Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    CypherX

    Theoretically it shouldn't, but I've never had the chance to test with such a large database. You should send me a copy, heh.
     
  3. Offline

    sharkale

    CypherX you can add to authURL a key config for some type of encription of the pasword? so in the php (forum side) i use the same key to decript the password. and the password travel more secure between servers?
     
  4. Offline

    XsNiPeRxXz

    Is this in version 1.2 now?
     
  5. Offline

    PinguinAman

    Not yet.
     
  6. Offline

    DFL3

    My apologies, I didn't bother to view your profile before I posted. Everything makes sense now.
     
  7. Offline

    florixd97

    Where is the downloadlink? I can't find it!
     
  8. Offline

    beleg

    -.-
     
  9. Offline

    CypherX

    That's actually a pretty good idea security-wise. The PHP mcrypt_decrypt() function would work for this so I just have to research how to do it in Java.

    Edit: Looked into it a bit more, PHP requires a separate library to use the mcrypt module. The creator of AuthURL also posted this which brings up some good points.
     
  10. Offline

    Tixo

    Will it take long time?, I really need to get my server up! :D
    I would be very happy, if it came out :F
    Best Regards, Tixo.
     
  11. Offline

    beleg

    hmm so I my server has to run in only mode or I need an temp fix for 1.2 hmmm :)
     
  12. Offline

    Chrispm84

    Just wanted to say thanks for picking dev back up! I've used xAuth for a long time now and I've stuck with it, even when buggy, because it was the best. Glad to see you back on board!
     
  13. Offline

    mrcheesete0

    Turn offlien mode to [FALSE] for two weeks?

    end of issue?

    (Inb4: BUT I DONT OWN MINECRAFT, then don't host a server)
     
  14. Offline

    Jek29

    Good afternoon!
    When there will be an updating to version 1.2?
    Or where it is possible to download an alpha, a beta the version?
    Used your plug-in of registration, and anything I can not find under 1.2 version is better....
    In advance thanks.
     
  15. Offline

    florixd97

    What do you mean?
     
  16. Offline

    beleg

    there is no download link because its not ready. Just read ;)
     
  17. Offline

    The Wizard

    CypherX
    Can you make names case sensitive and insensitive at the same time?
    Something like:
    If a player registered with name USER, another player will not be able to register with name User.
    If a player registered with name USER, he will not be able to connect to the server with name User.
     
    der_robert likes this.
  18. Offline

    sharkale

    but i cant use https. mc server x.x.x.x -> php forum side y.y.y.y (not https).
    and the moparisthebest code dont use https for connection.
     
  19. Offline

    niki101296

    HELP ME they hack my xauth plugin and steal passwords every time :'( how to fix it ,please tell me I dont want to be hacked anymore !
     
  20. Offline

    aehoooo

    Hmmm, 16? Thats a long time, but ok, I will wait, will keep my server 1.1. I am assuming that the current version does not work with this new 1.2.3 build right?

    Anyway, at least we will have a good version now :3

    Install spout, it corrects the double login exploit.
     
  21. Offline

    florixd97

    Can I have a old version of this plugin, please.
     
  22. Offline

    Hydrosis

    Unless you've used xAuth and need to to continue to use it, don't use it now. It's very buggy and has security exploits.
     
  23. Offline

    niki101296

    Link,please ! (or no ,can someone tell me how to ban dynamic ip ? ) please

    I want to ban that ip 213.145.105.46:38002 but it is dynamic and i cant do it :X That idiot hacks my xauth every time ..but when i banip him he changes it to 213.145.105.56 or sort of it and i cant ban him ! Please tell me what to write in ban-list to ban that ip forever !

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
  24. Offline

    PinguinAman

    niki101296 You can't ban a dynamic ip. Turn off reverse-enforce-single-session.
     
  25. Offline

    callumpy

    Love this plugin.

    Hope to see an update soon for 1.2
     
  26. Offline

    Timberman

    are there maybe beta builds available before release? Cannot update without xAuth to 1.2
     
  27. Offline

    PinguinAman

     
  28. Offline

    radeshi

    how long will take to update to MC 1.2.3
     
  29. Offline

    niki101296

    what is reverse-enforce-single-session..ive seen somewherethat I can ban dynamic ip ,it was something like 213.145.0.0..
     
  30. Offline

    Hydrosis

    March 16th
     
  31. Offline

    winter4w

    When it it be back
     
Thread Status:
Not open for further replies.

Share This Page