Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    Grifhell

    only need to download the plug-in? or I have to do somethingelse?
    Hwo sad:
    You need to add field
    Code:
    enchantmentsin table
    Code:
    inventorymanually.

    The field format is:
    Code:
    text

    How how should I do?
     
  3. Offline

    Hwo

    Can I continue to develop plugin without the consent of the author?
    By the way the author did not share the source code - i have decompile it.
     
  4. Offline

    GameFAQsRolo

    Isn't the source at his github? It's linked in the opening post.

    I don't think you can continue an author's plugin without their consent under the same official name, but you can fork it, give it your own name and credit his source.
     
    Hwo likes this.
  5. Offline

    Hwo

    O rly!
    Thx)
     
  6. pls continue develop
     
  7. Offline

    Mr. X

    i doset works
     
  8. Offline

    LlmDl

    @CypherX I'm still using this, it works and I'm thanking you (if I didn't already) for making this plugin that has worked since day one when I installed it back in March. Kudos to you!
     
  9. Offline

    beleg

    @Hwo yeees please continue it :)
     
  10. Offline

    lolydodo123

    Now I downloaded Xauth, (I has Authme, But Just ignore what I just said)
    So I want the people that logged out and logged back in do /login (Pass) (Which is default)
    But spawn where they were at when they logged off.
    To make something simple simpler:
    Player disconnects
    (Time passes)
    Player wants to login
    /login (Password)
    He/She Doesn't spawn back where he was at before. He/S just re-spawn back at the Spawn.
    Any way to fix it?
    -Thanks
    lolydodo123
     
  11. Offline

    Chrispm84

    Yes, someone PLEASE fork this... It's an amazing plugin, but it's being mistreated, lol. I'd rather not have to bother installing AuthMe. I'll hold out a little longer for someone to update this.
     
  12. Offline

    Fress_

    Could someone post in detail what to do with that russian made bugfix for 1.0(http://minecraft.pvp.gs/threads/xauth-enchant-fix-cb-1527.868/), how to get it to work?

    // Precisely what does this mean:
    You need to add field
    "enchantments"

    in table
    "inventory"
    manually.

    The field format is:
    "text"

    Is this it, with or without the comma?
    [​IMG]

    Got this error while I was trying to register:
    Code:
    2011-12-23 21:44:41 [SEVERE] null
    org.bukkit.command.CommandException: Unhandled exception executing command 'register' in plugin xAuth v2.0b4.3
        at org.bukkit.command.PluginCommand.execute(PluginCommand.java:42)
        at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:165)
        at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:378)
        at net.minecraft.server.NetServerHandler.handleCommand(NetServerHandler.java:757)
        at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:722)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:715)
        at net.minecraft.server.Packet3Chat.a(Packet3Chat.java:33)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
        at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:93)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:108)
        at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:527)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:425)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
    Caused by: java.lang.NullPointerException
        at com.cypherx.xauth.xAuth.restore(xAuth.java:318)
        at com.cypherx.xauth.xAuth.removeGuest(xAuth.java:280)
        at com.cypherx.xauth.xAuth.login(xAuth.java:363)
        at com.cypherx.xauth.commands.RegisterCommand.onCommand(RegisterCommand.java:59)
        at org.bukkit.command.PluginCommand.execute(PluginCommand.java:40)
        ... 12 more
    
     
  13. Offline

    Grifhell

    You enter /login ******, and you appear to spawn?
    If true, i have this trouble too.
    =*((
     
  14. Offline

    amunro

    So someone appears to have found a glitch/hack in xauth and can log in as anyone. Someone was able to log in as one of my admins, op himself and logout. It looks like he did it by spamming it with commands.

    http://pastie.org/3066146

    Anyway, heres the pastie!

    Ok under further investigation, If you login in on client 1, then log in on client 2 (which gets disconnected as client 1 is logged in), xauth spams errors and the hacker can go around as that player!

    The only way to fix this is to set 'reverse-enforce-single-session: false' however then they can just harrass you by logging in as you!

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
  15. Offline

    Phinary

    I would recommend to start using something like AuthDB. I have talked to this plugin dev a lot on MSN and he has no intentions to update this or support it for the future.
     
  16. Offline

    Fress_

    How is AuthDB any better if it's outdated as well..
     
  17. Offline

    Phinary

    You are indeed correct. There is someone still giving support on AuthDB but thats about it.
    We need a dev to pick up on of the plugins and start continuing it again..
     
  18. Offline

    _Robert

    Nethier, you need to add it to the SQL field database, at least i did that, and its saving the enchanted items.

    Here are the create scripts of the tables, updated to that modified version.

    Code:
    CREATE TABLE `xauth_accounts` ( `id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT, `playername` VARCHAR(255) NOT NULL, `password` CHAR(255) NOT NULL, `email` VARCHAR(100) NULL DEFAULT NULL, `registerdate` DATETIME NULL DEFAULT NULL, `registerip` VARCHAR(39) NULL DEFAULT NULL, `lastlogindate` DATETIME NULL DEFAULT NULL, `lastloginip` VARCHAR(39) NULL DEFAULT NULL, `active` TINYINT(1) UNSIGNED NOT NULL DEFAULT '0', PRIMARY KEY (`id`) ) COLLATE='latin1_swedish_ci' ENGINE=MyISAM ROW_FORMAT=DEFAULT AUTO_INCREMENT=500 
    
    
    CREATE TABLE `xauth_inventory` ( `playername` VARCHAR(255) NOT NULL, `itemid` TEXT NOT NULL, `amount` TEXT NOT NULL, `durability` TEXT NOT NULL, `enchantments` TEXT NOT NULL, PRIMARY KEY (`playername`) ) COLLATE='latin1_swedish_ci' ENGINE=MyISAM ROW_FORMAT=DEFAULT 
    
    
    CREATE TABLE `xauth_sessions` ( `accountid` INT(10) UNSIGNED NOT NULL, `host` VARCHAR(39) NOT NULL, `logintime` DATETIME NOT NULL, PRIMARY KEY (`accountid`) ) COLLATE='latin1_swedish_ci' ENGINE=MyISAM ROW_FORMAT=DEFAULT 
    
    
    CREATE TABLE `xauth_strikes` ( `striketime` DATETIME NOT NULL, `strikeip` VARCHAR(39) NOT NULL, `playername` VARCHAR(255) NOT NULL ) COLLATE='latin1_swedish_ci' ENGINE=MyISAM ROW_FORMAT=DEFAULT 
    
    
    CREATE TABLE `xauth_tele_locations` ( `uid` VARCHAR(36) NOT NULL, `x` DOUBLE NOT NULL, `y` DOUBLE NOT NULL, `z` DOUBLE NOT NULL, `yaw` FLOAT NOT NULL, `pitch` FLOAT NOT NULL, `global` TINYINT(1) NOT NULL DEFAULT '0', PRIMARY KEY (`uid`) ) COLLATE='latin1_swedish_ci' ENGINE=MyISAM ROW_FORMAT=DEFAULT 
    
    

    Just run that in a Query for Mysql and should create the tables, also change the config of xAuth to make it work with mysql.
     
  19. I have got this error:
    PHP:
    12:26:42 [WARNINGCould not properly handle event PLAYER_TELEPORT:
    java.lang.IllegalAccessErrorSynchronized code got accessed from another threadcom.cypherx.xauth.xAuth$2
        at org
    .bukkit.event.player.PlayerListener.onPlayerTeleport(PlayerListener:0)
        
    at org.bukkit.plugin.java.JavaPluginLoader$9.execute(JavaPluginLoader.java:321)
        
    at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:58)
        
    at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:339)
        
    at org.bukkit.craftbukkit.entity.CraftPlayer.teleport(CraftPlayer.java:297)
        
    at org.bukkit.craftbukkit.entity.CraftEntity.teleport(CraftEntity.java:156)
        
    at com.cypherx.xauth.xAuth$2.run(xAuth.java:302)
        
    at org.bukkit.craftbukkit.scheduler.CraftWorker.run(CraftWorker.java:34)
    Thanks for all
     
  20. Offline

    beleg

    thank you but is there a way to import the db from flatfile (is it flatfile?..) to mysql?
     
  21. Is the plugin inactive?
     
  22. Offline

    beleg

    it is not up to date, it has many issues and the author wasnt online for weeks..
     
  23. Offline

    M24o

    Why does Bukkit support cracked servers? It is obvious that this plugin is only suitable for cracked servers, so I don't really understand why such a thing is allowed here.
     
  24. Offline

    beleg

    its not "cracked" its just in offline mode.
     
  25. Offline

    Jek29

    Good afternoon, we wait for updating to CraftBukkit: #1597.
    In advance thanks.
     
  26. Offline

    M24o

    What's the difference?
     
  27. I have got a problem a SPAMMER enter using ÀÀÀÀÀÀ and i cant ban him i use ban-ip his ip and he enter with other IP, i want to change this:
    filter:
    # Minimum length a players name can be
    min-length: 2
    # Characters that may be present in a players name. Use an asterisk (*) to allow all
    allowed: '*' How to only allow letters and number?
    # If set to false, players with blank names can connect
    blankname: true
     
  28. Offline

    M24o

    Online mode=true?
     
  29. Offline

    beleg

    set it like this:

    filter:
    # Minimum length a players name can be
    min-length: 2
    # Characters that may be present in a players name. Use an asterisk (*) to allow all
    allowed: 'ABCDEFGHOJKLMNOPQRSTUVWXYZ-=_()[]abcdefghijklmnopqrstuvwxyz1234567890'
    # If set to false, players with blank names can connect
    blankname: true
     
  30. Thanks a lot

    When is going to be a new update?

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
Thread Status:
Not open for further replies.

Share This Page