Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    Luwiego

    Thanks for the help..... -_- Sorry for me raging, but this can`t be my fault. Everything was running fine yesterday , im the only one who is op, so no one could done something bad besides me. This was totally random, because nothing was changed in xAuth configs, or no new plugins were added.
     
  3. Offline

    CypherX

    Something doesn't just stop working for no reason, there has to be some kind of outside influence. Are there any error reports in the server console/log?
     
  4. Offline

    Luwiego

    Thats the thing, no errors in console, it doesnt work but in /plugins list is showed as green.
     
  5. Offline

    XtenD

    Fix your MySQL connection...
     
  6. Offline

    Luwiego

    Using the h2 :/
     
  7. Offline

    CypherX

    Luwiego
    Are you sure there aren't any errors in the console and that you aren't suppressing them? PM me your server IP and if necessary start it on a different port (include the port in the PM).
     
  8. Offline

    Giuseppe

    it´s possible du you add a Rss feed
     
  9. Offline

    Adrenaline

  10. Offline

    siemaeniu500

    How to disable the last login session?
     
  11. Offline

    nabakin

    Okay thanks
     
  12. Offline

    Punga

    I've got a question. How to use CheckPassword php fungtion? Arguments etc and how to detect if it is matching or not.
     
  13. Offline

    olaaxe

    Could i get link to one that works with 1.1R4 cause im running a server on that... tekkit
     
  14. Offline

    CypherX

    What did you do to the database or DBVERSION file?

    All of that can be learned by looking at the function.
     
  15. Offline

    Winner1

    Is there a way to fix suffocation upon login? Sometimes when people log in they suffocate right after because of (what I assume) xAuth, it doesn't remember their latitude?/Y-coordinate correctly.
     
  16. Offline

    Adrenaline

    At DBVersion file i have this:
    #Mon May 28 09:08:49 CEST 2012
    lockout=1
    playerdata=2
    location=0
    account=0
     
  17. Offline

    CypherX

    When exactly do they suffocate? Before they login and their location is locked, after logging in and while they're being teleported back to their position, or after being teleported back to their position and it's incorrect?

    Edit: Nevermind, I found the problem. When a player uses /logout it was trying to delete their session from the database which in this case doesn't exist since you have session.length set to zero.

    Did you change something in the configuration? Was session.length set on zero before? That's the only reason the session table wouldn't be created.
     
  18. Offline

    Punga

    I have no idea how to use it, it never works. I tried to do something like if(checkPassword(Argmunets)) it's always false and when I try to echo it, it returns some strange +-20 characters long code. :/
     
  19. Offline

    Adrenaline

    Yes, i set length session to 0 because i dont like it ;D
    session:
    length: 0
     
  20. Offline

    Winner1

    It happens after logging in and after being teleported back to their 'supposed' location. The position they get teleported back to after logging in isn't wrong, it's just underground and they suffocate.
     
  21. Offline

    CatsyLady

    they have slow internet and the chunk is not loaded,
    and they die in wall or fall into the void...

    that is old
     
  22. Offline

    siemaeniu500

    When I moved to xauth, players sometimes do not receive all the permissions. This is the plugin MagicCarpet, sometimes some do not have permissions, and after a reboot of May.
     
  23. Offline

    Winner1

    100 Mbit/s should be enough, shouldn't it? It never happened before with AuthDB nor did it happen with older xAuth versions.. There's something else going on here.
     
  24. Offline

    melone99

    It Doesnt work ? Why?
     
  25. Offline

    CookCraftHD

    Hello,
    How can I encrypt a password in PHP that (if the password is correct) is the sameas those in the mysql database is, so to compare with the password to log in whenyou entered when registering as you first on my server is?
     
  26. Offline

    Krazy

    @CypherX
    what encrypt mode xauth use?
     
  27. Offline

    siemaeniu500

    When I moved to xauth, players sometimes do not receive all the permissions. This is the plugin MagicCarpet, sometimes some do not have permissions, and after a reboot of May.
     
  28. Offline

    CatsyLady

    100 mbit? and? who cares,
    maybe he is far away from the server.
    and yes it was happen on older versions before.

    you can fix it by install spout what has a function
    called smoothteleport
    it (pre) load the target chunks before teleporting.


    ************edit

    got a bug today what was never happen before

    Code:
    2012-05-30 23:17:32 [WARNING] Task of 'xAuth' generated an exception
    java.lang.NullPointerException
        at com.cypherx.xauth.PlayerDataHandler.storeData(PlayerDataHandler.java:31)
        at com.cypherx.xauth.PlayerManager.protect(PlayerManager.java:156)
        at com.cypherx.xauth.listeners.xAuthPlayerListener$1.run(xAuthPlayerListener.java:294)
        at org.bukkit.craftbukkit.scheduler.CraftScheduler.mainThreadHeartbeat(CraftScheduler.java:126)
        at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:533)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:459)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
    
    after that all got disconnected
     
  29. Offline

    CypherX

    It returns a boolean and takes three arguments:
    1. Plaintext password you are checking
    2. Hash of the real password from the database
    3. Algorithm (pwtype database field)

    That error will be fixed in the next update.

    Weird. I'll look into it but don't know if I'll be able to do anything about it.

    CookCraftHD Krazy
    https://github.com/CypherX/xAuth/wiki/Password-Hashing

    CatsyLady
    That happens when a player connects and disconnects during the same server tick. It won't happen anymore after the next update.

    siemaeniu500
    You obviously can't take a hint. I've been ignoring you for a reason.
     
  30. Offline

    Cannedbeefy

    I doubt your connection is 100mbs outside of your LAN. Most likely if your on cable with business Internet 5mbps upstream. If you have fios 35mbps tops upload and if your in a data center who knows you sharing with tons of people and that's doubtfully they dedicate 100mbps solely to you. That's just expensive to do.
     
  31. Offline

    siemaeniu500

    Sorry for my english, what i can to do it ? Why you ignoring me ?
     
Thread Status:
Not open for further replies.

Share This Page