Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    hollow36rus

    Use the InventorySQL. The best solution.
     
  3. Offline

    lycano

    whitas you are on 1.3.x CB right? Shure ill check.

    Leemur no, i did executed those query manually from source no problem at all with the syntax. What can be is that your database user does have insufficient grant privileges. Plus I really dont know where your single quote sign comes from. Maybe you do use a different codebase?

    Or ... wait what OS do you use? Im wondering if your line seperator is set to something like 'LF or something.

    Ill check the database updater.

    hollow36rus i dont support 2.0.10 as its was never a original build from the author.
     
  4. Offline

    whitas

    :) Yeah, another plugin.. What for ? I believe this is bug in this one.
     
  5. Offline

    hollow36rus

    I do not understand. At the top there is a link to download 2.0.10
    And yet, what could be the problem? There should be information?
     
  6. Offline

    lycano

    hollow36rus the information is im not the original author of this plugin. I have taken it over from Cypher. The BukkitDev page was blocked by some guy (fixed, now is available for me) In the meantime i fixed the plugin for 1.2.5-R5.0 Didnt thought about having 1.3 AsyncChat implemented.

    Problem with 1.3 CB is, when you disconnect the actual PlayerChatEvent arrives after the player disconnected. I have to make shure that those listeners are thread safe. Will be fixed in the next version.

    Download the latest version at http://ci.luricos.de/public/xAuth/

    With that latest you can check for updates in the future by yourself with "xauth version" if you didnt disabled main-update checks via config.

    Hope that helps.

    whitas yes its a bug cause the player can close the client faster than the event arrives. This would also explain inventory loss when logging off and instant closing the client.
     
  7. Offline

    whitas

    Hey lycono :) stop kidding :) it's not funny :


    2012-08-12 22:01:13 [INFO] Starting minecraft server version 1.3.1
    2012-08-12 22:01:13 [INFO] Loading properties
    2012-08-12 22:01:13 [INFO] Default game type: SURVIVAL
    2012-08-12 22:01:13 [INFO] Generating keypair
    2012-08-12 22:01:13 [INFO] Starting Minecraft server on *:25565
    2012-08-12 22:01:13 [WARNING] **** SERVER IS RUNNING IN OFFLINE/INSECURE MODE!
    2012-08-12 22:01:13 [WARNING] The server will make no attempt to authenticate usernames. Beware.
    2012-08-12 22:01:13 [WARNING] While this makes the game possible to play without internet access, it also opens up the ability for hackers to connect with any username they choose.
    2012-08-12 22:01:13 [WARNING] To change this, set "online-mode" to "true" in the server.properties file.
    2012-08-12 22:01:14 [INFO] This server is running CraftBukkit version git-Bukkit-1.3.1-R1.0-b2320jnks (MC: 1.3.1) (Implementing API version 1.3.1-R1.0)
    2012-08-12 22:01:15 [INFO] [GroupManager] Loading GroupManager v2.0 (2.9.3) (Phoenix)


    OK, so would you be able to fix it or should I say to the user what?

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
  8. Offline

    lycano

    whitas, that they have a new version in ~4-5 hours. To workaround this with 1.3.x tell them use /logoff for the time beeing and wait til they receive the logout message and get moved to spawn. Then it is save to close the client.
     
  9. Offline

    whitas


    :) oki

    Sorry, just wondering if this Exception issue can couse memory problems ?

    Finally my server crashed with grbagecollector message:

    2012-08-13 14:39:58 [SEVERE] Could not pass event PlayerQuitEvent to xAuth
    org.bukkit.event.EventException
    at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:332)
    at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
    at org.bukkit.plugin.SimplePluginManager.fireEvent(SimplePluginManager.java:477)
    at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:462)
    at net.minecraft.server.ServerConfigurationManagerAbstract.disconnect(ServerConfigurationManagerAbstract.java:213)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:711)
    at net.minecraft.server.NetworkManager.b(NetworkManager.java:286)
    at net.minecraft.server.NetServerHandler.d(NetServerHandler.java:109)
    at net.minecraft.server.ServerConnection.b(SourceFile:35)
    at net.minecraft.server.DedicatedServerConnection.b(SourceFile:30)
    at net.minecraft.server.MinecraftServer.q(MinecraftServer.java:583)
    at net.minecraft.server.DedicatedServer.q(DedicatedServer.java:212)
    at net.minecraft.server.MinecraftServer.p(MinecraftServer.java:476)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:408)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:539)
    Caused by: java.lang.ClassCastException: org.bukkit.craftbukkit.CraftOfflinePlayer cannot be cast to org.bukkit.entity.Player
    at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerQuit(xAuthPlayerListener.java:125)
    at sun.reflect.GeneratedMethodAccessor843.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:616)
    at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:330)
    ... 14 more
    2012-08-13 14:40:49 [SEVERE] java.lang.OutOfMemoryError: GC overhead limit exceeded

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
  10. Offline

    hollow36rus

    2.0.16 - for which version of CB?
     
  11. Offline

    lycano

    whitas now we know "If too many errors are thrown, the server can crash" :rolleyes:

    hollow36rus intentionally first release for 1.2.5R5.0 but would also work when used with 1.3.1 BUT you shouldn't.

    Wait till next version is out.
     
  12. Offline

    Koksons

    I recall about my message because I have not seen anyone else so he had:
    Code:
    2012-08-13 07:48:00 [SEVERE] Could not pass event PlayerQuitEvent to xAuth
    org.bukkit.event.EventException
        at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:332)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
        at org.bukkit.plugin.SimplePluginManager.fireEvent(SimplePluginManager.java:477)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:462)
        at net.minecraft.server.ServerConfigurationManagerAbstract.disconnect(ServerConfigurationManagerAbstract.java:213)
        at net.minecraft.server.NetServerHandler.disconnect(NetServerHandler.java:162)
        at org.bukkit.craftbukkit.entity.CraftPlayer.kickPlayer(CraftPlayer.java:215)
        at net.h31ix.anticheat.manage.PlayerManager.execute(PlayerManager.java:183)
        at net.h31ix.anticheat.manage.PlayerManager.reactHigh(PlayerManager.java:60)
        at net.h31ix.anticheat.manage.PlayerManager.increaseLevel(PlayerManager.java:92)
        at net.h31ix.anticheat.event.EventListener.log(EventListener.java:40)
        at net.h31ix.anticheat.event.PlayerListener.checkSpeed(PlayerListener.java:395)
        at sun.reflect.GeneratedMethodAccessor10.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:330)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
        at org.bukkit.plugin.SimplePluginManager.fireEvent(SimplePluginManager.java:477)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:462)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:213)
        at net.minecraft.server.Packet10Flying.handle(SourceFile:136)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:276)
        at net.minecraft.server.NetServerHandler.d(NetServerHandler.java:109)
        at net.minecraft.server.ServerConnection.b(SourceFile:35)
        at net.minecraft.server.DedicatedServerConnection.b(SourceFile:30)
        at net.minecraft.server.MinecraftServer.q(MinecraftServer.java:581)
        at net.minecraft.server.DedicatedServer.q(DedicatedServer.java:212)
        at net.minecraft.server.MinecraftServer.p(MinecraftServer.java:474)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:406)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:539)
    Caused by: java.lang.ClassCastException: org.bukkit.craftbukkit.CraftOfflinePlayer cannot be cast to org.bukkit.entity.Player
        at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerQuit(xAuthPlayerListener.java:125)
        at sun.reflect.GeneratedMethodAccessor121.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:330)
        ... 29 more
    We look forward to a fully functional version that will not throw errors
     
  13. Offline

    portapipe

    I have to open my server tomorrow (4k users to be ported in the new one) and I use xAuth as login plugin. Bukkit 1.3.1 obviously. When the 1.3.1 compatible version can come out? 'cause I've tried a lot of plugins until I saw that you have taken this plugin.
    Orrible stability. Right now there are a lot of errors: update issue (even if the h2 2.0.10 is created) and some other issues:

    Code:
    Could not pass event PlayerQuitEvent to xAuth
    org.bukkit.event.EventException
    at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:332)
    at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
    at org.bukkit.plugin.SimplePluginManager.fireEvent(SimplePluginManager.java:477)
    at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:462)
    at net.minecraft.server.ServerConfigurationManagerAbstract.disconnect(ServerConfigurationManagerAbstract.java:213)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:711)
    at net.minecraft.server.NetworkManager.b(NetworkManager.java:286)
    at net.minecraft.server.NetServerHandler.d(NetServerHandler.java:109)
    at net.minecraft.server.ServerConnection.b(SourceFile:35)
    at net.minecraft.server.DedicatedServerConnection.b(SourceFile:30)
    at net.minecraft.server.MinecraftServer.q(MinecraftServer.java:583)
    at net.minecraft.server.DedicatedServer.q(DedicatedServer.java:212)
    at net.minecraft.server.MinecraftServer.p(MinecraftServer.java:476)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:408)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:539)
    Caused by: java.lang.ClassCastException: org.bukkit.craftbukkit.CraftOfflinePlayer cannot be cast to org.bukkit.entity.Player
    at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerQuit(xAuthPlayerListener.java:125)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:330)
    ... 14 more
    Thanks and have a good coding :)
     
  14. Offline

    lycano

    portapipe expect a working version for 1.3.1 in aprox 2-3 hours.
     
  15. Offline

    portapipe

    Cool! Let's put that in the top post! And if you can use the Dev.bukkit page, cause a lot of people use that and I think it's better for you (tickets option first of all!)
    Thankyou man ;)
     
  16. Offline

    Krazy

    Waiting it, i have 8k more players too, and i need this plugin to much.
     
  17. Offline

    SuperGogeta555

    t
    thank u but i found the problem. i had antigrief on and it wasnt allowing players 2 destroy anything so i think ill get worldguard and thnk u 4 ur tips
     
  18. Offline

    lycano

    portapipe i would like too but didnt had time to set dev up. Will do after fixing stuff.
     
  19. Offline

    Krazy

    This plugin causing lag only in my server only or anothers having this issue?
     
  20. Offline

    ignasiux

    Please, update this plugin to 1.3.1. This is best plugin for cracked servers. But it erros :(
     
  21. Please stop posting: PLLLZZZLZLZZLZZZZZZZ UPDATTTTEEEEEEE!!!!!!!!111!1!!!!!!!!111

    Lycano is working on a 1.3.1 version.
     
  22. Offline

    ignasiux

    But he said he will make in 2-3 hours :|
     
  23. Offline

    komarEX

    You guys are so damn impatient... Want to have things done right? Just wait then -.-
     
  24. Offline

    whitas


    Can you do that faster ? Do that. If not just wait for him. He said he will do that. Maybe he has some problems? maybe has some more importand things to do right now ?

    Wiat ppl.
     
  25. Offline

    Koksons

    We are waiting for update ....
     
  26. Offline

    lycano

    For all who wait. I just got informed that the onPlayerQuit event malfuncitons in Bukkit.

    The Player object is lost during execution making it not possible to restore the inventory onQuit(). As we need to store Inventory when the player quits im currently implementing a fallback. So that the playerdata is restored onLogin til the bug is fixed.

    Sry that i didnt informed you earlier im just working on it as fast as i can.
     
  27. Offline

    Leemur

    lycano OS? Windows 7.
    I run queries manually in phpmyadmin and changed from DBVERSION playerdata=3 and the problem has disappeared.

    But in game xAuth 2.0.16 gives errors when an unlogged user tries to chat or to move (with chat and move restrict = false in config file).
     
  28. Offline

    whitas


    So? This is good news? Or bed news to us ? In terms of your next release, because I'm not fully sure if I understood you. Will you be able to workaround this bukkit bug?
     
  29. Offline

    lycano

    whitas well its bad news. But first some background.

    The error only occurs if you logout then disconnect. If you dont logout the server will do that after session-timeout. Default is 3600. You can increase it for the time beeing to not timeout ever til next RB.

    Again the error only occurs if you logout manually and then disconnect.

    If thats okay for all of you i would be happy cause i would have to rewrite much code to prevent this from happening only for one RB.

    Anyways im analizing the code anyways what happens during inventory save and restore so maybe i can circumvent this by optimizing code. But for the time beeing i guess releasing 2.0.17 as it is (without the Cannot cast to Player bug) is the only fast option atm.
     
  30. Offline

    whitas


    OK I understand you... but I believe that my user just press Esc -> Quit game. They even do not know about /logout command. My kids (8 and 12 years old, play this serv too) for sure do not use this command.
    There have to be something more. People from bukkit told you where next RB realese could be available ?
     
  31. Offline

    lycano

    whitas Dunno when the next RB comes out but if they just press ESC->QUIT there is no problem when they are logged in.

    They shall not just quit when they arent logged in. Thats all.
     
Thread Status:
Not open for further replies.

Share This Page