Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    Mrchasez

    Whos fixing it, you?
     
  3. Offline

    vanlompegem

    when people join and they need to login they spawn beneeth my spawn location
     
  4. Offline

    dark_black_side

    No fix, some guys give me the tip to change something in the config. See on top of
    this page.

    I only want to say sorry!
     
  5. Offline

    telmer6

    xAuth version: 2.0b4.3
    CraftBukkit build: b1597
    Description of error/bug: User kicked on login
    Error log: [WARNING] Failed to handle packet: java.lang.NullPointerException
    java.lang.NullPointerException
    at org.bukkit.craftbukkit.entity.CraftPlayer.teleport(CraftPlayer.java:308)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:194)
    at net.minecraft.server.Packet10Flying.a(SourceFile:126)
    at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:93)
    at net.minecraft.server.NetworkListenThread.a(SourceFile:108)
    at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:527)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:425)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
    [INFO] /##.###.##.###:##### lost connection
    Other information: When a player joins (before xAuth log in), they are booted (above message) and have to join again. Then it works fine. When I join (same network) I'm booted, and have to restart the server before I can join.
    Server OS: Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic-pae i686)
     
  6. Offline

    moparisthebest

    I'm wondering this myself. I guess I'll probably take up the maintenance of this plugin since I require it for my community, and I have forked and worked on xAuth before (I'm the one who added authURL support, you can confirm this by looking at github). I'm just waiting for Multi-verse to be updated before upgrading my server, I'll have to fix xAuth before then.

    But, to the point, I don't know about this bug in the first place, so I have no idea how to go about fixing it. I'm assuming my server as-is is immune to the bug since there aren't any ops on it in the first place.

    Editing 'bug exploits' out of posts helps no one, security through obscurity is no security at all, so if there is a bug, it would be better off in the public so everyone knows about it and can try and do something about it. Otherwise, it's just the bad guys that know about it and exploit it. So why don't one of you who knows the problem post an issue on github where it can be addressed and not 'edited out to protect people' :rolleyes:

    https://github.com/CypherX/xAuth/issues
     
  7. Offline

    CyborgOne

    if I stop my Server i get the following error.


    Code:
    10:58:51 [SEVERE] Error occurred while disabling xAuth v2.0b3.5 (Is it up to date?): loader constraint violation: loader (instance of org/bukkit/plugin/java/PluginClassLoader) previously initiated loading for a different type with name "org/h2/store/DataHandler"
    java.lang.LinkageError: loader constraint violation: loader (instance of org/bukkit/plugin/java/PluginClassLoader) previously initiated loading for a different type with name "org/h2/store/DataHandler"
            at java.lang.ClassLoader.defineClass1(Native Method)
            at java.lang.ClassLoader.defineClass(ClassLoader.java:634)
            at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
            at java.net.URLClassLoader.defineClass(URLClassLoader.java:277)
            at java.net.URLClassLoader.access$000(URLClassLoader.java:73)
            at java.net.URLClassLoader$1.run(URLClassLoader.java:212)
            at java.security.AccessController.doPrivileged(Native Method)
            at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
            at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:36)
            at org.bukkit.plugin.java.JavaPluginLoader.getClassByName(JavaPluginLoader.java:221)
            at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:32)
            at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:24)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
            at org.h2.store.LobStorage.init(LobStorage.java:89)
            at org.h2.store.LobStorage.removeAllForTable(LobStorage.java:147)
            at org.h2.engine.Database.close(Database.java:1046)
            at org.h2.engine.Database.removeSession(Database.java:964)
            at org.h2.engine.Session.close(Session.java:563)
            at org.h2.jdbc.JdbcConnection.close(JdbcConnection.java:363)
            at com.cypherx.xauth.datamanager.DataManager.close(DataManager.java:760)
            at com.cypherx.xauth.xAuth.onDisable(xAuth.java:39)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:190)
            at org.bukkit.plugin.java.JavaPluginLoader.disablePlugin(JavaPluginLoader.java:989)
            at org.bukkit.plugin.SimplePluginManager.disablePlugin(SimplePluginManager.java:296)
            at org.bukkit.plugin.SimplePluginManager.disablePlugins(SimplePluginManager.java:289)
            at org.bukkit.craftbukkit.CraftServer.disablePlugins(CraftServer.java:181)
            at net.minecraft.server.MinecraftServer.stop(MinecraftServer.java:376)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:455)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
    
     
  8. Offline

    The Wizard

    You don't have to be an op to exploit the bug.
    I have bperm, If I use the bug I can bypass the login sistem and I can give diamonds to players.
    You can't write in chat, but you can use cmds (ban, unban, kick, etc.)
    Spout plugin apparently fix this bug.
    If you don't know how to use the bug send me a PM and I'll explain.
     
  9. Offline

    Deleted user

    Why would you do this? Reported.
     
  10. Offline

    The Wizard

    ^OMFG noob alert...
    moparisthebest want to fix the plugin. How to fix the problem if he doesn't know how to reproduce it?
     
  11. Offline

    Korrosive

    Easy, send them a MP with te bug.
     
  12. Offline

    moparisthebest

    Ok, it turns out this was already reported and explained on github:

    https://github.com/CypherX/xAuth/issues/19

    But according to the wizard, if you have:
    reverse-enforce-single-session: false
    or if you have Spout, then the 'exploit' doesn't work. So until I have a go at fixing the problem, I suggest you people having the issue do one or both of the above.
     
  13. Offline

    Keiaxx

    My simple fix for that bug is to totally disable the /op command in-game using PLGdisablecmd so that the op command can only be used thru the server console and not be used in game, even an op. I dont mind that since I dont really op people in game. Hope this helps:D
     
  14. Offline

    moparisthebest

    But apparently using the bug lets you access ANY command that that player has access to. I don't even have any ops on my server at all, but staff still have access to ban/unban and rollback commands, so an 'attacker' could too if I didn't have spout installed.
     
  15. Offline

    OffLuffy

    I have xAuth linked to a MySQL database on the host machine, and we used one of your SQL files to build the tables, yet in the `strikes` table, the `strikeip` and `playername` seem to be missing. I don't suppose this is a big problem, but there is a `host` and `bantime` in that table instead. Can I just create the columns necessary to avoid this spamming? If so, can I get details for each column? (type, attributes and such) And I'd also like to know if the two columns there already are necessary or can be deleted? Or better yet, maybe there's another SQL file I missed when doing this?
    Thanks in advance -Luficer

    The error:
    Code:
    [SEVERE] [xAuth] SQL query failure [write] (DELETE FROM `strikes` WHERE `strikeip` = ? AND `playername` = ?)
    com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'strikeip' in 'where clause'
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
        at java.lang.reflect.Constructor.newInstance(Unknown Source)
        at com.mysql.jdbc.Util.handleNewInstance(Util.java:407)
        at com.mysql.jdbc.Util.getInstance(Util.java:382)
        at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052)
        at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3593)
        at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3525)
        at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1986)
        at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2140)
        at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2626)
        at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2111)
        at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2407)
        at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2325)
        at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2310)
        at com.cypherx.xauth.database.Database.queryWrite(Database.java:90)
        at com.cypherx.xauth.database.DbUtil.deleteStrikes(DbUtil.java:150)
        at com.cypherx.xauth.xAuth.login(xAuth.java:364)
        at com.cypherx.xauth.commands.LoginCommand.onCommand(LoginCommand.java:73)
        at org.bukkit.command.PluginCommand.execute(PluginCommand.java:40)
        at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:165)
        at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:378)
        at net.minecraft.server.NetServerHandler.handleCommand(NetServerHandler.java:757)
        at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:722)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:715)
        at org.getspout.spout.SpoutNetServerHandler.a(SpoutNetServerHandler.java:180)
        at net.minecraft.server.Packet3Chat.a(Packet3Chat.java:33)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:93)
        at org.getspout.spout.SpoutNetServerHandler.a(SpoutNetServerHandler.java:550)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:108)
        at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:527)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:425)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
     
  16. Offline

    beleg

  17. Offline

    Slime

    Hello guys, I have a big Problem, there's a way to bypass xAuth, so you can log in ever nickname you have already registered, please dev. of xAuth to review this post, will not post how its done, will post to dev. of plugin, need that bug fixed, plz
     
  18. Offline

    beleg

    ya we know -.-
     
  19. Offline

    xMinecraft

    when they go to upgrade to Minecraft 1.1?
     
  20. Offline

    oglop

    I donno where I downloaded it but it seems it keeps enhancements.
     

    Attached Files:

  21. Offline

    Flashsplash

    It only works in 1337? not the 1.1 update?
     
  22. Offline

    MRI

    probably the plugin works on all bukkit version.
    I use this on 1720 and work fine
     
  23. Offline

    XtenD

    This epic plugin must be updated ;(
     
  24. Offline

    oglop

    Try my file maybe it would work.. then you can tell us .. its working on cb 1702 mc 1.0
     
  25. Offline

    Hydrosis

    Can someone please help me fix this error:
    Code:
    2012-01-14 11:43:42 [SEVERE] [xAuth] SQL query failure [write] (ALTER TABLE `tele_locations` ADD COLUMN `uid` VARCHAR(36) NULL BEFORE `worldname`)
    org.h2.jdbc.JdbcSQLException: Column "WORLDNAME" not found; SQL statement:
    ALTER TABLE `tele_locations` ADD COLUMN `uid` VARCHAR(36) NULL BEFORE `worldname` [42122-159]
        at org.h2.message.DbException.getJdbcSQLException(DbException.java:329)
        at org.h2.message.DbException.get(DbException.java:169)
        at org.h2.message.DbException.get(DbException.java:146)
        at org.h2.table.Table.getColumn(Table.java:595)
        at org.h2.command.ddl.AlterTableAlterColumn.cloneTableStructure(AlterTableAlterColumn.java:258)
        at org.h2.command.ddl.AlterTableAlterColumn.copyData(AlterTableAlterColumn.java:196)
        at org.h2.command.ddl.AlterTableAlterColumn.update(AlterTableAlterColumn.java:132)
        at org.h2.command.CommandContainer.update(CommandContainer.java:71)
        at org.h2.command.Command.executeUpdate(Command.java:212)
        at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(JdbcPreparedStatement.java:143)
        at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPreparedStatement.java:129)
        at com.cypherx.xauth.database.Database.queryWrite(Database.java:90)
        at com.cypherx.xauth.database.DbUpdate.update(DbUpdate.java:61)
        at com.cypherx.xauth.database.DbUpdate.update(DbUpdate.java:39)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:98)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:188)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:968)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:280)
        at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:186)
        at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:169)
        at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:348)
        at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:335)
        at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:165)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:399)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
    2012-01-14 11:43:42 [SEVERE] [xAuth] Database update (1 -> 2) failed!
    I got this after I tried to use xAuthsync.jar. :(
     
  26. Hey, I currently have a very short name on Minecraft (2 letters) and I think it is this plugin saying that my name is not long enough. Just letting you know that minecraft does accept 2 letter and above length names.
     
  27. Offline

    djrazr

    Am i right if that there are no configurable messages for the URL authentication method right now? ("null" on wrong password and "Player NAME logged in with forum name 'NAME' on successful login)

    BTW: here's a workin script for phpBB 3.0.9 :
    PHP:
    <?
    // this script is tested with phpBB 3.0.9 / written by djrazr
     
    /* The format is also pretty simple, and always returns exactly 2 lines.
     
    if successful, return this:
     
    YES
    String to welcome user
     
    if not successful, return this:
     
    ERROR
    String to return to user describing error
     
    */
     
    // $localaddr should be the IP your webserver is listening on, if this page isn't being visited by the same IP ($_SERVER['REMOTE_ADDR'])
    // then errors are logged and a warning email is sent to the email configured in done() so no one tries to use this to bruteforce
    // passwords, you really should just restrict this to only the server accessing it, I only make it accessible over localhost or to
    // my home address over SSL only.
    $localaddr "127.0.0.1";
    if(
    $_SERVER['REMOTE_ADDR'] != $localaddr) die("Access Denied!");
    define('IN_PHPBB'true);
    $phpbb_root_path './';
    $phpEx substr(strrchr(__FILE__'.'), 1);
    include(
    $phpbb_root_path 'common.' $phpEx);
     
    // Start session management
    $user->session_begin();
    $auth->acl($user->data);
    $user->setup();
     
    $username request_var('user'''true);
    $password request_var('pass'''true);
     
    if(
    $username && $password)
    {
        
    $sql 'SELECT user_password
            FROM ' 
    USERS_TABLE "
            WHERE username_clean = '" 
    $db->sql_escape(utf8_clean_string($username)) . "'";
        
    $result $db->sql_query($sql);
        
    $user_password $db->sql_fetchfield('user_password');
        
    $db->sql_freeresult($result);
     
        
    //Check if user exists / query of username was succesfull
        
    if(!$user_password){echo('Name not registered, must put in profile on forum: URL_TO_YOUR_FORUM');}
     
        
    //Check password
        
    if(phpbb_check_hash($password$user_password))
        {
            echo(
    "YES\n".$username." is now online."); //you could also show stats here..
        
    }
        else
        {
            echo(
    'ERROR\nIncorrect Password, make sure you use your forum password.');
        }
    }
    else
    {
        
    //Username and or password not provided
        
    echo('ERROR\nIncorrect usage.');
     
    }          
    ?>
     
    humandk55 likes this.
  28. Offline

    _Robert

    I don't know guys, i don't know if i have the time! There're many things to be fixed, and i just begun to work in java! I just made this fix cause it was easy to make it and i needed for my server.

    Currently i'm on vacations! I will give it a shot to solve some thing when i come back, but i don't promise anything!

    I got other work's that are prioritary, for ie http://cor.to, and of course my collegue studies too! So i really don't know if i have the time =/.

    If i decide to continue the develpment of this plugin i will let you know, don't worry :).

    Cya!
     
  29. Offline

    tdrive

    Has found a bug: After relogin improvement of subjects vanishes.
    I have solved this problem here so:
    DbUtil.java
    Code:
    package com.cypherx.xauth.database;
     
    import java.sql.PreparedStatement;
    import java.sql.ResultSet;
    import java.sql.SQLException;
    import java.util.List;
     
    import org.bukkit.inventory.ItemStack;
    import org.bukkit.inventory.PlayerInventory;
     
    import com.cypherx.xauth.Account;
    import com.cypherx.xauth.Session;
    import com.cypherx.xauth.TeleLocation;
    import com.cypherx.xauth.xAuthLog;
    import com.cypherx.xauth.xAuthPlayer;
    import com.cypherx.xauth.xAuthSettings;
    import com.cypherx.xauth.database.Database.DBMS;
    import com.cypherx.xauth.util.Util;
     
     
    import java.util.HashMap; // my
    import java.util.Map; // my
    import java.util.Set;
    import org.bukkit.enchantments.Enchantment;
     
     
    public class DbUtil {
     
        /* START ACCOUNT METHODS */
        public static void saveAccount(Account account) {
            if (account.getId() == 0)
                insertAccount(account);
            else
                updateAccount(account);
        }
     
        private static void insertAccount(Account account) {
            String sql = "INSERT INTO `" + xAuthSettings.tblAccount + "`" +
                            " (`playername`, `password`, `email`, `registerdate`, `registerip`, `lastlogindate`, `lastloginip`, `active`)" +
                                " VALUES" +
                            " (?, ?, ?, ?, ?, ?, ?, ?)";
            Database.queryWrite(sql, account.getPlayerName(), account.getPassword(), account.getEmail(),
                    account.getRegisterDate(), account.getRegisterHost(), account.getLastLoginDate(),
                    account.getLastLoginHost(), account.getActive());
            account.setId(Database.lastInsertId());
        }
     
        private static void updateAccount(Account account) {
            String sql = "UPDATE `" + xAuthSettings.tblAccount + "`" +
                        " SET" +
                            " `playername` = ?," +
                            "`password` = ?," +
                            "`email` = ?," +
                            "`registerdate` = ?," +
                            "`registerip` = ?," +
                            "`lastlogindate` = ?," +
                            "`lastloginip` = ?," +
                            "`active` = ?" +
                        " WHERE id = ?";
     
            Database.queryWrite(sql, account.getPlayerName(), account.getPassword(), account.getEmail(),
                    account.getRegisterDate(), account.getRegisterHost(), account.getLastLoginDate(),
                    account.getLastLoginHost(), account.getActive(), account.getId());
        }
     
        public static void insertAccounts(List<Account> accounts) {
            String sql = "INSERT INTO `" + xAuthSettings.tblAccount + "` (`playername`, `password`) VALUES (?, ?)";
            Account account;
     
            try {
                PreparedStatement stmt = Database.getConnection().prepareStatement(sql);
     
                for (int i = 0; i < accounts.size(); i++) {
                    account = accounts.get(i);
                    stmt.setString(1, account.getPlayerName());
                    stmt.setString(2, account.getPassword());
                    stmt.addBatch();
                }
     
                Database.queryBatch(stmt);
            } catch (SQLException e) {
                e.printStackTrace();
            }
        }
     
        public static void deleteAccount(xAuthPlayer xPlayer) {
            String sql = "DELETE FROM `" + xAuthSettings.tblAccount + "` WHERE `id` = ?";
            Database.queryWrite(sql, xPlayer.getAccount().getId());
            xPlayer.setAccount(null);
            xPlayer.setSession(null);
        }
        /* END ACCOUNT METHODS */
     
        /* START SESSION METHODS */
        public static void insertSession(Session session) {
            String sql = "INSERT INTO `" + xAuthSettings.tblSession + "` VALUES (?, ?, ?)";
            Database.queryWrite(sql, session.getAccountId(), session.getHost(), session.getLoginTime());
        }
     
        public static void deleteSession(xAuthPlayer xPlayer) {
            String sql = "DELETE FROM `" + xAuthSettings.tblSession + "` WHERE `accountid` = ?";
            Database.queryWrite(sql, xPlayer.getSession().getAccountId());
            xPlayer.setSession(null);
        }
        /* END SESSION METHODS */
     
        /* START LOCATION METHODS */
        public static void insertTeleLocation(TeleLocation teleLocation) {
            String sql = "INSERT INTO `" + xAuthSettings.tblLocation + "` VALUES (?, ?, ?, ?, ?, ?, ?)";
            Database.queryWrite(sql, teleLocation.getUID().toString(), teleLocation.getX(), teleLocation.getY(), teleLocation.getZ(),
                    teleLocation.getYaw(), teleLocation.getPitch(), teleLocation.getGlobal());
        }
     
        public static void updateTeleLocation(TeleLocation teleLocation) {
            String sql = "UPDATE `" + xAuthSettings.tblLocation + "` " +
                        "SET " +
                            "`x` = ?, " +
                            "`y` = ?, " +
                            "`z` = ?, " +
                            "`yaw` = ?, " +
                            "`pitch` = ?, " +
                            "`global` = ? " +
                        "WHERE `uid` = ?";
            Database.queryWrite(sql, teleLocation.getX(), teleLocation.getY(), teleLocation.getZ(), teleLocation.getYaw(),
                    teleLocation.getPitch(), teleLocation.getGlobal(), teleLocation.getUID().toString());
        }
     
        public static void deleteTeleLocation(TeleLocation teleLocation) {
            String sql = "DELETE FROM `" + xAuthSettings.tblLocation + "` WHERE `uid` = ?";
            Database.queryWrite(sql, teleLocation.getUID().toString());
        }
        /* END LOCATION METHODS */
     
        /* START STRIKE METHODS */
        public static int getStrikeCount(String host) {
            deleteExpiredStrikes(host);
            String sql = "SELECT COUNT(*) FROM `" + xAuthSettings.tblStrike + "` WHERE `strikeip` = ?";
            ResultSet rs = Database.queryRead(sql, host);
            int strikes = 0;
     
            try {
                if (rs.next())
                    strikes = rs.getInt(1);
            } catch (SQLException e) {
                xAuthLog.severe("Could not get strike count for host: " + host, e);
            }
     
            return strikes;
        }
     
        public static void insertStrike(String host, String playerName) {
            String sql = "INSERT INTO `" + xAuthSettings.tblStrike + "` VALUES (?, ?, ?)";
            Database.queryWrite(sql, Util.getNow(), host, playerName);
        }
     
        public static void deleteStrikes(String host, String playerName) {
            String sql = "DELETE FROM `" + xAuthSettings.tblStrike + "` WHERE `strikeip` = ? AND `playername` = ?";
            Database.queryWrite(sql, host, playerName);
        }
     
        private static void deleteExpiredStrikes(String host) {
            String sql;
     
            if (Database.getDBMS() == DBMS.H2)
                sql = "DELETE FROM `" + xAuthSettings.tblStrike + "`" +
                        " WHERE NOW() > DATEADD('SECOND', " + xAuthSettings.strikeLength + ", `striketime`)";
            else
                sql = "DELETE FROM `" + xAuthSettings.tblStrike + "`" +
                        " WHERE NOW() > ADDDATE(`striketime`, INTERVAL " + xAuthSettings.strikeLength + " SECOND)";
     
            Database.queryWrite(sql);
        }
        /* END STRIKE METHODS */
     
        /* START INVENTORY METHODS */
        public static ItemStack[] getInventory(xAuthPlayer xPlayer) {
            String sql = "SELECT * FROM `" + xAuthSettings.tblInventory + "` WHERE `playername` = ?";
            ResultSet rs = Database.queryRead(sql, xPlayer.getPlayerName());
            ItemStack[] inv = null;
                    sql = "SELECT * FROM `enchant` WHERE `playername` = ?";
            ResultSet rs2 = Database.queryRead(sql, xPlayer.getPlayerName());
           
            try {
                if (rs.next() && rs2.next()) {
                    int[] itemid = Util.stringToInt(rs.getString("itemid").split(","));
                    int[] amount = Util.stringToInt(rs.getString("amount").split(","));
                    int[] durability = Util.stringToInt(rs.getString("durability").split(","));
                                    String[] keyString = rs2.getString("key").split(",");
                                    int[] keyValue = Util.stringToInt(rs2.getString("value").split(","));
                    inv = new ItemStack[itemid.length];
     
                    for (int i = 0; i < inv.length; i++){
                        inv[i] = new ItemStack(itemid[i], amount[i], (short)durability[i]);
     
                                            if(!keyString[i].equals("0")){
     
                                                Enchantment key = Enchantment.getByName(keyString[i]);
                                                Map<Enchantment,Integer> enchant = new HashMap();
                                                enchant.put(key, keyValue[i]);
                                                inv[i].addEnchantments(enchant);
                                            }
                                    }       
                }
            } catch (SQLException e) {
                xAuthLog.severe("Could not load inventory for player: " + xPlayer.getPlayerName(), e);
            } finally {
                try {
                    rs.close();
                } catch (SQLException e) {}
            }
     
            return inv;
        }
     
        public static void insertInventory(xAuthPlayer xPlayer) {
            String sql = "SELECT * FROM `" + xAuthSettings.tblInventory + "` WHERE `playername` = ?";
            ResultSet rs = Database.queryRead(sql, xPlayer.getPlayerName());
     
            try {
                if (rs.next())
                    return;
            } catch (SQLException e) {
                xAuthLog.severe("Could not check inventory for player: " + xPlayer.getPlayerName(), e);
            } finally {
                try {
                    rs.close();
                } catch (SQLException e) {}
            }
     
            PlayerInventory inv = xPlayer.getPlayer().getInventory();
            StringBuilder sbItems = new StringBuilder();
            StringBuilder sbAmount = new StringBuilder();
            StringBuilder sbDurability = new StringBuilder();
                    StringBuilder sbkeyString = new StringBuilder();
                    StringBuilder sbkeyValue = new StringBuilder();
     
            for (ItemStack item : inv.getContents()) {
                int itemid = 0;
                int amount = 0;
                short durability = 0;
                            String keyString = "0";
                            int keyValue = 0;
                            Map<Enchantment,Integer> enchant = new HashMap();
                           
     
                if (item != null) {
                    itemid = item.getTypeId();
                                    amount = item.getAmount();
                    durability = item.getDurability();
     
     
                                    enchant = item.getEnchantments();
                                    if (!enchant.isEmpty()){
                                                       
                                        Enchantment[] key = enchant.keySet().toArray(new Enchantment[0]);
                                        keyString = key[0].getName();
                                        keyValue = enchant.get(key[0]);
     
     
                                    }
                }
     
                sbItems.append(itemid + ",");
                sbAmount.append(amount + ",");
                sbDurability.append(durability + ",");
                            sbkeyString.append(keyString + ",");
                            sbkeyValue.append(keyValue + ",");
                           
                    }
     
            for (ItemStack item : inv.getArmorContents()) {
                int itemid = 0;
                int amount = 0;
                short durability = 0;
                            String keyString = "0";
                            int keyValue = 0;
                            Map<Enchantment,Integer> enchant = new HashMap();
                           
                if (item != null) {
                    itemid = item.getTypeId();
                    amount = item.getAmount();
                    durability = item.getDurability();
                                   
                                    enchant = item.getEnchantments();
                                    if (!enchant.isEmpty()){
                                        Enchantment[] key = enchant.keySet().toArray(new Enchantment[0]);
                                        keyString = key[0].getName();
                                        keyValue = enchant.get(key[0]);
                                    }
                }
     
                sbItems.append(itemid + ",");
                sbAmount.append(amount + ",");
                sbDurability.append(durability + ",");
                            sbkeyString.append(keyString + ",");
                            sbkeyValue.append(keyValue + ",");
            }
     
            sbItems.deleteCharAt(sbItems.lastIndexOf(","));
            sbAmount.deleteCharAt(sbAmount.lastIndexOf(","));
            sbDurability.deleteCharAt(sbDurability.lastIndexOf(","));
            sbkeyString.deleteCharAt(sbkeyString.lastIndexOf(","));
            sbkeyValue.deleteCharAt(sbkeyValue.lastIndexOf(","));
     
                   
            sql = "INSERT INTO `" + xAuthSettings.tblInventory + "` VALUES (?, ?, ?, ?)";
            Database.queryWrite(sql, xPlayer.getPlayerName(), sbItems.toString(), sbAmount.toString(), sbDurability.toString());
                    sql = "INSERT INTO `enchant` VALUES (?, ?, ?)";
            Database.queryWrite(sql, xPlayer.getPlayerName(), sbkeyString.toString(), sbkeyValue.toString());
        }
     
        public static void deleteInventory(xAuthPlayer xPlayer) {
            String sql = "DELETE FROM `" + xAuthSettings.tblInventory + "` WHERE `playername` = ?";
            Database.queryWrite(sql, xPlayer.getPlayerName());
                    sql = "DELETE FROM `enchant` WHERE `playername` = ?";
            Database.queryWrite(sql, xPlayer.getPlayerName());
        }
        /* END INVENTORY FUNCTIONS */
     
        public static xAuthPlayer getPlayerFromDb(String playerName) {
            xAuthPlayer xPlayer = null;
            String sql = "SELECT a.*, s.*" +
                        " FROM `" + xAuthSettings.tblAccount + "` a" +
                        " LEFT JOIN `" + xAuthSettings.tblSession + "` s" +
                            " ON a.id = s.accountid" +
                        " WHERE `playername` = ?";
            ResultSet rs = Database.queryRead(sql, playerName);
     
            try {
                if (rs.next())
                    xPlayer = new xAuthPlayer(playerName, Util.buildAccount(rs), Util.buildSession(rs));
            } catch (SQLException e) {
                xAuthLog.severe("Could not load player: " + playerName, e);
            } finally {
                try {
                    rs.close();
                } catch (SQLException e) {}
            }
     
            return xPlayer;
        }
     
        public static xAuthPlayer reloadPlayer(xAuthPlayer xPlayer) {
            String sql = "SELECT a.*, s.*" +
                            " FROM `" + xAuthSettings.tblAccount + "` a" +
                            " LEFT JOIN `" + xAuthSettings.tblSession + "` s" +
                                " ON a.id = s.accountid" +
                            " WHERE `playername` = ?";
            ResultSet rs = Database.queryRead(sql, xPlayer.getPlayerName());
     
            try {
                if (rs.next()) {
                    xPlayer.setAccount(Util.buildAccount(rs));
                    xPlayer.setSession(Util.buildSession(rs));
                }
            } catch (SQLException e) {
                xAuthLog.severe("Could not reload player: " + xPlayer.getPlayerName(), e);
            } finally {
                try {
                    rs.close();
                } catch (SQLException e) {}
            }
     
            return xPlayer;
        }
     
        public static int getActive(String playerName) {
            String sql = "SELECT `active` FROM `" + xAuthSettings.tblAccount + "` WHERE `playername` = ?";
            ResultSet rs = Database.queryRead(sql, playerName);
     
            try {
                if (rs.next())
                    return rs.getInt("active");
            } catch (SQLException e) {
                xAuthLog.severe("Could not check active status of player: " + playerName, e);
            } finally {
                try {
                    rs.close();
                } catch (SQLException e) {}
            }
     
            return 0;
        }
     
        public static void deleteExpiredSessions() {
            String sql;
     
            if (Database.getDBMS() == DBMS.H2)
                sql = "DELETE FROM `" + xAuthSettings.tblSession + "`" +
                        " WHERE NOW() > DATEADD('SECOND', " + xAuthSettings.sessionLength + ", `logintime`)";
            else
                sql = "DELETE FROM `" + xAuthSettings.tblSession + "`" +
                        " WHERE NOW() > ADDDATE(`logintime`, INTERVAL " + xAuthSettings.sessionLength + " SECOND)";
     
            Database.queryWrite(sql);
        }
     
        public static void printStats() {
            String sql = "SELECT" +
                    " (SELECT COUNT(*) FROM `" + xAuthSettings.tblAccount + "`) AS accounts," +
                    " (SELECT COUNT(*) FROM `" + xAuthSettings.tblSession + "`) AS sessions";
            ResultSet rs = Database.queryRead(sql);
     
            try {
                if (rs.next())
                    xAuthLog.info("Accounts: " + rs.getInt("accounts") + ", Sessions: " + rs.getInt("sessions"));
            } catch (SQLException e) {
                xAuthLog.severe("Could not fetch xAuth statistics!", e);
            } finally {
                try {
                    rs.close();
                } catch (SQLException e) {}
            }
        }
     
        public static int getAccountCount(String host) {
            String sql = "SELECT COUNT(*) FROM `" + xAuthSettings.tblAccount + "` WHERE `registerip` = ?";
            ResultSet rs = Database.queryRead(sql, host);
            int count = 0;
     
            try {
                if (rs.next())
                    count = rs.getInt(1);
            } catch (SQLException e) {
                xAuthLog.severe("Could not get account count for host: " + host, e);
            } finally {
                try {
                    rs.close();
                } catch (SQLException e) {}
            }
     
            return count;
        }
    }
    I hope there will be an official fix in the following version.
     
  30. Offline

    mmmmmm419

    im geting a problom where the server auto kicks people and says "bye bye :D" on console it says could not pass event PLAYER_JOIN to xauth
     
  31. Offline

    Koksons

Thread Status:
Not open for further replies.

Share This Page