[INACTIVE][SEC] AnjoSecurity v1.6c - Offline-Mode User Registration [440-531+]

Discussion in 'Inactive/Unsupported Plugins' started by AnjoCaido, Feb 15, 2011.

  1. Offline

    AnjoCaido

    AnjoSecurity - Offline-Mode User Registration System
    Version: v1.6c

    This version it's just a minor update to make it work with newer CB and GM. When GM gets it's final version I'll start working on future plans for this.

    ---

    This plugin uses GroupManager plugin(optional, but recommended if you want to block commands):
    http://forums.bukkit.org/threads/ad...0-7-because-permissions-is-past-326-353.4723/
    With this you can block all commands of plugins that uses Permissions plugin.

    This plugin is to help people prevent griefing and abusing while your server is in offline-mode. When mineceraft server is down you have no choice than setting up offline-mode. When this option is enabled anyone can connect within your server with their desired username, it brings up the problem that someone can connect with administrator name and abuse with all his loot and commands. This plugin will set up user registration with a custom password for your server, and only the person with that password will be able to use that username.

    Did I say it is open-source? You can get it on GitHub and modify as you want.

    Features:
    • Prevents registered users to do anything while not logged in.
    • (toggle-able)Prevents non-registered users to do actions(move,destroy,etc).
    • (toggle-able)Prevents non-registered users to do summon commands.
    • (toggle-able)Remove all loot of non-registered users when joining the server(and tp to spawn).
    • (toggle-able)Registration system. You can deactivate registrations anytime.
    • Every user can remove their registration, so they can register with other password.
    • Users listed on settings.properties, while logged in, can remove any user registration.
    • (configurable) Session time. You can set the session duration, so if a user drops connection a lot, he would not need to /login again.(default 30 minutes)
    • Interacts with GroupManager permission plugin(the one replacing Nijikokun's Permissions plugin, yet fully compatible) to prevent running registered commands.
    • ALLOW List. You can allow certain users to register, even if registration is deactivated.
    Commands (all of them speech for themselves):
    • /register <password> - it registers with the given password
    • /login <password> - it tries to login with the given password
    • /reset <password> - if the password is correct, remove registration
    • /adminreset <username> - remove the registration of the given username
    • /toggleregistration - (yes it is long, in purpose) - toggle registration mode ON/OFF.
    • /adminallow <username> - allow user to register even if registration is deactivated.
    Changelog:
    Version 1.6c
    • Made it work with newer CB builds.
    • Made it work with GroupManager 1.0 alpha
    Version 1.6b
    • Made it work with newer GM builds.
    Version 1.6
    • Fixed a nasty bug.
    Version 1.5
    • Fixed die-menu-respawn item duping(I think).
    Version 1.4
    • Compatible with the latest bukkit builds(#353)
    Version 1.3b
    • Removed some debugging messages.
    Version 1.3
    • Fixed small bugs. (I think all exceptions reported by now are fixed)
    • Added allow list.
    Version 1.2
    • Fixed small bugs
    • Improved how God Mode works(now it's verly like the God Mode plugin)
    • Added a God Mode timout after login of 5 seconds, to prevent die of falling on the ground.
    • Added a command to toggle registrations on/off.
    Version 1.1
    • Prevent non-logged-in users to lose health(and die).
    Version 1.0
    • First fully working release.
    Future plans:
    • (done!) Create a toggle command that opens and closes registration
    • Store users activities, such as typing wrong passwords and such(to catch hackers)
    Download:
    Version 1.6c (to use with GroupManager 1.0 or higher):
    http://www.mdn.fm/files/272681_rqyw0/AnjoSecurity-1.6c.zip

    Version 1.6b (to use with GroupManager 0.99b or lower):
    http://www.mdn.fm/files/271609_dvt1f/AnjoSecurity-1.6b.zip

    Source:
    https://github.com/gmcouto/AnjoSecurity

    Flat-file Authentication importer(import auth db from older plugins):
    http://www.mdn.fm/files/261879_yjodh/uber-AnjoSecurityImporter-1.0-SNAPSHOT.jar
    It is destinated for the following format(plugins that used MineSecurity format, from hMod):
    username:md5passhash

    Just double click on the jar(or run via terminal with java -jar), select the old flat-file... it will generate a AnjoSecurityDB.db file, which you put on your server folder. If you want to merge the old file with the new database, just put the jar on the same folder of the AnjoSecurityDB.db...


    ===============================
    Everyone with an Off-Line server might like the NameChecker plugin I made, it super simple. It only filters huge names (> 20 chars), short names(<3 chars), and invalid characters in names(only letters, numbers, and underscores allowed).
    It kicks the player and shows him the reason of why his name is invalid. It even has a configurable file for you to put forbidden names to join the server(like Player, or Scruffy_Puppy)
    http://www.mdn.fm/files/273443_hynys/NameChecker-0.1-SNAPSHOT.jar
     
    xcession, FlingeR and methos like this.
  2. Offline

    Brennan Mathers

    I dont think you understand, in offline mode, people can log in as the name of an admin, therfore, all plugins that look at names will see that the hacker is an admin thus PERMISSIONS GRANTED dun dun dun! Group manager is similar (but with commands and temorary permissions) to Permissions 2.1 (so its not needed if you have permissions 2.1). I do have it set up right (it even has groups in it) because people under other names are excluded normally. Ops do not bypass anything, they only get special permissions to give, tp, edit spawn, ect.

    Fortunately the hacker cant move if you have a password set. but that doesnt mean they cant issue a command to /stop, /mvcreate, //sphere bedrock 1000, ect (even add people to groups)

    Until a plugin comes that bans ips of impersonators or this one is changed to change permissions of all players to nothing until login, this plugin is not safe and secure.
     
  3. Offline

    Androw

    @Brennan Mathers
    I have check, with my build, the only commands that can be issued by an admin NOT logged in is commands from plugins that doesn't check permissions in Permissions or Groupmanager, just in ops.txt.
    So just remove everyone from ops.txt and you wouldn't have any problems.
     
  4. Offline

    AnjoCaido

    Now it works with newer GM.


    Please, if you have a public offline server, never ever put anyone on OP list. Use GroupManager to limit users permissions.
    That's my recommendation to you.
    It's only my opinion, tough.
     
  5. Offline

    vinzenco

    THANK YOU SOOOOOOO MUCH [​IMG]

    I searching 3 Weeks for a functionaly Auth plugin with no errors !
    I cant updating my Server but yet i can !!! thanks [​IMG]

    Edit

    Error :(
     
    anon likes this.
  6. Offline

    AnjoCaido

    Yeah, newer bukkits deprecated that. It was only a small update.

    Those things will be updated only when I get GM 1.0 done. Then I'll do all the updates I plan for AnjoSecurity to stay up-to-date with CB plus some new features.
     
  7. Offline

    anon

    use cb 332 or 440, its the recomended build, u must use it, not the unrecomended ones.
     
  8. Offline

    vinzenco

    ok, i do that ... thanks for helping =)
     
  9. Offline

    Androw

    @AnjoCaido
    Can you submit your changes to your github ?
    I have send you a fix for PLAYER_COMMAND on it

    Thanks for this plugin
     
  10. Offline

    AnjoCaido

    Thank you.
    But still I already know the fix... just need to register the commands in plugin.yml and use the onCommand... at least it is the most elegant way.

    I submited the changes now.
     
  11. Offline

    Androw

    Thanks :)
     
  12. Offline

    CzarRazc

    17:48:44 [GRAVE] PLAYER_COMMAND loading AnjoSecurity v1.6 (Is it up to date?)
    java.lang.NoSuchFieldError: PLAYER_COMMAND
    at org.anjocaido.anjosecurity.AnjoSecurity.onEnable(AnjoSecurity.java:11
    1)
    at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:118)
    at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
    .java:414)
    at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
    r.java:187)
    at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:83)
    at org.bukkit.craftbukkit.CraftServer.loadPlugins(CraftServer.java:61)
    at net.minecraft.server.MinecraftServer.e(MinecraftServer.java:204)
    at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:191)
    at net.minecraft.server.MinecraftServer.d(MinecraftServer.java:131)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:246)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:366)

    I got this error. Players dont /login dont /register, its like there is no plugin at all.
     
  13. Offline

    GameFAQsRolo

    I do understand and my original response still stands with the additional exception androw pointed out about plugins that don't use Permissions or GM (are there still plugins that don't use permissions/GM?). If your players are using admin commands while being on an admin name that is not logged in then:
    1. Your admin names are on ops.txt, remove them
    2. Your permissions are not set properly
    3. The plugin with the commands they are using does not use permissions or GM or is not hooked properly
    4. You are using a bugged CB build that makes everyone an OP regardless of being on ops.txt

    *EDIT*
    ... and of course you should be using the recommended CB build which is #440 at the time of this post.
     
  14. Offline

    CzarRazc

    ok, i was using the last CB, i downgraded to CB 440 and now everything works fine.
     
  15. Offline

    The24man

    I get these two errpr messages, but everthing works fine.
    Code:
    2011-02-28 16:51:18 [SEVERE] Could not pass event PLAYER_JOIN to AnjoSecurity
    java.lang.NoSuchMethodError: org.anjocaido.groupmanager.GroupManager.getData()Lorg/anjocaido/groupmanager/dataholder/DataHolder;
        at org.anjocaido.anjosecurity.PermissionsDealer.markAsNotRegistered(PermissionsDealer.java:52)
        at org.anjocaido.anjosecurity.AnjoSecurity.handlePlayerJoin(AnjoSecurity.java:234)
        at org.anjocaido.anjosecurity.AnjoSecurityPlayerListener.onPlayerJoin(AnjoSecurityPlayerListener.java:31)
        at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:130)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:59)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:225)
        at net.minecraft.server.ServerConfigurationManager.a(ServerConfigurationManager.java:98)
        at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:87)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:68)
        at net.minecraft.server.Packet1Login.a(SourceFile:46)
        at net.minecraft.server.NetworkManager.a(SourceFile:230)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:34)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:87)
        at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:357)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:272)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:366)
    
    2011-02-28 16:51:38 [SEVERE] Could not pass event PLAYER_COMMAND to AnjoSecurity
    java.lang.NoSuchMethodError: org.anjocaido.groupmanager.GroupManager.getOverloadedClassData()Lorg/anjocaido/groupmanager/dataholder/OverloadedDataHolder;
        at org.anjocaido.anjosecurity.PermissionsDealer.restorePermissions(PermissionsDealer.java:67)
        at org.anjocaido.anjosecurity.AnjoSecurity.handleCommandsWhileGuestMode(AnjoSecurity.java:369)
        at org.anjocaido.anjosecurity.AnjoSecurity.handleCommand(AnjoSecurity.java:264)
        at org.anjocaido.anjosecurity.AnjoSecurityPlayerListener.onPlayerCommand(AnjoSecurityPlayerListener.java:68)
        at org.bukkit.plugin.java.JavaPluginLoader$5.execute(JavaPluginLoader.java:150)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:59)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:225)
        at net.minecraft.server.NetServerHandler.c(NetServerHandler.java:662)
        at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:612)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:606)
        at net.minecraft.server.Packet3Chat.a(SourceFile:24)
        at net.minecraft.server.NetworkManager.a(SourceFile:230)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:75)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:100)
        at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:357)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:272)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:366)
     
  16. Offline

    AnjoCaido

    Update your GroupManager
     
  17. Offline

    Soul Reaper

    player command error seems to still be an issue
     
  18. Offline

    GregRUS

    OK! Ive got a serious problem with your plugin!
    When someone dies and press title menu, not respawn. Then connects back to the server - server freezes... mean I've got many player isn't in chunk errors.. and this errors just freeze server for hours...
    Tried to disable all other plugins... but I've got the same!
    When I disabling AnjoSecurity - everything is OK.
    Tried on AnjoSecurity 1.6, 1.6b
    Craftbukkit version git-Bukkit-0.0.0-458-g557f3d2-b441jnks (MC: 1.3)
    Also tried on craftbukkit #439

    Show Spoiler

    2011-03-01 02:04:53 [SEVERE] java.lang.IllegalStateException: Failed to remove player. net.minecraft.server.EntityPlayer@360 isn't in chunk 5, 8
    2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.PlayerInstance.b(PlayerInstance.java:49)
    2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.PlayerManager.b(PlayerManager.java:101)
    2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.ServerConfigurationManager.c(ServerConfigurationManager.java:113)
    2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:556)
    2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.NetworkManager.a(SourceFile:234)
    2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:70)
    2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.NetworkListenThread.a(SourceFile:100)
    2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:338)
    2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:253)
    2011-03-01 02:04:53 [SEVERE] at net.minecraft.server.ThreadServerApplication.run(SourceFile:366)
     
  19. Offline

    Cubox

    Hello, thank you very much for updating this :)

    But I'm getting the same errors as CzarRazc:

    I'm running CB b473, GM 0.99d and AnjoSecurity 1.6b, and some other plugins like CraftBook, Essentials, and WG, WE.
    Do you have any idea what went wrong?

    Thanks :)

    Edit: I went back to CB439 and everything works perfect, thanks.
     
  20. Offline

    The24man

    Thanks! Working perfect now. :)
     
  21. Offline

    Brennan Mathers

    First: HURRAY i cant use commands when not logged in! Drinks all around!

    Second:
    I have a suggestion that would be perfect for this!
    Could you have the plugin sense if Minecraft.net is down and change the server to offline mode and enable login and registration? (also sense when Minecraft.net is up and ok to move to online mode and turn login and registration off)

    Third: is it posible to have the abilities of an op without being an op, because i have my permissions of me set to '*' and im not sure how to go any higher...
     
  22. Offline

    jwideman

    This could be done by periodically polling minecraft.net. The problem is that when it's unstable (which it often is), it can be down one minute and up the next. If the plugin polls it and it's up, and then someone connects while it is down but hasn't been polled again, the plugin will incorrectly believe they've already been authenticated and assume they are whoever they say they are.
     
  23. Offline

    GermanyMember

    This plugin not block WorldGuard and WolrdEdit commends.
    cractbukkit 448, groupmanager 0.99d, anjo 1.6b
     
  24. Offline

    jwideman

    You need the fake permissions wrapper too.
     
  25. Offline

    GermanyMember

    I have fake permissions in the folder plugins.
    something more must be done?
     
  26. Offline

    jwideman

    Check your log - are WG and WE detecting Permissions?
     
  27. Offline

    GermanyMember

    Yes
    17:46:06 [INFO] WorldEdit: Permissions plugin detected! Using Permissions plugin
    for permissions.
    17:46:07 [INFO] WorldGuard: Permissions plugin detected! Using Permissions plugi
    n for permissions.
     
  28. Offline

    morikubo

    Same here,

    I replaced GM with new version, after that all commands were blocked,
    but after restart they are not again!
    How could it be?
     
  29. Offline

    jwideman

    By any chance, do you have any entries in ops.txt?
     
  30. Offline

    SpAxX

    So, where do i get CB440?
    I got CB473 and it aint working with it.
     
  31. Offline

    jwideman

    This link always points to the latest recommended build.
     
    SpAxX likes this.

Share This Page