Plugin category: Admin Tools/Website Administration/Anti-Griefing Tools Suggested name: Smart Auth A bit about me: I host a small server which has been attacked once or twice and have thought long and hard about the best way to keep an offline server secure and at the same time easy to use. What I want: Usually, authentication plugins ask new users to use a command like "/register <password>" on their first login, and "/login <password>" on any logins afterwards. This can be tedious for those whose accounts are not in any immediate threat. The main problem, however, is that with offline servers, anybody can log in as anyone.Here is what I propose:On first login, player receives message: "Your IP is now associated with this account. If you would like to log in using a different IP, please create a password using "/createpass <password>"Every time the player logs in with their default (associated IP) they will not be prompted for login information. If, however, they visit a friend's house or are away (which is rare), then they will be required to authenticate themselves ingame as well (every time they log in with an IP not associated with their account).Players can, if they wish, not set up any password, but then they will not be able to move or place blocks if they join from another IP address (or they could just be kicked instantly).This way, players who play at different computers regularly (not a lot of people) will have to use a password, and ONLY if they are logging in on another computer. For most people, it would be as if nothing changed.Another feature I would like to propose is to make it so that players are only allowed to observe (even after logging in) for the first ten minutes. This is tied to the username, not the IP. This would prevent proxy users from logging in multiple times since they would have to make a ten-minute commitment each time. At the admin's discretion, this 10 minute period can be elongated or terminated prematurely. (this feature, of course, should be completely optional) Ideas for commands: /createpass <password>/deletepass <password> (enter current password to verify)/login <password>/setip (to change default IP - password doesn't need to be required since if they are logging in from a non-default IP, they will first need to input their password to issue commands in the first place)/deleteuserpass <user> (for OPs incase user forgets their password)/deleteuserip <user> (for OPs incase player forgets pass and no longer has access to old IP) Ideas for permissions: smartauth.createpass, smartauth.deleteuser.pass, smartauth.deleteuser.ip, smartauth.*, smartauth.deleteuser.* When I'd like it by: Any time in the next two to three weeks. If anybody is willing to do it, an ETA would be helpful so I could look forward to it. Similar plugin requests: None. Devs who might be interested in this: I am sure all of the offline server hosts and current security/password plugin-creating devs would be interested.
If your server is public facing with users you don't know connecting then you can easily enable online mode. Problem solved
Superkabii As much as I'd like to disagree, its true. Most people on Bukkit support Minecraft and Mojang (as do I), and do not want to aid someone in pirating their game. Pandamatak I can't help with this yet. I'm new to the bukkit plugins. I could possibly give you access to a version of Bukkit I forked. It requires a login everytime. You can register and login to users saved on the server. Best part is... is that it won't lag up your server like xAuth or AuthMe, and you won't spaz out. It puts you in a Void. And you can type chat messages to login and register. It doesn't take up much network traffic, because there is barely any communication, except for the chat messages the user can send, and the user gets disconnected for taking too long. Its very simple, and very easy. But it isn't a plugin. But it can work with all other plugins.
