Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    ezremake

    Let Lycano do his thing instead of nagging. He's the one who decided to take this project up, we owe him, not the other way around. He still has to learn the source properly before he can do anything, so it's better not to make him feel rushed.
     
  3. Offline

    Princeps

    Yeah first few times I didn't remember what I had done with my inventory, but the last time I was sure I had my inventory, so I checked here and I saw that the plugin causes inventories to dissapear. I'm running a pure-survival server so this can be a trouble. Also as I understand there is a new person working on xauth. I wish you goodluck!
     
  4. Offline

    bob7

    Use my BlockThatName plugin and go in the config and set "/" as an illegal character :)
    http://dev.bukkit.org/server-mods/blockthatname/
     
  5. Offline

    siemaeniu500


    Probably you don't have server, so you know nothing. Thousands server need update this plugin.


    This plugin is not needed.

    Go to xauth config file.
    And set that:

    filter:
    min-length: 3
    allowed: ''
    disallowed: ?/\][';::"{})(!@$^#%&*+-=><.,~`|
    blank-name: true

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
  6. Offline

    bob7

    You need some help with this?
     
  7. Offline

    shika91

    Thank you so much!
    But i have another bug... players split. I mean, i'm shika91 and suddenly there's another one standing like a bot.
    He doesn't move, i can kill him and the real shika91 lost his inventory... and if the real shika91 left the game, he can't connect because "you're oline!"
    Time pass and the same player split more and more... and also if i kick or ban him, he doesn't exit from the server!

    Can it be xauth? I have to restart server to solve the problem, but server can't kick this players and I have to kill the server...
     
  8. Same problem here. This needs a really urgent fix.
     
  9. Offline

    siemaeniu500


    We need update this plugin, so we must wait
     
  10. Offline

    CatsyLady


    there is even a better way:

    Code:
    filter:
      min-length: 2
      allowed: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890_
      disallowed: ''
      blank-name: true
    
    everything what is NOT allowed,
    is automatically disallowed
     
  11. Offline

    siemaeniu500


    This is the same way, if you don't like some sign you block it.
     
  12. Offline

    Minerpiggy

    is there a way that only ""op" 's can registrer somebody?
     
  13. Offline

    Leemur

    yes, use white-list
     
  14. Offline

    Minerpiggy

    yeah but i mean that users that will join the game can`t registrer and that only admins/op can registrer people on it.
     
  15. Offline

    kellerkind1987

    maybe you can use the point ?

    registration:
    enabled: true
    forced: true
    require-email: false
    validate-email: false
    account-limit: 0
    activation: false <------

    i dont know how this point of the config work
    but i think each player that is new to your server and registrated his name must be activated by an op or admin ?
     
  16. Offline

    Princeps

    I know whats causing the inventories dissapear. If the account takes too long to log in and you get kicked then the next time you won't have inventory. This could also be used to clear somebodies inventory which is bad.
     
  17. Offline

    mythbusters844

    I need help. Whenever I log-out on my server using this plugin, my inventory is lost when I log back in. Please help!
     
  18. Offline

    siemaeniu500

    I also have that, people fell out of the world and lose inventory.
     
  19. Offline

    shika91

    For this problem i use Worldguard.
    Change this option in Worldguard config:
    Code:
    teleport-on-void-falling= true
     
  20. Offline

    mythbusters844

    I found out the problem. This isn't for 1.3 :(
     
  21. Offline

    SuperGogeta555

    i have a problem. each time ppl join my server they say the cant break blocks here is my config
    main:
    auto-disable: true
    check-for-updates: true
    download-library: true
    reload-on-join: false
    mysql:
    enabled: false
    host: localhost
    port: 3306
    user: user
    password: password
    database: xauth
    tables:
    account: accounts
    location: locations
    lockout: lockouts
    playerdata: playerdata
    session: sessions
    authurl:
    enabled: false
    url: http://google.com
    registration: false
    status: false
    groups: false
    broadcast-login: false
    single-session:
    reverse: true
    guests:
    reverse: false
    immunity-length: 5
    registration:
    enabled: true
    forced: true
    require-email: false
    validate-email: false
    account-limit: 0
    activation: false
    require-login: true
    password:
    min-length: 6
    allow-change: true
    complexity:
    lowercase: false
    uppercase: false
    number: false
    symbol: false
    guest:
    timeout: 300
    notify-cooldown: 5
    hide-inventory: true
    protect-location: true
    allowed-commands:
    - register
    - login
    - l
    restrict:
    player:
    chat: true
    interact: true
    move: true
    pickup: true
    block:
    place: true
    break: true
    entity:
    damage: true
    target: true
    session:
    length: 3600
    verifyip: true
    godmode-length: 5
    strikes:
    amount: 5
    lockout-length: 3600
    account:
    track-last-login: false
    filter:
    min-length: 2
    allowed: ''
    disallowed: ''
    blank-name: true
     
  22. Offline

    Mlekarq

    @SuperGogeta555
    Your problem might be in GroupManager if you are using it set "build-true" when making groups in GroupManager.
     
  23. Offline

    siemaeniu500

    Thanks
     
  24. Offline

    huntsclan

    That's not entirely true. There's a few fixes by the community that gets this plugin to work for 1.3.1. Have a look back a couple of pages, I think they're on page 94 or 93.
     
  25. Offline

    Ikx_1

    It works really good, but it sometimes fails too, like just today. I log in and Im at the spawn after login. My friend also lost his inventory after login, but that didn't happen to me. Let's just hope Lycano get's it done soon. :)
     
  26. Offline

    huntsclan

    I've seen most of my players losing their inventory because they fall through the void somehow. I've turned on WorldGuard's anti-Void thing and it works beautifully.
     
  27. Offline

    siemaeniu500

    lycano write just answer ;]
     
  28. Offline

    lycano

    Notice:
    Hi there, for the time beeing use http://ci.luricos.de/public/xAuth/ to checkout the latest version.

    The interal updater will be updated to get its versionstring from that directory. But for the initial commit it should do its job. Next version will be out asap to get all the features back implemented.

    Is there anything crucial missing in this release?
    I hope not. I did my best to implement a pluggable permission backend. And because of that there may be lack of features like no vault support.

    CypherX was working on a Framework for Guest Permissions (see config file for details). As far as i have seen it shouldnt change the default behavior if you dont use that permission nodes.

    Current PermissionSystem used:
    Bukkit alias bukkit
    PermissionsEx alias pex

    Default is PermissionsEx, so if you want to change that please edit the config file and change backend to bukkit as it will then use Bukkits built-in permission system.

    Let me know what Permission Support you need and i will implement it. As dev bukkit page is blocked currently please send me a PM.

    Some thoughs
    And again as i do know the plugin well i might miss some features. If you miss something or find that something works different than before send me a PM. I need your help to get to know the plugin as you do so feel free to send me feedback!

    Hope I can continue the work as good as CypherX did.

    Regards lycano,

    Speaking about inventory loss. I didnt encountered any login / logout problems. If its still an issue with this version please tell me.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
  29. Offline

    DJTommek

    I'm testing it right now, so wait for few hours.

    Edit:
    I got this error, but I don't know in what situations.... Sometimes 20 times in one seconds...

    Edit2:
    and everyone can do everything, like logged in...
    I use PEX in MySQL, here can be a problem...

    Code:
    2012-08-12 15:30:05 [SEVERE] Could not pass event PlayerMoveEvent to xAuth
    org.bukkit.event.EventException
    at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:332)
    at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
    at org.bukkit.plugin.SimplePluginManager.fireEvent(SimplePluginManager.java:477)
    at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:462)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:213)
    at net.minecraft.server.Packet10Flying.handle(SourceFile:136)
    at net.minecraft.server.NetworkManager.b(NetworkManager.java:281)
    at net.minecraft.server.NetServerHandler.d(NetServerHandler.java:109)
    at net.minecraft.server.ServerConnection.b(SourceFile:35)
    at net.minecraft.server.DedicatedServerConnection.b(SourceFile:30)
    at net.minecraft.server.MinecraftServer.q(MinecraftServer.java:583)
    at net.minecraft.server.DedicatedServer.q(DedicatedServer.java:212)
    at net.minecraft.server.MinecraftServer.p(MinecraftServer.java:476)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:408)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:539)
    Caused by: java.lang.NullPointerException
    at com.cypherx.xauth.permissions.backends.PermissionsExSupport.hasPermission(PermissionsExSupport.java:113)
    at com.cypherx.xauth.permissions.PermissionBackend.has(PermissionBackend.java:203)
    at com.cypherx.xauth.permissions.PermissionManager.has(PermissionManager.java:99)
    at com.cypherx.xauth.PlayerManager.isRestricted(PlayerManager.java:223)
    at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerMove(xAuthPlayerListener.java:224)
    at sun.reflect.GeneratedMethodAccessor48.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:601)
    at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:330)
    ... 14 more
     
  30. Offline

    siemaeniu500

    When people logging , they not stay at spawn , but just falling down.
    I using group manager.


    Code:
    2012-08-13 01:30:58 [INFO] [xAuth] TheManiacPL has logged in
    2012-08-13 01:30:59 [INFO] batik10[/94.40.103.194:49988] logged in with entity id 1116 at ([world] 839.5835747069792, 48.0, 577.3932085310937)
    2012-08-13 01:30:59 [INFO] [UltraBan] Logged batik10 connecting from ip:94.40.103.194
    2012-08-13 01:30:59 [SEVERE] Could not pass event PlayerMoveEvent to xAuth
    org.bukkit.event.EventException
        at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:332)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
        at org.bukkit.plugin.SimplePluginManager.fireEvent(SimplePluginManager.java:477)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:462)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:213)
        at net.minecraft.server.Packet10Flying.handle(SourceFile:136)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:281)
        at net.minecraft.server.NetServerHandler.d(NetServerHandler.java:109)
        at net.minecraft.server.ServerConnection.b(SourceFile:35)
        at net.minecraft.server.DedicatedServerConnection.b(SourceFile:30)
        at net.minecraft.server.MinecraftServer.q(MinecraftServer.java:583)
        at net.minecraft.server.DedicatedServer.q(DedicatedServer.java:212)
        at net.minecraft.server.MinecraftServer.p(MinecraftServer.java:476)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:408)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:539)
    Caused by: java.lang.NoClassDefFoundError: ru/tehkode/permissions/PermissionManager
        at com.cypherx.xauth.permissions.backends.PermissionsExSupport.hasPermission(PermissionsExSupport.java:113)
        at com.cypherx.xauth.permissions.PermissionBackend.has(PermissionBackend.java:203)
        at com.cypherx.xauth.permissions.PermissionManager.has(PermissionManager.java:99)
        at com.cypherx.xauth.PlayerManager.isRestricted(PlayerManager.java:223)
        at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerMove(xAuthPlayerListener.java:224)
        at sun.reflect.GeneratedMethodAccessor52.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:330)
        ... 14 more
    2012-08-13 01:31:00 [WARNING] TheManiacPL moved too quickly! 0.0,13.251164162868896,0.0 (0.0, 13.251164162868896, 0.0)
    2012-08-13 01:31:01 [WARNING] TheManiacPL moved too quickly! 0.0,17.566960555729384,0.0 (0.0, 17.566960555729384, 0.0)
    2012-08-13 01:31:01 [WARNING] TheManiacPL moved too quickly! 0.0,12.032610980258177,0.0 (0.0, 12.032610980258177, 0.0)
    2012-08-13 01:31:03 [WARNING] TheManiacPL moved too quickly! 0.0,44.80618711196855,0.0 (0.0, 44.80618711196855, 0.0)
     
  31. Offline

    lycano

    DJTommek please redownload. I added softdepend to xAuth. Didnt noticed as Wormhole would load before xAuth ;)

    siemaeniu500 please edit config.yml and set permission.backend to bukkit instead of pex (default)
    and make shure you redownload 2.0.12 as i recompiled it right now.

    command to change this ingame will follow

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
Thread Status:
Not open for further replies.

Share This Page