinda different bc I just wake up in most cases or it’s hella late
Im making a game, and for the moves hit detection i use simple hitbox, copying it or creating throught the script. Would've it be necessary to change the hitboxes to this zone detector? Or part hitboxes are worse in any case? Just not sure, but this seems like a feature i didnt know even exist. Crazy
yo could you please help me here or make a video on how to hit multiple humanoids at the same time? Because when i hit 2 humanoids at the same time, only one gets damaged at a time Edit: Nvm i figured it out
stocking scripting videos like the library of alexandria until i come across an error i don't understand I have a sus egirl avatar and im too scared to talk on the forum and get smited by other devs bc of it
@@EpikEpyx yea I checked after commenting, honestly I wouldn't mind if it was closer to something like $50 a month but I'm not gonna hate on the price, I understand the things that might go with setting a price like that
raycast hitbox is for more precise hitboxing, this hitboxing is less accurate (as in it can only be done in the shape of a square i think) but both work well and great for hitboxing
Isn't Localscript a bad choice when it comes to hitboxes? because i think it's accessible by the exploiters and it can be modified to make it bigger let me know if I'm wrong. All things aside you are the GOAT Ludius daddy 😋😋😋😋
if you do hitboxes on the server there will be a delay on things and the hitbox will be incorrectly positioned, it's done on the client for smoothness and security checks with the hitbox can be done to make sure exploiters don't mess things up
@@vrfrenzy8451 I understand your point, but implementing hitbox detection on the client side may not always provide smooth results. Performing hitbox detection on the server side is slower, but it is more secure. Another issue is that it could cause significant latency problems if the players experience lag.
@@Astrolightation latency messes up hitboxes for players hugely, there will always be latency, that's why it's handled on the client and is security checked on the server
@@vrfrenzy8451 even then with the security checks. if one client is lagging it can affect the flow of combat. thats why we use the server it will be static with good optimizing.
"Like a pro" and he sets the rootpart and the damage in client side... A mere cheater can damage anyone anywhere with the value he wants. Special queries is well explained but the code is trash.
it's not entirely trash, he doesn't damage in client side cuz you can't do that, people add security checks to make sure it isn't exploited too but he just doesn't do that here cuz that'd probably be too much for 1 video focused on people who don't know how hitboxes work
Dude ur dropping gold left and right. When I see these new vids in my notifs I try to script whatever ur making then use the vid to see if I did it correctly/add anything I didn’t think of.
I can tell you’re gonna be a good scripter, keep up the good work bro :]
Also thanks for the comment!
W commenter
It's not that hard once u get familiar with scripting
Like you will know that it will need a CFrame so you should probably know how it will work
tip that worked for me: instead of using `hum.Health -= damage` in the server script, i used `hum.Health = hum.Health - damage`
love the videos dawg, u got a new sub
Appreciate the support :]
Pro tip: Don't handle collissions nor damage on the client (Local scripts), If I were an exploiter I could just edit my local scripts and spam invoke the function that deals damage to a player. Making a remote that can send a signal from the client to the server for dealing damage is equal to giving an exploiter a tool to start griefing, since the server will think it's completely valid.
Remember, always treat the client as a lying bastard when programming
This is my “erm actually 🤓” moment so don’t take this seriously
As a former exploiter (no I’m not going to apologize for it because I used it for looking at how certain games i liked were developed) I’m pretty sure it is impossible to edit LocalScripts, let alone a regular script. You can’t even edit health on the client, which took me an unhealthy amount of time to figure out💀
You could tho, remove and add the script back with the stuff you wanted to put on it (because it is possible to read scripts on the client) but then it just comes down to how secure the developer was with their code.
So yea, like Diego said, don’t ever trust the client and have security checks for everything. For example, if someone on the client makes a rebirth button visible on their UI without the requirements, don’t allow them to rebirth. If you have a sense of humor or you think anticheats are boring asf to code, crash their game with the while loop method or play a really loud or spooky sound, or one of my favorites: put a spooky PNG image, then after a bit have creepy ambience play and then have a message that says “User has been logged”
@@proudoyster778 lmao the 3rd paragraph was worth reading
bro thinks any exploiter will interest on his game 😅😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂
you use the client cuz of the delay between the server and the client so sometimes on the client you would have clearly hit someone but cuz of the delay it doesn't actully happen on the server
so if you do it on the client then you will 100% all the time hit that person
so its a choice of: the server delay ruining the game for some people OR make the game slightly exploitable
I know someone mentioned it here before however I'll be more in-depth, but the problem with having hitboxes set up on the client (and a damage-dealing remote on the server) is that they are extremely exploitable.
Exploiters can use the remote to kill anyone, from basically anywhere. This is where "Sanity Checks" come in, and I hope you have a video planned on them soon. Other than that great video.
aye that was me lol and i agree
Especially in this case, since they can also change the damage to math.huge, which is an instant kill.
So is it better to have the hitboxes set up on the server instead?
@@Mr1Lito Yes. Using a server script for this is a good solution.
For input, you use a local script, but you don't send any arguments.
@@Mr1Lito The way I do it is I use a local script to detect the input, then I fire a remote event to the server with the name of the move. Then the server handles the move cooldown, the creation of the hitbox and the damage dealing. I'm curious to see what Ludius will do in the future.
The goat posted another banger
Thanks for the comment. I really appreciate it :]
You never fail to dissapoint Ludi
lets go the goat dropped a new vid
Something everyone following this tutorial should read:
This is NOT safe to do for your game for 2 main reasons, exploits and bad ping.
Exploits: Since you are handling the hitbox pretty much exclusively on the client, there are no checks to ensure validity. Moreover, the server isn't checking whether the player making the hitbox is valid. This means that an exploiter could very easily execute a script that fires the RemoteFunction shown in the video with a player or character they would like to damage as a parameter, and any arbitrary numerical value for the damage, and damage anyone or anything on the server. You can fix this multiple ways: Do the hitbox on the server (slower but more secure), or include sanity checks on the server.
Bad Ping: Again, another problem with this being client-sided. If I was lagging really badly, and performed an attack, the hit would still go through, but this is not a good thing. Let's say I have 400 ping. To the other player, I'm shown at a distance larger than the hitbox, but to me, I'm right in front of them. Since the script only checks my client to see if their within a boundsbox, then the attack would still go through. This would be unfair to the other player, since I'm still pretty far away from them.
There are more reasons than that, and performing backend things like this on the client is just generally a bad practice. With a few tweaks, this could be a great tutorial.
I dont know how to tweak it and i dont know what to do i followed hes last tutorial for m1s and it works great it js doesnt have a hitbox if this is bad then what do i do to get something that works with this script well
I was also thinking the same thing. But i still want to do the hitbox on client for better performance. Therefore i came out with 2 solution, First is to apply debounce to prevent multiple invoke spam and second is to check player and target distance every time remote function is invoked (if they are too far, don't apply any damage).
@@DaikonDee so this is why tsb hitbox is crazy
solution: handle everything else on remote function server
this is seriously terrible advice, ALL great and responsive combat systems are based on the clientside.
& also, if you're 'lagging due to ping', your inputs are still going to be delayed the same REGARDLESS of whether your combat's server-based or client-based.
Not the”they not like us”music in the background😭💀
You already know jajajajaj
the beef is over
also I bought the book u recommended a while ago, doing me well
Awesome bro! Keep up the good work :]
Also thanks for the comment
3:07 if you watched the last video you probably noticed that somewhere 3 extra lines of code were added can someone explain why or what they are?
it no work for me T-T
Edit: the animations play but they dont take damage
u dont have any security on ur damage script, im pretty sure exploiters can easily fire that remote function and damage anyone from anywhere. for me i would either check the distance between the two players in that damage script to make sure they were hit properly. but in some cases u cant do that, so u can recheck if the player that got hit is in the hitbox, the downside is that its less efficient
w video i learned a lot bro thanks
Can you make the player get stunned while doing m1? This would be very helpful
don't use remote functions unless you plan on returning a value back to the client/server just use remote events
The course cost 100$ a moth & that's the half off price??
Get byteblox's course instead..
@@dashmaster5432 I know how to code. It's the fact that he is in all honesty still a novice at this and he's charging that amount
when i put the script for the first video the animations worked. now that i added new strings the animations no longer play
Is anyone here having problems where it works when u punch in the 1st time but at the 2nd time it does it multiple times instead of 1 time only?
What If I used .touched in this manner:
I found it less buggy but that could just be a coincidence
local function damage(hit)
if hit.Parent:FindFirstChild("Player") then
hit.Parent.Humanoid:TakeDamage(100)
script.Parent["Sword Hit"]:Play()
end
end
script.Parent.Touched:Connect(damage)
the hitbox will still be inconsistent and not always register.
the only thing i personally would use .Touched for is checking to see if a player enters a new area/location of the map.
how about if I use remote events? using local script and scripts
Although it might be slighty smoother to put the hitbox on the lcient and trust them its better to do it on the sever and weld it to the client
no not really because the server has a delay from client and server, meaning hitboxes will lag behind you pretty much and you can do security checks to check if the hitbox is correctly positioned/sized too.
It's far from slightly smoother, it is smooth and if you purely run it on the server it will be horrible
local t = 0
while t < 1 do
--Wait a maximum of 1 second before deciding the animation will never load.
if m1Track.Length > 0 then break end
t+=task.wait()
end
add this right after the m1Track variables, should fix the animations playing fast
You should add this in a future tutorial like maybe bug fixing on the m1 system
the reason is because it wasnt fully loaded i think
just do
repeat task.wait() until anim.Length ~= 0
@@vrfrenzy8451 I didnt think of that but imma still do mine for now
@@KevinsGotAim alr, but what I did looks cleaner and probably is more performant so feel free to use it if you want
should use modules for combat systems fr fr
Yeah, for more complex stuff for sure :]
whats really the point of a remote function rather then using a remote event
doesnt work hitbox is fixed in one place and player gets damaged anyways.
EDIT: Turns out it was because it was in a module script, but the player still gets damaged and moving that out of the module script will overcomplicate the final solution (I alrd got 5 parameters going into the module script I aint gonna add another one)
U inspire me
That's the goal, happy to hear I'm able to inspire people :]
why do the dummies not get damaged when i test it
will the 3rd vid vid be when you punch someone it dose like a impact animation when the player hits them?
I have an error where it does no damage even if I type it correct
Thank you bro
You're welcome :]
Thank you for the comment :]
quick question here, so you have to validate on the server correct? you dont go over this in your tutorial, why dont you check it at all?
can you do hit stun
let's make exploiters able to put boxes on every player on a while loop and deal them math.huge damage :troll:
Why the helll are you using a remote function if you are not returning anything to the client, just use a remote event
46 seconds ago is insane
Yeah, I just published it jajajajaajaj
Also, thanks for the comment :]
Hoping tsb devs see this
i think the local script detects the players in the hitbox, sends those players to a remote function, and a normal script recieves this then does the damage. What if a hacker starts sending random players to that remote function? can they damage random players?
For the most part, Byfron prevents that. But there are still some executors that can bypass it.
@@TheOriginalPlu yeah thats true, but i think it would be better to add distance check function to the damage script. if the distance between the player hitting and the player recieving the damage has a high distance between them, code will not register the damage. Atleast somewhat prevents range extenders.
Yup, that’s a good idea to prevent exploiters
Yes, they would, but if I start explaining all that beginners could get confused
i tried to make an else statement inside the for i,v loop that said elseif humanoid == nil then and it prints missed, it would just print out missed anyways.
yo, i used the m1's tutorial you made and then went to this to figure out how to make it do damage and im 100% certain i did everything correct but its refusing to damage anything. any ideas what might be wrong? (also, i realized halfway through i was still in test mode so i had to remake the script and remote function, idk if that effects anything)
if im using projectiles how would i go about with these methods
i did not understand what to do in the first part💀💀💀💀
i swear you dont sound the same
Is that good or bad? In any case, I sound a bit different bc I started recording very early in the morning, so my voice is kinda different bc I just wake up in most cases or it’s hella late
@@iamLudius its not bad its just different
SKINWALKER
@@christian-b8e fr i didnt weanna say it tho
Im making a game, and for the moves hit detection i use simple hitbox, copying it or creating throught the script. Would've it be necessary to change the hitboxes to this zone detector? Or part hitboxes are worse in any case? Just not sure, but this seems like a feature i didnt know even exist. Crazy
Idk why but im not dealing any damage when I m1, and there are no errors in my output so i don't know why its not working. :/
I've tried everything and it's still not working
me too bruh :/
Can anyone tell me why it says that "OnServerInvoke can be only implemented on the server" ?
bad code, hitboxes shouldn't be done on client whatsoever, damage shouldn't be sent from client to server
True but is for more hibox latence just check after from server with raycast and distance from players
if you make hitboxes on the server, it will be extremely delayed. How should it be scripted, so hitboxes will not be delayed?
yo could you please help me here or make a video on how to hit multiple humanoids at the same time? Because when i hit 2 humanoids at the same time, only one gets damaged at a time
Edit: Nvm i figured it out
Shouldn't you do the spacial queries on the server because of exploits? Other than that I love your vids bro they're so helpful.
it doesnt work, no damdage taken, even tho its same as in the video :( i also tried debuging/printing but also nothing showed, idk what to do
stocking scripting videos like the library of alexandria until i come across an error i don't understand
I have a sus egirl avatar and im too scared to talk on the forum and get smited by other devs bc of it
I don't see any extra lines
Hey, how do I make a tool get ungrouped on click?
W video dawg
How did you make the dummy that takes damage? Sorry if this is a noob question but then again I am a noob at scripting.
Bro why didn't you just use a hitbox module? Personally think its gonna be much better and is not as easy to exploit
My hit detection just stoped from working 😅
3 calls a week sounds not bad, 1 on 1 calls or is it group calls ?
It's not worth it bro it's 99$ a month
@@EpikEpyx yea I checked after commenting, honestly I wouldn't mind if it was closer to something like $50 a month but I'm not gonna hate on the price, I understand the things that might go with setting a price like that
is simple spy up?
My brain hurts from this
can't you use table.find and table.insert instead for the hit conditions
It's the same thing.
Yo can you make a blocking tutorial next?
I already made it lol
is this any better then raycast hitbox or shapecast
raycast hitbox is for more precise hitboxing, this hitboxing is less accurate (as in it can only be done in the shape of a square i think) but both work well and great for hitboxing
why i cant do damage????
bro damageRF,where do you putted local damageRF
Yeah I know same issue for me it's somewhere at the top
Because it's too blurry
I have no errors but I'm not doing damage.
it not work for me :(
Gob bless you and your family
How do i make the hitbox visual?
set the transparency of the part to 0
Isn't Localscript a bad choice when it comes to hitboxes? because i think it's accessible by the exploiters and it can be modified to make it bigger let me know if I'm wrong.
All things aside you are the GOAT Ludius daddy 😋😋😋😋
if you do hitboxes on the server there will be a delay on things and the hitbox will be incorrectly positioned, it's done on the client for smoothness and security checks with the hitbox can be done to make sure exploiters don't mess things up
@@vrfrenzy8451 I understand your point, but implementing hitbox detection on the client side may not always provide smooth results. Performing hitbox detection on the server side is slower, but it is more secure. Another issue is that it could cause significant latency problems if the players experience lag.
@@Astrolightation latency messes up hitboxes for players hugely, there will always be latency, that's why it's handled on the client and is security checked on the server
It don't work
this guy is more like vuuk studio even the avatar haha
woah
Thanks for the comment :]
this is great but hitboxes go on the server not the client theres just too much the client can exploit with this method.
that's why people add security checks to it, if hitboxes are done on the server there's delay and it's far less smooth
@@vrfrenzy8451 even then with the security checks. if one client is lagging it can affect the flow of combat. thats why we use the server it will be static with good optimizing.
@@Howlinn no matter the optimisation, the server will always have a delay but I get your point, I'm no professional but I've got experience
@@vrfrenzy8451 yeah its true the server will have a delay
"Like a pro" and he sets the rootpart and the damage in client side... A mere cheater can damage anyone anywhere with the value he wants.
Special queries is well explained but the code is trash.
it's not entirely trash, he doesn't damage in client side cuz you can't do that, people add security checks to make sure it isn't exploited too but he just doesn't do that here cuz that'd probably be too much for 1 video focused on people who don't know how hitboxes work
He let the client decide the damage, which is beyond stupid
Hey
ah sorry i found it thx
first
You the goat :]