[SEC] AuthMe v2.5.1 - High Performance Authorization plugin [1818/1.1-R1]

Big fail -> dont login you type 1 commands /plugins worldedit -> //fill 10 10
and spawn lava...

Plis Fix This Faill !!

/ -> its OK
// -> It no OK

sorry for me english i am french

This is either a bug in bukkit that does not create a event for commands with "//" or the worldedit guys do something weird and bypass the event system with their commands.

Either way its not the fault of AuthMe as it can only block commands when bukkit informs the plugin that someone used a command...

Bug report: when reloading the server, players can't login anymore and AuthMe says the players are not registered. After a relogin, it works again.
Thanks anyway, great plugin!

Hi

Is it possible to auto auth Premium users, and ask for login only non-premium users?

I don't think so. There is no way for me to find out if a player is a premium user or not.

Found a bug, you can walk around without logging in. Sure you will be kicked after the kick period which is default 90 seconds but that still isn't good.

I have a question, if I disable the cache will the cache inventory be moved to actual player inventory? I want to remove the plugin but I don't want the cache inventory being lost for some players.

Hi,
what is "/authme toggleregs"?
Well, now I have added the new column "email" in the database and now at the registration is asket correctly.. but I have over 3'000 account without this new information... how can I forcing their inserting of this field?
Thx in advance.

Hi.

Bukkitcontrib updated to Spout!

Can you update your plugin to support it?

Yep, I get tons or errors since yesterday...
Please update to Spout!

whenever i or a user give the command /login that come in my consol

or that

i dont know what i do wrong, i see some people here has the same problem..

I have a problem.
I use authme, but I don't force my people to register (ForceRegistration: false). But when they are, I force them to login. It allows them to protect their account if they want.
But when they are registered, and someone comes with their name, they have 60 seconds to enter the password, or they get kicked. But in these 60 seconds, they have access to every command that this person has.
It means if someone logs with a pirate version of minecraft, logs with my name, they have access to everything. That's what this plugin is for no?
So, in "AllowNonLoggedIn", there's a command line, and there's only "uptime" allowed (I don't know what it is) so I shouldn't have access to any command when I'm not logged in.

Here is my config file

Code:

############################################################
# +------------------------------------------------------+ #
# |                  DataController                      | #
# +------------------------------------------------------+ #
############################################################
DataController:
    # This Cache saves registration details like username and password
    # Change it to false, if you want edit the datasource under runtime
    # Otherwise let it to true!
    CacheEnabled: true

    # Possible datasources are 'flatfile' or 'mysql'
    Datasource: flatfile

############################################################
# +------------------------------------------------------+ #
# |                       Misc                           | #
# +------------------------------------------------------+ #
############################################################
Misc:
    # Set it to false, if you want let the player decide, if he should register or not
    ForceRegistration: false

    # If it's enabled, it will kick non-registered players before they could join
    # Make sure to edit the Kick.NotRegistered message in message file!
    KickNonRegistered: false

    # What has to be done, if a player typed a wrong password?
    # Kick him (true) or only warn him with a simple chat message (false)
    KickOnWrongPassword: true

    # Kick a non-loggedin player after he has reached a certain timeout (in seconds)
    # To disable this, set it to 0
    LoginTimeout: 60

    # The intervall between Alert.Login and Alert.Registration messages (in seconds)
    AlertInterval: 5

    # What should we allow unregistered players?
    AllowNonRegistered:
        Chat: true
        # Following commands are allowed to use
        # Be warned: Additionally every subcommand gets allowed, e.g. '/uptime today'
        Commands:
        - uptime
        WalkAroundSpawn:
            Enabled: false
            Radius: 5

    # What should we allow players, that are not logged in?
    AllowNonLoggedIn:
        # Following commands are allowed to use (and every subcommand!)
        # Be warned: Additionally every subcommand gets allowed, e.g. '/uptime today'
        Commands:
        - uptime

    # Following players get unrestricted access without the force to log in
    # Use this function, if you use plugins, that create bots (NPCs)!
    AllowPlayerUnrestrictedAccess:
    - Bot01

    # Algorithm hash (MD5, SHA256, SHA1).
    Hash: SHA256

############################################################
# +------------------------------------------------------+ #
# |              Playername Restrictions                 | #
# +------------------------------------------------------+ #
############################################################
PlayerNameRestriction:
    # The name of a player should have the following maximum and minimum length
    PlayerNameMaxLength: 20
    PlayerNameMinLength: 3

    # The characters in the name can be restricted by RegEx
    # For more informatiom about RegEx visit
    # http://en.wikipedia.org/wiki/Regular_expression#POSIX_character_classes
    PlayerNameRegex: '[a-zA-Z0-9_?]*'

############################################################
# +------------------------------------------------------+ #
# |                   Login Sessions                     | #
# +------------------------------------------------------+ #
############################################################
LoginSessions:
    # This function automatically logs players in, if they were already logged
    # in before their last disconnect
    Enabled: true

    # Maximum timeout between last logout and new connection (in seconds)
    MaximalTimePeriod: 20

    # Be warned: Only disable this, if you know what you are doing!
    # Disabling this makes AuthMe not comparing old and new IPs and maybe
    # grants access to name spoofers (in case you are in offline-mode)
    IPCheckEnabled: true

############################################################
# +------------------------------------------------------+ #
# |                     Commands                         | #
# +------------------------------------------------------+ #
############################################################
Commands:
    Users:
        ChangePasswordEnabled: true
        RegisterEnabled: true
        UnregisterEnabled: true
        LoginEnabled: true
        LogoutEnabled: true
    Ops:
        ReloadAuthsEnabled: true
        ResetAuthEnabled: true

############################################################
# +------------------------------------------------------+ #
# |                  MySQL Settings                      | #
# +------------------------------------------------------+ #
############################################################
MySQL:
    # Connection details
    Connection:
        Host: localhost
        Port: 3306
        Database: test
        Username: root
        Password: pass

    # Settings for a custom user table
    # Do not change this, if you don't have any scripts reqiring this
    Custom:
        TableName: authme
        ColumnUsername: username
        ColumnPassword: password
        # Custom information, that a player has to type on /register command
        # This function is only available for MySQL as datasource!
        # Make sure that you have a column with the right name in your database!
        # The information gets checked, if it complies to the given RegEx string
        # If the check was successfull, the information get stored in the respective column
        # A line must be built up like following:
        #   columnname: 'regexstring'
        # For good RegEx strings visit http://regexlib.com
        # If you are still unsure, check the given example below (email)
        RegistrationInfo:
#            email: '^\w+@[a-zA-Z_]+?\.[a-zA-Z]{2,3}$'

Ehm my Users are registered in the Flatfile-DB.
Now i want to switch to mysql backend.
Are my users lost or can i import the data from flatfile to mysql?

Import data, you can through various managers MySQL.

After upgrade I'm have the same issue as @snouz.
Every player can run any command without logging in, in previous versions its work correctly.
Additionally, the first attempt to use /login the user gets a message that is not registered. Only for a second attempt at logging works

I'm sorry, but I don't really understand what does plugin does based off of the features. Is it something I'd want for extra security?

Well, if you run an offline server mostly. Offline means anybody can connect with a custom username, including someone else's name (and have access to all it's commands and objects.
Offline doesn't need minecraft.net to be online, and accept new people who haven't bought the game yet, and this plugin is useful in that case

Hi,
I would report these errors:

Code:

2011-08-07 21:05:11 [INFO] KorII lost connection: disconnect.quitting
2011-08-07 21:05:11 [INFO] Connection reset
2011-08-07 21:05:11 [SEVERE] java.net.SocketException: Socket closed
2011-08-07 21:05:11 [SEVERE]     at java.net.SocketOutputStream.socketWrite(Unknown Source)
2011-08-07 21:05:11 [SEVERE]     at java.net.SocketOutputStream.write(Unknown Source)
2011-08-07 21:05:11 [SEVERE]     at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
2011-08-07 21:05:11 [SEVERE]     at java.io.BufferedOutputStream.flush(Unknown Source)
2011-08-07 21:05:11 [SEVERE]     at java.io.DataOutputStream.flush(Unknown Source)
2011-08-07 21:05:11 [SEVERE]     at net.minecraft.server.NetworkWriterThread.run(SourceFile:116)
2011-08-07 21:05:13 [INFO] KorII [/95.238.11.139:63278] logged in with entity id 52802 at ([world] 

Ok first of all sorry that i haven't answered in the last days but I was on vaccation.

Thats an error from craftbukkit and not authme.

You are using an old version of authme

The inventory cache is only used during join->login. Only users who are registered, joined the game but did not login will loose there inventory.

Please fix the issues when using this + Spout

What about my problem? Users "who are registered, joined the game but did not login" have their inventory in a cache but have access to any command, despite I didn't authorize it in AuthMe config file.

If you join the site and
When connecting to the game
Is displayed join please visite my homepage http://example.com
When i run the server again
Then you can enjoy from the game
In short
Please help me.
If I sign up for website
Want to really enjoy the game as soon as



------------------------------------------------------------------------------------------------------
############################################################
# +------------------------------------------------------+ #
# | DataController | #
# +------------------------------------------------------+ #
############################################################
DataController:
# This Cache saves registration details like username and password
# Change it to false, if you want edit the datasource under runtime
# Otherwise let it to true!
CacheEnabled: true

# Possible datasources are 'flatfile' or 'mysql'
Datasource: mysql

############################################################
# +------------------------------------------------------+ #
# | Misc | #
# +------------------------------------------------------+ #
############################################################
Misc:
# Set it to false, if you want let the player decide, if he should register or not
ForceRegistration: true

# If it's enabled, it will kick non-registered players before they could join
# Make sure to edit the Kick.NotRegistered message in message file!
KickNonRegistered: true

# What has to be done, if a player typed a wrong password?
# Kick him (true) or only warn him with a simple chat message (false)
KickOnWrongPassword: true

# Kick a non-loggedin player after he has reached a certain timeout (in seconds)
# To disable this, set it to 0
LoginTimeout: 30

# The intervall between Alert.Login and Alert.Registration messages (in seconds)
AlertInterval: 5

# What should we allow unregistered players?
AllowNonRegistered:
Chat: false
# Following commands are allowed to use
# Be warned: Additionally every subcommand gets allowed, e.g. '/uptime today'
Commands:
- uptime
WalkAroundSpawn:
Enabled: false
Radius: 20

# What should we allow players, that are not logged in?
AllowNonLoggedIn:
# Following commands are allowed to use (and every subcommand!)
# Be warned: Additionally every subcommand gets allowed, e.g. '/uptime today'
Commands:
- uptime

# Following players get unrestricted access without the force to log in
# Use this function, if you use plugins, that create bots (NPCs)!
AllowPlayerUnrestrictedAccess:
- Bot01

# Algorithm hash (MD5, SHA256, SHA1).
Hash: MD5

############################################################
# +------------------------------------------------------+ #
# | Playername Restrictions | #
# +------------------------------------------------------+ #
############################################################
PlayerNameRestriction:
# The name of a player should have the following maximum and minimum length
PlayerNameMaxLength: 20
PlayerNameMinLength: 3

# The characters in the name can be restricted by RegEx
# For more informatiom about RegEx visit
# http://en.wikipedia.org/wiki/Regular_expression#POSIX_character_classes
PlayerNameRegex: '[a-zA-Z0-9_?]*'

############################################################
# +------------------------------------------------------+ #
# | Login Sessions | #
# +------------------------------------------------------+ #
############################################################
LoginSessions:
# This function automatically logs players in, if they were already logged
# in before their last disconnect
Enabled: false

# Maximum timeout between last logout and new connection (in seconds)
MaximalTimePeriod: 5

# Be warned: Only disable this, if you know what you are doing!
# Disabling this makes AuthMe not comparing old and new IPs and maybe
# grants access to name spoofers (in case you are in offline-mode)
IPCheckEnabled: true

############################################################
# +------------------------------------------------------+ #
# | Commands | #
# +------------------------------------------------------+ #
############################################################
Commands:
Users:
ChangePasswordEnabled: true
RegisterEnabled: false
UnregisterEnabled: false
LoginEnabled: true
LogoutEnabled: true
Ops:
ReloadAuthsEnabled: true
ResetAuthEnabled: true

############################################################
# +------------------------------------------------------+ #
# | MySQL Settings | #
# +------------------------------------------------------+ #
############################################################
MySQL:
# Connection details
Connection:
Host: localhost
Port: 3306
Database: linux
Username: root
Password: ***********

# Settings for a custom user table
# Do not change this, if you don't have any scripts reqiring this
Custom:
TableName: xe_member
ColumnUsername: user_id
ColumnPassword: password
# Custom information, that a player has to type on /register command
# This function is only available for MySQL as datasource!
# Make sure that you have a column with the right name in your database!
# The information gets checked, if it complies to the given RegEx string
# If the check was successfull, the information get stored in the respective column
# A line must be built up like following:
# columnname: 'regexstring'
# For good RegEx strings visit http://regexlib.com
# If you are still unsure, check the given example below (email)
RegistrationInfo:
# email: '^\w+@[a-zA-Z_]+?\.[a-zA-Z]{2,3}$'

Can you please add support for HeroChat? Players can chat when not logged in

This needs spout support!

The "Logged in from another location" messages still exist if you logged-in with the same nick and change the first letter with a Capital letter or vise versa.

I am foreign.
I do not speak English well
So I explain briefly.
My server is a guild server.
If any user is connected to a different account
F3 Clik
This place is exposed
i am finding that plugin
exameple
if you are gamer
if you don't login in web ,you don't login game...
or
if user lock ip
but if user login webpage login reload ip
I say again
I am foreign.
I do not speak English well
So if you feel a dilute to see
I',m sorry
Please Give me to understand
I LOVE BUKKIT AND MINECRAFT

And what is your 1st lang?
Maybye sb will translate your post from it?

hey!
i have a big problem
if there is a new user and he will to register, minecraft will geting broken.

Hello,

I have at present granted(tuned) AuthMe has my base of datum. I would just like to have a system which allows me of leave login user all the time after the login first one as long as I did not restart my waiter(server). But indeed on quite he(she,it) by contribution has their IP because otherwise everybody can connect on their account.

Thank you has you

Sorry for me English i am French

Is there any way to limit miltiple-accounts per ip? I hate when players make alot of fake accounts and invite them in some faction to gain power...

i just updated this plugin. i was still using 0.78 and recently installed spout. i was getting constant errors in the console after a reload. I also changed it from flatfile to MySQL.
i have just 1 question now.
All my users are getting the 'you must register' message just normally like it is supposed to.
But when i log in... i get nothing? no messages about needing to register. i'm unable to move though so its working fine. I just don't get any messages.. maybe becouse i'm an OP?

Edit: it works fine again after registering. It asks for to login just like normal. Still think it is weird it didn't tell me to register.