[INACTIVE][SEC] AnjoSecurity v1.6c - Offline-Mode User Registration [440-531+]

Discussion in 'Inactive/Unsupported Plugins' started by AnjoCaido, Feb 15, 2011.

  1. Offline

    AnjoCaido

    AnjoSecurity - Offline-Mode User Registration System
    Version: v1.6c

    This version it's just a minor update to make it work with newer CB and GM. When GM gets it's final version I'll start working on future plans for this.

    ---

    This plugin uses GroupManager plugin(optional, but recommended if you want to block commands):
    http://forums.bukkit.org/threads/ad...0-7-because-permissions-is-past-326-353.4723/
    With this you can block all commands of plugins that uses Permissions plugin.

    This plugin is to help people prevent griefing and abusing while your server is in offline-mode. When mineceraft server is down you have no choice than setting up offline-mode. When this option is enabled anyone can connect within your server with their desired username, it brings up the problem that someone can connect with administrator name and abuse with all his loot and commands. This plugin will set up user registration with a custom password for your server, and only the person with that password will be able to use that username.

    Did I say it is open-source? You can get it on GitHub and modify as you want.

    Features:
    • Prevents registered users to do anything while not logged in.
    • (toggle-able)Prevents non-registered users to do actions(move,destroy,etc).
    • (toggle-able)Prevents non-registered users to do summon commands.
    • (toggle-able)Remove all loot of non-registered users when joining the server(and tp to spawn).
    • (toggle-able)Registration system. You can deactivate registrations anytime.
    • Every user can remove their registration, so they can register with other password.
    • Users listed on settings.properties, while logged in, can remove any user registration.
    • (configurable) Session time. You can set the session duration, so if a user drops connection a lot, he would not need to /login again.(default 30 minutes)
    • Interacts with GroupManager permission plugin(the one replacing Nijikokun's Permissions plugin, yet fully compatible) to prevent running registered commands.
    • ALLOW List. You can allow certain users to register, even if registration is deactivated.
    Commands (all of them speech for themselves):
    • /register <password> - it registers with the given password
    • /login <password> - it tries to login with the given password
    • /reset <password> - if the password is correct, remove registration
    • /adminreset <username> - remove the registration of the given username
    • /toggleregistration - (yes it is long, in purpose) - toggle registration mode ON/OFF.
    • /adminallow <username> - allow user to register even if registration is deactivated.
    Changelog:
    Version 1.6c
    • Made it work with newer CB builds.
    • Made it work with GroupManager 1.0 alpha
    Version 1.6b
    • Made it work with newer GM builds.
    Version 1.6
    • Fixed a nasty bug.
    Version 1.5
    • Fixed die-menu-respawn item duping(I think).
    Version 1.4
    • Compatible with the latest bukkit builds(#353)
    Version 1.3b
    • Removed some debugging messages.
    Version 1.3
    • Fixed small bugs. (I think all exceptions reported by now are fixed)
    • Added allow list.
    Version 1.2
    • Fixed small bugs
    • Improved how God Mode works(now it's verly like the God Mode plugin)
    • Added a God Mode timout after login of 5 seconds, to prevent die of falling on the ground.
    • Added a command to toggle registrations on/off.
    Version 1.1
    • Prevent non-logged-in users to lose health(and die).
    Version 1.0
    • First fully working release.
    Future plans:
    • (done!) Create a toggle command that opens and closes registration
    • Store users activities, such as typing wrong passwords and such(to catch hackers)
    Download:
    Version 1.6c (to use with GroupManager 1.0 or higher):
    http://www.mdn.fm/files/272681_rqyw0/AnjoSecurity-1.6c.zip

    Version 1.6b (to use with GroupManager 0.99b or lower):
    http://www.mdn.fm/files/271609_dvt1f/AnjoSecurity-1.6b.zip

    Source:
    https://github.com/gmcouto/AnjoSecurity

    Flat-file Authentication importer(import auth db from older plugins):
    http://www.mdn.fm/files/261879_yjodh/uber-AnjoSecurityImporter-1.0-SNAPSHOT.jar
    It is destinated for the following format(plugins that used MineSecurity format, from hMod):
    username:md5passhash

    Just double click on the jar(or run via terminal with java -jar), select the old flat-file... it will generate a AnjoSecurityDB.db file, which you put on your server folder. If you want to merge the old file with the new database, just put the jar on the same folder of the AnjoSecurityDB.db...


    ===============================
    Everyone with an Off-Line server might like the NameChecker plugin I made, it super simple. It only filters huge names (> 20 chars), short names(<3 chars), and invalid characters in names(only letters, numbers, and underscores allowed).
    It kicks the player and shows him the reason of why his name is invalid. It even has a configurable file for you to put forbidden names to join the server(like Player, or Scruffy_Puppy)
    http://www.mdn.fm/files/273443_hynys/NameChecker-0.1-SNAPSHOT.jar
     
    xcession, FlingeR and methos like this.
  2. Offline

    anon

    OMG, the legendary anjocaido made a auth plugin!
    Are you really him? THE ANJO CAIDO?
     
  3. Offline

    AnjoCaido

    Yes. The.

    Unfortunately I'm noticing a problem on this plugin. It is not possible to stop someone to summon command if the plugin overrides JavaPlugin.onCommand to read commands(which I think is the right way, instead looking for onCommand events at the player listener).

    I'm very new to Bukkit. Going to ask on the other forum if anyone got one idea.
     
  4. Offline

    anon

    Are you familiar with nijikokun's Permission plugin?
    The thing I think would solve this is if you use integration with this plugin. So before player is logged he is set to be on a groups with no building rights, or access to any command. Then, after he logs in, he would be transfered to the group he belongs. I think that would work, but im not totally sure.
     
  5. Offline

    AnjoCaido

    yeah, I was trying to make my plugin the more dependency free as possible. I am testing some things. If I really see there is no exit to fully prevent command summoning, that's what I'll do.

    Thanks for your help.
     
  6. Offline

    anon

    The nice thing of using his plugin is that you could just close registrations if you want. If you implement 2 nodes, one to access /login command and one to access /register command, then the server admin would set this default group to have only those 2 comands. If he wants to close all further registration, he would just take the /register node, and people would only be able to login.
    --- merged: Feb 16, 2011 2:51 AM ---
    Found something. While on spawn, if you try to destroy a block it throw this error on console:
    Code:
    SEVERE: Could not pass event BLOCK_IGNITE to AnjoSecurity
    java.lang.NullPointerException
            at org.anjocaido.anjosecurity.RegistrationControl.isLoggedIn(RegistrationControl.java:110)
            at org.anjocaido.anjosecurity.RegistrationControl.getStatus(RegistrationControl.java:131)
            at org.anjocaido.anjosecurity.AnjoSecurity.handleCancellable(AnjoSecurity.java:163)
            at org.anjocaido.anjosecurity.AnjoSecurityBlockListener.onBlockIgnite(AnjoSecurityBlockListener.java:69)
            at org.bukkit.plugin.java.JavaPluginLoader$27.execute(JavaPluginLoader.java:256)
            at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:60)
            at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:214)
            at net.minecraft.server.BlockStationary.a(BlockStationary.java:65)
            at net.minecraft.server.World.g(World.java:1533)
            at net.minecraft.server.World.f(World.java:1464)
            at net.minecraft.server.WorldServer.f(WorldServer.java:46)
            at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:307)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:232)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:512)
    SitePlayerlist - Playerlist sent!
    Feb 15, 2011 9:44:26 PM org.bukkit.plugin.SimplePluginManager callEvent
    SEVERE: Could not pass event BLOCK_IGNITE to AnjoSecurity
    java.lang.NullPointerException
            at org.anjocaido.anjosecurity.RegistrationControl.isLoggedIn(RegistrationControl.java:110)
            at org.anjocaido.anjosecurity.RegistrationControl.getStatus(RegistrationControl.java:131)
            at org.anjocaido.anjosecurity.AnjoSecurity.handleCancellable(AnjoSecurity.java:163)
            at org.anjocaido.anjosecurity.AnjoSecurityBlockListener.onBlockIgnite(AnjoSecurityBlockListener.java:69)
            at org.bukkit.plugin.java.JavaPluginLoader$27.execute(JavaPluginLoader.java:256)
            at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:60)
            at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:214)
            at net.minecraft.server.BlockStationary.a(BlockStationary.java:65)
            at net.minecraft.server.World.g(World.java:1533)
            at net.minecraft.server.World.f(World.java:1464)
            at net.minecraft.server.WorldServer.f(WorldServer.java:46)
            at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:307)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:232)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:512)
    2011-02-15 21:44:28 [INFO] ?f[?4King?f] ?4anon: ?fola
    Feb 15, 2011 9:44:58 PM org.bukkit.plugin.SimplePluginManager callEvent
    SEVERE: Could not pass event BLOCK_IGNITE to AnjoSecurity
    java.lang.NullPointerException
            at org.anjocaido.anjosecurity.RegistrationControl.isLoggedIn(RegistrationControl.java:110)
            at org.anjocaido.anjosecurity.RegistrationControl.getStatus(RegistrationControl.java:131)
            at org.anjocaido.anjosecurity.AnjoSecurity.handleCancellable(AnjoSecurity.java:163)
            at org.anjocaido.anjosecurity.AnjoSecurityBlockListener.onBlockIgnite(AnjoSecurityBlockListener.java:69)
            at org.bukkit.plugin.java.JavaPluginLoader$27.execute(JavaPluginLoader.java:256)
            at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:60)
            at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:214)
            at net.minecraft.server.BlockStationary.a(BlockStationary.java:65)
            at net.minecraft.server.World.g(World.java:1533)
            at net.minecraft.server.World.f(World.java:1464)
            at net.minecraft.server.WorldServer.f(WorldServer.java:46)
            at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:307)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:232)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:512)
    
    While this is not a issue, as there is no ingame bug that I could see, it still drops a giant console error.
     
  7. Offline

    AnjoCaido

    Are u using CraftBukkit build 326? It seems a Bukkit error that is not passing Player on the event.
    As far I tested here I got no problems with it.

    Going to check out...
     
  8. Offline

    Care

    Do what you want cause a pirate is free! you are a pirate!
    i love you ANJO CAIDO!
     
  9. Offline

    QQCucumber

    I'm not sure I understand why 1.1 makes users who aren't logged in invulnerable.. that provides incentive to not log in for exploring, which is bad.
     
  10. Offline

    zergilng

    how to get 326?
    i'm using 409 but dosen't work
    error same anon
     
  11. Offline

    Alphard

    Please make commands for users to change password and admins register players when registration is disabled.
     
  12. Offline

    AnjoCaido

    Anyone knows how to change the topic title? I want to update it.

    Ok, ill do that. It's very fast!
     
  13. Offline

    marmot

    Thank you, best offline registration plugin so far :)
    You forgot to change the link in your first post : it's still linked to the v1.1 version.
     
  14. Offline

    AnjoCaido

    Oops... these WYSIWYG editors... tsc tsc...
     
  15. Offline

    QQCucumber

    You should update the topic too.
     
  16. Offline

    AnjoCaido

    Can't find how...
     
  17. Offline

    QQCucumber

    It's in Thread Tools
     
  18. Offline

    Thatotherguy

    This plugin is great! Thanks.
     
  19. Hey, nice! But I would like a support with Mysql if you can make it :) Thank you !!
     
  20. Offline

    marmot

    Using build 339, I have an error that's being displayed on the console until unlogged players logs in.
    Doesn't seem to alter gameplay though.

     
  21. Offline

    anon

    Yes it does work great, but it has this bug
    Code:
    SEVERE: Could not pass event PLAYER_JOIN to AnjoSecurity
    java.lang.NullPointerException
    at org.anjocaido.anjosecurity.AnjoSecurity.handlePlayerJoin(AnjoSecurity.java:209)
    at org.anjocaido.anjosecurity.AnjoSecurityPlayerListener.onPlayerJoin(AnjoSecurityPlayerListener.java:31)
    at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:124)
    at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:60)
    at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:214)
    at net.minecraft.server.ServerConfigurationManager.a(ServerConfigurationManager.java:88)
    at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:86)
    at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:68)
    at net.minecraft.server.Packet1Login.a(SourceFile:46)
    at net.minecraft.server.NetworkManager.a(SourceFile:232)
    at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:34)
    at net.minecraft.server.NetworkListenThread.a(SourceFile:91)
    at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:317)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:232)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:512)
    It seems to be related to being on the spawn point. So if a nwe player log in, he will apear on the spawn point, and get this error. Then he will be able to move even if he is unregistered. Thats what happened to me anyway.

    About the already registered players, it works great. It has comand protection if used toghether with groupmanager, and that is great.
     
  22. Offline

    Black_Jack

    Did this plugin protection from drop item while not logged in?
     
  23. Offline

    AnjoCaido

    I noticed those errors little time after release. I changed a lot how plugin works. It uses YAML for configuration now.
    Unfortunately all those copy&paste bring these problems. I'm going to polish a little bit in next few hours and add the feature suggested by Alphard.

    Thank you for your replies. It's a little rough to test by myself.
    I monitor the death event and clear the Drop inventory if it occurs. But I never tested to see if it works. If don't, probably is a bukkit thing.
    I'm going to test it in this weekend.
     
  24. Offline

    kyku

    why i can use admin commands without login ? :\ (e.g. /give kyku 50 10 or /item 50 10)
    i use Permissions
     
  25. Offline

    AnjoCaido

    There is no way to block commands registered by a plugin(those listed inside the jar file, in plugin.yml)... those commands doesn't summon events... they are passed directly to the destination plugin. It's the way bukkit was modelled. I can't do anything.

    To solve that, AnjoSecurity now can use, optionally, GroupManager... it is a plugin intended to replace Permissions plugin. And GroupManager is fully compatible with all other plugins that use Permissions too.(so you can replace Permissions with GroupManager)
    AnjoSecurity uses a feature on GroupManager, called permissions overloading, which the user that is not logged in is moved, temporarily, to a group with no permissions at all... blocking all commands that are registered and need sufficient permissions to work.
     
  26. Offline

    zwarmapapa

    BLOCK_IGNITE gives errors
    There is a lot of lava flowing around the spawnplek btw :p

    Error.png

    It seems like you forgot a try catch statement


    edit: And another thing, /adminreset <username> doesn't work, did I do something wrong?
     
  27. Offline

    AnjoCaido

    Put your name inside the config.yml.

    Forget the old settings.properties. You can delete that.
     
  28. Offline

    marmot

    AnjoSecurity v1.3 + GroupManager v0.6 = no more error in my logs :)

    I just have a small suggestion : shouldn't a newly registered user be automatically logged in ?
     
  29. Offline

    Vaupell

    sweet ;D
     
  30. Offline

    AnjoCaido

    Yeah, I know. I could do that.

    I just chose to make like that. So the user get used to /login right away... you know... there is lot of people that have problems to understand they have to use these commands.

    I mean... it's like... "let's make it difficult now, so they learn once and for all".

    If people like it otherwise, I can change that. Just say it, guys.
    --- merged: Feb 19, 2011 6:22 AM ---
    Can anyone test the item dupe thing?
    --- merged: Feb 19, 2011 6:51 AM ---
    Now there is a flat-file authentication importer. You can import authentication information from other plugins.
     

Share This Page