Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    H14

    I have a question regarding allowed username characters. I've noticed several players coming into our non-premium server with names as 'a creeper' or 'the something'. What worries me is the space in their name, many of the plugins that rely solely on username as identification will simply break because of that space, making them with our current setup impossible to ban, rollback, detect their grief, .... which is quite the issue. I know there is an option in the config file to set the allowed characters that is currently set to allow them all I think (*?). Is there a way to make it allow all alphanumerical characters but no spaces?
     
  3. Offline

    CypherX

    They're in the .jar. The database is automatically created, why do you need them?

    A players inventory is saved to that table when they need to register/log in. When they successfully register, log in, or disconnect they're inventory is restored and deleted from the database.

    I'll see when I can do about adding a way to allow spaces in arguments.

    Code:
    allowed: 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
     
  4. Offline

    H14

    Thanks, didn't think it was that easy! I added an underscore so it matches exactly the allowed characters of the minecraft.net registration:
    Code:
    abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
     
  5. Offline

    GammahGotz

    I need a bit of help here.
    My server was griefed last night because someone managed to log in to one of us (the owner) and wand away the ENTIRE map. We have xAuth installed, but for some reason, we are NOT required to log in or register, and Multiplay's Support team is saying that the plugin is trying to access a database that it cannot. Please help us...

     
  6. Offline

    Hamad

    a guy forgot pass, how can i change his

    someone lost his pass, how to change hsis

    /xauth doesnt work

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 12, 2016
  7. Offline

    The Wizard

    use /xauth cpw player's name new password
     
  8. Offline

    moparisthebest

    If you are using the xAuth logins (usernames/passwords), then you need to use xAuth's method of doing that, CypherX provided sample PHP code for that on the wiki, and you don't need to use authURL. However, if you want xAuth to use your usernames and passwords, then you can make it use authURL and point it to your own custom page.

    As CypherX already said, smf_auth.php is an example file that works with SMF 2.x, which is the type of forum I use on my server.
     
  9. Offline

    JohnPulse

    Thanks ChyperX,
    I just added that line you told H14.
    I have an idea that spaces are a bit dificult to work with in this cases :)
    Regards,
    John
     
  10. Offline

    CypherX

    I see that you're using xAuth 1 which means you also probably have the '*' Permission on your admin group without also having '-xauth.exclude'. Update to xAuth 2, it's much better.

    I've already got spaces working for player names in most commands for the next update. Honestly, it should have been implemented long ago. I had it on my todo list but I must have erased it mistakenly at some point. Anyway, the next update will add the ability to use spaces in command arguments, most likely by using quotes.

    Example:

    Player: The Darkness
    Command: /xauth changepw "The Darkness" password
     
  11. Offline

    JohnPulse

    Sweet, I tried that via console with no sucess. Glad to see yet another improvement on this awesome plugin :)

    Btw, and another question that I can't seem to find on the topic.
    I'm connected on my H2 DB via java console, however, I can't seem to find the location of the userlist registered on my server.
    I'm certain that I'm missing a basic step as I am not expert on SQL. Can you please give me some pointers?
    I want this to have an ideia of the nicknames that I can unregistered to keep things clear.
    With this, an idea, could it be wise to have an option to automatically delete registered players that only logged once for only a few seconds?
    I'm afraid 50% of my registered users are cases like this :(

    Thanks for your time, regards,
    John
     
  12. Offline

    Keetveter

    Can you give a permanent link of the latest version to NoFear13 so he can use it in CraftBukkitUpToDate (zips supported)? That would be really nice :) .
     
  13. Offline

    omnija

    that spout edition does look very useful and nice.
     
  14. Offline

    CypherX

    All registered players are listed in the accounts table of the H2 database. I don't know how to access or view it with the Java console, but I use Workbench to navigate the database with a GUI. If you do give Workbench a try, it'll ask for a URL, username and password. The URL is the path to the xAuth.h2.db file, username is 'sa' (without the quotes), and leave the password blank.

    A prune feature to delete accounts for players who haven't logged in in the past x days is definitely a possibility.

    I gave him a link for it months ago and it hasn't changed. I just haven't added any of the 2.0 beta builds to it so it's still on 1.2.5.
     
  15. Offline

    Keetveter

    Oh, didn't know that. Thanks for having done that :) .
     
  16. Offline

    zzcranjo

    You need to change the syntax to allow for banning of "no name" players.
    Like who logged in to my server this morning
    08:15:20 [INFO] [xAuth] Player '' has registered
     
  17. Offline

    GammahGotz

    @CypherX Thank you for relpying. We are using xAuth v2.0b4 currently, and the permissions do have the "*" node AND the "-xauth.exclude" node. Also, It is not just us Admins, it is ALL users.
     
  18. Offline

    CypherX

    There's a setting to disallow no name players from entering the server.

    The config you posted in your previous post is from xAuth 1.2.5. If you are in fact using 2.0b4, then the exclude permission node isn't necessary. If what Multiplay's support team said is true, it's an issue on your or their end, nothing I can do about it here.
     
  19. Offline

    xBlueXFoxx

    In my server ops can still use commands, server version 1.7.3 using xauth 2.0 4b

    Any clue what's up, using default config.
     
  20. Offline

    forceserver

    I am foreign.
    I do not speak English well
    So I explain briefly.
    My server is a guild server.
    If any user is connected to a different account
    F3 Clik
    This place is exposed
    i am finding that plugin
    exameple
    if you are gamer
    if you don't login in web ,you don't login game...
    or
    if user lock ip
    but if user login webpage login reload ip
    I say again
    I am foreign.
    I do not speak English well
    So if you feel a dilute to see
    I',m sorry
    Please Give me to understand
    I LOVE BUKKIT AND MINECRAFT
     
  21. Offline

    Gibstick

    Hey, great plugin! I've been noticing this error message however, that pops up for only two specific players who play from the same IP:
    Code:
    [xAuth] Could not load StrikeBan for host: _his IP here_
    Could not pass event PLAYER_LOGIN to xAuth
    
    I'm using the latest beta 4. Everything still works, but the error message is slightly unsettling. The message still appears with the incorrect password punishment set to kick.
     
  22. Offline

    wacossusca34

    Hey, now the plugin is working properly, but the temporary ban is not working when you have attempted too many log ins.

    Here's the error:

    Code:
    18:42:21 [SEVERE] [xAuth] Could not load StrikeBan for host: 192.168.0.54
    org.h2.jdbc.JdbcSQLException: Column "192.168.0.54" not found [42122-153]
        at org.h2.message.DbException.getJdbcSQLException(DbException.java:327)
        at org.h2.message.DbException.get(DbException.java:167)
        at org.h2.message.DbException.get(DbException.java:144)
        at org.h2.jdbc.JdbcResultSet.getColumnIndex(JdbcResultSet.java:2912)
        at org.h2.jdbc.JdbcResultSet.get(JdbcResultSet.java:2963)
        at org.h2.jdbc.JdbcResultSet.getString(JdbcResultSet.java:283)
        at com.cypherx.xauth.database.DbUtil.loadStrikeBan(DbUtil.java:136)
        at com.cypherx.xauth.xAuth.isBanned(xAuth.java:522)
        at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerLogin(xAuthPlayerListener.java:46)
        at org.bukkit.plugin.java.JavaPluginLoader$12.execute(JavaPluginLoader.java:321)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:58)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:332)
        at net.minecraft.server.ServerConfigurationManager.a(ServerConfigurationManager.java:184)
        at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:82)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:74)
        at net.minecraft.server.Packet1Login.a(SourceFile:43)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:40)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:91)
        at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:451)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:361)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    18:42:21 [SEVERE] Could not pass event PLAYER_LOGIN to xAuth
    java.lang.NullPointerException
        at com.cypherx.xauth.xAuth.isBanned(xAuth.java:529)
        at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerLogin(xAuthPlayerListener.java:46)
        at org.bukkit.plugin.java.JavaPluginLoader$12.execute(JavaPluginLoader.java:321)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:58)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:332)
        at net.minecraft.server.ServerConfigurationManager.a(ServerConfigurationManager.java:184)
        at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:82)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:74)
        at net.minecraft.server.Packet1Login.a(SourceFile:43)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:40)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:91)
        at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:451)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:361)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    18:42:21 [INFO] wacossusca34 [/192.168.0.54:33599] logged in with entity id 86 at ([world] 68.90625, 73.0, 151.78125)
    18:42:21 [SEVERE] Could not pass event PLAYER_JOIN to Essentials
    java.lang.ClassCastException: java.lang.String cannot be cast to java.util.List
        at com.earth2me.essentials.Essentials.getLines(Essentials.java:233)
        at com.earth2me.essentials.Essentials.getMotd(Essentials.java:228)
        at com.earth2me.essentials.EssentialsPlayerListener.onPlayerJoin(EssentialsPlayerListener.java:239)
        at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:244)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:58)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:332)
        at net.minecraft.server.ServerConfigurationManager.c(ServerConfigurationManager.java:124)
        at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:97)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:74)
        at net.minecraft.server.Packet1Login.a(SourceFile:43)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:40)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:91)
        at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:451)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:361)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    18:42:35 [SEVERE] [xAuth] SQL query failure [write] (INSERT INTO `strike_bans` VALUES (?, ?))
    org.h2.jdbc.JdbcSQLException: Unique index or primary key violation: "PRIMARY_KEY_8 ON PUBLIC.STRIKE_BANS(HOST)"; SQL statement:
    INSERT INTO `strike_bans` VALUES (?, ?) [23001-153]
        at org.h2.message.DbException.getJdbcSQLException(DbException.java:327)
        at org.h2.message.DbException.get(DbException.java:167)
        at org.h2.message.DbException.get(DbException.java:144)
        at org.h2.index.BaseIndex.getDuplicateKeyException(BaseIndex.java:80)
        at org.h2.index.PageBtree.find(PageBtree.java:121)
        at org.h2.index.PageBtreeLeaf.addRow(PageBtreeLeaf.java:146)
        at org.h2.index.PageBtreeLeaf.addRowTry(PageBtreeLeaf.java:100)
        at org.h2.index.PageBtreeIndex.addRow(PageBtreeIndex.java:93)
        at org.h2.index.PageBtreeIndex.add(PageBtreeIndex.java:84)
        at org.h2.table.RegularTable.addRow(RegularTable.java:127)
        at org.h2.command.dml.Insert.insertRows(Insert.java:126)
        at org.h2.command.dml.Insert.update(Insert.java:86)
        at org.h2.command.CommandContainer.update(CommandContainer.java:69)
        at org.h2.command.Command.executeUpdate(Command.java:212)
        at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(JdbcPreparedStatement.java:143)
        at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPreparedStatement.java:129)
        at com.cypherx.xauth.database.Database.queryWrite(Database.java:89)
        at com.cypherx.xauth.database.DbUtil.insertStrikeBan(DbUtil.java:152)
        at com.cypherx.xauth.xAuth.strikeout(xAuth.java:510)
        at com.cypherx.xauth.commands.LoginCommand.onCommand(LoginCommand.java:50)
        at org.bukkit.command.PluginCommand.execute(PluginCommand.java:35)
        at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:129)
        at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:320)
        at net.minecraft.server.NetServerHandler.handleCommand(NetServerHandler.java:713)
        at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:677)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:670)
        at net.minecraft.server.Packet3Chat.a(Packet3Chat.java:33)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:85)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:105)
        at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:451)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:361)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    18:42:35 [INFO] [xAuth] 192.168.0.54 banned by strike system
    18:42:38 [SEVERE] [xAuth] Could not load StrikeBan for host: 192.168.0.54
    org.h2.jdbc.JdbcSQLException: Column "192.168.0.54" not found [42122-153]
        at org.h2.message.DbException.getJdbcSQLException(DbException.java:327)
        at org.h2.message.DbException.get(DbException.java:167)
        at org.h2.message.DbException.get(DbException.java:144)
        at org.h2.jdbc.JdbcResultSet.getColumnIndex(JdbcResultSet.java:2912)
        at org.h2.jdbc.JdbcResultSet.get(JdbcResultSet.java:2963)
        at org.h2.jdbc.JdbcResultSet.getString(JdbcResultSet.java:283)
        at com.cypherx.xauth.database.DbUtil.loadStrikeBan(DbUtil.java:136)
        at com.cypherx.xauth.xAuth.isBanned(xAuth.java:522)
        at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerLogin(xAuthPlayerListener.java:46)
        at org.bukkit.plugin.java.JavaPluginLoader$12.execute(JavaPluginLoader.java:321)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:58)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:332)
        at net.minecraft.server.ServerConfigurationManager.a(ServerConfigurationManager.java:184)
        at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:82)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:74)
        at net.minecraft.server.Packet1Login.a(SourceFile:43)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:40)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:91)
        at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:451)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:361)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    18:42:38 [SEVERE] Could not pass event PLAYER_LOGIN to xAuth
    java.lang.NullPointerException
        at com.cypherx.xauth.xAuth.isBanned(xAuth.java:529)
        at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerLogin(xAuthPlayerListener.java:46)
        at org.bukkit.plugin.java.JavaPluginLoader$12.execute(JavaPluginLoader.java:321)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:58)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:332)
        at net.minecraft.server.ServerConfigurationManager.a(ServerConfigurationManager.java:184)
        at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:82)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:74)
        at net.minecraft.server.Packet1Login.a(SourceFile:43)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:40)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:91)
        at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:451)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:361)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    18:42:38 [INFO] wacossusca34 [/192.168.0.54:33600] logged in with entity id 508 at ([world] 68.90625, 73.0, 151.78125)
    18:42:38 [SEVERE] Could not pass event PLAYER_JOIN to Essentials
    java.lang.ClassCastException: java.lang.String cannot be cast to java.util.List
        at com.earth2me.essentials.Essentials.getLines(Essentials.java:233)
        at com.earth2me.essentials.Essentials.getMotd(Essentials.java:228)
        at com.earth2me.essentials.EssentialsPlayerListener.onPlayerJoin(EssentialsPlayerListener.java:239)
        at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:244)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:58)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:332)
        at net.minecraft.server.ServerConfigurationManager.c(ServerConfigurationManager.java:124)
        at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:97)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:74)
        at net.minecraft.server.Packet1Login.a(SourceFile:43)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:40)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:91)
        at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:451)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:361)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    
    Some of these are also unanswered essentials errors.

    I'm also on a Linux system. Any help is greatly appreciated.
     
  23. Offline

    CypherX

    Does it not require them to log in? Can they use those commands without logging in? Need more information.

    xAuth has location protection to prevent finding someone's location with F3.
    Next time find a translator.
    Or learn English.
    I have better things to do then decipher idiot-speak.
    and stop talking like this.

    I found what would cause this a few days ago while working on the code. It'll be fixed in the next update.

    @wacossusca34 - Same as above.
     
  24. Offline

    wacossusca34

    NVM didnt nread post.
     
  25. Offline

    tinez

    Hi,

    Why do you put the playername in lowercase only? It's very annoying.
    Is there a way to convert all the nick into the normal Case?
     
  26. Offline

    Gibstick

    Looking forward to the new version
     
  27. Offline

    xBlueXFoxx

    They can use commands post login, they do not need to log in to use commands.
     
  28. Offline

    CypherX

    The only place player names are stored in lowercase is the cache, which is a result of the ConcurrentHashMap contains() methods being case sensitive. Everywhere else, such as the database, they are stored normally.

    Nothing I can think of off the top of my head that would allow this unless it was set up wrong or something is causing a conflict. Any errors in the console?
     
  29. Offline

    forceserver

    Does this plugin Integration with web homepage?
     
  30. Offline

    tinez

    Nvm, i'm sorry.

    All nickname are in lowercase cause i just convert the H2 database into a MySQL DB...
     
  31. Offline

    Subrosa20

    Is it possible to give unregistered users acces to the chat?
     
Thread Status:
Not open for further replies.

Share This Page