Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline


    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page:

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel ( #LoveDespite) or toss me a message at Until we meet again, stay gold. Bang.


    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.

    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
  2. Offline


    Is there any possibility to set one teleport location for all worlds? (I've running bukkit #860 with multiple worlds...)
    I couldn't find any command or setting to do this.
    If this is not possible, maybe it will be a good idea for next and futured releases. :)
  3. Offline


    Thanks for this Plugin, Just cool and easily !
    I have juste a problem, sometimes, when a player join my server, he type "/login [Password]" but when he is login, he is going under the floor and he is died. Bug ?

    Sorry for my bad english, i'm french...
  4. Offline


    just tested xAuth 2.0 beta2:

    - if user is forced to register with email-adress xauth says "register with /register password". If you try to register than xauth say "/register password ". It would be better to say that just at logging in if e-mail-adress feauture is enable.
    - how can I activate accounts?
    - how to use web registrations?
    - how to change the config file via command? Tried /xauth conf [registration:enabled/registration.enabled/registration-enabled/registration enabled/registration: enabled/enabled] false but nothing worked.
  5. Offline


    Do you mean a single location in one world that everyone, even those in other worlds, will be teleported to? Or do you want to set the location in one world and all worlds inherit those coordinates?

    What version of xAuth are you using?

    - You can change what all messages say in the messages.yml file. The default ones are all based off of the default settings.
    - Account activation is primarily for web registrations that require a player to activate their account before they can log in.
    - You would have to create a registration form using a web development language such as PHP that would insert the account information into the MySQL database.
    - Whoops, completely forgot to explain how that works. It accepts field names from the xAuthSettings class as the setting to change. I'll put up a list on the wiki in a bit. If you wanted to disable registration, then you would execute:
    /xauth conf regEnabled false
  6. Offline


    Hey, i have problem. I installed CommandPermissions and now when I and my friends try to log in it says you don't have permission to do that. Help plz
  7. Offline


    I use xauth v1.2.5, but i download the last versions.
  8. Offline


    Where is the option to not spawn at your spawn when you need to login?
  9. Offline


  10. Offline


    Getting this error after installing xAuth Beta 2 (Only when you join and need to use the /login command).

    Show Spoiler

    2011-06-22 10:52:26 [INFO] MiracleM4n [/] logged in with entity id 198200 at ([D3GN] 163.8315966795175, 64.0, -1240.5243798449142)
    2011-06-22 10:52:27 [SEVERE] java.lang.StringIndexOutOfBoundsException: String index out of range: -1
    2011-06-22 10:52:27 [SEVERE] at java.lang.String.substring(Unknown Source)
    2011-06-22 10:52:27 [SEVERE] at java.lang.String.substring(Unknown Source)
    2011-06-22 10:52:27 [SEVERE] at com.sk89q.worldedit.WorldEdit.handleCommand(
    2011-06-22 10:52:27 [SEVERE] at com.sk89q.worldedit.bukkit.WorldEditPlayerListener.onPlayerCommandPreprocess(
    2011-06-22 10:52:27 [SEVERE] at$5.execute(
    2011-06-22 10:52:27 [SEVERE] at org.bukkit.plugin.RegisteredListener.callEvent(
    2011-06-22 10:52:27 [SEVERE] at org.bukkit.plugin.SimplePluginManager.callEvent(
    2011-06-22 10:52:27 [SEVERE] at net.minecraft.server.NetServerHandler.handleCommand(
    2011-06-22 10:52:27 [SEVERE] at
    2011-06-22 10:52:27 [SEVERE] at net.minecraft.server.NetServerHandler.a(
    2011-06-22 10:52:27 [SEVERE] at net.minecraft.server.Packet3Chat.a(
    2011-06-22 10:52:27 [SEVERE] at net.minecraft.server.NetworkManager.b(
    2011-06-22 10:52:27 [SEVERE] at net.minecraft.server.NetLoginHandler.a(
    2011-06-22 10:52:27 [SEVERE] at net.minecraft.server.NetworkListenThread.a(SourceFile:91)
    2011-06-22 10:52:27 [SEVERE] at net.minecraft.server.MinecraftServer.h(
    2011-06-22 10:52:27 [SEVERE] at
    2011-06-22 10:52:27 [SEVERE] at
    2011-06-22 10:54:20 [INFO] [xAuth] MiracleM4n has logged in

    It seems to be a conflict with WorldEdit, Dont know if its a problem in xAuth or WorldEdit. This also only happens for OPs any further logins after "Logging in" using this plugin do not spam error. (Must be something to do with "logging in" as OP conflicting with something in WE).

    EDIT: It is now happening randomly with everyone.
  11. Offline


    Yea, I've got the same issue as you miracle things load fine, im using H2 and it loads fine.

    However if anyone join's who is not already registered this shows in chat on their screen "java.lang.StringIndexOutOfBoundsException: String index out of range: -1"

    Doesnt seem to be a huge error since they can still register etc.

    1 other thing I'm struggling with is logging in... how can I force login after a restart? Cant seem to find the setting...

    00:08:16 [INFO] [xAuth] 'Permission' support enabled
    00:08:16 [WARNING] [xAuth] 'Help' isn't detected. No /help support
    00:08:16 [INFO] [xAuth] Connection to H2 database established!
    00:08:16 [INFO] [xAuth] Accounts: 1, Sessions: 1
    00:08:16 [INFO] [xAuth] v2.0b2 Enabled! R.I.P. Ryan Dunn
    00:08:16 [INFO] Done (0.149s)! For help, type "help" or "?"
    00:08:24 [INFO] Creating empty config: C:\Users\Billy\Desktop\MC Server\plugins\
    00:08:24 [INFO] HaGGard9999 [/] logged in with entity id 35 at ([
     LOTL] 211.5, 67.62000000476837, 10.5)
    00:08:24 [INFO] [SpawnControl] Sending new player HaGGard9999 to global spawn.
    00:08:25 [SEVERE] java.lang.StringIndexOutOfBoundsException: String index out of
     range: -1
    00:08:25 [SEVERE]       at java.lang.String.substring(Unknown Source)
    00:08:25 [SEVERE]       at java.lang.String.substring(Unknown Source)
    00:08:25 [SEVERE]       at com.sk89q.worldedit.WorldEdit.handleCommand(WorldEdit
    00:08:25 [SEVERE]       at com.sk89q.worldedit.bukkit.WorldEditPlayerListener.on
    00:08:25 [SEVERE]       at$5.execute(Jav
    00:08:25 [SEVERE]       at org.bukkit.plugin.RegisteredListener.callEvent(Regist
    00:08:25 [SEVERE]       at org.bukkit.plugin.SimplePluginManager.callEvent(Simpl
    00:08:25 [SEVERE]       at net.minecraft.server.NetServerHandler.handleCommand(N
    00:08:25 [SEVERE]       at
    00:08:25 [SEVERE]       at net.minecraft.server.NetServerHandler.a(NetServerHand
    00:08:25 [SEVERE]       at net.minecraft.server.Packet3Chat.a(
    00:08:25 [SEVERE]       at net.minecraft.server.NetworkManager.b(NetworkManager.
    00:08:25 [SEVERE]       at net.minecraft.server.NetServerHandler.a(NetServerHand
    00:08:25 [SEVERE]       at net.minecraft.server.NetworkListenThread.a(SourceFile
    00:08:25 [SEVERE]       at net.minecraft.server.MinecraftServer.h(MinecraftServe
    00:08:25 [SEVERE]       at
    00:08:25 [SEVERE]       at
  12. Offline


    Players are teleported to either their current worlds spawn location or one set with /xauth location set by default.

    Looks like the session table is missing the accountid column. Check and see if it's there.

    Found what was causing the StringIndexOutOfBoundsException error and it'll be fixed in Beta 3. (WorldEdit doesn't like blank commands)

    @HaGGard - If I read that correctly, you want to disable persistent sessions through server restarts? Currently there's no option but it can be added.
  13. Offline


    I think i figure out the problem. for some reason it doesnt detect the permission plugin
    2011-06-23 11:28:55 [INFO] [xAuth] Loading player accounts..
    2011-06-23 11:28:55 [INFO] [xAuth] Done! Loaded 34 Accounts!
    2011-06-23 11:28:55 [INFO] [xAuth] Permissions plugin not detected, defaulting to ops.txt
    2011-06-23 11:28:55 [INFO] [xAuth] v1.2.5 Enabled!
  14. Offline


    xAuth uses Permissions, not CommandPermissions.
  15. Offline


    it doesnt ask password when i disconnect and come back only when i use command /logout it ask password when i login... Some help?
  16. Offline


    There's this thing called sessions. It's a feature.
  17. Offline


    "It's not a bug, it's a feature" :)

    Tested your version 2.0 beta 2 some more time and I would say: great :) Thanks for this great update!
  18. Offline


    I have in table 'sessions' this:
    • id int(11)
    • player varchar(255)
    • chest int(11)
    Update: Heh... I read source code. In i found answer. This table use LWC plugin by default. I change name session table and all good work! xAuth 2.0 the best! ^^
  19. Offline


    Basically but nevermind, not an issue anymore I've just changed the session time to a lower setting. I thought it was a bug at first, but it's a feature.

    Its actually a cool feature, I assume based on the config file that if your ip is different when you connect to the server you will need to relog no matter if your session is ended or not.

    I'll be waiting for the beta 3 :)
  20. Offline


    @CypherX when abouts will Beta 3 be out? (xAuth 2 is awesome BTW keep up the great work).
  21. Offline


    This was exactly what I wanted !
  22. Offline


    Friday night at the latest.
  23. Offline

    The Wizard

    In messages.yml I see only a notice for min lenght: '{RED}Your password must be at least {PWMINLENGTH} characters long!'
    Please add messages for complexity: Your password must contain numbers, etc.
  24. Offline


    @CypherX if you ever want a beta/dev tester for this plugin, I will be more than happy to test anything you throw at me.

    @CypherX Another glitch I have found is that if you use the command /logout in-game you glitch back and forth between spawn and the place you were at. Using /login *PASS* afterwards doesnt register (Logs saying they have authenticated.) and keeps glitching back and forth. I then logout and the server doesnt recognize me logging out it than keeps kicking me saying that I am still online. Only way to fix this is to kick the ghost player of myself using console.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
    Last edited by a moderator: May 12, 2016
  25. Offline


    You can edit the message yourself to match your server requirements.

    Only happens on the latest recommended build, correct?
  26. Offline


    can u add a value in config file where i can write a constum table names ?
    example : playername => username
    so i can link xAuth with forum :)
  27. Offline


    Happened since I started using it just didnt report it.
  28. Offline


    What CraftBukkit build were you using when it started?
  29. Offline


    Ill take a look

    EDIT: It is what ever build came out the day Beta2 came out. Had to have been 900 something.
  30. Offline


    Ah, that's why. Build #888 changed how the PlayerMoveEvent was handled causing the bug. It'll be fixed in Beta 3.
  31. Offline


    K thanks for everything.
Thread Status:
Not open for further replies.

Share This Page