Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    piousminion

    Anyone else having problems with the linux xAuth Importer? It loads up mediafire, but the link just cycles and I get no download. I've tried it on a couple diff browsers on a couple diff OSes.

    EDIT: The windows download works just fine. I'll try to copy the db over and see if that works.
    EDIT2: The windows version worked, but for some reason it saved the auths.txt file in "C:\Program Files\Mozilla Firefox". lol

    Sorry for double posting. I'm on a roll tonight. :p

    Feature request:
    Option to require that users provide an email address when registering.

    This would allow me to create an auth module for my forums so players automatically have a forum account after registering and would also let me contact them in case of important server news like "OMFG, don't update your client to 1.4 yet!". :p

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 12, 2016
  3. Offline

    CypherX

    @piousminion: No idea why Mediafire was acting up but that does remind I need to swap those out for Dropbox links. Adding an option to require an email is a good idea and will definitely be included in a future update.
     
  4. Offline

    Kaikz

    Everyone gets this error on registering:
    Code:
    2011-04-04 00:16:18 [SEVERE] null
    org.bukkit.command.CommandException: Unhandled exception executing command 'register' in plugin xAuth v1.1.6
        at org.bukkit.command.PluginCommand.execute(PluginCommand.java:37)
        at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:80)
        at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:233)
        at net.minecraft.server.NetServerHandler.c(NetServerHandler.java:594)
        at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:557)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:551)
        at net.minecraft.server.Packet3Chat.a(SourceFile:24)
        at net.minecraft.server.NetworkManager.a(NetworkManager.java:198)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:72)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:100)
        at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:368)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:283)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:375)
    Caused by: java.lang.ClassCastException: java.lang.String cannot be cast to java.lang.Boolean
        at com.cypherx.xauth.Settings.getBool(Settings.java:105)
        at com.cypherx.xauth.CommandHandler.handlePlayerCommand(CommandHandler.java:26)
        at com.cypherx.xauth.xAuth.onCommand(xAuth.java:196)
        at org.bukkit.command.PluginCommand.execute(PluginCommand.java:35)
        ... 12 more
    Bukkit #617, xAuth 1.1.6.
     
  5. Offline

    CypherX

    Make sure none of the boolean values (true/false) are surrounded by quotes in your config.yml.
     
  6. Offline

    Kaikz

    Ah, removing the ' characters seemed to fix it. Although I haven't changed that value since I installed the plugin, around version 1.0 if I remember correctly...
     
  7. Offline

    CypherX

    It's caused by a change I made in how the configuration is handled a few updates back. Not sure why it's happening now unless you just updated from a fairly old version.
     
  8. Offline

    Kaikz

    Been updating from 1.0 to every update since. :3
     
  9. Offline

    swedish2011

    /login "123"

    how do you do that you have to log in?

    for if I go out of the game when I log in :O
     
  10. Offline

    binboum

  11. Offline

    CypherX

    @swedish2011: ..what?

    @binboum: That doesn't look like an xAuth error.
     
  12. Offline

    binboum

    I am French, I tested locally without any other plugins.
     
  13. Offline

    CypherX

    Yes, but both error messages displayed in the above image don't relate to xAuth in any way. To me it looks like you're just getting disconnected from the server.
     
  14. Offline

    Josh Harwood

    i want to force people to register, but only if they are member+ i really don't want my guests to be stuck in one point on the spawn :(
     
  15. Offline

    Phinary

    People can log in with spaces. Please fix.
     
  16. Offline

    CypherX

    Permission node 'xauth.exclude' added to the next update and will exclude that group/user from having to register.

    Do you mean joining the server with a blank name or with a space character in their name that should be filtered?
     
  17. Offline

    Phinary

    Nevermind it was blank name. I just registered myself as a blank name so nobody can use it. Thanks :p
     
  18. Offline

    CypherX

    Ah, alright. There's an option to block blank names in the next update so that will be taken care of in the future.
     
  19. Offline

    Phinary

    Any chance you can add something like when a player registers it records their ip and doesnt allow them to register again with the same ip, but still lets you login from different ips on that character. Like save a list of ips that registered and dont allow them to register again if you know what i mean
     
  20. Offline

    CypherX

    Added to my list of things to add, but it most likely won't be implemented until Bukkit fully implements persistence which is when I begin work on xAuth 2.0.
     
  21. Offline

    NuxlyStardust

    Great work, it's awesome that you provided a tool for moving from Anjo's plugin.

    There's one feature that I think is needed: a permissions node for registering.
    I always disable registration for safety but I have to enable it everytime someone new joins the server. And it's enabled for everyone which is not good. I would like to give newcomers the permission to register so that only them can use the /register command. If you could implement that, it would be really cool :)
     
  22. Offline

    Leemur

    it's good plugin but if you can this bug you will be the best.

    well.. if someone else is trying to join with the same nickname, i get disconect, and he can play with my name, without setting the password.
     
  23. Offline

    CypherX

    The next update contains a permissions node to exclude specific groups/players from having to register as well as an option to force registration or not.

    After the next update it should now disconnect a player attempting to connect while another player with the same name is online instead of the one already online being disconnected.
     
    Leemur likes this.
  24. Offline

    Skrip037

    [​IMG]
    That happens whenever I type a command. Even /say test

    ...annnd after a server restart it works fine?? Okay.

    Though, /give and /i no longer work..

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 12, 2016
  25. Offline

    CypherX

    @Skrip037: I've known about the COMMAND_PREPROCESS issue for a while but haven't been able to recreate it to fix it. Do you remember what happened up until this occurred?

    Alternatively, do any current xAuth users actually add any commands to the allowed-cmds node?
     
  26. Offline

    Skrip037

    Nothing out of the ordinary. Just updated my plugins and bukkit/mc and loaded and this is the result.

    EDIT: I don't know if this is from your mod.
    [​IMG]
     
  27. Offline

    CypherX

    That's for the CommandHelper plugin.

    Expect an update by tomorrow (Friday) night.
     
  28. Offline

    Darktrance

    pls a command for ingame making useraccount if Register is closed

    Regards Darky
     
  29. Offline

    CypherX

    Updated to version 1.2:
    • Version 1.2
      • Passwords are now stored as Whirlpool hashes (existing passwords are converted when a player logs in)
      • Configurable password complexity implemented
      • Option to block players with blank names from connecting
      • Players are no longer disconnected if someone with the same name joins
      • /logout command added
      • New arguments for /toggle
      • Unregistering an online player now notifies them and hides their inventory
      • Added ability to enable/disable IP verification (session.verifyip)
      • Added ability to enable/disable forced registration (registration.force)
      • Added permission node 'xauth.exclude' to exclude a group/player from having to register
      • Configuration node registration.pw-min-length has been changed to password.min-length
      • Configuration node security.filter.* has been changed to filter.*
      • Possible fix for COMMAND_PREPROCESS bug, it'll now output an error message to help debug it
      • All xauth.admin.toggle.* permission nodes have been grouped into xauth.admin.toggle
    If the COMMAND_PREPROCESS error occurs, it'll output a message in the server console that will help me solve the problem and try to auto-correct itself. Please paste the message here if you receive it.
     
  30. Offline

    Big___Rich

    My server uses Permissions, what is the node to allow my players to use /register <password> when they try to it nothing happens. Please help.
     
  31. Offline

    CypherX

    There is no node, everyone should have access to the command regardless unless the plugin is disabled.
     
Thread Status:
Not open for further replies.

Share This Page