Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    dragonhib

    Ok thanks for fast reply. Good news. Will wait for next update.
    Thanks one more time for this awesome plugin !!;)
     
  3. Offline

    ssssfire52

    Ok so everything works great for my users, but not so great for me. Obviously im the admin and because of that it seems im too important to have to type in my pass when ever i login. This is a big problem because grievers have found that they can just type my username in and login with full admin rights and are then able to do the most damage. I'm sure its a config option but for the life of me i cant find it. Please help!!!
     
  4. Offline

    CypherX

    Add '-xauth.exclude' to any groups/players that have the '*' permission.
     
  5. Offline

    ssssfire52

    worked liked a charm thx so much!!!
     
  6. Offline

    sonyusa

    CypherX: Any luck finding any bugs with the blocking of the hit detection for that RPG plugin I mentioned? You said it should stop checking it when a player logs in but it doesn't seem to :( I really wanna get my offline players back in but I would rather have my NPC's hand out quests and items and stuff. Thanks!
     
  7. Offline

    CypherX

    After trying to set up MineQuest for ~30 minutes and failing at assigning a quest to a NPC I ragequit. Are you sure xAuth is causing your issue? I don't see how it could be preventing entity interactions and since I don't think MineQuest is open-source, I can't check that.
     
  8. Offline

    Jorge4

    Hello plz help me with this problem.
    i downloaded ur plugin and it works nice buut the registration is not "forced" i mean, i have it set to "true" but if a player join my server it wont ask for registration.
    plz help me

    Problem solved!

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 12, 2016
  9. Offline

    sonyusa

    Haha! ok, once you get it running, do "/spawn_npc tester" (his plugin is very case sensitive) then "/npc_property tester hit_message ow" then punch him and he will say "ow". With xauth on, he doesn't say "ow", he just takes it like a man >=(

    You don't necessarily have to have a quest assigned, that's just an added function of an npc. If you fix the punch for hit message, it should fix the punch to assign quest. Thanks for looking!
     
  10. Offline

    CypherX

    Thanks for explaining it, I'll try it again later tonight.
     
  11. Offline

    Elvis

    kk problem i type /reload reloads all plugins xauth 02:00:15 [SEVERE] null
    org.bukkit.command.CommandException: Unhandled exception executing command 'logi
    n' in plugin xAuth v1.2.4
    at org.bukkit.command.PluginCommand.execute(PluginCommand.java:37)
    at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:85
    )
    at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:2
    55)
    at net.minecraft.server.NetServerHandler.handleCommand(NetServerHandler.
    java:675)
    at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:638)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:632)
    at net.minecraft.server.Packet3Chat.a(Packet3Chat.java:32)
    at net.minecraft.server.NetworkManager.a(NetworkManager.java:195)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:74)
    at net.minecraft.server.NetworkListenThread.a(SourceFile:100)
    at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:370)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:285)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:394)
    Caused by: java.lang.NullPointerException
    at org.bukkit.craftbukkit.entity.CraftPlayer.teleport(CraftPlayer.java:1
    47)
    at com.cypherx.xauth.xAuth.login(xAuth.java:296)
    at com.cypherx.xauth.CommandHandler.handlePlayerCommand(CommandHandler.j
    ava:55)
    at com.cypherx.xauth.xAuth.onCommand(xAuth.java:195)
    at org.bukkit.command.PluginCommand.execute(PluginCommand.java:35)
    ... 12 more

    plus it says on my screen an internal error occured
     
  12. Offline

    CypherX

    @sonyusa - Good news, found what was causing the issue and fixed it.

    @Elvis - Already fixed for the next update.
     
  13. Offline

    sonyusa

    CypherX I love you! <3 Any chance of an emergency patch release?? XD
     
  14. Offline

    Obscuri

  15. Offline

    CypherX

    Next update will be out either tonight or tomorrow once I make sure I've finished everything I wanted to get done.

    The most recent update hides a players location by teleporting them to the spawn until they log in.
     
  16. Offline

    Elvis

    what was the problem with this
     
  17. Offline

    piousminion

    @CypherX
    I'm at a bit of loss for words.

    I'm trying to make a login page for my website that checks the names and hashes in 'auths.txt'. It seems however, that when I hash the passwords, some of them match the entries in auths.txt and some don't. I really don't know what's going on here. I'm using PHP's hash('whirlpool', $password) function if that at all matters. I might add that when I enter my password into a multiple hash generator site, none of the hashes match some of the entries I see in auths.txt. Could it be that "some" are salted?

    Can you give me any idea what might be happening here?
     
  18. Offline

    Obscuri

    Thanks a lot, I didn't know that :)
     
  19. Offline

    CypherX

    Updated to version 1.2.5:
    • Version 1.2.5
      • Various NullPointerException errors fixed
      • Players will now be teleported to ground level instead of underground or in the air when not logged in
      • Added configuration node to turn on/off location protection (misc.protect-locaton)
      • MineQuest entity interaction fixed
    I know I said that a way to configure where players are teleported would be added, but that was scrapped in favor of adding a method to always spawn them on ground level.

    None of the passwords are salted, it's a clean conversion from the plaintext password into a Whirlpool hash. Could you provide at least one phrase that this happens to so I can do some testing?
     
  20. Offline

    hofec

    Hi industrious CypherX ! :cool:

    I have one urgent request for you man. Can u please make/or/remake /toggle command for me ? (or tell me how can i rename it :D )

    This collide with /toggle command from great Citizens plugin . Thank you for help ;)
     
  21. Offline

    sonyusa

    CypherX: Have I told you lately that I love you???
     
  22. Offline

    piousminion

    "iddqdidkfa" as a whirlpool hash is:
    Code:
    ed031109574dc3c83754ccd1fb986402fa200cb79048921222da3986da9181c11dd246f8fc472c3f6841c91c293db7a4949d8fe541eb872e40897841b7f668e6
    verified by several methods, yet in auths.txt for that user it shows

    Code:
    4DC178B3B71F262FF19DE572FD85AE9D7E636FBAA45492569C96330F86B65354CF152529D609956E02E3B68998C41C9BA265848333E74BCB70B731B0FF376F10

    I can login using that password just fine which is beyond strange. Ideas?
     
  23. Offline

    AbrarSyed

    I have a very odd problem. When a player that hasn't registered logs in, the screen flashes for an instant, and then goes to the default dirt minecraft background. if I register the player through the server console, they can use the login command and play.

    oh yeah, on startup, the ThunderGhast plugin runs the /tgcheck command that checks your mail... maybe its that?? nope, disabled that and it still didn't work...

    the server give the error that my test player moved too fast...
     
  24. Offline

    CypherX

    I'll see what I can do.
    Heh, I believe so.

    It's working fine for me:

    [​IMG]

    Are you using any plugins that do anything to chat messages or commands?

    Is this after the latest update (1.2.5) and does the dirt screen say anything?
     
  25. Offline

    piousminion

    I wouldn't begin to know what plugins could do something like this. The following is a list of plugins I use.
    Code:
    04:16:47 [INFO] Plugins: PreciousStones, FoundDiamonds, HeroChat, Warpz0r, Permissions, SupplySign, BlockCantKeepUpSpam, PermissionsPlus, JSONAPI, HeroicDeath, MultiVerse, WorldGuard, dynmap, Jail, properTime, LogBlock, PvP Control, BorderGuard, WorldEdit, SignColours, xAuth, BukkitVote, PickBoat, NoCheat, Wings, LWC, MultiInv, CommandBook, p2Aliases, WormholeXTreme, Citizens, LyTreeHelper, MobileAdmin, MinecartManiaCore, Minequery, NameChecker, FireLord, OpenInv, MinecartManiaChestControl, MinecartManiaStation, MinecartManiaAutomations, MinecartManiaSignCommands, MinecartManiaAutocart, MinecartManiaAdminControls
     
  26. Offline

    DeltaDevil

    Please help me, the /toggle command interferes with Citizens /toggle command, how can I shut it down on xAuth ?
     
  27. Offline

    hofec

    same same same xD just rename /toggle comm .. i tried to remove toggle permissions node, but no chance .. :)
     
  28. Offline

    DeltaDevil

    How can i do this, can you pls upload a version of xAuth without the /toggle command, im shitty at programing in eclipse.
     
  29. Offline

    AbrarSyed

    I downloaded this yesterday. same day as my post on this thread.
    nope, the dirt screen says nothing. Its only stays for like 10 seconds, and then the window closes.

    before the dirt screen, normal minecraft shows and the "AbrarSyed has Logged in" comes up but then it goes to the dirt screen immediately.

    the server says that I have logged in, then it says I have moved too fast. no logout message on the server.

    plugins I am running:

    AutoHelp -- http://forums.bukkit.org/threads/info-help-2-4-a-smarter-help-740.13601/
    BlackSmith -- http://forums.bukkit.org/threads/mech-blacksmith-v1-0-3-repair-your-equipment-740.11660/
    ClearInventory -- http://forums.bukkit.org/threads/mi...self-main-bar-all-cinv-556-617-677-740.10590/
    DeathTpPlus -- http://forums.bukkit.org/threads/tp...eathnotify-deathtp-streaks-deathlog-740.3046/
    DefaultPermissions -- http://forums.bukkit.org/threads/ad...ds-compatible-with-permissions-592-740.11238/
    GiveTo -- http://forums.bukkit.org/threads/ad...r-self-permissions-gto-gme-556-670-740.10449/
    HELP -- http://forums.bukkit.org/threads/info-help-2-4-a-smarter-help-740.13601/
    HookShot -- http://forums.bukkit.org/threads/fun-hookshot-v1-1-1-scale-mountains-with-a-hookshot-740.16494/
    iChat
    iConomy
    iConomyChestShop
    iconomyDeath -- http://forums.bukkit.org/threads/fu...e-money-from-players-when-they-die-740.10131/
    LWC -- http://forums.bukkit.org/threads/se...ight-inventory-protection-management-740.967/
    MobBounty
    MyHome -- http://forums.bukkit.org/threads/tp-myhome-v1-9-5-733-740.13313/
    MyWarp -- http://forums.bukkit.org/threads/tp-mywarp-v1-10-5c-basic-social-guiding-warpsigns-684-762.13098/
    SignLift -- http://forums.bukkit.org/threads/mech-signlift-v0-7-elevators-with-signs-602-670.2900/
    OutputHandler
    Permissions
    PvPRewards -- http://forums.bukkit.org/threads/fu...eal-money-from-their-victims-740.10740/page-2
    ThunderGhast -- http://forums.bukkit.org/threads/chat-thunderghast-standalone-mail-plugin-740.14884/
    Weathergod
    WorldEdit -- http://forums.bukkit.org/threads/ed...diting-degriefing-build-from-far-away-709.62/
    WorldGaurd -- http://forums.bukkit.org/threads/se...-cuboid-region-protection-with-blacklist.790/
     
  30. Offline

    hofec

    Maan, i'm just waiting for update as you .. i only tried remove perm-node, no result :confused:
     
  31. Offline

    DeltaDevil

    Ill try to recomplie this in eclipse, if i succeed ill give you the download link.

    No it did not work, were gonna have to wait.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 12, 2016
Thread Status:
Not open for further replies.

Share This Page