Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    MJRamon

    xAuth version: xAuth-2.0b4.3
    CraftBukkit build: craftbukkit-1.0.1-R1
    Description of error/bug: xAuth doesn't save enchantments after relog
    Error log: none
    Other information: none

    EDIT: used @Hwo fix, it stores inventory items enchantments, but doesn't save enchantments, that are equipped on the player
     
  3. Similar error here
    Code:
    [SEVERE] [xAuth] SQL query failure [write] (TRUNCATE TABLE `strikes`)
    org.h2.jdbc.JdbcSQLException: Table "STRIKES" not found; SQL statement:
    TRUNCATE TABLE `strikes` [42102-153]
     
  4. Offline

    Subrosa20

    Still the same Problem. XAuth kicks onlineplayers when people join with their names. Enforce-single-session is set to true. There are some errors in the console.

    Bukkit 1.0.1r1, newest version of xauth.
    Here is a log:
    Code:
     2011-12-13 17:00:24 [INFO] Starting minecraft server version 1.0.1
    2011-12-13 17:00:24 [INFO] Loading properties
    2011-12-13 17:00:24 [INFO] Starting Minecraft server on 78.143.4.249:25565
    2011-12-13 17:00:24 [WARNING] **** SERVER IS RUNNING IN OFFLINE/INSECURE MODE!
    2011-12-13 17:00:24 [WARNING] The server will make no attempt to authenticate usernames. Beware.
    2011-12-13 17:00:24 [WARNING] While this makes the game possible to play without internet access, it also opens up the ability for hackers to connect with any username they choose.
    2011-12-13 17:00:24 [WARNING] To change this, set "online-mode" to "true" in the server.properties file.
    2011-12-13 17:00:24 [INFO] This server is running Craftbukkit version git-Bukkit-1.0.1-R1-b1597jnks (MC: 1.0.1) (Implementing API version 1.0.1-R1)
    2011-12-13 17:00:24 [INFO] Preparing level "world"
    2011-12-13 17:00:24 [INFO] Default game type: 1
    2011-12-13 17:00:24 [INFO] Preparing start region for level 0 (Seed: -3670195868866228723)
    2011-12-13 17:00:25 [INFO] Preparing start region for level 1 (Seed: 3191167230053764835)
    2011-12-13 17:00:25 [INFO] Preparing spawn area: 32%
    2011-12-13 17:00:26 [INFO] Preparing start region for level 2 (Seed: 3191167230053764835)
    2011-12-13 17:00:26 [INFO] BlockBlocker v0.6 enable
    2011-12-13 17:00:26 [INFO] [xAuth] 'Permissions' not detected, using Bukkit Superperms
    2011-12-13 17:00:26 [INFO] [xAuth] Connection to database established!
    2011-12-13 17:00:26 [SEVERE] [xAuth] SQL query failure [write] (DELETE FROM `sessions` WHERE NOW() > DATEADD('SECOND', 3600, `logintime`))
    org.h2.jdbc.JdbcSQLException: Table "SESSIONS" not found; SQL statement:
    DELETE FROM `sessions` WHERE NOW() > DATEADD('SECOND', 3600, `logintime`) [42102-159]
    	at org.h2.message.DbException.getJdbcSQLException(DbException.java:329)
    	at org.h2.message.DbException.get(DbException.java:169)
    	at org.h2.message.DbException.get(DbException.java:146)
    	at org.h2.command.Parser.readTableOrView(Parser.java:4747)
    	at org.h2.command.Parser.readTableOrView(Parser.java:4725)
    	at org.h2.command.Parser.readSimpleTableFilter(Parser.java:704)
    	at org.h2.command.Parser.parseDelete(Parser.java:726)
    	at org.h2.command.Parser.parsePrepared(Parser.java:336)
    	at org.h2.command.Parser.parse(Parser.java:279)
    	at org.h2.command.Parser.parse(Parser.java:251)
    	at org.h2.command.Parser.prepareCommand(Parser.java:217)
    	at org.h2.engine.Session.prepareLocal(Session.java:415)
    	at org.h2.engine.Session.prepareCommand(Session.java:364)
    	at org.h2.jdbc.JdbcConnection.prepareCommand(JdbcConnection.java:1119)
    	at org.h2.jdbc.JdbcPreparedStatement.<init>(JdbcPreparedStatement.java:71)
    	at org.h2.jdbc.JdbcConnection.prepareStatement(JdbcConnection.java:267)
    	at com.cypherx.xauth.database.Database.queryWrite(Database.java:85)
    	at com.cypherx.xauth.database.DbUtil.deleteExpiredSessions(DbUtil.java:335)
    	at com.cypherx.xauth.xAuth.onEnable(xAuth.java:107)
    	at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:188)
    	at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:968)
    	at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:280)
    	at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:186)
    	at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:169)
    	at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:348)
    	at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:335)
    	at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:165)
    	at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:399)
    	at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
    2011-12-13 17:00:26 [SEVERE] [xAuth] SQL query failure [read] (SELECT * FROM `tele_locations`)
    org.h2.jdbc.JdbcSQLException: Table "TELE_LOCATIONS" not found; SQL statement:
    SELECT * FROM `tele_locations` [42102-159]
    	at org.h2.message.DbException.getJdbcSQLException(DbException.java:329)
    	at org.h2.message.DbException.get(DbException.java:169)
    	at org.h2.message.DbException.get(DbException.java:146)
    	at org.h2.command.Parser.readTableOrView(Parser.java:4747)
    	at org.h2.command.Parser.readTableFilter(Parser.java:1075)
    	at org.h2.command.Parser.parseSelectSimpleFromPart(Parser.java:1679)
    	at org.h2.command.Parser.parseSelectSimple(Parser.java:1786)
    	at org.h2.command.Parser.parseSelectSub(Parser.java:1673)
    	at org.h2.command.Parser.parseSelectUnion(Parser.java:1518)
    	at org.h2.command.Parser.parseSelect(Parser.java:1506)
    	at org.h2.command.Parser.parsePrepared(Parser.java:405)
    	at org.h2.command.Parser.parse(Parser.java:279)
    	at org.h2.command.Parser.parse(Parser.java:251)
    	at org.h2.command.Parser.prepareCommand(Parser.java:217)
    	at org.h2.engine.Session.prepareLocal(Session.java:415)
    	at org.h2.engine.Session.prepareCommand(Session.java:364)
    	at org.h2.jdbc.JdbcConnection.prepareCommand(JdbcConnection.java:1119)
    	at org.h2.jdbc.JdbcPreparedStatement.<init>(JdbcPreparedStatement.java:71)
    	at org.h2.jdbc.JdbcConnection.prepareStatement(JdbcConnection.java:267)
    	at com.cypherx.xauth.database.Database.queryRead(Database.java:64)
    	at com.cypherx.xauth.xAuth.loadTeleLocations(xAuth.java:467)
    	at com.cypherx.xauth.xAuth.onEnable(xAuth.java:108)
    	at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:188)
    	at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:968)
    	at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:280)
    	at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:186)
    	at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:169)
    	at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:348)
    	at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:335)
    	at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:165)
    	at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:399)
    	at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
    2011-12-13 17:00:26 [SEVERE] Error occurred while enabling xAuth v2.0b4.3 (Is it up to date?): null
    java.lang.NullPointerException
    	at com.cypherx.xauth.xAuth.loadTeleLocations(xAuth.java:503)
    	at com.cypherx.xauth.xAuth.onEnable(xAuth.java:108)
    	at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:188)
    	at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:968)
    	at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:280)
    	at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:186)
    	at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:169)
    	at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:348)
    	at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:335)
    	at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:165)
    	at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:399)
    	at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
    2011-12-13 17:00:26 [INFO] WorldEdit 5.0 enabled.
    2011-12-13 17:00:27 [INFO] WEPIF: Using the Bukkit Permissions API.
    2011-12-13 17:00:27 [INFO] WEPIF: Using the Bukkit Permissions API.
    2011-12-13 17:00:27 [INFO] CommandBook 1.7 enabled.
    2011-12-13 17:00:27 [INFO] CommandBook: 0 Warps(s) loaded
    2011-12-13 17:00:27 [INFO] CommandBook: 0 Homes(s) loaded
    2011-12-13 17:00:27 [INFO] CommandBook: Maximum wrapper compatibility is enabled. Some features have been disabled to be compatible with poorly written server wrappers.
    2011-12-13 17:00:27 [INFO] CommandBook: 0 banned name(s) loaded.
    2011-12-13 17:00:27 [INFO] CommandBook: 1 kit(s) loaded.
    2011-12-13 17:00:27 [INFO] WEPIF: Using the Bukkit Permissions API.
    2011-12-13 17:00:27 [WARNING] Server permissions file permissions.yml is not valid YAML.
    java.lang.ClassCastException: java.lang.String cannot be cast to java.util.Map
    	at org.bukkit.craftbukkit.CraftServer.loadCustomPermissions(CraftServer.java:456)
    	at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:175)
    	at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:348)
    	at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:335)
    	at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:165)
    	at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:399)
    	at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
    2011-12-13 17:00:27 [INFO] Done (0.281s)! For help, type "help" or "?" 
     
  5. Offline

    Snowy007

    @CypherX
    Could you perhaps add an option to allow unregistered users to chat?
    most users that join my server are really.... what shall i say... brainless
    Also this is the second time i had to switch from authorization plugin. Which is really confusing for my users.

    Even though it clearly appears in the chat window.. my users still don't seem to get it into their heads that they need to register and login.
    It would be nice if they could still use the chat to ask for help.
     
  6. Offline

    Adrenaline

    CypherX:
    Last activity:
    Nov 19, 2011

    :( ;/ ;(
     
  7. Offline

    Mrchasez

    Please update this.
    Its causing my server to crash.
     
  8. Offline

    noneandnonly

    He really has to update this. It's such a great and easy plugin. I switched to AuthDB for now, but as soon as this one's updated, I'll switch to it again. There's no authentication-plugin that has enchantments yet and you can get it to work with this one :'O
     
  9. Offline

    Remi_Scarlet

    Holy crap, so I'm not the only admin facepalming every time a new member logs in and I have to tell them to REGISTER even though it says it in nice bright letters.

    Woe us.


    Also, another complaint about updating this plugin. I freaking love this plugin, definitely more than any other authentication plugin. It'd be a shame if I had to switch plugins D:
     
  10. Offline

    lycano

    @Remi_Scarlet if so .. it should be "optional" and per default disabled ... cause it could be that unregistered doesnt mean "its someone who really is registered" ...

    I did solve this problem by simply logging in (you will spawn at the worlds spawnpoint) and check what viewpoint the user has. Then placing a freaking sign that tells you what you "can actually do" .. => Problem solved.

    Making exceptions like "make this variable, make that variable" e.g. Chat, Using some commands ... this will be abused for shure and then it will be like not having xAuth installed.

    In my personal opinion it can be "completely sealed" or limited to moving around (without beeing able to actually harm or destroy anything) but using chat or using special commands ... trust me it will be abused for shure.

    Furthermore the player that actually logs in could be a fake user (offline-mode for example, or hacked client) then you would give them higher rights (cause permsision checking is done via names) => you know the end ;)
     
  11. Offline

    Snowy007

    Yea.. you know.. i actually did that! And guess what. It didn't work....
    Even with 2 big signs in front of their noses saying to /register or /login they still didn't get the point!
    Are my users really that dumb?? Apparently they are...
    I do agree that it should be optional and disabled by default.

    I am just suggesting that they should be able to use chat. NOT commands.
    Wouldn't it be possible to allow chat but still block all command usage? (except /register and /login of course)
    They would still be unable to move and use commands but at least they can use the chat. That way i can actually still interact with a player trying to login. Without any extra security risks.

    Why?
    This plugin is still working perfectly fine for me on my MC 1.01 server with RB 1.01-R1
     
  12. I can't get it to work at all on a fresh setup. Throws an sql error.
    Code:
    [SEVERE] [xAuth] SQL query failure [write] (TRUNCATE TABLE `strikes`)
    org.h2.jdbc.JdbcSQLException: Table "STRIKES" not found; SQL statement:
    TRUNCATE TABLE `strikes` [42102-153]
     
  13. Offline

    bergerkiller

    I am not sure if this plugin is still under development, but please stop teleporting players from another thread.
    Code:
    java.lang.IllegalAccessError: Synchronized code got accessed from another thread: java.lang.Thread
            at java.lang.Thread.run(Unknown Source)
            at org.bukkit.craftbukkit.scheduler.CraftWorker.run(CraftWorker.java:34)
            at com.cypherx.xauth.xAuth$2.run(xAuth.java:302)
            at org.bukkit.craftbukkit.entity.CraftEntity.teleport(CraftEntity.java:156)
            at org.bukkit.craftbukkit.entity.CraftPlayer.teleport(CraftPlayer.java:297)
            at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:339)
            at org.bukkit.event.PlayerListener.onPlayerTeleport(PlayerListener:0)
    com.cypherx.xauth.xAuth$2.run(xAuth.java:302)
    It can cause lots of other plugins to fail whenever they access variables and methods managed on the main thread from that event.
     
  14. Offline

    Grifhell

    so
    it works on 1.0.1-R1?
     
  15. Offline

    Zakeroid

    Hello,

    I was wondering if it was possible to migrate from xAuth Flat File database to the AuthMe MySQL database?
     
  16. Offline

    beleg

    Could someone continue this plugin please?

    (And make a dev Page maybe..)
     
  17. Offline

    AskewDread

    hey... we have in interesting issue in 1.0, enchanted items seem not to work correctly when you have to login, like it removes the inventory but then when it adds it back the enchanted items are gone? is there any way around this?
     
  18. Offline

    Hwo

  19. Offline

    Meteo

    Is there anyway to FORCE a logout when they Disconnect or quit? Would really be nice ^^
     
  20. Offline

    Grifhell

    Code:
    [SEVERE] java.lang.NullPointerException
    2011-12-17 17:35:20
    [SEVERE]     at net.minecraft.server.NetworkListenThread.a(SourceFile:63)
    2011-12-17 17:35:20
    [SEVERE]     at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:146)
    2011-12-17 17:35:20
    [SEVERE]     at net.minecraft.server.Packet254GetInfo.a(SourceFile:16)
    2011-12-17 17:35:20
    [SEVERE]     at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
    2011-12-17 17:35:20
    [SEVERE]     at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:46)
    2011-12-17 17:35:20
    [SEVERE]     at net.minecraft.server.NetworkListenThread.a(SourceFile:94)
    2011-12-17 17:35:20
    [SEVERE]     at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:527)
    2011-12-17 17:35:20 [SEVERE]     at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:425)
    2011-12-17 17:35:20
    [SEVERE]     at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
    2011-12-17 17:35:20 
     
  21. Offline

    AskewDread

  22. Offline

    noneandnonly

    This plugin is not updated for 1.0.0 and does not work anymore!
    Please use another plugin until this one is updated (if ever).
    Thanks for reading!
     
  23. Offline

    Assasick

    Any alternate to this plugin? Updated to 1.0?
     
    iN94 likes this.
  24. Offline

    Zakeroid

    Probably AuthMe.
     
  25. Offline

    iN94

    Please update... :(
     
  26. Offline

    drakcore

    Yes still works for me, no problems at all.
     
  27. Offline

    ZacGod

    I am having trouble restoring locations on login. Everything else is working.
     
  28. Offline

    kernet

    I am having same trouble plus sometimes my payers' inventories are just flushed up. I noticed, that inventory and locations tables are empty. Any suggestions? Thank you in advance.
     
  29. Offline

    Meteo

    Can anyone help me on this?...
     
  30. Offline

    SupremeSurvival

    Big problem!
    I recently installed the lastest version of xauth and it was running fine until I decided to do the following (stupid me)
    I am an admin/operator and I tried looking at the xauth help by typing /xauth

    I found /xauth logout

    So okay, I used that to try to log myself out and something very bad happened. I couldn't log back in after I logged out, it said that an expected error happened and that I was already logged in. Next, I tried to unregister myself so then I could re-register... Then it said that I was already registered after I had registered myself! What is going on?! Now all users cannot login or register. What have I done?!!?

    If there is a fix to this that would be extremely helpful as your plugin is a literally a life-saver! Thank you for reading, if anybody out there can help me I would be very very happy!


    UPDATE:
    (I did this after trying to first delete just the xauth plugin folder, then the xauth.jar, and finally both the xauth.jar and h2.jar)

    I deleted the xauth.jar along with the h2.jar in the lib folder and restarted my server. Then I re-downloaded everything. So pretty much, the only fix I found was to delete the whole xauth plugin, but that will make everyone lose their stuff and it will also make them have to re-register. Are there any other solutions in case something like this happens again?
     
Thread Status:
Not open for further replies.

Share This Page