Inactive [ADMN/SEC] AuthDB v2.3.6 - Database authentication and protection [1.1-1.4.5]

Discussion in 'Inactive/Unsupported Plugins' started by CraftFire, Mar 13, 2011.

  1. Offline

    CraftFire

    In order to centralize support of our legacy projects, we will no longer be providing support on Bukkit. Please use www.spout.org for support with our projects going forward.
     
  2. Offline

    CraftFire

    We've been planning on adding other options for the character filter and hopefully improving the ease of use for it. :)
     
  3. Offline

    GossamerSolid

    Can I get a hotfix for that? I'd really like to start using this as manually adding people to our old Auth system is a pain in the ass.
     
  4. Offline

    Wulfspider

    Sure thing! Sorry for the delay, I had to get a build environment setup as I didn't have one on this machine.
    Here ya go! Let me know if it works for you. :)
    http://dl.dropbox.com/u/7446930/CraftFire/Plugins/AuthDB/authdb-2.3.0-SNAPSHOT.jar
    You'll need to look over your messages.yml and config.yml as a couple things have changed. Mainly with the badcharacters section being renamed to filter I believe.
     
  5. Offline

    GossamerSolid

    That's ok.

    I just tested the snapshot and it's now reporting that my password is incorrect. I've double/tripple checked it on the actual forums and the one I'm entering is right.

    Just for a headsup, not sure if this is causing the issue or not, but 2.0 RC5 is no longer the latest version, there's a 2.0 release out now (not sure how long it's been out)

    Ah ok,

    anyways I found a bug :)

    I'm not sure if it was when I linked the profile or just logged it, but my inventory got whiped.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Nov 10, 2018
  6. Offline

    Wulfspider

    I'll install and test with the latest release of SMF 2.0. Make sure you aren't using & in your password as that is filtered by default in the config.yml. Some other characters may also cause problems. Let me know if you are using any in your password.

    Edit: There are no changes with the MySQL schema at all so there should be no problem. You'll still need to set the version to 2.0.0.5 to avoid the version warning though.
     
  7. Offline

    GossamerSolid

    No I'm only using lower case, upper case and numbers. To test, I removed all blacklisted characters and tried again. Didn't work.

    So I made a new temp user on my forums and used the password "testpassword". I linked my account fine. So then I changed the temp user's password on the forums to "testP4SSword" and it didn't work anymore. Are you sure you aren't converting passwords to lower case somewhere?
     
  8. Offline

    Wulfspider

    Okay, download again and see if it works for you.
    http://dl.dropbox.com/u/7446930/CraftFire/Plugins/AuthDB/authdb-2.3.0-SNAPSHOT.jar
     
  9. Offline

    GossamerSolid

  10. Offline

    Wulfspider

    Not exactly, but similar. I blame @contex :p
    I haven't touched the Java side of AuthDB till now. :)
     
  11. Offline

    Wulfspider

    Hmmm, I'm not sure how to reproduce those detailed steps. :p
     
  12. Offline

    GossamerSolid

    I believe I went into the server (I already had inventory), then I logged into my account and my Inventory wasn't there. I had lots of stuff :)
     
  13. Offline

    Wulfspider

    Well, good thing you backup your world often. ;)
    I'll look and see if I can reproduce it. Can you check if you have anything in othernames.db under AuthDB please?
     
  14. Offline

    JesterB

    Passwords no like symbols:
    It looks like AuthDB doesn't like passwords using symbols (ie @, #, $ etc. -- & was not used), though alphanumeric passwords seem to work just fine. This with both 2.2.0 and the link to 2.3.0 in the previous page.

    Linked logins working improperly(?):
    For starters: I disabled registration since I want players to only be able to register via the forums. So I login as "testname" and link it to my forum login "adminyo" -- linking works fine. However after resetting the server, logging in again as "testname" the following doesn't seem to work:
    /login adminyo password123 (returns a "not registered" error)
    /link adminyo password123 (returns a "already linked to a username" error)
    /unlink adminyo password 123 (returns a "not linked to any username" error)

    So it seems offline users are able to login and link their username once, but it stops working afterwards.

    When in-game name matches the forum login, ie if I login as "adminyo" and just use /login password123, everything works fine.

    Linked logins & display names:
    A question as well: when linking a differing in-game name, it changes my name in chat to the linked one. Ie I login as "testname" and link it to my forum login "adminyo", then I show up as "adminyo". Is this just changing my display name, or does it change my player name as well? It mainly matters because of plugins like mcmmo/pwncraft/etc that store data based on player name.

    I'm guessing from how permissions is acting it preserves the player name, and just does a display name change. Could a config option be added to not have the display name change? This would be helpful for servers that want people to be able to have "multiple characters" attached to the same forum login.

    *edit*
    Related observation on the linked displayname change & persistence: once "testname" was linked to "adminyo", after logout and login (within the session time), I remained logged in but my display name was back to testname.

    Thank you for considering the suggestion, and for a great plugin!
     
  15. Offline

    Wulfspider

    The issues with symbols in passwords and with linked usernames are both known to us. They just have not been fixed yet. The symbols issue may never support all symbols.

    The display name changing is something that is in 2.3.0 only so far I believe. There is an option for it to be enabled or disabled, but I removed it from the config.yml for 2.3.0-SNAPSHOT as I didn't realize it was implemented at all yet. We are hoping to move a lot over to persistence soon as well.
     
  16. Offline

    JesterB

    That's the fastest reply I've ever received from a dev (this includes me replying to others as as dev :p). Not only that but I jumped the gun and you're already two steps ahead. Rockin! Can't wait to see 2.3.0 in all its glory :)
     
  17. Offline

    gameswereus

    Wow. Quite the feature list :p I will test ASAP and tell you how it goes
     
  18. Offline

    CraftFire

    Well, half of the feature list is upcoming features. :p
     
    contex likes this.
  19. Offline

    gameswereus

    Well, then, quite impressive wall of text! :p
     
  20. Offline

    Filas

    Regarding that part: linked user HAS to log in in different way:
    -join the server
    -open the chat
    -type your linked user password into chat WITHOUT any commands as the first message after joining.
    Just found that out while testing the friend's server.
     
  21. Offline

    Wulfspider

    They shouldn't have to login like that each time. That is supposed to be only for the initial linking, but it doesn't work properly right now.
     
  22. Offline

    contex

    I'm back from my one week vacation :)

    Linking should work fine in 2.3.0, will test more tommorow.
     
  23. Same here sometimes :(
     
  24. Offline

    CraftFire

    If you guys could give us steps of what you did up until the inventory wipe happened.
     
  25. Offline

    Max Black

    I read through the last page and didn't see this, so I thought I would request it.
    I have now typed my pass into a message twice (Because I didn't actually have an inventory, and thought I was logged out, or because I was lagging). Could you add an option to have a slash before the password (aka '/password' instead of 'password'), this still isn't secure because it would be in the logs, but it would be better then being printed for all to see.
     
  26. Offline

    CraftFire

    There is an option to login the normal way of /login yourpassword. You would need to set method: default in the config.yml. This is all documented on the wiki.

    Edit: It WAS documented on the old wiki, I have yet to update it on the new.
     
  27. Offline

    Max Black

    Thanks, works like a charm (and I love this plugin all the more)!
     
  28. Offline

    CraftFire

    No problem! We have a few more login method ideas we may implement in the future as well as improve upon the prompt method and also a way so that passwords aren't broadcasted while waiting for a response from the MySQL database. :)
     
  29. Offline

    Max Black

    That would be my only real complaint (the other being that it should ask for your password after Essentials's MOTD, by maybe putting a delay or something).
    Great plugin, this with HeroicRebuke make my web interface really nice
     
  30. Offline

    contex

    Already added to 2.3.0 :) In the config you can set how many seconds after join the message should be displayed.
     
  31. Offline

    Max Black

    haha, you're two steps ahead of me (and I really need to reread the wiki). Your brilliant!

    EDIT: Can't find it in the wiki, could you point it out?
     

Share This Page