Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline


    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page:

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel ( #LoveDespite) or toss me a message at Until we meet again, stay gold. Bang.


    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.

    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
  2. Offline


    Pop it open, gotcha.

    >Opens database in a text editor
  3. Offline


    I'm not sure what I am doing wrong: I am using Authme-Reloaded v2.6.5 (since the original authme went up to v2.5 and your requirements state v2.6.2+, I am assuming you mean Authme-Reloaded) and am attempting to convert to xauth using mysql:

    I first create the relevent mysql tables using xauth, shut down the server, copy auths.db to the same folder as the importer, change importer.ini to fit my mysql settings, and then run it. I end up with this:
    Loading accounts from file..
    Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 2
            at com.cypherx.xauthimporter.importers.AuthMe.FlatFileToMySQL.doImport(F
            at com.cypherx.xauthimporter.Importer.main(
    Is it something I'm doing wrong? or
  4. Offline


    Uploaded a new build of the importer that should fix that. Download it here.
  5. Offline


    with the new link:
    Loading accounts from file..
    Exception in thread "main" java.lang.NumberFormatException: For input string: "1
            at java.lang.NumberFormatException.forInputString(Unknown Source)
            at java.lang.Long.parseLong(Unknown Source)
            at java.lang.Long.parseLong(Unknown Source)
            at com.cypherx.xauthimporter.importers.AuthMe.FlatFileToMySQL.doImport(F
            at com.cypherx.xauthimporter.Importer.main(
  6. Offline


    There's an error in your auths.db file. Open it with a text editor, search for '1329560482darulio' without the quotes and remove the 'darulio'.
  7. Offline


    We meet again.......
  8. Offline


    Ohai. Don't think that I've left you.
  9. Offline


    Is there currently a way to make certain groups required to register, but not all of them?
  10. Offline


    Disable forced registration in the configuration then use the permission node 'xauth.register' for the players/groups.
  11. Offline


    Is this plugin using any coding other than "Whirlpool"? M5 and others.
  12. Offline


    Dude I'm seartching for a way players can change names without hacked client
  13. Offline


    when i set protection logout at logout, when i login and return to my save point i start in the ground? not sure if this is an xauth bug or bukkit bug?
  14. Offline


    Updated to version 2.0.10:
    • [Fixed] Exploit to completely bypass login system.
    • [Fixed] xAuth commands not working with Rcon
    • [Fixed] Exploiting login system to avoid fire & drowning damage.
    • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
    • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
    • [Fixed] Exploiting location protection after dieing to return to the spot of death.
  15. Do i have so set a password here, so other users can´t hack my database?
      enabled: false
      host: localhost
      port: 3306
      user: user
      password: password
      database: xauth
    it´s in the config.yml

      enabled: false
      url: http://
      registration: false
      status: false
      groups: false
      broadcast-login: true
    Do have set the Server-IP to "url:"? I i do not so, the users can login, register, too. So what does this "url" make? Why is it set to "" all the time i delete it?
    What does "broadcast-login" do?

    thx :)
  16. Offline


    i still got kicked sometimes when someone login with my name ..



    you dont need it at all
  17. Offline


    please give me an german message.yml that work

    the old from pastebin is not working :-(
  18. Thx.. do you mean the password or the url? And what is the sence of this two things? Can i add every Url and every password and nothing happens?

    Julia :)
  19. Offline


    i mean both.
    when your turn off mysql you dont need a password
    and this web thingy is even optional
  20. thank you, CatsLday. how can i turn on mysql or.. what will then be, if i turn on mysql? So what´s the difference between turning it on or off?

    o.k. - but what does it do?
  21. Offline


    you already turned mysql off

      enabled: false
    not even sure for what this web is,
    login from a website or something
  22. oh, your right ;). And what´s the use of it, if you turn it on?
  23. Offline


    you have better performance by using mysql-server,
    i guess

    i already have 3500 registered accounts and no lagg at all.
  24. Offline


    Does this plugin prevent server run kill commands on the player when they have not yet logged in? As this could pose a problem with another plugin I'm using (Combat Tag) which helps t prevent combat logging by killing players that log off during combat when they log back on.
  25. Can you reset an account, if a player has lost his password?
  26. Offline


    /xauth changepw <player> <newpassword>


    /xauth unregister <player>

    so he can register new
  27. Offline


    I have this error :
    SEVERE] [xAuth] Failed to nsert player data into database
    = something went wrong while updating table[playerdata] to revision [002]
    What is the problem ?
  28. Offline


    is there a way to unhash it i dont want to reset peoples passwords when i access their account??
  29. how do you can access their accounts!?
  30. Offline


    When I moved to 2.0.10

    12:52:20 [SEVERE] [xAuth] Failed to insert player data into database!
    org.h2.jdbc.JdbcSQLException: Column count does not match; SQL statement:
    INSERT INTO `playerdata` SELECT ?, ?, ?, ?, ?, ?, ? FROM DUAL WHERE NOT EXISTS (SELECT * FROM `playerdata` WHERE `playername` = ?) [21002-164]
    at org.h2.message.DbException.getJdbcSQLException(
    at org.h2.message.DbException.get(
    at org.h2.message.DbException.get(
    at org.h2.message.DbException.get(
    at org.h2.command.dml.Insert.prepare(
    at org.h2.command.Parser.prepareCommand(
    at org.h2.engine.Session.prepareLocal(
    at org.h2.engine.Session.prepareCommand(
    at org.h2.jdbc.JdbcConnection.prepareCommand(
    at org.h2.jdbc.JdbcPreparedStatement.<init>(
    at org.h2.jdbc.JdbcConnection.prepareStatement(
    at com.cypherx.xauth.PlayerDataHandler.storeData(
    at com.cypherx.xauth.PlayerManager.protect(
    at com.cypherx.xauth.listeners.xAuthPlayerListener$
    at org.bukkit.craftbukkit.scheduler.CraftScheduler.mainThreadHeartbeat(
    at net.minecraft.server.MinecraftServer.w(
  31. Offline


    I am with siemaeniu500, Getting this error when I upgraded:

    I deleted the lib folder and let it do it's downloads again, then restart the server and still getting that error. Any ideas?
Thread Status:
Not open for further replies.

Share This Page