Hi, I wanted to know is it somehow possible to know if player is using cracked version of minecraft (MinecraftSP in example). It's like the server would run in Online mode and reject all illegal players, but I want to somehow manage making it Offline so that bought versions of minecraft would enter the server with no problems and illegals could only come when whitelisted. Thank you for reading.
not possible, when in offline mode players can choose what name they want to log inn with... you could get some form of ingame loginm where they login after they enter the game...
If the server is in online mode, all players must be premium. If you turn online mode off then your best option is to get an authentication plugin like xAuth, and with the false sense of security plugins like that provide, you should have no reason to worry.
There is only one way of checking weather a player is premium, unfortunately, it requires the user to give their Minecraft password away. Whenever a client joins a server, before ANYTHING happens, the client connects to login.minecraft.net, in which it does: https://login.minecraft.net?user=<username>&password=<password>&version=<launcher version>. You can use this to check weather a player is premium or not via Java HTTP protocols, which I don't know a single thing about. Since the server (I assume) is offline-moded, it won't bother to check the session and let the player be.
If you are worried about non-premium members joining your server, why are you in offline mode? *face palm* anyway why is this in Plugin Development ?
That's useful, nice one! So in a PlayerPreLoginEvent you can have it check that url, then scan it (shouldn't be hard to do, it's only one word), have it check if it equalsIgnoreCase("True"), if so, continue, if not, cancel the event.
Like this: Code: public static boolean isPremium(String player) { try { URL url = new URL("http://www.minecraft.net/haspaid.jsp?user="+player); return Boolean.parseBoolean(new BufferedReader(newInputStreamReader(url.openStream())).readLine()); } catch(Exception e) { return false; } } but as I said earlier in the thread, that wont work cus in offline-mode there are ways to change the name
I like this opinion the most, because I couldn't find by myself any better. Of course, players will have to enter their passwords, but if they want to play, then they will do it. Why do I need to know this, why just don't make server "online" mode and why authentication plugins doesn't help me? I just want to make a server playable to all premium users and to all cracked minecraft versions as well, but only whitelisting them. Premium users won't make such mess as if cracked could do. Every non-premium user can login with any name he want and you can't do anything about it. So I'm going to put a small charge to get in whitelist, but free to play for all premium users. That's is the reason why I wan't to group premiums and non-premium users. And this is in PluginDevelopment, because I'm trying to develop it.
One problem: Having the players give their password and charging to get in your whitelist is a major factor for the reason a player would not want to join your server. Unless a Mojang programmer decides to slice in some piece of code that, if removed or modified, would send a packet to the server saying "cracked" and also checks weather a player is using an authentic account or not, there would probably not be a better way then getting another session ID, which of course would be ignored by the server since it's not checking sessions. Of course, if Mojang DOES insert that piece of code, immediately, the Minecraft "hackers" would start decompiling and pinpointing where the code is so they can remove it.
Premium users should give their password and cracked users should give a small amount of money. Well, there are people who trust me and new players would follow them, as I'm not holding a server for money, I'm making it for fun and fair playing.
mayby you should know how minecraft authorientates crasked an non cracked players: non-cracked server: player connects to server player send hostname where it connect to to server server send an packet back containing a random hash client send the hash to session.minecraft.net client send an login packet server verifies the hash on session.minecraft.net if returned yes, user is allowed to join, if false, send failed to verify username player joins map cracked server: player connects to server player send hostname where it connect to to server server send an packet back containing a "-" string client send an login packet players joins map
When using MinecraftSP, the player cannot choose his skin... So first you can do the "hasPaid" check, if returns false it is, of course, a hacked version of minecraft Then, second check: You fetch the player skin thanks to one of these websites: http://s3.amazonaws.com/MinecraftSkins/Mac_Mc.png -> Entire skin Or https://minotar.net/avatar/Mac_Mc.png -> Just the face (Mac_Mc to be replaced by the player name) And you manage to get the player's skin when he logs in (I don't really know how to do it, but since we can get it with a dynmap, I guess it's possible), and you compare it to the skin returned by the websites: since MinecraftSP sends the default skin, even if the player name is the same, the skin will be different! However, if a player chooses not to change his skin, then his account will be unprotected... You'd probably have to check the Packets sent/received by the server to get the player's skin, sorry I can't help you for that... EDIT: I was probably mistaken, when you log in with a MinecraftSP the skin is the same than with the real account... Sorry
