Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

There is no "if this is true". Go set up a vanilla Minecraft server and connect with the same name using two clients. What happens?

Hi.
This is a great plugin.
But I have a question.
I try to using authurl but I can not make it works

This is my configuration

Code:

authurl:
  enabled: false
  url: http://mexcrafters.com/xauth/verify.php
  registration: false
  status: false
  groups: false
  broadcast-login: true

The PHP file works fine I have tested it

PHP:

<?php
// this script is tested with SMF 2.X
 
/* The format is pretty simple, and always returns exactly 2 lines.
 
if successful, return this:
 
YES
forum_name
 
if not successful, return this:
 
ERROR
String to return to user describing error
 
*/
 
// $localaddr should be the IP your webserver is listening on, if this page isn't being visited by the same IP ($_SERVER['REMOTE_ADDR'])
// then errors are logged and a warning email is sent to the email configured in done() so no one tries to use this to bruteforce
// passwords, you really should just restrict this to only the server accessing it, I only make it accessible over localhost or to
// my home address over SSL only.
$localaddr = "127.0.0.1";
if($_SERVER['REMOTE_ADDR'] != 'minecraft.mx') die("Acceso Denegdo!");
 
function writeToFile($message, $fname = 'auth.log', $mode = 'a'){
    $fp = fopen($fname, $mode);
    fwrite($fp, time().': '.$message."\n");
    fclose($fp);
}
 
function checkPassword($checkPass, $realPass, $algorithm) {
    switch ($algorithm) {
    case 1:
        return $realPass == hash('whirlpool', $checkPass);
    case 2:
        return $realPass == hash('md5', $checkPass);
    case 3:
        return $realPass == hash('sha1', $checkPass);
    case 4:
        return $realPass == hash('sha256', $checkPass);
    default:
        // xAuth hashing
        $saltPos = (strlen($checkPass) >= strlen($realPass) ? strlen($realPass) : strlen($checkPass));
        $salt = substr($realPass, $saltPos, 12);
        $hash = hash('whirlpool', $salt . $checkPass);
        return $realPass == substr($hash, 0, $saltPos) . $salt . substr($hash, $saltPos);
    }
}
 
function done($msg, $template = "ERROR\n%s"){
    printf($template, $msg);
    global $localaddr;
    if($_SERVER['REMOTE_ADDR'] != $localaddr){
        $result = sprintf(str_replace("\n", ", ", $template), $msg);
        writeToFile("result: ".$result);
        // only if it's a bad pass, text me
        if(strpos($msg, 'assword') === FALSE)
            exit;
        $to = "YOUR_EMAIL_ADDRESS_IF_REQUIRED";
        $subject = "auth alert";
        $message .= $result."\n";
        //$message .= $_SERVER['REMOTE_ADDR']." user: ".$_REQUEST['user'].", field: ".$_REQUEST['field'].", pass length: ".strlen($_REQUEST['pass']);
        $message .= $_SERVER['REMOTE_ADDR']." user: ".$_REQUEST['user'].", pass length: ".strlen($_REQUEST['pass']);
        $from = "EMAIL_TO_SEND_FROM";
        $headers = "From: $from";
        $sendmail_params = "-f $from -r $from";
        writeToFile("mail sent: ".(mail($to,$subject,$message,$headers, $sendmail_params) ? 'true' : 'false'));
    }
    exit;
}
 
if(($_SERVER['REMOTE_ADDR'] != 'minecraft.mx')
    || !isset($_REQUEST['pass']) || !isset($_REQUEST['user']))
    //|| !isset($_REQUEST['field'])    || ($_REQUEST['field'] != 'minecra')
    die("Acceso Denegado!");
 
$user = $_REQUEST['user'];
$pass = $_REQUEST['pass'];
//$field = 'cust_'.$_REQUEST['field'];
 
if($_SERVER['REMOTE_ADDR'] != $localaddr)
    //writeToFile($_SERVER['REMOTE_ADDR']." user: $user, field: $field, pass length: ".strlen($pass));
    writeToFile($_SERVER['REMOTE_ADDR']." user: $user, pass length: ".strlen($pass));
 
$db_server = 'localhost';
$db_name = 'any_db';
$db_user = 'any_admin';
$db_passwd = 'any_pass';
 
 
$link =  mysql_connect($db_server, $db_user, $db_passwd);
mysql_select_db ($db_name);
if (!$link) {
    die('No pudo conectarse: ' . mysql_error());
}
 
$result = mysql_query("SELECT `minecraftname`, `minecraftpassword` FROM `anytable` WHERE `approved` = 1 AND `confirmed` = 1 AND `banned` = 0 AND `minecraftname` = '".$user."'" );
        if (!$result) {
                echo 'Could not run query: ' . mysql_error();
                exit;
            }
            $row = mysql_fetch_row($result);
$member_name = $row[0];
$pass_hash = $row[1];
 
mysql_close($link);
 
if(checkPassword($pass_hash,$pass,'0')){
    done($user, "YES\n%s");
}
else{
    done('No estas registrado o no has dado de alta tu cuenta en tu perfil de Mexcrafters: http://mexcrafters.com/Communidad.html');
}
 
?>

Mi server IP is minecraft.mx, and mi webpage is mexcrafters.com id diferent servers
Thanks in advance

@alexlv4
Seriously? Take a look at the AuthURL configuration again. Hint: it starts with an 'e'.

I get kicked because someone logget in from another location...
Can you fix this please?
Its a big problem on my server..

Hi

Sorry for my mistake, I copy the configuration after my test
I change to enable: true, but it does not work, all players login automatically.

All my config and my php it's ok?

Thanks in advance

http://pastebin.com/3HHwdE05 it wont create the tables needed

hey,
is there any possibility to add the features like "lastlogin" again???
That was really cool

I would to know how to set a block for IP.
Sometimes a "b****" try to enter into my player accounts. They often get disconnect and lose all items. How to block ip player? I would like that none can access a player account while he is playing.

Because a f**** bug, xauth disabled it self........

Code:

[xAuth] Something went wrong while deleting session for account: 72
org.h2.jdbc.JdbcSQLException: General error: "java.lang.LinkageError: loader constraint violation: when resolving method ""org.h2.result.RowList.<init>(Lorg/h2/engine/Session;)V"" the class loader (instance of org/bukkit/plugin/java/PluginClassLoader) of the current class, org/h2/command/dml/Delete, and the class loader (instance of sun/misc/Launcher$AppClassLoader) for resolved class, org/h2/result/RowList, have different Class objects for the type (Lorg/h2/engine/Session;)V used in the signature"; SQL statement:
DELETE FROM `sessions` WHERE `accountid` = ? [50000-164]
    at org.h2.message.DbException.getJdbcSQLException(DbException.java:329)
    at org.h2.message.DbException.get(DbException.java:158)
    at org.h2.message.DbException.convert(DbException.java:277)
    at org.h2.command.Command.executeUpdate(Command.java:230)
    at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(JdbcPreparedStatement.java:143)
    at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPreparedStatement.java:129)
    at com.cypherx.xauth.PlayerManager.deleteSession(PlayerManager.java:397)
    at com.cypherx.xauth.PlayerManager.checkSession(PlayerManager.java:136)
    at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerJoin(xAuthPlayerListener.java:80)
    at sun.reflect.GeneratedMethodAccessor193.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:601)
    at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:301)
    at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
    at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:459)
    at net.minecraft.server.ServerConfigurationManager.c(ServerConfigurationManager.java:132)
    at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:129)
    at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:94)
    at net.minecraft.server.Packet1Login.handle(SourceFile:68)
    at net.minecraft.server.NetworkManager.b(NetworkManager.java:229)
    at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:48)
    at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:61)
    at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:551)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:449)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
Caused by: java.lang.LinkageError: loader constraint violation: when resolving method "org.h2.result.RowList.<init>(Lorg/h2/engine/Session;)V" the class loader (instance of org/bukkit/plugin/java/PluginClassLoader) of the current class, org/h2/command/dml/Delete, and the class loader (instance of sun/misc/Launcher$AppClassLoader) for resolved class, org/h2/result/RowList, have different Class objects for the type (Lorg/h2/engine/Session;)V used in the signature
    at org.h2.command.dml.Delete.update(Delete.java:59)
    at org.h2.command.CommandContainer.update(CommandContainer.java:73)
    at org.h2.command.Command.executeUpdate(Command.java:226)
    ... 21 more
2012-04-27 10:07:45 [SEVERE] Could not pass event PlayerJoinEvent to xAuth
org.bukkit.event.EventException
    at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:303)
    at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
    at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:459)
    at net.minecraft.server.ServerConfigurationManager.c(ServerConfigurationManager.java:132)
    at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:129)
    at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:94)
    at net.minecraft.server.Packet1Login.handle(SourceFile:68)
    at net.minecraft.server.NetworkManager.b(NetworkManager.java:229)
    at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:48)
    at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:61)
    at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:551)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:449)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
Caused by: java.lang.LinkageError: loader constraint violation: when resolving method "org.h2.index.RangeIndex.<init>(Lorg/h2/table/RangeTable;[Lorg/h2/table/IndexColumn;)V" the class loader (instance of org/bukkit/plugin/java/PluginClassLoader) of the current class, org/h2/table/RangeTable, and the class loader (instance of sun/misc/Launcher$AppClassLoader) for resolved class, org/h2/index/RangeIndex, have different Class objects for the type mn;)V used in the signature
    at org.h2.table.RangeTable.getScanIndex(RangeTable.java:117)
    at org.h2.table.TableFilter.getBestPlanItem(TableFilter.java:161)
    at org.h2.table.Plan.calculateCost(Plan.java:110)
    at org.h2.command.dml.Optimizer.testPlan(Optimizer.java:177)
    at org.h2.command.dml.Optimizer.calculateBestPlan(Optimizer.java:81)
    at org.h2.command.dml.Optimizer.optimize(Optimizer.java:230)
    at org.h2.command.dml.Select.preparePlan(Select.java:919)
    at org.h2.command.dml.Select.prepare(Select.java:823)
    at org.h2.command.dml.Insert.prepare(Insert.java:241)
    at org.h2.command.Parser.prepareCommand(Parser.java:218)
    at org.h2.engine.Session.prepareLocal(Session.java:415)
    at org.h2.engine.Session.prepareCommand(Session.java:364)
    at org.h2.jdbc.JdbcConnection.prepareCommand(JdbcConnection.java:1121)
    at org.h2.jdbc.JdbcPreparedStatement.<init>(JdbcPreparedStatement.java:71)
    at org.h2.jdbc.JdbcConnection.prepareStatement(JdbcConnection.java:267)
    at com.cypherx.xauth.PlayerDataHandler.storeData(PlayerDataHandler.java:78)
    at com.cypherx.xauth.PlayerManager.protect(PlayerManager.java:156)
    at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerJoin(xAuthPlayerListener.java:88)
    at sun.reflect.GeneratedMethodAccessor193.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:601)
    at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:301)
    ... 12 more

EDIT: Possible conflict with mcdocs ?

What about translations?

Here you go, a Slovenian one:
http://www.2shared.com/file/I1N5nEcJ/messages.html

if I can somehow go with authme the xauth?

I get kicked because someone logget in from another location...
Can you fix this please?
Or can someone help me? (ideas?, tipps?)
Its a big problem on my server...

What can I do to move the registered account in authme to xauth?

Hey I can't register with the plugin version 1.2.5-R1.0

Any tutorial (exactly about MySQL for Windows), please!

Hello all,

My moderators are reporting a "bug" that xAuth is not recognizing difference between small and capital letters.

Like when somebody logs in with name John and logs out, somebody log in with john and its treat as the same person. Did i miss something in config ?

Regards,
Vladimir

I have the same "bug"/problem!
And i have a big problem with the "login from another location!".

The importer will be updated soon to support converting from AuthMe to xAuth.

Why would xAuth differentiate between character case if the name is the same when Minecraft doesn't in the first place?

Do you refuse to read or are you just naturally illiterate? Stop posting this shit in my thread, it's been answered numerous times.

Later, that is, at what time?

If I knew I would have given an exact date and time.

Updated to version 2.0.7:

• Added option (main.reload-on-join) to reload cached player data when they connect to the server.
• Added option (account.update-last-login) to toggle updating of the lastlogindate & lastloginip database fields.
• Added ability to check if a new update is available.
• Fixed /xauth reload allowing non-logged in players to bypass /login.
• Re-added reverse-enforce-single-session feature for those also running the Spout plugin. Will be fully implemented when I figure out how using Spout resolves the exploit.
• Removed support for individual Permissions plugins since they all support Bukkit Permissions.
• Added option to enable/disable required login after registration.
• Fixed server crash involving a player logging out with no solid block below them while location protection was disabled.

Thats a answer, because minecraft don't ? This plugin is security for minecraft in offline mode, and possibility to get OP privileges just by changing letter in name its not much secure, is it ?

Don't get me wrong, you did great job with the plugin and there is no equal, all I'm trying to do to make it better.

A can not be any other way to convert?

Give me converter from AuthMe to xAuth

Thanks for re adding the reverse-enforce-single-session option.

I have noticed in the releasenotes of the 1.2.5R1.3 bukkit release of yesterday that a bug has been solved that might be related to this problem:

PreLoginEvent called before PlayerQuit if the same user logs on more than once.

I dont know if this possible could lead to a fix of the reverse-enforce-single-session option issue.

How can i dasable space in player names?

I did a quick test with this new CB build and whatever was changed does seem to resolve the exploit without the need of Spout. I'll do a more in depth test when I get home from work to verify this.

is there a flatfile version?

Hi CypherX,

I'm trying to update my server to 1.2.5, and so far it all went well. But then it was xAuth's turn.
I simply downloaded the new version and pasted the .jar and folder in the plugins folder, opened my server, and received this message:

Code:

20:45:56 [INFO] [xAuth] Enabling xAuth v2.0.7
20:45:56 [INFO] [xAuth] Downloading required H2 library..
20:46:03 [INFO] [xAuth] Download complete, reloading xAuth..
20:46:03 [INFO] [xAuth] Disabling xAuth v2.0.7
20:46:03 [INFO] [xAuth] Enabling xAuth v2.0.7
20:46:04 [SEVERE] [xAuth] Failed to create instance of H2 JDBC Driver!
java.lang.ClassNotFoundException: org.h2.Driver
        at java.net.URLClassLoader$1.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(Unknown Source)
        at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.
java:41)
        at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.
java:29)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Unknown Source)
        at com.cypherx.xauth.database.ConnectionPool.<init>(ConnectionPool.java:
19)
        at com.cypherx.xauth.database.DatabaseController.dbInit(DatabaseControll
er.java:50)
        at com.cypherx.xauth.database.DatabaseController.<init>(DatabaseControll
er.java:24)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:78)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
.java:336)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
r.java:381)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:70)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
.java:336)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
r.java:381)
        at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:250)
        at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:232
)
        at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:371)
        at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:358)
        at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:187)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:422)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
20:46:04 [SEVERE] [xAuth] Failed to borrow H2 connection from pool!
java.lang.NullPointerException
        at com.cypherx.xauth.database.DatabaseController.getConnection(DatabaseC
ontroller.java:87)
        at com.cypherx.xauth.database.DatabaseController.isConnectable(DatabaseC
ontroller.java:76)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:81)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
.java:336)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
r.java:381)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:70)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
.java:336)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
r.java:381)
        at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:250)
        at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:232
)
        at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:371)
        at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:358)
        at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:187)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:422)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
20:46:04 [SEVERE] [xAuth] Failed to establish H2 database connection!
20:46:04 [INFO] [xAuth] Disabling xAuth v2.0.7
20:46:04 [SEVERE] [xAuth] Failed to close H2 connection pool!
java.lang.NullPointerException
        at com.cypherx.xauth.database.DatabaseController.close(DatabaseControlle
r.java:138)
        at com.cypherx.xauth.xAuth.onDisable(xAuth.java:38)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:217)
        at org.bukkit.plugin.java.JavaPluginLoader.disablePlugin(JavaPluginLoade
r.java:362)
        at org.bukkit.plugin.SimplePluginManager.disablePlugin(SimplePluginManag
er.java:399)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:85)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
.java:336)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
r.java:381)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:70)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
.java:336)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
r.java:381)
        at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:250)
        at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:232
)
        at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:371)
        at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:358)
        at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:187)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:422)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)

Could you please help me out? Because my server is nothing without xAuth!
Gr. GlitchHero9724

No. The default datasource is H2 which is fully automatic and requires no user interaction.

@GlitchHero9724
What version of xAuth did you upgrade from? Were you using MySQL?