[INACTIVE][SEC] AnjoSecurity v1.6c - Offline-Mode User Registration [440-531+]

AnjoSecurity - Offline-Mode User Registration System
Version: v1.6c

This version it's just a minor update to make it work with newer CB and GM. When GM gets it's final version I'll start working on future plans for this.

---

This plugin uses GroupManager plugin(optional, but recommended if you want to block commands):
http://forums.bukkit.org/threads/ad...0-7-because-permissions-is-past-326-353.4723/
With this you can block all commands of plugins that uses Permissions plugin.

This plugin is to help people prevent griefing and abusing while your server is in offline-mode. When mineceraft server is down you have no choice than setting up offline-mode. When this option is enabled anyone can connect within your server with their desired username, it brings up the problem that someone can connect with administrator name and abuse with all his loot and commands. This plugin will set up user registration with a custom password for your server, and only the person with that password will be able to use that username.

Did I say it is open-source? You can get it on GitHub and modify as you want.

Features:

• Prevents registered users to do anything while not logged in.
• (toggle-able)Prevents non-registered users to do actions(move,destroy,etc).
• (toggle-able)Prevents non-registered users to do summon commands.
• (toggle-able)Remove all loot of non-registered users when joining the server(and tp to spawn).
• (toggle-able)Registration system. You can deactivate registrations anytime.
• Every user can remove their registration, so they can register with other password.
• Users listed on settings.properties, while logged in, can remove any user registration.
• (configurable) Session time. You can set the session duration, so if a user drops connection a lot, he would not need to /login again.(default 30 minutes)
• Interacts with GroupManager permission plugin(the one replacing Nijikokun's Permissions plugin, yet fully compatible) to prevent running registered commands.
• ALLOW List. You can allow certain users to register, even if registration is deactivated.

Commands (all of them speech for themselves):

• /register <password> - it registers with the given password
• /login <password> - it tries to login with the given password
• /reset <password> - if the password is correct, remove registration
• /adminreset <username> - remove the registration of the given username
• /toggleregistration - (yes it is long, in purpose) - toggle registration mode ON/OFF.
• /adminallow <username> - allow user to register even if registration is deactivated.

Changelog:
Version 1.6c

• Made it work with newer CB builds.
• Made it work with GroupManager 1.0 alpha

Version 1.6b

• Made it work with newer GM builds.

Version 1.6

• Fixed a nasty bug.

Version 1.5

• Fixed die-menu-respawn item duping(I think).

Version 1.4

• Compatible with the latest bukkit builds(#353)

Version 1.3b

• Removed some debugging messages.

Version 1.3

• Fixed small bugs. (I think all exceptions reported by now are fixed)
• Added allow list.

Version 1.2

• Fixed small bugs
• Improved how God Mode works(now it's verly like the God Mode plugin)
• Added a God Mode timout after login of 5 seconds, to prevent die of falling on the ground.
• Added a command to toggle registrations on/off.

Version 1.1

• Prevent non-logged-in users to lose health(and die).

Version 1.0

• First fully working release.

Future plans:

• (done!) Create a toggle command that opens and closes registration
• Store users activities, such as typing wrong passwords and such(to catch hackers)

Download:
Version 1.6c (to use with GroupManager 1.0 or higher):
http://www.mdn.fm/files/272681_rqyw0/AnjoSecurity-1.6c.zip

Version 1.6b (to use with GroupManager 0.99b or lower):
http://www.mdn.fm/files/271609_dvt1f/AnjoSecurity-1.6b.zip

Source:
https://github.com/gmcouto/AnjoSecurity

Flat-file Authentication importer(import auth db from older plugins):
http://www.mdn.fm/files/261879_yjodh/uber-AnjoSecurityImporter-1.0-SNAPSHOT.jar
It is destinated for the following format(plugins that used MineSecurity format, from hMod):
username:md5passhash

Just double click on the jar(or run via terminal with java -jar), select the old flat-file... it will generate a AnjoSecurityDB.db file, which you put on your server folder. If you want to merge the old file with the new database, just put the jar on the same folder of the AnjoSecurityDB.db...


===============================
Everyone with an Off-Line server might like the NameChecker plugin I made, it super simple. It only filters huge names (> 20 chars), short names(<3 chars), and invalid characters in names(only letters, numbers, and underscores allowed).
It kicks the player and shows him the reason of why his name is invalid. It even has a configurable file for you to put forbidden names to join the server(like Player, or Scruffy_Puppy)
http://www.mdn.fm/files/273443_hynys/NameChecker-0.1-SNAPSHOT.jar

 

I dont think you understand, in offline mode, people can log in as the name of an admin, therfore, all plugins that look at names will see that the hacker is an admin thus PERMISSIONS GRANTED dun dun dun! Group manager is similar (but with commands and temorary permissions) to Permissions 2.1 (so its not needed if you have permissions 2.1). I do have it set up right (it even has groups in it) because people under other names are excluded normally. Ops do not bypass anything, they only get special permissions to give, tp, edit spawn, ect.

Fortunately the hacker cant move if you have a password set. but that doesnt mean they cant issue a command to /stop, /mvcreate, //sphere bedrock 1000, ect (even add people to groups)

Until a plugin comes that bans ips of impersonators or this one is changed to change permissions of all players to nothing until login, this plugin is not safe and secure.

 

@Brennan Mathers
I have check, with my build, the only commands that can be issued by an admin NOT logged in is commands from plugins that doesn't check permissions in Permissions or Groupmanager, just in ops.txt.
So just remove everyone from ops.txt and you wouldn't have any problems.

 

Now it works with newer GM.


Please, if you have a public offline server, never ever put anyone on OP list. Use GroupManager to limit users permissions.
That's my recommendation to you.
It's only my opinion, tough.

 

THANK YOU SOOOOOOO MUCH

I searching 3 Weeks for a functionaly Auth plugin with no errors !
I cant updating my Server but yet i can !!! thanks

Edit

Error

 

Yeah, newer bukkits deprecated that. It was only a small update.

Those things will be updated only when I get GM 1.0 done. Then I'll do all the updates I plan for AnjoSecurity to stay up-to-date with CB plus some new features.

 

use cb 332 or 440, its the recomended build, u must use it, not the unrecomended ones.

 

ok, i do that ... thanks for helping =)

 

@AnjoCaido
Can you submit your changes to your github ?
I have send you a fix for PLAYER_COMMAND on it

Thanks for this plugin

 

Thank you.
But still I already know the fix... just need to register the commands in plugin.yml and use the onCommand... at least it is the most elegant way.

I submited the changes now.

 

Thanks

 

17:48:44 [GRAVE] PLAYER_COMMAND loading AnjoSecurity v1.6 (Is it up to date?)
java.lang.NoSuchFieldError: PLAYER_COMMAND
at org.anjocaido.anjosecurity.AnjoSecurity.onEnable(AnjoSecurity.java:11
1)
at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:118)
at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
.java:414)
at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
r.java:187)
at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:83)
at org.bukkit.craftbukkit.CraftServer.loadPlugins(CraftServer.java:61)
at net.minecraft.server.MinecraftServer.e(MinecraftServer.java:204)
at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:191)
at net.minecraft.server.MinecraftServer.d(MinecraftServer.java:131)
at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:246)
at net.minecraft.server.ThreadServerApplication.run(SourceFile:366)

I got this error. Players dont /login dont /register, its like there is no plugin at all.

 

I do understand and my original response still stands with the additional exception androw pointed out about plugins that don't use Permissions or GM (are there still plugins that don't use permissions/GM?). If your players are using admin commands while being on an admin name that is not logged in then:
1. Your admin names are on ops.txt, remove them
2. Your permissions are not set properly
3. The plugin with the commands they are using does not use permissions or GM or is not hooked properly
4. You are using a bugged CB build that makes everyone an OP regardless of being on ops.txt

*EDIT*
... and of course you should be using the recommended CB build which is #440 at the time of this post.

 

ok, i was using the last CB, i downgraded to CB 440 and now everything works fine.

 

I get these two errpr messages, but everthing works fine.

Code:

2011-02-28 16:51:18 [SEVERE] Could not pass event PLAYER_JOIN to AnjoSecurity
java.lang.NoSuchMethodError: org.anjocaido.groupmanager.GroupManager.getData()Lorg/anjocaido/groupmanager/dataholder/DataHolder;
    at org.anjocaido.anjosecurity.PermissionsDealer.markAsNotRegistered(PermissionsDealer.java:52)
    at org.anjocaido.anjosecurity.AnjoSecurity.handlePlayerJoin(AnjoSecurity.java:234)
    at org.anjocaido.anjosecurity.AnjoSecurityPlayerListener.onPlayerJoin(AnjoSecurityPlayerListener.java:31)
    at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:130)
    at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:59)
    at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:225)
    at net.minecraft.server.ServerConfigurationManager.a(ServerConfigurationManager.java:98)
    at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:87)
    at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:68)
    at net.minecraft.server.Packet1Login.a(SourceFile:46)
    at net.minecraft.server.NetworkManager.a(SourceFile:230)
    at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:34)
    at net.minecraft.server.NetworkListenThread.a(SourceFile:87)
    at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:357)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:272)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:366)

2011-02-28 16:51:38 [SEVERE] Could not pass event PLAYER_COMMAND to AnjoSecurity
java.lang.NoSuchMethodError: org.anjocaido.groupmanager.GroupManager.getOverloadedClassData()Lorg/anjocaido/groupmanager/dataholder/OverloadedDataHolder;
    at org.anjocaido.anjosecurity.PermissionsDealer.restorePermissions(PermissionsDealer.java:67)
    at org.anjocaido.anjosecurity.AnjoSecurity.handleCommandsWhileGuestMode(AnjoSecurity.java:369)
    at org.anjocaido.anjosecurity.AnjoSecurity.handleCommand(AnjoSecurity.java:264)
    at org.anjocaido.anjosecurity.AnjoSecurityPlayerListener.onPlayerCommand(AnjoSecurityPlayerListener.java:68)
    at org.bukkit.plugin.java.JavaPluginLoader$5.execute(JavaPluginLoader.java:150)
    at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:59)
    at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:225)
    at net.minecraft.server.NetServerHandler.c(NetServerHandler.java:662)
    at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:612)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:606)
    at net.minecraft.server.Packet3Chat.a(SourceFile:24)
    at net.minecraft.server.NetworkManager.a(SourceFile:230)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:75)
    at net.minecraft.server.NetworkListenThread.a(SourceFile:100)
    at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:357)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:272)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:366)

 

Update your GroupManager

 

player command error seems to still be an issue

 

OK! Ive got a serious problem with your plugin!
When someone dies and press title menu, not respawn. Then connects back to the server - server freezes... mean I've got many player isn't in chunk errors.. and this errors just freeze server for hours...
Tried to disable all other plugins... but I've got the same!
When I disabling AnjoSecurity - everything is OK.
Tried on AnjoSecurity 1.6, 1.6b
Craftbukkit version git-Bukkit-0.0.0-458-g557f3d2-b441jnks (MC: 1.3)
Also tried on craftbukkit #439

Show Spoiler Hide Spoiler

2011-03-01 02:04:53 [SEVERE] java.lang.IllegalStateException: Failed to remove player. net.minecraft.server.EntityPlayer@360 isn't in chunk 5, 8
2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.PlayerInstance.b(PlayerInstance.java:49)
2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.PlayerManager.b(PlayerManager.java:101)
2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.ServerConfigurationManager.c(ServerConfigurationManager.java:113)
2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:556)
2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.NetworkManager.a(SourceFile:234)
2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:70)
2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.NetworkListenThread.a(SourceFile:100)
2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:338)
2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:253)
2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.ThreadServerApplication.run(SourceFile:366)

 

Hello, thank you very much for updating this

But I'm getting the same errors as CzarRazc:

I'm running CB b473, GM 0.99d and AnjoSecurity 1.6b, and some other plugins like CraftBook, Essentials, and WG, WE.
Do you have any idea what went wrong?

Thanks

Edit: I went back to CB439 and everything works perfect, thanks.

 

Thanks! Working perfect now.

 

First: HURRAY i cant use commands when not logged in! Drinks all around!

Second:
I have a suggestion that would be perfect for this!
Could you have the plugin sense if Minecraft.net is down and change the server to offline mode and enable login and registration? (also sense when Minecraft.net is up and ok to move to online mode and turn login and registration off)

Third: is it posible to have the abilities of an op without being an op, because i have my permissions of me set to '*' and im not sure how to go any higher...

 

This could be done by periodically polling minecraft.net. The problem is that when it's unstable (which it often is), it can be down one minute and up the next. If the plugin polls it and it's up, and then someone connects while it is down but hasn't been polled again, the plugin will incorrectly believe they've already been authenticated and assume they are whoever they say they are.

 

This plugin not block WorldGuard and WolrdEdit commends.
cractbukkit 448, groupmanager 0.99d, anjo 1.6b

 

You need the fake permissions wrapper too.

 

I have fake permissions in the folder plugins.
something more must be done?

 

Check your log - are WG and WE detecting Permissions?

 

Yes
17:46:06 [INFO] WorldEdit: Permissions plugin detected! Using Permissions plugin
for permissions.
17:46:07 [INFO] WorldGuard: Permissions plugin detected! Using Permissions plugi
n for permissions.

 

Same here,

I replaced GM with new version, after that all commands were blocked,
but after restart they are not again!
How could it be?

 

By any chance, do you have any entries in ops.txt?

 

So, where do i get CB440?
I got CB473 and it aint working with it.

 

This link always points to the latest recommended build.