Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
Download v2.0.10

lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

------------------------------------------------------------------​

xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.

Video Tutorial | Commands & Permissions | Configuration | Messages | Translations | Source | Donate!​

Features

• Before registering/logging in, players cannot:
  • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
  • Break or place blocks
  • Receive or give damage, be targeted (followed) by hostile mobs
• Inventory and location protection
• In-depth setting and message configuration
• Persistent login sessions through server restarts
• Player name filter and password complexity configuration
• Kick non-logged in (but registered) players after a configurable amount of time
• Bukkit Permissions support
• Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
• Custom, highly secure password hashing
• H2 and MySQL support
• Authentication over URL (AuthURL) allows for connection to forum or website databases

Changelog (click for full changelog)

• Version 2.0.10
  • [Fixed] Exploit to completely bypass login system.
  • [Fixed] xAuth commands not working with Rcon
  • [Fixed] Exploiting login system to avoid fire & drowning damage.
  • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
  • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
  • [Fixed] Exploiting location protection after dieing to return to the spot of death.
• Version 2.0.9
  • Added several reverse single session configuration options.
  • Fixed registration.forced: false not working.
  • Updated version check and H2 download links.

xAuth Importer
xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.

 

Are you people blind?

[SEC] xAuth v2.0 (Under [Re-]Development) - Offline-mode Authentication [xxxx - xxxx]

 

I don't see what that has to do with my bug. I didn't just download it this morning, it's been on for 2 weeks and was working fine until last night. So maybe someone around here's got an idea what's wrong and can help me out with 2 words.

 

I don't know if this is caused from this plugin, but I get this error:

And everytime after this error, nobody can't log in my server.
Then I have to stop it and start it again.

So, can you tell me if this error is caused from this plugin?

 

MissPicket
That error is actually just a warning by NoLagg.
More information: http://dev.bukkit.org/server-mods/nolagg/pages/synchronized-code-access-nolagg/
_Robert posted a fix here. You will need the xAuth Sync version.

Oh, and sorry if I sounded rude, didn't mean to.

 

Is there is working version without that bug with OP command? :\

 

So I heard you like customization.

Not unless someone put out a fixed copy during my absence.

 

Thanks a lot Pinguin

I'm not too sure what I'm supposed to do - should I edit my h2 as well (it sounds like it's only for people with the enchantment issue?).

I installed xAuth Sync and deleted the old xAuth.jar , but it didn't work, the server got confused and kept asking me to log in while telling me it was already done. So I tried having them both running at the same time, but the sync error is still happening, so obviously that's not it either.

I'm sorry for the confusion, there's no instructions at all and I'm wondering what I should do. Any thoughts would be very much appreciated

^^

 

No. Using

Code:

    reverse-enforce-single-session: false

is a workaround for this issue though.

MissPicket Just follow the instructions by _Robert and rename the file to xAuth.jar

 

thx for the updated plugin man, it works well, i was wondering how this one server was using this plugin up with minecraft 1.0 to 1.1. PinguinAman, maybe CypherX would add this plugin to his description.



(if u do decide to download xAuth Sync, rename it to xAuth and run your server)

 

when i install it it's red and not worrking...i relly liked this plugin on my 1.7.3 server..then i had a lil break of MC and then came back when 1.0.0 was released... but now, when getting it for 1.1, its broken no errers in console...

 

Well.. am still using this in 1.1 with phpBB and it still works as expected
Pretty solid work thought, Hope that the new version will be published on mc 1.2 publication.

 

Once you've finished updating this, can you add a feature that is similar to the one that limits how far from spawn someone can walk? Rather than just having a block radius, maybe add a region in which they can move, maybe add something like block markers that can mark the area of the polyhedron where they can move freely.

 

@CypherX have a any R4 BETA TEST xauth ?

 

CypherX
You're here again! <3

 

CypherX, could you add a cool spout login screen later, when everything is working fine?

I know its silly, but its pretty :3
Something like this (that does not work) http://forums.spout.org/threads/mis...-a-spout-gui-for-xauth-spn644-cb1-0-1-r1.666/

 

Yep, for now. Apparently the term "offline-mode" promotes piracy or some idiotic bullshit so I've been asked to remove it (which I'm refusing to do). If it's forcibly removed, I'm done with this place and moving to the Spout forum.

I've spent a bit of time looking into this since returning and it'll most likely happen after the re-development is complete.

 

+1

 

CypherX
It isn't a problem for me if there's a link and the plugin is being developed.

Now, it's time for suggestions: Performance Tweak
As you know there's a feature so not logged-in users can't see where the real user stopped playing (protect-location: true). After joining a server the player will be teleported to the spawn. The chunks will unload and then load again when the player typed his password correctly. And these unloads are bad for TPS. Is there a way to save the location and teleport the player to spawn before he leaves the game completely? So on every join he needs only to load spawn chunks and load the chunks where he stopped playing. (Hope you understand it)

2. Checking players for same passwords:
Could you make a command that checks whether 2 users have the same passwords? So it's much easier to figure out griefers and multiaccounts!
/xauth check Troll EpicGuy

 

1. It's definitely possible but not very feasible in the sense that if a server owner chooses to remove xAuth, all players will lose their location.

2. Also won't work because of how xAuth salts and hashes passwords. A randomly generated salt is used to add a layer of security resulting in completely different hashes for equal passwords. Instead of comparing passwords, how about comparing registration or last login IP addresses? Those are stored in the database and have never been used for anything.

I do appreciate the support and your thinking of ways to improve xAuth though.

When it's ready? I work full time, relax.

 

That's ridiculous! You could just do everything straight from github, that's where I look most of the time anyhow.

Also, I'm hoping you'll consider my new authURL code, I think it's quite improved:
https://github.com/CypherX/xAuth/issues/28

 

I allways used your plugins, i need to say iam suporting you! Re publish it and i will download again and donate again!
Great job.

 

How do you upgrade to the new version? Is their a new version that supports enchantments? I could not find it in the change log.

 

Could you actually read or/and understand what's written in this thread and title? *hint* Re-Develpment *hint*

 

Will this work for my current server ? R 4 ?

 

Why would I develop something that didn't work with the current version?

 

R4 have some bugs,
/register all time u join in server

 

이거 인첸트 안풀리는거?
음..
ㅋ

 

Posting in Korean on an English-language forum. Great plan.

 

Enchantments will work with the next update.

마법 부여는 다음 업데이 트와 함께 작동합니다.

Sorry if my Korean is bad.

 

My Whitelisted server RUINED by hackers. They hacked our xAUTH plugin. Fu*k

Admin = Me
Hacker = Hacker

[SEVERE] Could not pass event org.bukkit.event.player.PlayerCommandPreprocessEvent to xAuth
java.lang.NullPointerException
at com.cypherx.xauth.util.Util.getHostFromPlayer(Util.java:86)
at com.cypherx.xauth.xAuthMessages.replace(xAuthMessages.java:257)
at com.cypherx.xauth.xAuthMessages.get(xAuthMessages.java:226)
at com.cypherx.xauth.xAuthMessages.send(xAuthMessages.java:203)
at com.cypherx.xauth.xAuthPlayer.sendIllegalActionNotice(xAuthPlayer.java:72)
at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerCommandPreprocess(xAuthPlayerListener.java:143)
at org.bukkit.plugin.java.JavaPluginLoader$5.execute(JavaPluginLoader.java:298)
at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:61)
at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:460)
at net.minecraft.server.NetServerHandler.handleCommand(NetServerHandler.java:777)
at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:744)
at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:732)
at net.minecraft.server.Packet3Chat.handle(Packet3Chat.java:33)
at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:100)
at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:78)
at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:537)
at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:435)
at net.minecraft.server.ThreadServerApplication.run(SourceFile:465)
I think they tried to add whitelist with my username. and they successed.
[INFO] Admin: Added Hacker to white-list[0m
[INFO] Connection reset
[INFO] Admin lost connection: disconnect.quitting
[INFO] Hacker [/88.235.221.133:59079] logged in with entity id 13146496 at ([sosaria])
[INFO] [xAuth] Hacker has registered!
[INFO] Admin [/88.235.221.133:59092] logged in with entity id 13161009 at ([sosaria])
[INFO] Disconnecting Admin [/88.235.221.133:59123]: You are online!
[SEVERE] Could not pass event org.bukkit.event.player.PlayerMoveEvent to xAuth
java.lang.NullPointerException
at com.cypherx.xauth.util.Util.getHostFromPlayer(Util.java:86)
at com.cypherx.xauth.xAuthMessages.replace(xAuthMessages.java:257)
at com.cypherx.xauth.xAuthMessages.get(xAuthMessages.java:226)
at com.cypherx.xauth.xAuthMessages.send(xAuthMessages.java:203)
at com.cypherx.xauth.xAuthPlayer.sendIllegalActionNotice(xAuthPlayer.java:72)
at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerMove(xAuthPlayerListener.java:218)
at org.bukkit.plugin.java.JavaPluginLoader$7.execute(JavaPluginLoader.java:312)
at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:61)
at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:460)
at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:191)
at net.minecraft.server.Packet10Flying.handle(SourceFile:126)
at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:100)
at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:78)
at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:537)
at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:435)
at net.minecraft.server.ThreadServerApplication.run(SourceFile:465)
[SEVERE] Could not pass event org.bukkit.event.player.PlayerCommandPreprocessEvent to xAuth
java.lang.NullPointerException
at com.cypherx.xauth.util.Util.getHostFromPlayer(Util.java:86)
at com.cypherx.xauth.xAuthMessages.replace(xAuthMessages.java:257)
at com.cypherx.xauth.xAuthMessages.get(xAuthMessages.java:226)
at com.cypherx.xauth.xAuthMessages.send(xAuthMessages.java:203)
at com.cypherx.xauth.xAuthPlayer.sendIllegalActionNotice(xAuthPlayer.java:72)
at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerCommandPreprocess(xAuthPlayerListener.java:143)
at org.bukkit.plugin.java.JavaPluginLoader$5.execute(JavaPluginLoader.java:298)
at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:61)
at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:460)
at net.minecraft.server.NetServerHandler.handleCommand(NetServerHandler.java:777)
at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:744)
at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:732)
at net.minecraft.server.Packet3Chat.handle(Packet3Chat.java:33)
at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:100)
at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:78)
at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:537)
at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:435)
at net.minecraft.server.ThreadServerApplication.run(SourceFile:465)
[INFO] Admin: Opping Hacker
[INFO] The End.

I need to FIX this bug.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.