Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    Graversimen

    ehm, i cant join after i updated. says my name contains one or more illegal characters :S
     
  3. Offline

    Boon Pek

    I'm waiting for the promised Beta3 ;) Apparently, it's on your GitHub, ready, but I don't know how to compile it :p
     
  4. Offline

    MiracleM4n

    I can compile it for you Boon Peak if you want. PM me.
     
  5. Offline

    Kafes

    What the?? When users /register they spawn in some other place not the spawn point??? Help please this is annoying. This plugin confuses me. Not trying to be rude sorry :p Its a great plugin help me please, thank you.
     
  6. Offline

    CypherX

    Take a look at the three filter settings in the config file.

    That's not the full beta 3, I've only committed one of the fixes.

    It returns them to the location they were originally at before they were locked at the spawn.
     
  7. Offline

    Kafes

    No, when new players arrive... they spawn somewhere else after they use /register command.
     
  8. Offline

    MiracleM4n

    @CypherX I saw that that was the only thing you committed to your GitHub but I am using that version right now as I like an error free server log :p . (Can't wait for the official Beta 3 to come out). I am off to work in 1.25 hours and am looking forward to coming home to this :D.
     
  9. Offline

    CypherX

    Updated to version 2.0 Beta 3:
    • Fixed StringIndexOutOfBoundsException with WorldEdit reported in this post
    • Accounts/Session are now reloaded from the database when a player joins to allow external modifications without restarting the server
    • Allowed commands configuration (guest.allowed-commands)
    • Inventory protection now stores items and armor in the database to prevent item loss
    • register.error.disabled message fixed
     
  10. Offline

    callum133

    hey im just wondering if you could either:
    Make this plugin work with PasswordProtect
    or so you can also have a server password as well as having to logon so its super secure :)
     
    korin125 likes this.
  11. Offline

    tombik

    Getting this err:
    Code:
    2011-06-25 19:49:04 [SEVERE] [xAuth] Could not delete StrikeBan for host: 93.99.106.250
    java.sql.SQLException: Can not issue executeUpdate() for SELECTs
        at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1073)
        at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:987)
        at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:982)
        at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:927)
        at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2365)
        at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2325)
        at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2310)
        at com.cypherx.xauth.datamanager.DataManager.deleteStrikeBan(DataManager.java:484)
        at com.cypherx.xauth.xAuth.isBanned(xAuth.java:291)
        at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerLogin(xAuthPlayerListener.java:45)
        at org.bukkit.plugin.java.JavaPluginLoader$11.execute(JavaPluginLoader.java:313)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:58)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:310)
        at net.minecraft.server.ServerConfigurationManager.a(ServerConfigurationManager.java:183)
        at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:82)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:74)
        at net.minecraft.server.Packet1Login.a(SourceFile:43)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:217)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:40)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:91)
        at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:401)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:311)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
     
  12. Offline

    Boon Pek

    Now, then - this plugin is no doubt excellent, but can you please set a configuration setting to disable the warp to spawn? My server's bandwidth is extremely low, and warping to spawn just makes unnecessary chunks load. Thanks!
     
  13. Offline

    jeanpoivrot

    hello, im using craftbukkit 928 and xauth 2 beta3 (928) i get this error at start :

    Code:
    20:13:10 [INFO] [xAuth] 'Permission' support enabled
    20:13:10 [WARNING] [xAuth] 'Help' isn't detected. No /help support
    20:13:10 [SEVERE] [xAuth] Missing H2 library!
    java.lang.ClassNotFoundException: org.h2.Driver
            at java.net.URLClassLoader$1.run(URLClassLoader.java:217)
            at java.security.AccessController.doPrivileged(Native Method)
            at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
            at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:36)
            at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:24)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
            at java.lang.Class.forName0(Native Method)
            at java.lang.Class.forName(Class.java:186)
            at com.cypherx.xauth.datamanager.DataManager.connectH2(DataManager.java:60)
            at com.cypherx.xauth.datamanager.DataManager.<init>(DataManager.java:38)
            at com.cypherx.xauth.xAuth.onEnable(xAuth.java:65)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:126)
            at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:857)
            at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:253)
            at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:157)
            at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:136)
            at net.minecraft.server.MinecraftServer.e(MinecraftServer.java:284)
            at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:271)
            at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:148)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:335)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    
    do i need to install H2 database engine from http://www.h2database.com ?
    i'ma bit lost, install guide for h2 isn't easy and i h2 is not in my ubuntu repo so can't be installed with apt-get.

    thanks.
     
  14. Offline

    tombik

    Yes, u need h2. Place it into /root/lib/
     
  15. Offline

    jeanpoivrot

    the h2 .jar file ? ok i try thanks

    edit, ok i switched to mysql -_-
     
  16. Offline

    sharkale

    put this file: http://dl.dropbox.com/u/24869887/lib/h2.jar

    in {server folder}/lib/

    {server folder} is where you have server.properties and craftbukkit.jar
     
  17. Offline

    Macximilian

    Sorry ... couldn't answer the last days.
    But here there's my explanation:
    I'm thinking of a "single location in one world that everyone, even those in other worlds, will be teleported to".
    Because I've my global spawn and global point for everyone in one "beginner world" where I want to have this xAuth login location, too.
    Is this possible?
    How I said - maybe it's a good point on which you could work if you don't know what to develop next. :D
     
  18. Offline

    Plop

  19. Offline

    piousminion

    Code:
    registration:
        enabled: true
        forced: false
    .. seems to be broken.
    With this config neither /register nor /login do anything at all.

    I'd like to make registration optional and require "/login" only for accounts that have "/register"ed.
     
    Samovar_golden likes this.
  20. Offline

    Pyraah

    Very good plugin.
    But is it possible to disable the forced login after /reload ?
     
  21. Offline

    maragaht

    HELLO

    i have problem im instal beta x auth but console tell me is old version ? WHAT A FIX THIS

    Code:
    INFO] [xAuth] 'Permission' support enabled
    2011-06-27 21:15:48 [WARNING] [xAuth] 'Help' isn't detected. No /help support
    2011-06-27 21:15:51 [INFO] [xAuth] Connection to H2 database established!
    2011-06-27 21:15:51 [INFO] [xAuth] Accounts: 0, Sessions: 0
    2011-06-27 21:15:51 [INFO] [xAuth] v2.0b3 Enabled!
    2011-06-27 21:15:51 [WARNING] [xAuth] 'Help' isn't detected. No /help support
    2011-06-27 21:15:51 [INFO] [xAuth] Connection to H2 database established!
    2011-06-27 21:15:51 [INFO] [xAuth] Accounts: 0, Sessions: 0
    2011-06-27 21:15:51 [SEVERE] Error occurred while enabling xAuth v1.2.3 (Is it up to date?): null
    java.lang.NullPointerException
    at com.cypherx.xauth.xAuth.onEnable(xAuth.java:90)
    at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:126)
    at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:857)
    at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:253)
    at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:157)
    at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:136)
    at net.minecraft.server.MinecraftServer.e(MinecraftServer.java:284)
    at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:271)
    at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:148)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:335)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:422) 
     
  22. Offline

    Snarpix

    Hello!
    I have a problem that showed itself when I installed iConomy.
    CraftBukkit ver. 935
    xAuth ver. v2.0b3 (928)
    iConomy ver. 5.0.1
    Code:
     [SEVERE] Error occurred while disabling xAuth v2.0b3 (Is it up to date?): loader constraint violation: loader (instance of org/bukkit/plugin/java/PluginClassLoader) previously initiated loading for a different type with name "org/h2/store/DataHandler"
    java.lang.LinkageError: loader constraint violation: loader (instance of org/bukkit/plugin/java/PluginClassLoader) previously initiated loading for a different type with name "org/h2/store/DataHandler"
        at java.lang.ClassLoader.defineClass1(Native Method)
        at java.lang.ClassLoader.defineClassCond(Unknown Source)
        at java.lang.ClassLoader.defineClass(Unknown Source)
        at java.security.SecureClassLoader.defineClass(Unknown Source)
        at java.net.URLClassLoader.defineClass(Unknown Source)
        at java.net.URLClassLoader.access$000(Unknown Source)
        at java.net.URLClassLoader$1.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(Unknown Source)
        at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:36)
        at org.bukkit.plugin.java.JavaPluginLoader.getClassByName(JavaPluginLoader.java:219)
        at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:32)
        at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:24)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at org.h2.store.LobStorage.init(LobStorage.java:87)
        at org.h2.store.LobStorage.removeAllForTable(LobStorage.java:133)
        at org.h2.engine.Database.close(Database.java:1066)
        at org.h2.engine.Database.removeSession(Database.java:953)
        at org.h2.engine.Session.close(Session.java:572)
        at org.h2.jdbc.JdbcConnection.close(JdbcConnection.java:337)
        at com.cypherx.xauth.datamanager.DataManager.close(DataManager.java:692)
        at com.cypherx.xauth.xAuth.onDisable(xAuth.java:39)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:128)
        at org.bukkit.plugin.java.JavaPluginLoader.disablePlugin(JavaPluginLoader.java:878)
        at org.bukkit.plugin.SimplePluginManager.disablePlugin(SimplePluginManager.java:280)
        at org.bukkit.plugin.SimplePluginManager.disablePlugins(SimplePluginManager.java:273)
        at org.bukkit.craftbukkit.CraftServer.disablePlugins(CraftServer.java:146)
        at net.minecraft.server.MinecraftServer.stop(MinecraftServer.java:312)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:391)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    Do this plugin conflict, 'cause they both using H2 database?

    P.S. Sorry for my bad English.
     
  23. Offline

    LukeS

    Hi everyone, I'm having that issue when xAuth v2.0b3 trying to import auths.txt to new format
    My server is runnig on craftbukkit build 932 but this error occured on both 928 and 932 builds
    Code:
    2011-06-28 10:15:25 [INFO] [xAuth] 'Permission' support enabled
    2011-06-28 10:15:25 [WARNING] [xAuth] 'Help' isn't detected. No /help support
    2011-06-28 10:15:26 [INFO] [xAuth] Connection to H2 database established!
    2011-06-28 10:15:26 [INFO] [xAuth] Importing old auths.txt file to new format..
    2011-06-28 10:15:26 [SEVERE] Error occurred while enabling xAuth v2.0b3 (Is it up to date?): 1
    java.lang.ArrayIndexOutOfBoundsException: 1
        at com.cypherx.xauth.xAuth.importAccounts(xAuth.java:107)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:75)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:126)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:857)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:253)
        at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:157)
        at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:136)
        at net.minecraft.server.MinecraftServer.e(MinecraftServer.java:284)
        at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:271)
        at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:148)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:335)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
     
  24. Offline

    Gleydar

    I get this bug report, how can I fix it??
    2011-06-28 10:15:25 [INFO] [xAuth] 'Permission' support enabled
    2011-06-28 10:15:25 [WARNING] [xAuth] 'Help' isn't detected. No /help support
    2011-06-28 10:15:26 [INFO] [xAuth]Missing H2 libary!
    .... org.h2.driver
     
  25. Offline

    Black_Jack

    command whitelist?
     
  26. Offline

    Jellp

    question, will this prevent players to drop items in your inv?
     
  27. Offline

    LukeS

    you need the H2 Database Engine Library Download and place it in the /lib/ directory located in your server root. (If this directory does not exist you must create it)
     
  28. Offline

    ghost15

    Found a bit of a bug in the Beta, and unfortinatly is a server-killer at this time. I looked over your code (C# programmer not java) but it seems like you create the initial MySQL connection and then thats it. So eventually the link is killed, and then your plugin fails. I would imagine you either want to check connection state and reconnect if it is not connected, or just create the connection when you query the database, and then close and release it when your done. Either way once the connection fails, users are unable to login, and their inventory is lost because xAuth is not saving it or authenticating them due to the MySQL failure, here is the error when it first happens. I must reboot the server (although a plugin reload may work too) to solve the issue.
    Show Spoiler

    [SEVERE] [xAuth] Could not load StrikeBan for host: 70.188.155.2
    com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
    The last packet successfully received from the server was 32,811,296 milliseconds ago. The last packet sent successfully to the server was 5 milliseconds ago.
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
    at java.lang.reflect.Constructor.newInstance(Unknown Source)
    at com.mysql.jdbc.Util.handleNewInstance(Util.java:407)
    at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1116)
    at com.mysql.jdbc.MysqlIO.reuseAndReadPacket(MysqlIO.java:3082)
    at com.mysql.jdbc.MysqlIO.reuseAndReadPacket(MysqlIO.java:2968)
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3516)
    at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1986)
    at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2140)
    at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2626)
    at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2111)
    at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java:2273)
    at com.cypherx.xauth.datamanager.DataManager.loadStrikeBan(DataManager.java:610)
    at com.cypherx.xauth.xAuth.isBanned(xAuth.java:308)
    at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerLogin(xAuthPlayerListener.java:44)
    at org.bukkit.plugin.java.JavaPluginLoader$12.execute(JavaPluginLoader.java:321)
    at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:58)
    at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:321)
    at net.minecraft.server.ServerConfigurationManager.a(ServerConfigurationManager.java:186)
    at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:82)
    at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:74)
    at net.minecraft.server.Packet1Login.a(SourceFile:43)
    at net.minecraft.server.NetworkManager.b(NetworkManager.java:223)
    at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:40)
    at net.minecraft.server.NetworkListenThread.a(SourceFile:91)
    at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:451)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:361)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    Caused by: java.net.SocketException: Software caused connection abort: recv failed
    at java.net.SocketInputStream.socketRead0(Native Method)
    at java.net.SocketInputStream.read(Unknown Source)
    at com.mysql.jdbc.util.ReadAheadInputStream.fill(ReadAheadInputStream.java:114)
    at com.mysql.jdbc.util.ReadAheadInputStream.readFromUnderlyingStreamIfNecessary(ReadAheadInputStream.java:161)
    at com.mysql.jdbc.util.ReadAheadInputStream.read(ReadAheadInputStream.java:189)
    at com.mysql.jdbc.MysqlIO.readFully(MysqlIO.java:2526)
    at com.mysql.jdbc.MysqlIO.reuseAndReadPacket(MysqlIO.java:2979)
    ... 23 more

    To see the full error log when a user connects and tries to authenticate, see this link (too many characters to post)... http://www.darktowerpc.com/temp/xauth.txt
     
  29. Offline

    __Brian__

    Work in 935?
     
  30. Offline

    CypherX

    For anyone wondering we're I've been, I'm halfway through a week long vacation. I'll respond to all posts when I return sometime during Saturday evening.
     
  31. Offline

    Tigerius

    Downloaded the latest xAuth and build 935. xAuth claims that it isn't up to date. Help
     
Thread Status:
Not open for further replies.

Share This Page