Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    SilencShadoW


    Peter Hsieh said:
    I'm having the exact same issue. It seems to be an xAuth error, cause /spawn correctly spawn me the /setspawn location. It only applies to those who use the /register command (i.e. all new players). I have my spawn, located 45 blocks below sea level, and when they register, they are teleported to the top level (in the open) of that spawn location (as if they used /top). If we could get that fixed, it would be great :) and highly appreciated! Thanks for your great work.​

    I got the same Problem, they get ported on the top of the building in a RANDOM Possision!! Sometmes they fell onto the ground because they get random spawned .... /spawn works fine .... i tried /xauth loc set / remove aswell .. nothing work...! need help very fast plz :(


    WE need help!!! FAST plz -.-"​
     
  3. Offline

    Samovar_golden

    Same isue

    Did you try change settings "guest.protect-location" to "false"? it should help.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 12, 2016
  4. Offline

    The Wizard

    I want to make a login sistem using xauth username and password.
    I'm using the check function from https://github.com/CypherX/xAuth/wiki/Password-Encryption
    When I enter the correct password I get 1, when I enter an incorrect password I get nothing.
    It is safe to use if pass == 1 ... else ...?
     
  5. Offline

    SilencShadoW

    I not got the option ""guest.protect-location" in the cfg. i only got "protect-location" ill hope u mean that, right?
     
  6. Offline

    CypherX

    Assuming that you're using H2 as the datasource, you need to open plugins\xAuth\xAuth.h2.db with a H2 database editor and run the query:

    Code:
    UPDATE account table name SET playername = 'new name' WHERE playername = 'old name'
    Try this recovery tool: http://www.h2database.com/html/advanced.html#using_recover_tool

    Nice idea, I'll see what I can do.

    @sfxworks - Looks like the MySQL connection timed out. This was fixed in beta 3.5.

    Looking into it.

    Download the H2 database engine library from my Github, created a folder called "lib" in the server root, place the H2 file in that folder.

    Fixed in beta 4.

    @tombik @black_renegat - Should have been fixed in the last update. Are you sure you're using beta 3.5?

    Just set the session timeout to zero or a low number.

    @Philipp Normann - That's not an xAuth error.

    Probably because it can't connect to the database.

    What version were you using and what version did you update to?

    @NotYetRated - Does this happen for every player that joins? Are you using the EasyBan plugin?

    I'll look into this.

    @MiniKahn - The session table already exists in the database, change it's name in the xAuth configuration.

    BukkitContrib compatibility will be fixed in beta 4, but BukkitContribEssentials skins don't work at all for me.

    Are you using a spawn plugin such as ExactSpawn?

    @Samovar_golden - That was fixed a while ago.

    The function returns a boolean (true/false). True if the password is correct or false if it is incorrect.
     
    Peter Hsieh and oqenscool like this.
  7. Offline

    ssssfire52

    Ok so out of nowhere i started to get errors. I got fed up with trying to fix them so i just deleted every trace of xAuth from my server and reinstalled it with all new downloads, so it is up to date. The error im getting is that it cant connect to the database. I pretty sure i did set it up right with teh h2 file in a lib folder in my server root folder. The server looks like this when i run it with no other plugins.
    ScreenHunter_04 Jul. 30 00.57.gif
    What's wrong.
     
  8. Offline

    CypherX

    @ssssfire52 - Looks like the database file was corrupted somehow. You can try using the recovery method described here.
     
  9. Offline

    ssssfire52

    If i have other plugins that use an h2 data base, will they make their own data bases, or could they think that since there is already a file name h2 in the lib folder that they can use that and not create one for themselves?
     
  10. Offline

    CypherX

    They will all have their own database files in their respective /plugins/ directory but should all use the one h2 file in /lib/.
     
  11. Offline

    ssssfire52

    Got it thanks for your help
     
  12. Offline

    thedarkdima

    you need to log in and log out and then log in again.
     
  13. Offline

    CypherX

    Yeah, I did, and like I said, "it didn't work at all".
     
  14. Offline

    ssssfire52

    Ok Cypher im not sure if you want to look into this, but i just redownloaded craftbukkit 1000, made a new server with a new root folder, and put the beta 3.5 xAuth on it. The first server run was fine everything worked. Then i added essentials to the plugins folder and when i reloaded the server xAuth came up with the "could not connect to the data base". I stopped the server got rid of essentials and started it again resulting in the same error. Not sure what this is or if you want to look into it, but there's my two cents.
     
  15. Offline

    CypherX

    Weird, it's working alright for me. What operating system are you using and what Essentials plugins (include versions) are you using?
     
  16. Offline

    thedarkdima

    Weird O_O
     
  17. Offline

    mrdubit

    Hi,

    thanks for your great plugin.

    Unfortunately your plugin doesn't supports IPv6:

    Code:
    00:47:08 [SCHWERWIEGEND] [xAuth] Could not update account for player: mrdubit
    org.h2.jdbc.JdbcSQLException: Wert zu gross / lang für Feld "LASTLOGINIP CHAR(15)": "'2001:XXXX:XXXX:700:XXXX:98a0:8c6e:8438' (37)"
    Value too long for column "LASTLOGINIP CHAR(15)": "'2001:XXXX:XXXX:700:XXXX:98a0:8c6e:8438' (37)"; SQL statement:
    UPDATE `accounts` SET `playername` = ?,`password` = ?,`email` = ?,`registerdate` = ?,`registerip` = ?,`lastlogindate` = ?,`lastloginip` = ?,`active` = ? WHERE id = ? [90005-153]
            at org.h2.message.DbException.getJdbcSQLException(DbException.java:327)
            at org.h2.message.DbException.get(DbException.java:167)
            at org.h2.table.Column.validateConvertUpdateSequence(Column.java:321)
            at org.h2.table.Table.validateConvertUpdateSequence(Table.java:671)
            at org.h2.command.dml.Update.update(Update.java:108)
            at org.h2.command.CommandContainer.update(CommandContainer.java:69)
            at org.h2.command.Command.executeUpdate(Command.java:212)
            at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(JdbcPreparedStatement.java:143)
            at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPreparedStatement.java:129)
            at com.cypherx.xauth.datamanager.DataManager.updateAccount(DataManager.java:497)
            at com.cypherx.xauth.datamanager.DataManager.saveAccount(DataManager.java:412)
            at com.cypherx.xauth.xAuth.login(xAuth.java:228)
            at com.cypherx.xauth.commands.LoginCommand.onCommand(LoginCommand.java:60)
            at org.bukkit.command.PluginCommand.execute(PluginCommand.java:35)
            at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:129)
            at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:320)
            at net.minecraft.server.NetServerHandler.handleCommand(NetServerHandler.java:713)
            at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:677)
            at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:670)
            at net.minecraft.server.Packet3Chat.a(Packet3Chat.java:33)
            at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
            at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:85)
            at net.minecraft.server.NetworkListenThread.a(SourceFile:105)
            at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:451)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:361)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    00:47:08 [SCHWERWIEGEND] [xAuth] Could not insert session for account: 16
    org.h2.jdbc.JdbcSQLException: Wert zu gross / lang für Feld "HOST CHAR(15) NOT NULL": "'2001:XXXX:XXXX:700:XXXX:98a0:8c6e:8438' (37)"
    Value too long for column "HOST CHAR(15) NOT NULL": "'2001:XXXX:XXXX:700:XXXX:98a0:8c6e:8438' (37)"; SQL statement:
    INSERT INTO `sessions` VALUES (?, ?, ?) [90005-153]
            at org.h2.message.DbException.getJdbcSQLException(DbException.java:327)
            at org.h2.message.DbException.get(DbException.java:167)
            at org.h2.table.Column.validateConvertUpdateSequence(Column.java:321)
            at org.h2.table.Table.validateConvertUpdateSequence(Table.java:671)
            at org.h2.command.dml.Insert.insertRows(Insert.java:122)
            at org.h2.command.dml.Insert.update(Insert.java:86)
            at org.h2.command.CommandContainer.update(CommandContainer.java:69)
            at org.h2.command.Command.executeUpdate(Command.java:212)
            at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(JdbcPreparedStatement.java:143)
            at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPreparedStatement.java:129)
            at com.cypherx.xauth.datamanager.DataManager.insertSession(DataManager.java:537)
            at com.cypherx.xauth.xAuth.login(xAuth.java:232)
            at com.cypherx.xauth.commands.LoginCommand.onCommand(LoginCommand.java:60)
            at org.bukkit.command.PluginCommand.execute(PluginCommand.java:35)
            at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:129)
            at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:320)
            at net.minecraft.server.NetServerHandler.handleCommand(NetServerHandler.java:713)
            at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:677)
            at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:670)
            at net.minecraft.server.Packet3Chat.a(Packet3Chat.java:33)
            at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
            at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:85)
            at net.minecraft.server.NetworkListenThread.a(SourceFile:105)
            at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:451)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:361)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    
    edit: i see, that one error message is in German, so i will translate it:

    Wert zu gross / lang für Feld -- value to big / long for field

    Is it possible to integrate IPv6 Support to your plugin?

    Greetings,
    mrdubit
     
  18. Offline

    CypherX

    @mrdubit - I didn't account for IPv6 addresses in the database so all IP-related fields are limited to 15 characters (max length of an IPv4 address). I'll increase the limit in the next update to allow for IPv6 addresses.
     
  19. Offline

    skawke

    I'm guessing this doesn't work well with bukkitcontrib?

    I login, type /login password, then get kicked for 'not having bukkitcontrib' when i do have it..if i relogin, it works fine. I'm thinking your plugin interferes the way bukkitcontrib checks the client mods?
     
  20. Offline

    CypherX

    The current version is incompatible but the next update will fix it.
     
  21. Offline

    Zach667711

    ok REAL IMPORTANT QUESTION MY SERVER GOT HACKED AND SOMEHOW A GUYS LOGGED IN AS MY USERNAME AND DIDNT HAVE TO TYPE HIS PASSWORD. I MADE SURE XAUTH WAS RUNNING BUT HE STILL GOT IN EVEN WHEN I WAS IN AS THE SAME USERNAME!!! PLEASE HELP ME THIS IS URGENT!!!!
     
  22. Offline

    EMOberger

    Simple, Minecraft is one of the easiest games to hack, therefor this plugin nor any plugin could not defend against a hardcore hack. only way to avoid this is to white list your server, or you could just have a backup every hour than if this happens you just easily rollback your server.
     
    Zach667711 likes this.
  23. Offline

    Zach667711

    But rolling back wont stop him from coming in as that again right??
    I even banned his whole subnet but then he started to use a proxy.
     
  24. Offline

    EMOberger

    True, but you could try ip banning him and usually they will only come one time than off to another server to do the same. unless he/she just personal hates you xD
     
    Zach667711 likes this.
  25. Offline

    Zach667711

    i did ip ban him and i banned his whole subnet but he keeps coming in using a proxy now.
     
  26. Offline

    EMOberger

    White list your server for a little while maybe he'll give up.
     
    Zach667711 likes this.
  27. Offline

    Zach667711

    ok thank you very much man THANK YOU !!!! : ). lol and i though i was good with computers lol

    wait but cant he get in because doesnt whitelisting just use your username not you ip. He was logged in as my username.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 12, 2016
  28. Offline

    EMOberger

    Yes, that would be a problem. maybe just try to have your server down for a day. but he might be out to get you, so there may not be a lot you can do.
     
  29. Offline

    Zach667711

    Thanks but do have any idea what hack that is( I need to test it on my server. ) if so please tell me and if you have a link that would be great! : )
     
  30. Offline

    oqenscool

    thank you <3
     
  31. Offline

    ssssfire52


    Vista Home Priemum and Essentials v2.5 by essentialsteam. I'm only using the main essentials and essentialsspawn
     
Thread Status:
Not open for further replies.

Share This Page