Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    sm7tcd

    Excellent plugin, CypherX!
    Thanks a lot..........
     
  3. Offline

    Alyberty

    Just as an extra feature,
    is it possible to detect, if the player who logged in is "online" or "offline"?
    So the plugin detects if someone is "online" he musn't login.
     
  4. Offline

    aD_Reaper

    thanks man.

    anyone know how to use xAuth with XenForo forums? So players have to register on my forums then sign in with that username / password?

    also,


    THIS. Please.
     
  5. Offline

    robot56

    Already made that suggestion but it isn't possible without modified craftbukkit
    https://github.com/CypherX/xAuth/issues/100
    aD_Reaper
     
  6. Offline

    Diagonalspoon

    Would love a tutorial on how to incorporate this into xenforo
     
  7. Offline

    SupremeSurvival

    Hey, great plugin, I've been using it ever since I start hosting a server. Anyways, I've always had this problem with the number of accounts from same IP. I have a brother and cousin that lives with me and I always have to set it to 3 max when I really want it to be 1 for all other players. Is there anyway to only allow 3 (or more) IP's for me and only 1 IP for regular players connections from elsewhere? thanks!
     
  8. Offline

    cedrico123

    Can we have a Text. file that we can see the user's password? i lost mine, can't login, i can remove the plugin but i'm asking before, if exist a save data Text. file of the PW's...

    i guess yes, you can in the Text. File named 'config' you can set it.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
  9. Offline

    CypherX

    The latest version includes a new permission node to bypass the account limit. Check the changelog.

    Passwords are hashed for security, there's no way to see what they really are. You can change a player's password through the server console, check the commands page on my Github.
     
  10. Offline

    cedrico123

    thank you, really work everything.
     
  11. Offline

    raulx222

    If a player type wrong his passworld more times...what is the lock time? and how I can unlock that player(a command, something:D )?
     
  12. Offline

    aD_Reaper

    Someone please do this :3

    And why it doesn't send an email for "email activation". i waited an hour and i still havn't gotten an email to activate it.

    Also, i'm ingame and a player joins with my name. It kicks me. how do i make it so that once someone is logged in, someone cant join with that name? Because people can just troll and keep joining and kicking me from my server so i can't play.
     
  13. Offline

    CypherX

    The default lockout length is one hour (3600 seconds), you can customize it in the configuration. Currently there is no way to unlock a player other than editing the database directly.

    xAuth doesn't send an email for activation. That's for web registrations that require the account to be activated before they can log in.

    How many times am I going to have to repeat myself? The feature to prevent a connected player from being disconnected when someone with the same name joins HAS BEEN REMOVED TO PREVENT AN EXPLOIT. Learn to IP ban people, seriously.
     
  14. Offline

    Medioman92

    yeah...it's very useful ip banning people...specially when they have dynamic IP....i remember that authme didn't have this BUG...
     
  15. Offline

    david19942

    Hello! I wish that I could pass any MySQL database please, I would be very helpful. Thank you.
     
  16. Offline

    Luwiego

    Get this error at startup. CB - 1.2.5.
    Code:
    2012-04-06 10:52:33 [SEVERE] [xAuth] Failed to create table: accounts
    com.cypherx.xauth.database.TableUpdateException: Table "ACCOUNTS" already exists; SQL statement:
    CREATE TABLE `accounts` (
        `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
        `playername` VARCHAR(255) NOT NULL,
        `password` VARCHAR(255) NOT NULL,
        `pwtype` TINYINT(2) UNSIGNED NOT NULL DEFAULT 0,
        `email` VARCHAR(100) NULL,
        `registerdate` DATETIME NULL,
        `registerip` CHAR(45) NULL,
        `lastlogindate` DATETIME NULL,
        `lastloginip` CHAR(45) NULL,
        `active` TINYINT(1) UNSIGNED NOT NULL DEFAULT 0,
        PRIMARY KEY (`id`)
    ); [42101-164]
        at com.cypherx.xauth.database.DatabaseUpdater.executeQuery(DatabaseUpdater.java:174)
        at com.cypherx.xauth.database.DatabaseUpdater.runUpdate(DatabaseUpdater.java:72)
        at com.cypherx.xauth.database.DatabaseController.runUpdater(DatabaseController.java:146)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:83)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:336)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:381)
        at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:250)
        at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:232)
        at org.bukkit.craftbukkit.CraftServer.reload(CraftServer.java:543)
        at org.bukkit.Bukkit.reload(Bukkit.java:182)
        at org.bukkit.command.defaults.ReloadCommand.execute(ReloadCommand.java:22)
        at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:166)
        at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:473)
        at net.minecraft.server.NetServerHandler.handleCommand(NetServerHandler.java:821)
        at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:781)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:764)
        at net.minecraft.server.Packet3Chat.handle(Packet3Chat.java:34)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:229)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:113)
        at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:78)
        at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:551)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:449)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
    2012-04-06 10:52:33 [SEVERE] [xAuth] Something went wrong while updating table [playerdata] to revision [001]
    com.cypherx.xauth.database.TableUpdateException: Duplicate column name "POTIONEFFECTS"; SQL statement:
    ALTER TABLE `playerdata` ADD COLUMN `potioneffects` TEXT NULL; [42121-164]
        at com.cypherx.xauth.database.DatabaseUpdater.executeQuery(DatabaseUpdater.java:174)
        at com.cypherx.xauth.database.DatabaseUpdater.runUpdate(DatabaseUpdater.java:101)
        at com.cypherx.xauth.database.DatabaseController.runUpdater(DatabaseController.java:146)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:83)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:336)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:381)
        at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:250)
        at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:232)
        at org.bukkit.craftbukkit.CraftServer.reload(CraftServer.java:543)
        at org.bukkit.Bukkit.reload(Bukkit.java:182)
        at org.bukkit.command.defaults.ReloadCommand.execute(ReloadCommand.java:22)
        at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:166)
        at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:473)
        at net.minecraft.server.NetServerHandler.handleCommand(NetServerHandler.java:821)
        at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:781)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:764)
        at net.minecraft.server.Packet3Chat.handle(Packet3Chat.java:34)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:229)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:113)
        at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:78)
        at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:551)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:449)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
    2012-04-06 10:52:33 [SEVERE] [xAuth] Something went wrong while updating table [lockouts] to revision [001]
    com.cypherx.xauth.database.TableUpdateException: Duplicate column name "ID"; SQL statement:
    ALTER TABLE `lockouts` ADD COLUMN `id` INT UNSIGNED NOT NULL AUTO_INCREMENT BEFORE `ipaddress`;
    [42121-164]
        at com.cypherx.xauth.database.DatabaseUpdater.executeQuery(DatabaseUpdater.java:174)
        at com.cypherx.xauth.database.DatabaseUpdater.runUpdate(DatabaseUpdater.java:101)
        at com.cypherx.xauth.database.DatabaseController.runUpdater(DatabaseController.java:146)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:83)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:336)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:381)
        at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:250)
        at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:232)
        at org.bukkit.craftbukkit.CraftServer.reload(CraftServer.java:543)
        at org.bukkit.Bukkit.reload(Bukkit.java:182)
        at org.bukkit.command.defaults.ReloadCommand.execute(ReloadCommand.java:22)
        at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:166)
        at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:473)
        at net.minecraft.server.NetServerHandler.handleCommand(NetServerHandler.java:821)
        at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:781)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:764)
        at net.minecraft.server.Packet3Chat.handle(Packet3Chat.java:34)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:229)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:113)
        at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:78)
        at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:551)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:449)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
     
  17. Offline

    david19942

    I have a problem! I created the database and everything but I can think of this:
    general: '{RED} Creating Something went wrong while your account!'
     
  18. Offline

    Doenerb0y

    Code:
    [SEVERE] [xAuth] Failed to insert player data into database!
    java.sql.SQLException: Column count doesn't match value count at row 1
            at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1073)
            at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3593)
            at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3525)
            at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1986)
            at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2140)
            at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2626)
            at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2111)
            at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2407)
            at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2325)
            at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2310)
            at com.cypherx.xauth.PlayerDataHandler.storeData(PlayerDataHandler.java:63)
            at com.cypherx.xauth.PlayerManager.protect(PlayerManager.java:156)
            at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerJoin(xAuthPlayerListener.java:84)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
            at java.lang.reflect.Method.invoke(Method.java:616)
            at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:301)
            at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
            at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:459)
            at net.minecraft.server.ServerConfigurationManager.c(ServerConfigurationManager.java:132)
            at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:129)
            at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:94)
            at net.minecraft.server.Packet1Login.handle(SourceFile:68)
            at net.minecraft.server.NetworkManager.b(NetworkManager.java:229)
            at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:48)
            at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:61)
            at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:551)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:449)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
    
    help please, all works but theres an error in my server.log :/
     
  19. Offline

    maxwell23

    Nice plugin! Works great! But i got one question . If 2 people lives in the same house and uses the same public ip adress , can they login to eachothers characters without typing the password or is the acc bound to the computer IP?
     
  20. Offline

    Medioman92

    i've already tried to do that...and session is keeped...so you could login without entering the password...


    CypherX is never going to be fixed the bug of 2 player logging with the same name ? in my server some dumb users log with other user name just to piss them off
     
  21. Offline

    SupremeSurvival

    Will this work with group manager? (The permission nodes)
     
  22. Offline

    CypherX

    It's not a bug, moron, it's how Minecraft handles it. Now if you want, I can re-add the reverse feature along with the previous exploit, how about that? No? Then shut up and stop whining.

    Luwiego - The only reason that would occur is if you deleted the DBVERSION file.

    Doenerb0y - You're either using an old, outdated version or the tables aren't being generated properly which would result in a ton of errors.

    As long as Group Manager supports Bukkit Permissions.
     
  23. Offline

    Snowy007

    I've read through a few pages of comments (with some rather funny conversations) but didn't see this being mentioned anywhere so here it is:
    I built myself my own website for my server. (using notepad++ xD ) and i made a special admin section where my moderators and i can log in to. here i have a page where you can search for a username and see all the other username's that last logged in on the same IP-address.
    This way we can easily spot people using multiple usernames or see if a jailed player is trying to continue playing on a new name.

    The only problem now though. It worked fine before the redevelopment of xauth, but now it doesn't seem to register the lastloginIP any more in the database. All records of players who joined after the update just show 'null' in the LastloginIP and LastloginDate columns.
    I can change my script to check the registerIP instead of the LastloginIP but that might not be very accurate as people might register an account while they are at a friends house. (often the case as i get most of my users from people telling other people about it)
     
  24. Offline

    Sir Markus

    updated from 1.2.4 to 1.2.5R1.0 and now xauth is one of 3 plugins that give me a error like this

    Code:
    [SEVERE] Could not pass event PlayerJoinEvent to xAuth
    org.bukkit.event.EventException
        at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:303)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:459)
        at net.minecraft.server.ServerConfigurationManager.c(ServerConfigurationManager.java:132)
        at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:129)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:94)
        at net.minecraft.server.Packet1Login.handle(SourceFile:68)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:229)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:48)
        at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:61)
        at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:551)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:449)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
    Caused by: java.lang.NullPointerException
        at org.bukkit.craftbukkit.entity.CraftPlayer.teleport(CraftPlayer.java:358)
        at org.bukkit.craftbukkit.entity.CraftEntity.teleport(CraftEntity.java:167)
        at com.cypherx.xauth.PlayerDataHandler.storeData(PlayerDataHandler.java:78)
        at com.cypherx.xauth.PlayerManager.protect(PlayerManager.java:156)
        at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerJoin(xAuthPlayerListener.java:84)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:301)
        ... 12 more
    the other 2 plugins are Multiverse-core and Multiverse-Portal. Both there errors also start with Could not pass event Player****** to
    Is this a problem with multiverse or Xauth?
     
  25. Offline

    LlmDl

    I updated yesterday from CB 1.1R4 to CB 1.2.5 R1.0. I went from the version which a kind soul put together that fixed the enchantments disappearing to your latest 2.0.5. I updated the H2 DB following your excellent instructions and everything works properly. Very impressed, very good work CypherX.

    edit: BTW, GroupManager supports Superperms, and is compatible with everything. I use it and it works flawlessly.
     
  26. Offline

    CypherX

    Snowy007 - I disabled updating of the lastlogindate and lastloginip fields as they were never used internally. Several people have asked for them to be updated again, so I'll probably be adding them back.

    Sir Markus - You aren't the only one experiencing this, I'm thinking it's a conflict between xAuth and Multiverse. I'll have to look into it more.

    Good the hear, thanks for the support.
     
  27. Offline

    erwieder

    Hallo gibt es eine xAuth.jar für bukket server 1.2.5 ? wenn ja wo. MFG

    Hi, there is a xAuth.jar for bukket server 1.2.5 ?
     
  28. Offline

    Medioman92

    CypherX ... try this :

    • login with your player
    • open a chest
    • put some item into it and don't close ....stay still there
    • open another MC client and login with the same player of before
    • the second kick out the first and you get double item (chest + inventory)
     
  29. Offline

    CypherX

    Now that one is fixable and will be as such in the next update.
     
    vicuuu likes this.
  30. Offline

    Frogging101

    To the idiots who are complaining that you can't login to someone's character if their player name is already in use, let me tell you a story:

    Today I went onto my server to find that the spawnpoint had been turned into sponge, and that my admins had been going around wreaking havoc on the server, destroying things with worldedit, banning people randomly, all sorts of shit.

    It wasn't my admins doing it though. It was some people who logged in with the admin's name, displacing the real admin who was logged in, and taking their login session (So they wouldn't have to login again). Then they were able to use any admin commands and do anything. It was a disaster.

    I was using AuthMe, and I am switching to xAuth because of this. Also, I like xAuth better because it's written by someone who speaks english (authme has some atrociously spelled and even downright nonsensical messages). But I digress.

    So, no. I most certainly DO NOT want xAuth to have this "feature" re-added.

    Wow, I've been reading the thread a few pages back. And holy crap some of you guys are ungrateful, stupid and demanding. Has it ever occurred to you that the dev who makes this plugin is a human too? With a life, and other things to do besides make this plugin? Get off the guy's back. Code your own plugin if you think you can do it better. Seriously, I fucking challenge you.

    The code is right there. If you think you can do it, go ahead. Impress us. But stop asking the same questions over and over, because you're too lazy or stupid to find the answer yourself.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
    CypherX likes this.
  31. Offline

    SosinRayo1117

    I can not install, I'm noob, I've seen on how to install and setup and nothing, and I'm using Google Translate xD
     
Thread Status:
Not open for further replies.

Share This Page