Disabling Minecraft Account Authentication [Formatted]

Plugin category: Administration

Suggested name: Selective Authentication?

A bit about me: I'm a moderator of an anarchy server, but i wanted to play legit among the other players. We get no /i and creative as moderators, just basic commands to keep watch and maintain equality. But since i can't pay for a second minecraft account, i proposed a plugin to the owner that would do what is said below. We couldn't find it, so this is the last place it could be.

What I want: A plugin that allows selective ip address's that are void of minecraft.net account authentication, so the server would have online-mode:true but if ip 127.0.0.1 connects to server, the check for if its a real account would not happen and it would login as normal.​

Ideas for commands: No commands needed for this plugin.

Ideas for permissions: this is ip based selection, so no permission is required.

When I'd like it by: As soon as you are able to provide it, I know you are all busy with many other requests, and I can wait.
Similar plugin requests: None.

Devs who might be interested in this: I'm not sure who to put here.​

 

If a server is online mode true, im fairly positive its impossible to bypass the check.

However, what you can do, is work from the other way. Have the server in offline mode, and use an authorization plugin, such as xAuth or something

 

There is no current API function in the bukkit library that can do this, but I looked at the craftbukkit source code and saw that it can be implemented. Iam planing on writing a pull request asap to implement it (since Iam also intrested to have this implemented for my private plugins) but it will take time. I hope you have paintence ^^

 

Shouldn't need to use API for this. Simply check the players IP against a whitelist. If false - kick.

Fairly simple plugin

 

They will never allow you to push those changes.

At OP if you want to just play without perms, take them away from yourself for a bit and add them when you need them for something.

 

May I ask why they would not do it? Security reasons? Iam just curious.

 

incorrect. If a player doesnt pass minecraft.net authentication on an online mode server, an ip-whitelist plugin wont work, the server wont let them in.

 

The stance on authentication has always seemed to be, if you don't wan to buy the game use online-mode=false.

This could be implemented in the current API though I think. Set online-mode=false and copy the normal minecraft.net check into a PlayerLoginEvent handler with the addition of a name check. But, expect people to log in with that name all the time and mess with you.

A better way would be to use a permissions plugin to switch your group when you want to play legit, or do what I do and just stop using the commands that legit players can't use when you wan to pay properly.

 

I think everyone over-thinking this...

Setup server as offline mode (any player can connect, offline or not)
When player connects, plugin pulls the website (http://www.minecraft.net/haspaid.jsp?user=dai007)
If user has paid then let player join.

If user has not paid:
Check ip against whitelist
If false = kick.

Use xAuth or CrazyLogin to protect offline accounts

I'm pretty sure that would work

 

Ok, some things that I want to clarify.

The main purpose of this function is not to be able to play unlegit, it is to be able to administrate the server in smoother way. I can really understand the OPs desire to have his account seperate from his moderating duties, I would want it too if I were a moderater on a server.

The point is, this is not about if somone can play legit or not (although it can be used for that too), it is about administrating and moderate the server.

This will not work since the online-mode check is even before the event PlayerPreLoginEvent is thrown. You need the modify the source to be able to do it atm.

Iam pretty sure he has already considered that, buf if not that is the best way to reach his goal.


One cool thing you could do with this function is to be able to have dummie players login to the server and use them to record in-game footage from different angels on a legit server. That is what I want to be able to do.

 

except the OP explicitely stated that the server must be run in online mode.

 

It's actually just after the event is fired. But that's not important if you can get the check done before they join, which you can using the PlayerLoginEvent.

There are plenty of reasons it would be useful.

 

Taken from the ThreadLoginVerifier.class from the run() method

Code:java

 
try {
String s = NetLoginHandler.a(this.netLoginHandler);
URL url = new URL("[url]http://session.minecraft.net/game/checkserver.jsp?user=[/url]" + URLEncoder.encode(this.loginPacket.name, "UTF-8") + "&serverId=" + URLEncoder.encode(s, "UTF-8"));
BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(url.openStream()));
String s1 = bufferedreader.readLine();
 
bufferedreader.close();
if (s1.equals("YES")) {
// CraftBukkit start
if (this.netLoginHandler.getSocket() == null) {
return;
}
PlayerPreLoginEvent event = new PlayerPreLoginEvent(this.loginPacket.name, this.netLoginHandler.getSocket().getInetAddress());
this.server.getPluginManager().callEvent(event);
 
if (event.getResult() != PlayerPreLoginEvent.Result.ALLOWED) {
this.netLoginHandler.disconnect(event.getKickMessage());
return;
}
// CraftBukkit end
 
NetLoginHandler.a(this.netLoginHandler, this.loginPacket);
} else {
this.netLoginHandler.disconnect("Failed to verify username!");
}
} catch (Exception exception) {
this.netLoginHandler.disconnect("Failed to verify username! [internal error " + exception + "]");
exception.printStackTrace();
}
}
 

And from my understanding PlayerPreLoginEvent is thrown before PlayerLoginEvent, so I doubt you can use the PlayerLoginEvent to prevent the disconnect method to be called.

 

Not what I said to do. Set the server to online-mode=false to disable the check and re-implement it in the PlayerLoginEvent

 

Ah, now I understand. Sorry for missing that (it is 02:00AM) .

Anyway, I still think a native API implementation would be better than a workaround like that, but it is a good plan B .

 

for people saying switch my account from moderator to default and back, the admins wouldn't even consider that. said if i get an alt, cant tell no one that i'm an op on another account,so if im playin legit here, then randomely go fly around, build in creative, and ban people, the players will say i could be using my moderator powers to help in "legit" playing. want a seperate account for this kind of stuff. just try to think that i already saw about every possible alternative before posting this. that means i want this, not something similar. thanks for so many replies, though this would die fast.didnt expect any one else to think of this and want it.

 

You could still leave stuff in chests for yourself etc. People will always question.