Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline


    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page:

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel ( #LoveDespite) or toss me a message at Until we meet again, stay gold. Bang.


    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.

    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
  2. Offline


    We are experiencing the same issue, waiting for the next update :)
  3. Offline


    Does your in-game name have any type of modification to it like a color or prefix? If so, that's probably the problem (see Iqualfragile's post on the previous page). If you can, send me a PM (or start a conversation, as it's called on XenForo) containing your servers auths.txt and I'll confirm it. This issue will be fixed in an update coming out later today.
  4. Offline


    I know it may seems weird, but is there a way to change the words that show up when you connect to the server?
    Cause I'm part of the moderator on a French server, and it seems like many of the younger players do not understand a word of English, and were left incapable to register themselves in the database. Even when we explain them, and while they seem to understand on the forum, once connected they forget everything and start whining... and it's annoying, seriously.

    If we could know how to translate it, it would save us a lot of time and spare our keyboards.
    At least, do it for the keyboards... We're hurting them way more than they deserve right now...
  5. Offline


    I'm planning to make most if not all player messages configurable in an update coming in the near future.
    Zwein likes this.
  6. Offline


    Thank you, maybe it's not now, but at least it's coming. Thanks for answering so fast.
  7. Offline


    Updated to version 1.1.2:
    • Version 1.1.2
      • Permissions support, nodes are listed in the first post
      • xAuth will disable itself if the server is running in online-mode
      • /remove has been changed to /unregister
      • /changepw (to change anyone's password) and /unregister can now be used in-game
      • Name bug pointed out in this post should be fixed
      • Configuration node 'misc.allow-change-pw' has been changed to 'misc.allow-changepw'. This *should* be updated automatically in your config.yml.
  8. Updated successfully from 1.1.1 to 1.1.2:
    • Permissions support works perfectly
    • Since I'm running an offline server it works anyway
    • /unregister works perfectly
    • /changepw works perfectly
    • Never happen to have this bug earlier -name color bug- (no occasions)
    • Configuration node successfully changed
    In other words, thank you very much for this perfect update :)
  9. Offline


    Any chance at a OP-only command to toggle registration on/off? If you had this I'd switch in an instant.
  10. Offline


    I'll add this to my todo list and have it ready for the next update most likely coming out on Wednesday.
    TPMJB likes this.
  11. Offline


    Thanks, most appreciated
  12. Offline


    Simply me being stupid downloading the wrong .jar, thanks for an great plugin :)

    ------- IGNORE-------
    The plugins has an error.
    Easily fixable I think or atleast what I get from it is that it's missing the .yml file.
    Btw I'm using the newest recommended. (this is posted 22.3.11)

    [SEVERE] Could not load plugins/xAuthImporter.jar in plugins: null
            at org.bukkit.plugin.SimplePluginManager.loadPlugin(
            at org.bukkit.plugin.SimplePluginManager.loadPlugins(
            at org.bukkit.craftbukkit.CraftServer.loadPlugins(
            at net.minecraft.server.MinecraftServer.e(
            at net.minecraft.server.MinecraftServer.a(
            at net.minecraft.server.MinecraftServer.d(
    Caused by: Jar does not contain plugin.yml
            ... 9 more
  13. Offline


    xAuth Importer isn't the actual plugin, it's used to convert the database used by AnjoSecurity to the format used by xAuth. The download for xAuth is at the top of the first post.
  14. Offline


    erm all my items are gone when i log in
  15. Offline


    Before using /login or after?
  16. Offline

    Boon Pek

    It'd be nice, if we could customise the messages and et cetera. The current config, to be honest, looks very... bland. :(
  17. Offline


    Configurable messages are going to be implemented in either the next update (tonight) if I have enough time to add & test them or the next update after that.
  18. Offline


    I was running anjosecurity earlier, and I'd like to import all my accounts. However using the xAuth importer I get this:

    15:31:29 [SEVERE] Could not load plugins/xAuthImporter.jar in plugins: null
            at org.bukkit.plugin.SimplePluginManager.loadPlugin(
            at org.bukkit.plugin.SimplePluginManager.loadPlugins(
            at org.bukkit.craftbukkit.CraftServer.loadPlugins(
            at net.minecraft.server.MinecraftServer.e(
            at net.minecraft.server.MinecraftServer.a(
            at net.minecraft.server.MinecraftServer.d(
    Caused by: Jar does not contain plugin.yml
    Running 556. Could you explain how to use this plugin/what CB it was tested on? I mean, I probably only have to run it once, so I can just revert to that CB, then delete the converter and update.
  19. Offline


    @TPMJB: xAuth Importer is a standalone application not a plugin, you just run it like a normal program. I just probably clarify that in it's description.
  20. Offline

    Josh Harwood

    anyway to have a permissions node for guests to the server that can't do jack all anyway, to not have to register? but when you have a permission's node eg member and above, you have to register and login
     - authx.guest
     - authx.require.registration
    if it had thi i would be using it now.
  21. Offline


    Updated to version 1.1.3:

    • Version 1.1.3
      • /toggle command added with 3 new permission nodes
      • Fixed bug where accounts were wiped under rare conditions
      • /changepw now checks if the new password meets the pw-min-length config value
      • Configuration node has been changed to misc.autosave. Your config.yml should automatically update
      • Linux version of xAuthImporter has been added.
    Next update will include configurable messages, I just need to figure out the best way to handle them.

    @Josh Harwood: I'll see what I can do about implementing that or something like it.
  22. Offline


    EDIT: Sorry Turns out I was running my server online. Sorry for the inconvenience ^^;

    When I register myself to Authx, I get a message saying "An internal error occured while attempting to perform this command."

    I'm currently running CraftBukkit build 440. Is it the time to update my CraftBukkit build?

    Server Error:
    2011-03-23 21:44:09 [SEVERE] null
    org.bukkit.command.CommandException: Unhandled exception executing command 'register' in plugin xAuth v1.1.2
            at org.bukkit.command.PluginCommand.execute(
            at org.bukkit.command.SimpleCommandMap.dispatch(
            at org.bukkit.craftbukkit.CraftServer.dispatchCommand(
            at net.minecraft.server.NetServerHandler.c(
            at net.minecraft.server.NetServerHandler.a(
            at net.minecraft.server.Packet3Chat.a(SourceFile:24)
            at net.minecraft.server.NetworkManager.a(SourceFile:230)
            at net.minecraft.server.NetServerHandler.a(
            at net.minecraft.server.NetworkListenThread.a(SourceFile:100)
            at net.minecraft.server.MinecraftServer.h(
    Caused by: java.lang.NullPointerException
            at com.cypherx.xauth.CommandHandler.handlePlayerCommand(
            at com.cypherx.xauth.xAuth.onCommand(
            at org.bukkit.command.PluginCommand.execute(
            ... 12 more
  23. Offline


  24. Offline


    There have been reports from my players about loosing their inventory (with the latest version of xAuth installed)
  25. Offline


    Hi CypherX!

    This plugin is great.
    I have just now finished a php-script which makes the users able to log in and/or reset their password from our website just in case they forget it.

    My question is therefore: How often do it reload the auth.txt file? Or will it just overwrite it?
    Thanks! :)
  26. Offline


    The inventory saving/restoring code hasn't been touched in the last two updates. I just tested every scenario I could think of that would cause a player to lose their inventory but it was restored properly every time. If possible, could you provide more information such as what the players were doing, what (if anything) was done to the server at the time, and anything else that may be relevant.

    The auths file is never actually reloaded while the server is running. If misc.autosave is set to true in the configuration then it's updated after every registration, password change, and removal of an account and it's saved & reloaded when /reload or /authreload is used.
  27. Offline


    I just did some testing and my inventory disappeared after i did the following:
    1. Connecting to the server
    2. Disconnecting without authenticating
    3. Reconnecting & logging in
  28. Offline


    What build of CraftBukkit are you using? I tried that on 440 and didn't lose my inventory.

    I've tested it on your server twice now. The first time I joined and registered then left and waited for my session to expire. When I rejoined I left without authenticating then rejoined again, logged in and my inventory was indeed gone. The second time I did the same (without registering) but my inventory was restored perfectly.

    Honestly I have no idea why this happening to you. I've tested it on my server with the same CraftBukkit build and xAuth version and my inventory is restored fine every time. I doubt it has anything to do with it but could you paste the content of your servers config.yml? Also, did you use AnjoSecurity or Authorize before switching to xAuth?

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
    Last edited by a moderator: May 12, 2016
  29. Offline


    Heres my config.yml
        timeout: 3600
        limit: 5
        enabled: true
        pw-min-length: 3
        allow-changepw: true
        - /register
        - /login
        autosave: true
    I used Authorize and AnjoSecurity before but i didn't import the logins from them.
    06:30:39 [INFO] Plugins: Permissions, xAuth, MultiInv, WorldEdit, EssentialsSpawn, AutoRepair, LWC, Essentials, BigBrother, WorldGuard, GroupManager
    My guess would be that MultiInv and xAuth aren't playing well together...
  30. Offline


    Good guess there, that does seem to be the problem. I'll try to find a solution for the next update.
  31. Offline


    i think i am running on bukkit 544 i think tell me how to check and how i get the inv lost:1.register and log in normally for a while
    3.disconnect and turn off server
    4.log in and ta-da items lost
Thread Status:
Not open for further replies.

Share This Page