Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    Wytry

    WTF?! xAuth causes my server to freeze during loading:
    Code:
    2012-01-17 16:46:37 [INFO] [xAuth] 'Permissions' v2.7.7 support enabled!
    2012-01-17 16:46:37 [INFO] [xAuth] Connection to database established!
    2012-01-17 16:46:50 [INFO] Connection reset
    I'm using latest plugin and bukkit build.

    HELP!
     
  3. Offline

    deregudegu

    Update for CB 1.0.1. Please!
    Enchantment itens don't save!
     
  4. Offline

    moparisthebest

    The successful login is not configurable, the error messages are whatever you send back from the PHP script, so they are infinitely configurable!

    Good job on the PHPBB code, if I start maintaining xAuth can I add it to the official repo?
     
  5. There's a problem with this plugin:
    When someone has to use "/login" because they're currently not logged on they lose all enchantements on their items in their inventory. Dunno if this is already a known bug.
    Really like the plugin btw!
     
  6. Offline

    SilencShadoW

    Robert, maybe u can fix one of the most awsm bugs in it? xD you can crash any xauth server, with just idle arround :p ... after the given time to login you get kicked and the server ends in a connection reset :D

    Code:
    2012-01-19 18:25:25 [INFO] Connection reset
    2012-01-19 18:25:25 [INFO] willi lost connection: disconnect.quitting
    2012-01-19 18:25:30 [WARNING] Could not properly handle event PLAYER_KICK:
    java.lang.IllegalAccessError: Synchronized code got accessed from another thread: com.cypherx.xauth.xAuth$1
        at org.bukkit.event.player.PlayerListener.onPlayerKick(PlayerListener:0)
        at org.bukkit.plugin.java.JavaPluginLoader$4.execute(JavaPluginLoader.java:296)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:57)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:327)
        at net.minecraft.server.NetServerHandler.disconnect(NetServerHandler.java:119)
        at org.getspout.spout.SpoutNetServerHandler.disconnect(SpoutNetServerHandler.java:597)
        at org.bukkit.craftbukkit.entity.CraftPlayer.kickPlayer(CraftPlayer.java:187)
        at com.cypherx.xauth.xAuth$1.run(xAuth.java:256)
        at org.bukkit.craftbukkit.scheduler.CraftWorker.run(CraftWorker.java:34)
    2012-01-19 18:25:30 [INFO] This error is logged only once: it could have occurred multiple times by now.
    2012-01-19 18:25:30 [INFO] Please contact one of the authors of plugin 'xAuth': CypherX
    2012-01-19 18:25:30 [WARNING] Could not properly handle event PLAYER_QUIT:
    java.lang.IllegalAccessError: Synchronized code got accessed from another thread: com.cypherx.xauth.xAuth$1
        at org.bukkit.event.player.PlayerListener.onPlayerQuit(PlayerListener:0)
        at org.bukkit.plugin.java.JavaPluginLoader$2.execute(JavaPluginLoader.java:282)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:57)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:327)
        at net.minecraft.server.ServerConfigurationManager.disconnect(ServerConfigurationManager.java:161)
        at net.minecraft.server.NetServerHandler.disconnect(NetServerHandler.java:140)
        at org.getspout.spout.SpoutNetServerHandler.disconnect(SpoutNetServerHandler.java:597)
        at org.bukkit.craftbukkit.entity.CraftPlayer.kickPlayer(CraftPlayer.java:187)
        at com.cypherx.xauth.xAuth$1.run(xAuth.java:256)
        at org.bukkit.craftbukkit.scheduler.CraftWorker.run(CraftWorker.java:34)
    2012-01-19 18:25:30 [INFO] This error is logged only once: it could have occurred multiple times by now.
    2012-01-19 18:25:30 [INFO] Please contact one of the authors of plugin 'xAuth': CypherX
     
  7. 2012-01-19 19:15:18 [WARNING] Could not properly handle event PLAYER_TELEPORT:
    java.lang.IllegalAccessError: Synchronized code got accessed from another thread: com.cypherx.xauth.xAuth$2
    at org.bukkit.event.player.PlayerListener.onPlayerTeleport(PlayerListener:0)
    at org.bukkit.plugin.java.JavaPluginLoader$9.execute(JavaPluginLoader.java:329)
    at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
    at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:341)
    at org.bukkit.craftbukkit.entity.CraftPlayer.teleport(CraftPlayer.java:298)
    at org.bukkit.craftbukkit.entity.CraftEntity.teleport(CraftEntity.java:157)
    at com.cypherx.xauth.xAuth$2.run(xAuth.java:302)
    at org.bukkit.craftbukkit.scheduler.CraftWorker.run(CraftWorker.java:34) im using mutliverse but its not important
     
  8. Offline

    djrazr

    Ya .. sure :D

    As you can see... "null" on wrong password and "Player NAME logged in with forum name 'NAME' on successful login is not what i was sending back over php... there must be something wrong in java... Am also able to code java.. but dk how to settup the bukkit environment.. but if you need in php/sql coding then tell me :D
     
  9. Offline

    LlmDl

    Quoting this for this page, for anyone using H2:
     
  10. Offline

    killerciao

    i think tua this plugin got an exploit: i'm an OP/Owner of a server running offline mode. Dome griefere Now can join with my name when i 'm online and grief everything: i found on The chat that they use my name: killerciao but with a blank space atthe end. And in The player list on my ftp i find in fact killerciao and killerciao_ that Is The account of griefer. I dont know how they can add a space after name and i dont know how to fix it. Can Simeone help me? Sorry for my bad english i'm italian
     
  11. Offline

    _Robert

    Err, it dosen't happens to me... It should be a bug in conjuction with another plugin, and it seems to be the async bug.

    Try this (it's in my original comment):

    If that dosen't work, try disabling the autokick feature.

    You reivented the wheel! I allredy solved this and shared the code.

    This plugin it's unsupported, that means no more official updates. If you want you can continue the develop of this plugin :).

    Are you using commandbook?

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
  12. Offline

    QBcrusher

    no
     
  13. Offline

    _Robert

    Try disabling area protection in the xAuth config, if that dosen't solves it's another plugin fault.
     
  14. Offline

    bobpndrgn

    Hello this plugin looks great but I was wondering if you are able to toggle the following features; make it so that guests can not break blocks, interact with objects, move, pickup items, receive or give damage, or be followed by hostile mobs. That way guests could move around but not grief or pvp.
     
  15. Any can update this plugin?
     
  16. Offline

    SilencShadoW

    I already got and i got errors on playerevent_kick ... ^^ oh god hopefully anyone will update it to the newest and debug it ... :S
     
  17. Offline

    djrazr

    _Robert when are you taking over then? :D You have the source! Fork it!
     
  18. Hi! I just updated this awsome plugin for bukkit 1.1! Saves all enhancements (even on bows or equipped armor!).
    I've got no bugs or problems or errors with it so far.
    http://dev.bukkit.org/server-mods/xauth/ (It's waiting to be approved)
     
    Leemur likes this.
  19. THANKS A LOT :)
     
  20. Offline

    _Robert

    Tell me if you need help in something :). Don't forget to post the source!
     
  21. Offline

    The Wizard

    Please post a download link until staff approve it.
     
  22. I have added Download link to bukkit dev.
     
  23. Offline

    Grifhell

    Perhaps you already know
    http://www.zhyk.ru/forum/showthread.php?t=349652
    sorry for the Russian,but translation will suffice for this

    so,what plug to choose?
    Why does not any plugins for authentication do not update!> <

    Boos, Your plugin broken by this method too : \
     
  24. Thats bug in bukkit... put "spoutplugin" on your server => fixed.
    Set "reverse-enforce-single-session" to false => fixed.
    You have 2 ways to fix it yourself lol.
     
  25. Offline

    Grifhell

    You can detail?
    I never touched the spout ...
     
  26. Just download it, put it to plugins folder. Thats all.
     
  27. Offline

    The Wizard

    Why was xauth deleted from dev bukkit?
     
  28. It was not deleted, just not approved due to bad description.
     
  29. Offline

    telmer6

    Please don't shout! :)
     
  30. Offline

    Grifhell

    ops, sorry))
    This is Google Translater =)

    What about the spout, I do not like the fact that my players will have to also install it on your client.
    This means that those who have no spout or those who do not want to put it, will not be able to see me go. Thus, I will lose players lazy))

    ok
    This is good. But, if I i go to server, and bad boy go too with my nik, when me say "you logged in from another location"...
    But this is better than other plug-ins authorization, thank you.

    in version 1.2.4 no bugs. and not have to change reverse-enforce-single-session

    http://minecraft.pvp.gs/threads/xauth-enchant-fix-cb-1527-rus.867/
    Now, is it necessary? or your version of the plugin does not have this bug?
     
  31. If you have Spout on server, all player can join that with Spoutcraft and that without it. It's not necesary to have Spout on client. Your players DON'T HAVE TO install Spout on client.
     
    Grifhell likes this.
Thread Status:
Not open for further replies.

Share This Page