Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline


    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page:

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel ( #LoveDespite) or toss me a message at Until we meet again, stay gold. Bang.


    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.

    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
  2. Offline


    Anyone else having problems with the linux xAuth Importer? It loads up mediafire, but the link just cycles and I get no download. I've tried it on a couple diff browsers on a couple diff OSes.

    EDIT: The windows download works just fine. I'll try to copy the db over and see if that works.
    EDIT2: The windows version worked, but for some reason it saved the auths.txt file in "C:\Program Files\Mozilla Firefox". lol

    Sorry for double posting. I'm on a roll tonight. :p

    Feature request:
    Option to require that users provide an email address when registering.

    This would allow me to create an auth module for my forums so players automatically have a forum account after registering and would also let me contact them in case of important server news like "OMFG, don't update your client to 1.4 yet!". :p

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
    Last edited by a moderator: May 12, 2016
  3. Offline


    @piousminion: No idea why Mediafire was acting up but that does remind I need to swap those out for Dropbox links. Adding an option to require an email is a good idea and will definitely be included in a future update.
  4. Offline


    Everyone gets this error on registering:
    2011-04-04 00:16:18 [SEVERE] null
    org.bukkit.command.CommandException: Unhandled exception executing command 'register' in plugin xAuth v1.1.6
        at org.bukkit.command.PluginCommand.execute(
        at org.bukkit.command.SimpleCommandMap.dispatch(
        at org.bukkit.craftbukkit.CraftServer.dispatchCommand(
        at net.minecraft.server.NetServerHandler.c(
        at net.minecraft.server.NetServerHandler.a(
        at net.minecraft.server.Packet3Chat.a(SourceFile:24)
        at net.minecraft.server.NetworkManager.a(
        at net.minecraft.server.NetServerHandler.a(
        at net.minecraft.server.NetworkListenThread.a(SourceFile:100)
        at net.minecraft.server.MinecraftServer.h(
    Caused by: java.lang.ClassCastException: java.lang.String cannot be cast to java.lang.Boolean
        at com.cypherx.xauth.Settings.getBool(
        at com.cypherx.xauth.CommandHandler.handlePlayerCommand(
        at com.cypherx.xauth.xAuth.onCommand(
        at org.bukkit.command.PluginCommand.execute(
        ... 12 more
    Bukkit #617, xAuth 1.1.6.
  5. Offline


    Make sure none of the boolean values (true/false) are surrounded by quotes in your config.yml.
  6. Offline


    Ah, removing the ' characters seemed to fix it. Although I haven't changed that value since I installed the plugin, around version 1.0 if I remember correctly...
  7. Offline


    It's caused by a change I made in how the configuration is handled a few updates back. Not sure why it's happening now unless you just updated from a fairly old version.
  8. Offline


    Been updating from 1.0 to every update since. :3
  9. Offline


    /login "123"

    how do you do that you have to log in?

    for if I go out of the game when I log in :O
  10. Offline


  11. Offline


    @swedish2011: ..what?

    @binboum: That doesn't look like an xAuth error.
  12. Offline


    I am French, I tested locally without any other plugins.
  13. Offline


    Yes, but both error messages displayed in the above image don't relate to xAuth in any way. To me it looks like you're just getting disconnected from the server.
  14. Offline

    Josh Harwood

    i want to force people to register, but only if they are member+ i really don't want my guests to be stuck in one point on the spawn :(
  15. Offline


    People can log in with spaces. Please fix.
  16. Offline


    Permission node 'xauth.exclude' added to the next update and will exclude that group/user from having to register.

    Do you mean joining the server with a blank name or with a space character in their name that should be filtered?
  17. Offline


    Nevermind it was blank name. I just registered myself as a blank name so nobody can use it. Thanks :p
  18. Offline


    Ah, alright. There's an option to block blank names in the next update so that will be taken care of in the future.
  19. Offline


    Any chance you can add something like when a player registers it records their ip and doesnt allow them to register again with the same ip, but still lets you login from different ips on that character. Like save a list of ips that registered and dont allow them to register again if you know what i mean
  20. Offline


    Added to my list of things to add, but it most likely won't be implemented until Bukkit fully implements persistence which is when I begin work on xAuth 2.0.
  21. Offline


    Great work, it's awesome that you provided a tool for moving from Anjo's plugin.

    There's one feature that I think is needed: a permissions node for registering.
    I always disable registration for safety but I have to enable it everytime someone new joins the server. And it's enabled for everyone which is not good. I would like to give newcomers the permission to register so that only them can use the /register command. If you could implement that, it would be really cool :)
  22. Offline


    it's good plugin but if you can this bug you will be the best.

    well.. if someone else is trying to join with the same nickname, i get disconect, and he can play with my name, without setting the password.
  23. Offline


    The next update contains a permissions node to exclude specific groups/players from having to register as well as an option to force registration or not.

    After the next update it should now disconnect a player attempting to connect while another player with the same name is online instead of the one already online being disconnected.
    Leemur likes this.
  24. Offline


    That happens whenever I type a command. Even /say test

    ...annnd after a server restart it works fine?? Okay.

    Though, /give and /i no longer work..

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
    Last edited by a moderator: May 12, 2016
  25. Offline


    @Skrip037: I've known about the COMMAND_PREPROCESS issue for a while but haven't been able to recreate it to fix it. Do you remember what happened up until this occurred?

    Alternatively, do any current xAuth users actually add any commands to the allowed-cmds node?
  26. Offline


    Nothing out of the ordinary. Just updated my plugins and bukkit/mc and loaded and this is the result.

    EDIT: I don't know if this is from your mod.
  27. Offline


    That's for the CommandHelper plugin.

    Expect an update by tomorrow (Friday) night.
  28. Offline


    pls a command for ingame making useraccount if Register is closed

    Regards Darky
  29. Offline


    Updated to version 1.2:
    • Version 1.2
      • Passwords are now stored as Whirlpool hashes (existing passwords are converted when a player logs in)
      • Configurable password complexity implemented
      • Option to block players with blank names from connecting
      • Players are no longer disconnected if someone with the same name joins
      • /logout command added
      • New arguments for /toggle
      • Unregistering an online player now notifies them and hides their inventory
      • Added ability to enable/disable IP verification (session.verifyip)
      • Added ability to enable/disable forced registration (registration.force)
      • Added permission node 'xauth.exclude' to exclude a group/player from having to register
      • Configuration node has been changed to password.min-length
      • Configuration node security.filter.* has been changed to filter.*
      • Possible fix for COMMAND_PREPROCESS bug, it'll now output an error message to help debug it
      • All xauth.admin.toggle.* permission nodes have been grouped into xauth.admin.toggle
    If the COMMAND_PREPROCESS error occurs, it'll output a message in the server console that will help me solve the problem and try to auto-correct itself. Please paste the message here if you receive it.
  30. Offline


    My server uses Permissions, what is the node to allow my players to use /register <password> when they try to it nothing happens. Please help.
  31. Offline


    There is no node, everyone should have access to the command regardless unless the plugin is disabled.
Thread Status:
Not open for further replies.

Share This Page