Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    BurningCore

    How long do you think the redevelopement will take?
     
  3. Offline

    kremington

    Notice how the plugin is under RE-developoment.. Why not take a look back in the thread? This issue has been gone over many times and the only fix is to turn off reverse kicking
     
  4. Offline

    penguinfizzy

    yes
     
  5. Offline

    FaithlessGod

    I updated my offline mode server to 1.2, I get this error when starting up:
    Code:
    2012-03-01 18:02:58 [SEVERE] Could not load 'plugins\xAuth.jar' in folder 'plugins'
    org.bukkit.plugin.InvalidPluginException: java.lang.NoClassDefFoundError: org/bukkit/event/player/PlayerListener
        at org.bukkit.plugin.java.JavaPluginLoader.loadPlugin(JavaPluginLoader.java:148)
        at org.bukkit.plugin.SimplePluginManager.loadPlugin(SimplePluginManager.java:287)
        at org.bukkit.plugin.SimplePluginManager.loadPlugins(SimplePluginManager.java:211)
        at org.bukkit.craftbukkit.CraftServer.loadPlugins(CraftServer.java:207)
        at org.bukkit.craftbukkit.CraftServer.<init>(CraftServer.java:183)
        at net.minecraft.server.ServerConfigurationManager.<init>(ServerConfigurationManager.java:53)
        at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:156)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:420)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:490)
    Caused by: java.lang.NoClassDefFoundError: org/bukkit/event/player/PlayerListener
        at java.lang.ClassLoader.defineClass1(Native Method)
        at java.lang.ClassLoader.defineClassCond(Unknown Source)
        at java.lang.ClassLoader.defineClass(Unknown Source)
        at java.security.SecureClassLoader.defineClass(Unknown Source)
        at java.net.URLClassLoader.defineClass(Unknown Source)
        at java.net.URLClassLoader.access$000(Unknown Source)
        at java.net.URLClassLoader$1.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(Unknown Source)
        at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:41)
        at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:29)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at com.cypherx.xauth.xAuth.<init>(xAuth.java:39)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
        at java.lang.reflect.Constructor.newInstance(Unknown Source)
        at org.bukkit.plugin.java.JavaPluginLoader.loadPlugin(JavaPluginLoader.java:144)
        ... 8 more
    Caused by: java.lang.ClassNotFoundException: org.bukkit.event.player.PlayerListener
        at java.net.URLClassLoader$1.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(Unknown Source)
        at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:41)
        at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:29)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        ... 27 more
    And when I shut it down it gives no error, unlike some of my other plugins.
    I will try using the latest development build.
    I will post any errors I get ;D
    Good luck with the plugin, thanks for making it.
     
  6. Offline

    xwyz

    WARNING! DONT USE THIS PLUGIN!

    TODAY, They joined with my admin account and changed my password!
     
  7. Offline

    l104693

    Hey CypherX!

    Thank you for the Re-development of this plug-in!
    This has always been my favorite :D
    Would it be possible to upload a beta-version?
    Your plugin is the only one I'm waiting for to launch my 1.2.2 server again :)

    Kind Regards,

    l104693
     
  8. Offline

    PinguinAman

    WARNING! YOU HAVE TO BE ABLE TO READ TO USE THIS PLUGIN!

    TODAY, someone didn't read previous posts and just complained instead!

    xAuth is missing some important things right now, so a dev build of it wouldn't be that useful right now.
    https://github.com/CypherX/xAuth/wiki/[Re-]Development-Status
    But it seems to be ready soon.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
    FaithlessGod likes this.
  9. Offline

    beleg


    so you are just using superperms, right? (because I'm using permissionsbukkit and every supeperms using plugin should work with it, with bpermissions too but I'm not sure about pex..)
     
  10. Offline

    CypherX

    Release Date: March 16, 2012 - xAuth's first birthday

    A development build will be distributed to certain individuals for testing once the core feature set is complete. Any issues found during this testing will be fixed for the official re-launch of xAuth.

    If PermissionsEx or bPermissions aren't detected, it defaults to Bukkit Permissions.
     
  11. Offline

    beleg

    nice :)
     
  12. Offline

    ghost15

    Thanks for the update! Feel free to PM me if you want any more testers.
     
  13. Offline

    PinguinAman

    Indeed. I would like to help, too.
     
  14. Offline

    xwyz

    Hackers attacks my server every single day i need development build or anything else but I can not wait first birthday please help me i beg you!
     
  15. Offline

    CypherX

    Read the god damn thread.

    Mod Edit (c0mp): Some light profanity is okay, but please, no personal attacks.
     
    LlmDl and sharkale like this.
  16. Offline

    Nekuroi

    In the previous version when the db can't be reachable (db server is down) anyone can join with any username. Have you been aware of it for the new version?
     
  17. Offline

    CypherX

    That's because the plugin disables itself when a connection to the database server can't be established. Otherwise, it would throw error after error trying to query said database.
     
  18. Offline

    PinguinAman

    What about an option about what should happen when theres no connection to the database server?
    a) Deactivate Login (Let anyone join)
    b) Block all Players (Server lockdown)
     
  19. Offline

    CypherX

    It's certainly possible. Early on during the re-development I was toying with the idea of a "safe-mode" when the database couldn't be contacted which would allow all features to work normally, save for database reading and writing.
     
  20. Offline

    DFL3

    To be fair, I'm not a fucking moron, and I too dislike the idea of having to read through a 57 page, 1700+ post, year-old thread. Users are anxious for your mod (obviously) because it addresses a huge security hole in offline-mode servers, and no plugin developer, including you, has yet to get it right. I've tried AuthDB, AuthMe, xAuth, etc and found all of them lacking in some regard. With Mojang speeding up their development cycle, plugin devs can either choose to keep pace, or acknowledge that they do not have the time/resources/ability/patience or whatever to be a useful contributor to the community. Disparaging a desperate user is not only completely classless, but doesn't earn you any esteem with other users or devs, let alone the forum mods. Having apparently abandoned this project once already and v2 in vaporware status, perhaps you should let your code do the talking.
     
    xwyz likes this.
  21. Offline

    CypherX

    Before making assumptions, try reading (like my post states). The absolute moron who my post was directed towards refuses to acknowledge that a fix for this security hole has been known for several months and that he has been directly answered on this page, yet he continues to spam my thread. I have zero tolerance for complete and utter idiots.
     
    aehoooo and sharkale like this.
  22. Offline

    PinguinAman

    DFL3 He already got told the solution to fix his problem:

    He kept posting about it, without even trying the solution. It even is on the same page.

    EDIT: Damn, 1 minute late.
     
  23. This is the best plugin ever. I just hope the 1.2 update will be available soon. Thankyou for making it.:)
     
  24. Offline

    DFL3

    No assumptions here. You can tell by my profile that I only registered today, and I only did so to be able to comment. I read through the entire thread despite the length, though nothing about it convinced me to use xAuth in its current incarnation. I'm eager to see what your v2 brings before I commit to something as important as an authentication mod. It also doesn't change the fact that your response was unwarranted. Desperate people make mistakes. When drowning, people will grab at anything within reach. You can be decent to someone who lacks etiquette and/or annoys you, especially if that person holds you in high enough regard to use your software, and may be struggling with a language or technical barrier. People play games to have fun, not to be scolded by the devs and hackers. We're not better than end-users because we can code; for all you know this guy could be a physics professor or neurosurgeon who likes to spend what little downtime he has blowing off steam in Craft.
     
  25. Offline

    CypherX

    DFL3 - He came in here, failed to even skim the most recent posts, wrote in terrible English, and didn't even read the responses. Doesn't sound very desperate to me. At first, I ignored him, but he continued to shit up my thread. If he can't read what's clearly in front of him, he doesn't deserve to use my software.
     
    sharkale likes this.
  26. Offline

    Hydrosis

    Would there be any test builds for the public before March 16th?
    It looked like March 16th would be the official release, but I didn't know if that meant that will be the only public release.
     
  27. Offline

    EniGmA1987

    So a player forgot his password and I need to remove it, but the wiki and everything is down. What are the commands for this plugin?
     
  28. Offline

    Hydrosis

    /xauth unregister <player>
    /xauth register <player>

    OR

    /xauth cpw <player> <newpassword>

    cpw=changepassword
    You can use either or, but cpw is shorter.
     
  29. Offline

    CypherX

    My plan is to make a post in this thread saying the core feature set is complete and to PM me if you want to obtain a test build (don't do it now!).

    /xauth changepw <player> <new password>
    The wiki isn't down, by the way.
     
  30. Offline

    Hydrosis

    Haha thanks.
    Also, do more registrations mean more lag? I have 18,000 registered accounts I think.
     
  31. Offline

    Jade Retired Staff

    CypherX Still using it nonetheless. :)
     
Thread Status:
Not open for further replies.

Share This Page