Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    lycano

    Ibas are you trolling me? They are both the same there is no better. HEAD = latest version; latest version = v2.0.18 (at the moment)
     
    shika91 likes this.
  3. Offline

    robt

    I registered to say thank you, lycano. Your work this last week is very much appreciated. I was using 2.0.17 earlier and 2.0.18 now and everything seems to be running beautifully.

    I did not read all 100 pages, that is asking a bit much, but I did go back and read everything since you volunteered to take over. I didn't see the fix to my own inventory situation, so I will mention it here.

    My first minecraft server is still a work in progress, but I was running the craftbukkit 1.3.1 dev builds and now the RB with only some minor hiccups from xAuth 2.0.10 until all of a sudden yesterday I started having crashes and inventory loss. Well, it took a while for me to make the connections, but the problem was that I had installed Multiverse Inventories and rearranged my spawn locations. Derp. From there it was pretty quick to figure out what exactly the problem was, and it seems to be this:

    If you are using xAuth and Multiverse, you need to disable xAuth's global teleport location to prevent inventory loss. Per-world locations work fine.

    Code:
    /xauth location remove global
    This is reproducible on 2.0.18 and seems to just require xAuth's global teleport to be set in a different world than your last logout location.

    Anyway, thanks again lycano. Looking forward to an official release.




    Ibas: All three files (the latest version number, HEAD, and master) are bit-for-bit identical. The HEAD and master files are used by Git to point to the latest version.
    (I have edited out my original response because I was a ranting jerk. I apologize for that. Work stress, blah blah blah. Not appropriate for a first post, either.)
     
  4. Offline

    DJTommek

    robt About Multiverse (and multiverse-inventories) I knew few weeks ago but forgot to tell it here :oops:...

    Now downloading x.18 and testing, wait few hours (like ussualy) for my feedback :)
     
  5. Offline

    portapipe

  6. Offline

    Dragon79mx

    Tnx for taking care of this project!
    I have a weird error I havenĀ“t read about in this forum....
    I use multicraft plataform to run minecraft, its a web app that calls on minecraft.

    When the users start connecting, their nicks or connections seem to be duplicating... and the clone nick starts with xAuth. This is a bit of my user list:

    Connected players
    [xAuth] eneaka has
    [xAuth] Dragon79mx has
    eneaka
    Dragon79mx
    PedroMa9

    And some hours later my server has 160/30 connected players. Or more, and CPU and RAM seems to go up to sky and lag make game imposible, after a while, the server crashes. The only fix I have found is to restart periodically

    Console seems clean, with no errors

    GroupManager, 1.3.1 RB, xAuth 2.0.10 and now xauth2.0.18
     
  7. Offline

    Leemur

    lycano, anyway, that table: "locations" does not create when i start a fresh server.
    try yourself, on windows, with mysql:
    Code:
    2012-08-15 10:12:07 [INFO] [xAuth] Enabling xAuth v2.0.18
    2012-08-15 10:12:07 [INFO] [xAuth] PermissionAlias backend: 'pex' registered!
    2012-08-15 10:12:07 [INFO] [xAuth] PermissionAlias backend: 'gm' registered!
    2012-08-15 10:12:07 [INFO] [xAuth] PermissionAlias backend: 'bukkit' registered!
    2012-08-15 10:12:07 [INFO] [xAuth] Attempting to use supported permissions plugin 'GroupManager'
    2012-08-15 10:12:07 [INFO] [xAuth] Attempting to use supported permissions plugin 'PermissionsEx'
    2012-08-15 10:12:07 [INFO] [xAuth] Attempting to use supported permissions plugin 'Bukkit'
    2012-08-15 10:12:07 [INFO] [xAuth] Initializing bukkit backend
    2012-08-15 10:12:07 [INFO] [xAuth] Attached to Bukkit
    2012-08-15 10:12:08 [INFO] [xAuth] Successfully established connection to MySQL database
    2012-08-15 10:12:08 [INFO] [xAuth] Table created: xauth_accounts
    2012-08-15 10:12:08 [INFO] [xAuth] Table created: xauth_playerdata
    2012-08-15 10:12:08 [INFO] [xAuth] Table [xauth_playerdata] updated to revision [003]
    2012-08-15 10:12:08 [INFO] [xAuth] Table created: xauth_sessions
    2012-08-15 10:12:08 [INFO] [xAuth] Table created: xauth_lockouts
    2012-08-15 10:12:08 [INFO] [xAuth] Table [xauth_lockouts] updated to revision [001]
    2012-08-15 10:12:08 [SEVERE] [xAuth] Failed to load teleport locations!
    com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Table 'minecraft.xauth_locations' doesn't exist
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
        at java.lang.reflect.Constructor.newInstance(Unknown Source)
        at com.mysql.jdbc.Util.handleNewInstance(Util.java:407)
        at com.mysql.jdbc.Util.getInstance(Util.java:382)
        at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052)
        at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3593)
        at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3525)
        at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1986)
        at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2140)
        at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2626)
        at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2111)
        at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java:2273)
        at com.cypherx.xauth.LocationManager.loadLocations(LocationManager.java:55)
        at com.cypherx.xauth.LocationManager.<init>(LocationManager.java:43)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:169)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:217)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:365)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:381)
        at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:265)
        at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:247)
        at net.minecraft.server.MinecraftServer.i(MinecraftServer.java:296)
        at net.minecraft.server.MinecraftServer.d(MinecraftServer.java:275)
        at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:225)
        at net.minecraft.server.DedicatedServer.init(DedicatedServer.java:140)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:380)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:539)
    2012-08-15 10:12:09 [INFO] [xAuth] v2.0.18 Enabled!
    if I run that query manually, everything it's ok.
     
  8. Offline

    lycano

    robt can you send me that as a PM with needed background data please? I doubt that this has something to do with teleporting i think its something else. I changed the order of checks in unprotect method to react on the first problem "null player cause of bukkit bug" til i realised that the order was important.

    I fixed that in next release. I will check your problem too but it would be easier if i would just have a PM =)

    portapipe obviously the table was already modified. if you want to migrate from an older version make a backup of those tables. DROP them and delete DBVERSION file in xAuth folder when the server is stopped. That way it would try to re-init the sql tables from scratch.

    Dragon79mx i dont know about multicraft but i doubt it has something to do with the plugin. Is multicraft 1.3.1 compatible? Cause it could be that multicraft suffers the same problem than i did...

    onPlayerQuit will loose the player instance during execution. I guess thats why it doesnt terminate those instances .. also i would guess they have to make those player objects "static" so that they have the same object in each instance .. but just without knowing anything about it its just a hunch.

    if you tell your players to use /quit til next RB it shouldnt be a problem any longer.

    Leemur i tested that multiple times. You did not deleted the DBVERSION file when the server is stopped. To start fresh this file has to be deleted. Then those tables will be created automatically.
     
  9. Offline

    whitas


    Thank you man for this explaination :) I just thought I'm drunk :)
     
  10. Offline

    glaeken234

    Please help
     
  11. Offline

    APlusMalware

    This was just fixed in the latest dev build, 2335.
     
  12. Offline

    lord0o

    Nobody notices that if a random player enters with your same name adding "/" (a simple slash) behind the nick, he can use his privileges?...

    example:

    ryan144 is a VIP member, ([VIP] ryan144: hello!)
    /ryan144 is a new user but because he has the same nick as a VIP, he will enter like ryan144 and ([VIP] /ryan144: I WILL HACK THIS SH*T UP)


    Ok, this is an example because that message is using the name of an OP. and destroying everything and changing passwords and sh*t...

    how can I fix this issue?
     
  13. Offline

    komarEX

    Block '/' so it cannot be used in username. I believe that setting is in the end of config.yml
     
  14. Offline

    lord0o

    yes but, if it is "/" or "(" or any other nick name they can join aswell...how can I make to xAuth the EXACT nickname to authenticate?

    and how can I prevent not logged users to chat or use commands ? ANY COMMAND, even when a OP is not logged in ?
     
  15. Offline

    APlusMalware

    I'm not sure what you're asking, but you can allow only legal characters with
    Code:
    allowed: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890_
    It should be enabled by default, but you should be able to prevent that with
    Code:
      restrict:
        player:
          chat: true
     
  16. Offline

    tinez

    The inventory loss bug is still there, if a player disconnect before /login. (with 2335 et 2.0.19)
     
  17. Offline

    Leemur

    what's new in 2.0.19?
     
  18. Offline

    APlusMalware

    I believe you need to use version 2.0.17 or lower, since he moved the inventory saving code out of the PlayerQuit event in 2.0.18
     
  19. Offline

    tinez

    You are right. It works perfectly.
     
  20. Offline

    shika91

    Okay, i'm using 2.0.18 and the only problem is that players still split...
     
  21. Offline

    lycano

    No, in 2.0.18 i did added an exception to at least monitor and catch the error so it doesnt overload the server.
    (See 2.0.19 notice)

    In this version i did corrected an error i made in the previous version. I didnt know the unprotect method well enough as i did changed the order of actions to prevent NPE and stuff.

    Accidently reordered it that way that you would be in creative mode before your inventory would be restored meaning you can transport your inventory back and forth. This was not intended and should be fixed with 2.0.19

    If not please let me know.

    tinez APlusMalware i reccomend using 2.0.19 it doesnt make sense to keep it in PlayerQuitEvent as its useless there for the time beeing. Plus with lower versions than 2.0.18 your inventory is not save. The only way to prevent this is by using the new command /quit introduced in 2.0.18
     
  22. Offline

    APlusMalware

    As I pointed out earlier, the latest CraftBukkit development build (2335) fixed PlayerQuitEvent, so inventories are not lost anymore.
     
  23. Offline

    Joseei

    lycano

    Hey, I just upgraded from 2.0.10 to your 2.0.19 and I'm having a problem.

    Here is the problem - http://pastebin.com/F7G5UiUL

    Can you help me at all?

    I deleted all previous xAuth files etc and the tables from my mysql database (did all this while the server was turned off) and then turned the server back on and got all those errors. I believe I was getting those errors while I had 2.0.10 as well before I deleted everything and re did it. Not sure what's up.

    EDIT: I stopped the server, removed ALL the files this time, including the file in /lib (which I forgot last time) and all the tables in my mysql database, started the server, stopped it then re added xAuth and started the server AND now I'm still getting the error but the error has changed slightly, similar to leemur's error. Any help? This is the new error code - http://pastebin.com/PHRgg2uN

    ALSO did the user name thing with the slash (the thing the guy was talking about a few posts above) get fixed cos someone did that to my server with that bug and destroyed it, luckily I have backups.
     
  24. Offline

    APlusMalware

    Just add this to your config file:
    Code:
    filter:
      allowed: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890_
    It restricts usernames to only use characters in that list.
     
  25. Offline

    Joseei

    OK thanks, I assume the new guy will add this in himself so all users don't have to put up with hackers who use the slash bug. Right now though I need to get my error fixed.

    ops double post glitch, ignore this post

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
  26. Offline

    Ibas

    Yes you are right 17 work's much better than 19, 17 with no errors in it.
     
  27. Offline

    lord0o

    where can I download the 19 and 17 ?
     
  28. Offline

    DJTommek

    lord0o
    here...

    I'll try it today...

    btw: yesterday I tested x.18 and command /quit and works as good as possible, but it isn't really comfortable...
     
  29. Offline

    portapipe

  30. Offline

    lord0o

    I've downloaded the 19 version and Im having trouble with the login of everyone, when the login, (after a logout) they lose their items and everything, even the last spawn logued out...

    what im doing wrong ??
     
  31. Offline

    dannypha09

    I've got this error :(
    16:55:55 [SEVERE] [xAuth] Failed to create instance of H2 JDBC Driver!
    java.lang.ClassNotFoundException: org.h2.Driver
    at java.net.URLClassLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(Unknown Source)
    at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.
    java:41)
    at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.
    java:29)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Unknown Source)
    at com.cypherx.xauth.database.ConnectionPool.<init>(ConnectionPool.java:
    19)
    at com.cypherx.xauth.database.DatabaseController.dbInit(DatabaseControll
    er.java:50)
    at com.cypherx.xauth.database.DatabaseController.<init>(DatabaseControll
    er.java:24)
    at com.cypherx.xauth.xAuth.onEnable(xAuth.java:80)
    at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:217)
    at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
    .java:365)
    at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
    r.java:381)
    at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:265)
    at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:247
    )
    at net.minecraft.server.MinecraftServer.i(MinecraftServer.java:296)
    at net.minecraft.server.MinecraftServer.d(MinecraftServer.java:275)
    at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:225)
    at net.minecraft.server.DedicatedServer.init(DedicatedServer.java:140)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:380)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:539)
    16:55:55 [SEVERE] [xAuth] Failed to borrow H2 connection from pool!
    java.lang.NullPointerException
    at com.cypherx.xauth.database.DatabaseController.getConnection(DatabaseC
    ontroller.java:87)
    at com.cypherx.xauth.database.DatabaseController.isConnectable(DatabaseC
    ontroller.java:76)
    at com.cypherx.xauth.xAuth.onEnable(xAuth.java:83)
    at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:217)
    at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
    .java:365)
    at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
    r.java:381)
    at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:265)
    at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:247
    )
    at net.minecraft.server.MinecraftServer.i(MinecraftServer.java:296)
    at net.minecraft.server.MinecraftServer.d(MinecraftServer.java:275)
    at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:225)
    at net.minecraft.server.DedicatedServer.init(DedicatedServer.java:140)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:380)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:539)
    16:55:56 [SEVERE] [xAuth] Failed to establish H2 database connection!
    16:55:56 [INFO] [xAuth] Disabling xAuth v2.0.10
    16:55:56 [SEVERE] [xAuth] Failed to close H2 connection pool!
    java.lang.NullPointerException
    at com.cypherx.xauth.database.DatabaseController.close(DatabaseControlle
    r.java:138)
    at com.cypherx.xauth.xAuth.onDisable(xAuth.java:38)
    at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:219)
    at org.bukkit.plugin.java.JavaPluginLoader.disablePlugin(JavaPluginLoade
    r.java:391)
    at org.bukkit.plugin.SimplePluginManager.disablePlugin(SimplePluginManag
    er.java:400)
    at com.cypherx.xauth.xAuth.onEnable(xAuth.java:87)
    at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:217)
    at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
    .java:365)
    at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
    r.java:381)
    at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:265)
    at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:247
    )
    at net.minecraft.server.MinecraftServer.i(MinecraftServer.java:296)
    at net.minecraft.server.MinecraftServer.d(MinecraftServer.java:275)
    at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:225)
    at net.minecraft.server.DedicatedServer.init(DedicatedServer.java:140)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:380)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:539)
     
Thread Status:
Not open for further replies.

Share This Page