Getting password from config

Discussion in 'Plugin Development' started by Abyssal, Nov 12, 2015.

Thread Status:
Not open for further replies.
  1. Offline

    Abyssal

    Hey, I want it so when a player logs in they have to do /unlock <password> to unlock their account. The password is in the config file as
    password: hello123

    When I do /unlock I get an internal server error: http://i.imgur.com/DSYGgnh.png

    When I do /unlock hello123 it comes up with the message "Please unlock your account before proceeding"

    Code: http://pastebin.com/aMCHTEEw
     
  2. Offline

    Scimiguy

    Storing unencrypted passwords is almost always a major security issue

    Your code isnt the same as your error, recompile and try it again
     
  3. Offline

    Abyssal

    Hey. I no longer get an error, but now whenever I do /unlock <password> it just sends the message "Please unlock your account before proceeding" every time, regardless of the amount of arguments I have.

    Here is my code: http://pastebin.com/fDjGXA1L

    I think it is a problem with the PlayerCommandPreProcessEvent, but I have no idea what
     
  4. Offline

    Scimiguy

    Why do you need that pre process command event at all? Just get rid of it
     
  5. Offline

    adam753

    This is on par with saying "setting a gas canister on fire probably isn't a good idea". MASSIVE UNDERSTATEMENT. THIS CANNOT BE OVERSTATED. Any server admin could look at either the config file or the chat history and find everyone's password, which, keeping in mind the average Minecraft player probably doesn't know much about online security, will probably be their Minecraft login too. You're hurting more than you're helping.

    Incidentally your problem is also painfully obvious. Of course it's blocking the /unlock command because you're doing that yourself in PlayerCommandPreprocessEvent.
     
  6. Offline

    Abyssal

    Because if a player is opped, and they log in, I want them to have to do /unlock <password> before being able to use any other commands, chatting, breaking or placing blocks

    How do I make it so they can use /unlock, but no other command

    The plugin is for OPs, and the password is set in the config. People don't get to chose their password. It's not unsafe
     
    Last edited by a moderator: Nov 12, 2015
  7. Offline

    Scimiguy

    Use your preprocess event, check if the command is not your unlock command, and cancel the event if its not

    Edit: please dont multi post, use the edit button
     
  8. Offline

    adam753

    @Abyssal
    Hmm... Okay then.

    You have PlayerCommandPreprocessEvent set up to block all commands. That's... ALL commands. Including /unlock. Changing the event to allow a specific command through will be fairly simple, assuming you wrote this code yourself.
     
  9. Offline

    Abyssal

    Hey.
    I tried doing this, but it's still not working
    Full code: http://pastebin.com/1Q8hRw0j

    Preprocess event:
    @EventHandler
    public void onCommand(PlayerCommandPreprocessEvent e){
    if(isOP.contains(e.getPlayer().getName())){
    if(!e.getMessage().equalsIgnoreCase("unlock")){
    e.setCancelled(true);
    e.getPlayer().sendMessage(ChatColor.RED + "Please unlock your account before proceeding");
    e.getPlayer().sendMessage(ChatColor.GREEN + "/unlock <password>");
    return;
    }

    }else{

    }
    }


    Whenever I do /unlock with however many arguments, it still comes up with "please unlock your account before proceeding"
     
  10. Offline

    Scimiguy

    Thats because of two reasons:

    1. You forgot to put the forward slash in with "unlock"
    2. If you put any args in, your command will no longer equal "/unlock"
    Put the slash in, get the first word only, or check if the string startsWith()
     
  11. Offline

    Abyssal

    @Scimiguy

    Do I need any sort of quote marks over the password bit in the config?

    So like:
    password: "hello2012"
    password: 'password123'

    Because, when I do it now, (/unlock test123), it says the password is wrong, even though it's the same as in the config

    EDIT: Fixed it. I compared strings with == instead of .equals

    @Scimiguy
    Thank you so much for all your help! Sorry for being a pain, but it works now!
     
    Last edited by a moderator: Nov 12, 2015
  12. Offline

    Scimiguy

    @Abyssal

    Lol checking with == is just plain wrong
     
    Zombie_Striker likes this.
  13. Offline

    Mrs. bwfctower

    Do you know why you did this? It is not good practice, and will not work in most cases. With reference objects (String in this case), the == operator compares the reference of the object, while #equals() compares the referenced object. I suggest becoming decent at Java before using the Bukkit API. After all, Bukkit plugins are written in Java.
     
    rbrick likes this.
  14. Offline

    Chloe-chan

    Just being a little off-topic here, please hash and salt the password before storing it. Preferably using a random salt too.
     
Thread Status:
Not open for further replies.

Share This Page