Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    moparisthebest

    Right now I don't think it is possible, but you probably don't want it to be possible, since it is potentially dangerous. Imagine someone trying to login but accidentally omitting the /

    login yourverysecretpassword

    Would now be broadcast to the entire server.
     
  3. Offline

    Subrosa20

    But many people just join, don't get how to register and leave.

    Would be nice if everything an unregistered user types into the chat would just be sent to people who have the permission to see it. (Moderators)
     
  4. Offline

    Oreminer

    dont you get a message when a first time joiner enters your world?

    (username) has joined
    Welcome (username) to the world?

    i get this message whenever a new player enters that should been sufficient enough to alert you mods :)
    you could also change your motd ( message of the day) telle the joiners what command to use for first time login

    I myself am trying to get xauth to work with mysql.

    Is xauth supposed to make its own tables
    Code:
            account: accounts
            session: sessions
            strike: strike_bans
            location: tele_locations
            inventory: inventory
    
    in the assigned database?
    because it doesnt seem to do that. even though i have set connection settings correct
    Code:
        host: localhost
        port: 3306
        username: my database username (checked spelling  multiple times)
        password: my database userpass (also checked spelling  multiple times)
        database: database name (also checked spelling)
    
    and
    Code:
        datasource: mysql
    
    all my other plugins are running on mysql but i cant seem to get this one going

    Any thoughts?

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 12, 2016
  5. Offline

    moparisthebest

    That's why you tell them how to register and/or login right when they login, through your server's welcome message or similar.
     
  6. Offline

    CypherX

    In the future, yes. At the moment, no.

    Delete the DBVERSION file from the xAuth /plugins/ directory and restart/reload the server.
     
  7. Offline

    Oreminer

    worked like a charm

    no to fixe some other plugin errors


    thanx for the support :)
     
  8. Offline

    qixx

    Hi!

    I have to know how the password is encrypted.
    I want to use the same login on my homepage (PHP).

    Or could I change the encryption to MD5?

    Thanks for help!
     
  9. Offline

    moparisthebest

    This is why there is authURL support, look at the sample for SMF forums and write a PHP page that xAuth can call that works with your logins.

    OR

    Use the PHP functions here:
    https://github.com/CypherX/xAuth/wiki/Password-Hashing
    To let your home page login with xAuth's logins.

    It sends the username and password to auth.php as POST. If you look in the example file you will see that.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 12, 2016
    qixx likes this.
  10. Offline

    skawke

    How would I make my plugin (SpoutEssentials) work with this? Whenever someone joins, it'll[ throw up an exception in the console. Actual gameplay isn't affect, just the error's annoying.
     
  11. Offline

    CypherX

    Just tried them together and I didn't get any errors. What's it giving you?
     
  12. Offline

    skawke

    Not sure, people report UNABLE TO PASS EVENT TO PLAYER_TELPORT and PLAYER_QUIT and sometimes PLAYER_JOIN. I'll look into it myself.
     
  13. Offline

    forceserver

    please setting....
    i don't know how to setting...
    I had used the AuthDB, but I want to change XAuth
    authDB
    database:
    driver: mysql
    host: localhost
    port: 3306
    username: root
    password: xxxxxx
    name: linux
    prefix:
    script:
    name: phpBB
    version: 3.0.8
    customdb:
    enabled: true
    table: xe_member
    userfield: user_id
    passfield: password
    emailfield: email_address
    encryption: md5

    XAuth
    mysql:
    # Location of the MySQL server. Can be either a host name or IP address
    host: localhost
    # Port used by MySQL. Default is 3306
    port: 3306
    # User name used to connect to the MySQL server
    username: root
    # Password used to connect to the MySQL server
    password: xxxxxx
    # Name of the database that will be used by xAuth
    database: ??? ->linux ?
    # Names of the tables xAuth will use to store data
    tables:
    account: accounts ->user_id ?
    session: sessions -> passwold ?
    strike: strike_bans ->?
    location: tele_locations ->?
    inventory: inventory ->?
    please help...
     
  14. i Have problems to delete user accounts
    with /xauth unregister Player
     
  15. Offline

    wvdburgt

    can someone point me in the right direction for a guide to integrate xauth with SMF forums? I have a standard SMF installation on a MySQL database but i have no idea how to set it up with the xauth plugin. Any help would be appreciated. any info will do. guides or a simple explanation what should be in the configs.
     
  16. Offline

    starnightx

    Show Spoiler
    [SEVERE] Error occurred while disabling xAuth v2.0b4 (Is it up to date?): loader constraint violation: loader (instance of org/bukkit/plugin/java/PluginClassLoader) previously initiated loading for a different type with name "org/h2/store/DataHandler"
    java.lang.LinkageError: loader constraint violation: loader (instance of org/bukkit/plugin/java/PluginClassLoader) previously initiated loading for a different type with name "org/h2/store/DataHandler"
    at java.lang.ClassLoader.defineClass1(Native Method)
    at java.lang.ClassLoader.defineClassCond(Unknown Source)
    at java.lang.ClassLoader.defineClass(Unknown Source)
    at java.security.SecureClassLoader.defineClass(Unknown Source)
    at java.net.URLClassLoader.defineClass(Unknown Source)
    at java.net.URLClassLoader.access$000(Unknown Source)
    at java.net.URLClassLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(Unknown Source)
    at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:36)
    at org.bukkit.plugin.java.JavaPluginLoader.getClassByName(JavaPluginLoader.java:219)
    at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:32)
    at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:24)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at org.h2.store.LobStorage.init(LobStorage.java:87)
    at org.h2.store.LobStorage.removeAllForTable(LobStorage.java:133)
    at org.h2.engine.Database.close(Database.java:1066)
    at org.h2.engine.Database.removeSession(Database.java:953)
    at org.h2.engine.Session.close(Session.java:572)
    at org.h2.jdbc.JdbcConnection.close(JdbcConnection.java:337)
    at com.cypherx.xauth.database.Database.close(Database.java:129)
    at com.cypherx.xauth.xAuth.onDisable(xAuth.java:54)
    at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:128)
    at org.bukkit.plugin.java.JavaPluginLoader.disablePlugin(JavaPluginLoader.java:899)
    at org.bukkit.plugin.SimplePluginManager.disablePlugin(SimplePluginManager.java:288)
    at org.bukkit.plugin.SimplePluginManager.disablePlugins(SimplePluginManager.java:281)
    at org.bukkit.craftbukkit.CraftServer.disablePlugins(CraftServer.java:157)
    at net.minecraft.server.MinecraftServer.stop(MinecraftServer.java:312)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:391)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)

    What is this and how do i fix ? D:
     
  17. Offline

    CypherX

    @forceserver - xAuth and AuthDB have extremely different database setups so there's no direct way to convert between the two. You could run xAuth once to create the tables, export the data from the AuthDB table into a .sql file, modify it to match the xAuth accounts table schema then import it.

    Take a look at the this script and the authURL settings. You could also read through moparisthebest's posts on the last few pages as he explains it more in depth.

    xAuth and iConomy have compatibility issues when both are using H2.
     
  18. Offline

    Mordicon

    I'm sorry for the noob question - but I see in the config file, this has an option to:
    # Verify a player's IP address when resuming a session
    verifyip: true
    Can I assume this means if the IP in IPv4 or IPv6 doesn't match the one when you registered, it will prompt you to supply the password?
    And if so, will it record the new one as well to bypass the password input after a successful attempt, or will the new IP have to put in the password every time?
     
  19. Offline

    Gibstick

    @Mordicon

    The IP is only checked while the session is valid (for already-registered players), and the session only lasts for an hour or something by default. The user won't have to log in during that grace period. There is no need to write the IP address anywhere, the plugin should record it for the session.
     
  20. Offline

    CypherX

    Incorrect, but I'll explain it: A session is linked to a players account. When a player connects, the plugin checks if this player has an active session. If the session is indeed active (not passed the session timeout limit) it then checks that the IP address used to begin the session (when /login was used) is equal to the IP address of the returning player. Setting 'verifyip' to false disables this IP check and will allow the session to be continued from any IP until it has expired.
     
  21. Offline

    NotYetRated

    Can we get an option for "Accounts per IP".... I want to limit the amount of accounts per IP to a couple, so some members with brothers/sisters can all join, but I don't want to leave it open to unlimited as it is now..
     
  22. Offline

    wacossusca34

    Uh, I can use commands before logging in. I'm going to swtich if there is not a fix for this.

    OS: Puppy Linux 5.2.5

    No errors, CB build 1000
     
  23. Offline

    EMOberger

    Same.
     
  24. Offline

    Trollkemada

    Im ussing #1060 and xauth v2.0b4 and i get this error :

    20:12:56 [INFO] [xAuth] 'Permissions' v2.7.7 support enabled!
    20:12:56 [INFO] [xAuth] Connection to database established!
    20:12:56 [GRAVE] [xAuth] Could not load TeleLocations from database!
    java.sql.SQLException: Column 'uid' not found.
    at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1073)
    at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:987)
    at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:982)
    at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:927)
    at com.mysql.jdbc.ResultSetImpl.findColumn(ResultSetImpl.java:1144)
    at com.mysql.jdbc.ResultSetImpl.getString(ResultSetImpl.java:5616)
    at com.cypherx.xauth.xAuth.loadTeleLocations(xAuth.java:438)
    at com.cypherx.xauth.xAuth.onEnable(xAuth.java:99)
    at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:126)
    at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
    .java:885)
    at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
    r.java:278)
    at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:178)
    at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:161
    )
    at net.minecraft.server.MinecraftServer.e(MinecraftServer.java:286)
    at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:273)
    at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:149)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:337)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    20:12:56 [INFO] [xAuth] Accounts: 299, Sessions: 36
    20:12:56 [INFO] [xAuth] v2.0b4 Enabled!
     
  25. Offline

    CypherX

    Already implemented, will be in the next update.

    Only happens when used with Spout and is caused by the code that allows Spout clients to authenticate with the old command method (which is no longer necessary). I'll release beta 5 tonight or tomorrow which fixes it.

    @Trollkemada - Looks like your database didn't update correctly when switching from beta 3 to beta 4. Edit the /plugins/xAuth/DBVERSION file to say '3' instead of '4' and try starting the server.
     
  26. Offline

    Trollkemada

  27. Offline

    CypherX

    Hm, change it to '1' or delete the file completely.
     
  28. Offline

    Trollkemada

    Same error, Could you add me on Xfire, Skype, maybe IRC chatting, or something? Just if it is more confortable for you.
     
  29. Offline

    SpiFioY

    Hmm, nice plugin, i like it but can you remove one thing: When i reload the server, everyone have to re-login and that suxs. Can you add an option like:
    disabe-relogin:true

    Tnx anyway ;)
     
  30. Offline

    CypherX

    What version are you using?
     
  31. Offline

    SpiFioY

    I was using very old one. Now i'm whit the new :) Everything is fixed :)

    Guys, i have an error:
    Code:
    15:14:39 [INFO] [xAuth] 'Permissions' v3.1.6 support enabled!
    15:14:41 [SEVERE] [xAuth] Could not connect to database! [DBMS = H2]
    java.sql.SQLException: invalid database address: jdbc:h2:plugins\xAuth\xAuth;IGN
    ORECASE=TRUE
            at org.sqlite.JDBC.createConnection(JDBC.java:74)
            at org.sqlite.JDBC.connect(JDBC.java:64)
            at java.sql.DriverManager.getConnection(Unknown Source)
            at java.sql.DriverManager.getConnection(Unknown Source)
            at com.cypherx.xauth.database.Database.connect(Database.java:36)
            at com.cypherx.xauth.xAuth.onEnable(xAuth.java:85)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:126)
            at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
    .java:885)
            at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
    r.java:278)
            at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:178)
            at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:161
    )
            at org.bukkit.craftbukkit.CraftServer.reload(CraftServer.java:452)
            at org.bukkit.command.SimpleCommandMap$ReloadCommand.execute(SimpleComma
    ndMap.java:281)
            at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:12
    9)
            at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:3
    44)
            at net.minecraft.server.MinecraftServer.b(MinecraftServer.java:489)
            at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:468)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:363)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    15:14:41 [SEVERE] [xAuth] Disabling - No connection to database
    15:14:44 [SEVERE] [xAuth] Could not connect to database! [DBMS = H2]
    java.sql.SQLException: invalid database address: jdbc:h2:plugins\xAuth\xAuth;IGN
    ORECASE=TRUE
            at org.sqlite.JDBC.createConnection(JDBC.java:74)
            at org.sqlite.JDBC.connect(JDBC.java:64)
            at java.sql.DriverManager.getConnection(Unknown Source)
            at java.sql.DriverManager.getConnection(Unknown Source)
            at com.cypherx.xauth.database.Database.connect(Database.java:36)
            at com.cypherx.xauth.database.Database.queryRead(Database.java:58)
            at com.cypherx.xauth.database.DbUtil.getPlayerFromDb(DbUtil.java:261)
            at com.cypherx.xauth.xAuth.getPlayer(xAuth.java:206)
            at com.cypherx.xauth.xAuth.onDisable(xAuth.java:48)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:128)
            at org.bukkit.plugin.java.JavaPluginLoader.disablePlugin(JavaPluginLoade
    r.java:906)
            at org.bukkit.plugin.SimplePluginManager.disablePlugin(SimplePluginManag
    er.java:294)
            at com.cypherx.xauth.xAuth.onEnable(xAuth.java:88)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:126)
            at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
    .java:885)
            at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
    r.java:278)
            at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:178)
            at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:161
    )
            at org.bukkit.craftbukkit.CraftServer.reload(CraftServer.java:452)
            at org.bukkit.command.SimpleCommandMap$ReloadCommand.execute(SimpleComma
    ndMap.java:281)
            at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:12
    9)
            at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:3
    44)
            at net.minecraft.server.MinecraftServer.b(MinecraftServer.java:489)
            at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:468)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:363)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    15:14:44 [SEVERE] Error occurred while disabling xAuth v2.0b4 (Is it up to date?
    ): null
    java.lang.NullPointerException
            at com.cypherx.xauth.database.Database.queryRead(Database.java:63)
            at com.cypherx.xauth.database.DbUtil.getPlayerFromDb(DbUtil.java:261)
            at com.cypherx.xauth.xAuth.getPlayer(xAuth.java:206)
            at com.cypherx.xauth.xAuth.onDisable(xAuth.java:48)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:128)
            at org.bukkit.plugin.java.JavaPluginLoader.disablePlugin(JavaPluginLoade
    r.java:906)
            at org.bukkit.plugin.SimplePluginManager.disablePlugin(SimplePluginManag
    er.java:294)
            at com.cypherx.xauth.xAuth.onEnable(xAuth.java:88)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:126)
            at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
    .java:885)
            at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
    r.java:278)
            at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:178)
            at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:161
    )
            at org.bukkit.craftbukkit.CraftServer.reload(CraftServer.java:452)
            at org.bukkit.command.SimpleCommandMap$ReloadCommand.execute(SimpleComma
    ndMap.java:281)
            at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:12
    9)
            at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:3
    44)
            at net.minecraft.server.MinecraftServer.b(MinecraftServer.java:489)
            at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:468)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:363)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    [code]
     Help :confused:
    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 12, 2016
Thread Status:
Not open for further replies.

Share This Page