Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 16, 2011.

Thread Status:
Not open for further replies.
     
  1. Offline

    CypherX

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.

    This post has been edited 82 times. It was last edited by c0mp Aug 17, 2012.
  2.  
  3. Offline

    anon

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Does this block OP command of non logged in people?
  4. Offline

    Godspeed

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    works like a charm on craftbukkit #556 :)

    it does
    hybridphreak, MrGKanev and pedrofrq like this.
  5. Offline

    CypherX

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Yes, it blocks all commands except /register and /login. In the future I might add the ability to configure which commands can be used.
  6. Offline

    Walsa

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    I am currently using this plugin at my server. No problems so far, excellent work
  7. Offline

    blinghung

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Source Please :D
  8. Offline

    Phinary

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
  9. Offline

    CypherX

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
  10. Offline

    den

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    This plugin seems to eat your inventory if you join the server, don't log in, and leave the server. It could be coincidence but I've only seen my player's inventories get randomly nuked if their internet dropped out while trying to log in.
  11. Offline

    CypherX

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Updated to version 1.1.0, see first post. I wasn't going to release this update until I had the chance to add more features but I'm pushing it now to fix the bug brought to my attention by den.

    I remember explicitly testing this before the initial release but it seems something I changed in version 1.02 screwed it up. I recommend updating immediately to resolve this issue.

    On another note I'm currently working on an importer to convert the .db file used by AnjoSecurity into the flat-file format used by xAuth. Also expect new features and configurable settings soon.
    shemul likes this.
  12. Offline

    den

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Problem solved in record time. Awesome support.
  13. Offline

    Kaikz

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Does it support Authorize's database?
  14. Offline

    CypherX

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    If you have Authorize configured to use a flatfile you can just change auth.db to auth.txt and it will work.
  15. Offline

    Kaikz

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Sweet, thanks.
  16. Offline

    CypherX

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    xAuth Importer, a utility to import the auths.db file used by AnjoSecurity to the flatfile format used by xAuth has been added to the end of the first post. You can also get it here. Just simply run it and follow the instructions.

    I have also added a Known Bugs to the first post to keep track of such issues.
  17. Offline

    Phinary

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Please fix that bug soon :p Now thats the only thing stopping me from using this.
  18. Offline

    anon

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    I used the importer, it did convert it, I pasted it on the
    correct folder. But when I start server and log in, it says Im not registered.

    First time I tryed to save file, it gave me a error about UTF8 stuff, but I pressed save again and it saved. Do anyone knows what is wrong?

    EDIT:
    NVM, seems taht it sees OPs with another name than his name.
  19. Offline

    anon

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Im experiencing a big lag at login, as I have a big server and 1000+ registrations. When player logs in, server lags for 3 seconds. I already had that lag with anjosecurity, thats why I changed to yours. Your plugin seems to have lowered the lag, but it is still present. :(
  20. Offline

    CypherX

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Could you provide the auths.txt file used by your server so I can test possible ways to fix the lag? Feel free to PM it to me if you don't want to publicly post it.
  21. Offline

    Hybris95

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Sweet :) Much appreciated !
  22. Offline

    CypherX

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Updated to version 1.1.1:

    Changelog
    • Version 1.1.1
      • Inventories are no longer lost if the server is stopped / reloaded when a player is not logged in.
      • (Possible) Lag reduction on servers with a large amount of players while a player who isn't logged in is connecting. (Needs to be tested on a large server)
      • Four new configurable settings in config.yml
      • /authreload can now be used in-game by Ops. (Will add Permissions support eventually)
  23. Offline

    Toasty

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    I would really like to see something more secure than an MD5 hash for storing the passwords. There's rainbow tables everywhere for MD5, and it's pretty old.

    Other than that, I like this plugin. I'll be testing it out in a test server of mine before deciding to push it out to my production server.

    [EDIT] Actually, I have a few more suggestions. I'd like to see permissions support so that I don't have to put my mods in the OP file to give them permission to use the reload command. I'd also like to be able to change the passwords for any player if I have the "xauth.admin" permission node or something similar.

    And if it doesn't do this already, it'd be nice if the plugin would automatically detect when the server is started in offline mode, and enable/disable itself according to that parameter.

    Just some suggestions.
  24. Offline

    Brennan Mathers

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    sad face :'( doesnt block out all commands, world edit still works when not logged in (its proply that op issue again!)
  25. Offline

    CypherX

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME

    What other encryption would you want to see used? I was thinking about giving Whirlpool a try. Permissions support is coming soon, I just need to go read how to hook into it. The auto-detect if a server is running in offline-mode feature seems like a good idea, I'll see what I can do.

    Hm, I'll look into that. It might have something to do with the priority of the event.
  26. Offline

    Nolam

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Will we be able in any way to incorperate this through a website so that users don't have to sign up in game?

    Any ideas on how to?
  27. Offline

    CypherX

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Could create a registration script using PHP (or some other web development language) that writes to auths.txt.
  28. Offline

    Iqualfragile

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    i have got a bug for your known bugs list:
    whenever i login, my whole inventory is gone. //i know this is allright
    when i log in my inventory stays away! //this is not good
    i can do anything else, execute comands and so on, but i cant use my inventory.

    ps:
    it allway say;"you are not registered, please type (...)"
    even i am registered

    pps:
    i think it could be a nickname problem:
    the auths.txt file contains
    [farmer] §cnick§f§f:ae32ecc6b2106b904662efe4f28c6bf7
    instead of
    iqualfragile:ae32ecc6b2106b904662efe4f28c6bf7
  29. Offline

    CypherX

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Ah, I think I know the cause. I've been calling getDisplayName() to fetch a player's name instead of getName(). This will be fixed in the update which will be released tomorrow. Sorry for the trouble.
  30. Offline

    giding

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Does this plugin reset players' hp to max when they log in? If it doesn't, then I will certainly change from AnjoSecurity to this because that feature is very exploitable and cannot be turned off in AnjoSecurity.
  31. Offline

    CypherX

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    No, it does not.
Thread Status:
Not open for further replies.

Share This Page