Inactive [ADMN/SEC] AuthDB v2.3.6 - Database authentication and protection [1.1-1.4.5]

Discussion in 'Inactive/Unsupported Plugins' started by CraftFire, Mar 13, 2011.

  1. Offline

    CraftFire

    In order to centralize support of our legacy projects, we will no longer be providing support on Bukkit. Please use www.spout.org for support with our projects going forward.
     
  2. Offline

    ledhead900

    Yep just one issue I don't know how to setup that mybb stuff at all I have no idea where to start. Is there a plugin or something I can install on the forums. The Mybb forum is not located locally I don't know all the details of it as I don't OWN IT.

    I guy on our server donated the forums to us Him and I have access to FTP to its files but that is all I have control over other then full admin rights when logged in.
     
  3. Offline

    Wulfspider

    If you get on our IRC channel, I can help you install it. #AuthDB or #CraftFire
    You can click on either of the links and then PM me once you get in.
     
  4. Offline

    xwyz

    Can i use SqlLite?
     
  5. Offline

    ledhead900

    No.
     
  6. Offline

    Wulfspider

    The next version may have some support for Bukkit's built-in Persistence, eBean. As for SQLite, I doubt we will support it anytime soon. Our focus is bridging the gap between forum/CMS features. We may offer local auth through Persistence at in an upcoming version though.
     
  7. Offline

    serg561432

    This is work on WordPress 3.2.1 ?
     
  8. Offline

    Wulfspider

    It will be in the next version, AuthDB 2.3.0.
     
    serg561432 likes this.
  9. Offline

    ledhead900

    Could u PM when you got next version out also I'm ready to set this up :).

    I had this idea maybe it could add or display Faction Tags on forums via a script reading the json file for Factions plugin then forums could change display title to Faction they joined.

    I love that Idea of being able to send PM from in-game to the forums. How about Announcements on forums to the Server ?

    Lovely this really is the best offline auth around.

    Ok here is an extension to your idea about the skipping login on IP checking do a duel check to see if the local and MySQL IP match as a list of known login IPS for instance with MyBB it shows a list of known login IP for that users.

    Now for added auth security you would check both and do the same if the local cache is missing known IP's from the MySQL since the forums would most likely only allow the LEGIT player to login providing the user account is not compromised then it could check both.

    This would better stop people trying to SPOOF and IP as well as it would have two source IP's to check. I'm thinking now tho what plans do you have for Anti IP spoofing as that is my only concern with auto login.

    I love the idea of auth with Notch as well basicly you are going to bridge the gap between benifit of online vs offline and make offline quite viable option while preserving the peace people got using online mode hats of to you for that.


    Well my server is offline and I need help getting this going so see u on IRC.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Dec 28, 2018
  10. Offline

    contex

    There's a progress bar in the topic, when that is 100 % the plugin is ready for release. You can also follow the issues/features here: http://craftfire.com/issues/roadmap_page.php?version_id=30
     
    ledhead900 likes this.
  11. Offline

    ledhead900

    Ah alright cool. I got a question on that groups thing is going to work.
    Are you supporting Permissions 3.x for the forums to user permissions. Also I need to know if I need to actually define the same user groups as in permissions on the forums for this work. Currently forums just has registerd and vip I need to know if I need to create a complete tier of users starting at what ever the default in the server would be.

    New Idea then.

    Local username Linking - ability to pre define usernames to an IP so that only connections from that IP can possibly authenticate under that username. "Anti spoof measure for admins"
     
  12. Offline

    contex

    I'm going to add Permissions 3.x support, and we've figured out that the easiest way to define the groups is by using:
    <Forum Group>: <Permissions Group>
    Example:

    I have 4 Forum groups: Registred, VIP, Moderators and Admins.
    I have 6 Permissions groups : Default, Helpers, Builders, Users, Mods and Admins

    In the addon config I would put under the Groups: node

    Groups:
    Registred: Default, Helpers, Builders
    VIP: Users, Moderators
    Admins: Admins

    That is the idea, I haven't got it to work yet but hopefully I will as soon as I get the bugs and API fixed.

    The Groups addon will also include a whitelist option to only allow players from Forum groups.

    It is possible toe have local username linking, I will check into it and add it to the task list.
     
  13. Offline

    ledhead900

    I see how u plan it niccee!, basicly I would just add couple more forum ranks only if I wanted matching server/forum ranking. But the plugin config would define what forum rank earns what in the server I like this idea better then my other idea but I would still have to add enough forum ranks to match server so I will probably just add them exactly the same as I dont have many groups.

    As for the local linking I thought it could be used as a backup cache/fallback incase something happens to forums and it goes down or something so on registration you could say on server restart dumb a local link cache on the server end, The other reason I described but will describe better as in would provide a way to check locally a whitelist of IP's attached to usernames such as Internal IP for home server to further prevent spoofing of admin accounts.

    I actualy thought of way we could use this to whitelist users accounts that do not need to be nagged by a password prompt once they register for the first time. Local link could link a NET IP to a username handy for legit players we already have on our server so that they get the privlige of only being asked ONCE to register and input password.

    Then on every other conntion it checks username against this local list if the IP matches they get in with out a prompt for password. Now if only we had away to force name validation while in offline but only for certain users like this would be very handy as then we could check if the username is a valid one on minecraft.net and if it was that user does not need to re authenticate on logins unless Notchs servers are down.

    Thats some ideas maybe they can spark some other ideas for you.
     
  14. Offline

    contex

    The local cache is already planned.
    For 2.3.0 we're planning to store the hashed passwords and salts, then check the password against that first, and if the local cache user password is wrong it will check the MySQL database for the user's password. If the password hash in the MySQL is different than the local cache it will sync the MySQL password to local cache and replace the old password.
    Basicly,
    1. It checks the passwordhash in local cache first, if password is correct -> login user.
    2. If the password in local cache is different than the password that the player tried to login in with it will check the MySQL database for the user's password.
    If that password is different than the one in the local storage, replace the one in local storage with the one from MySQL.
    So the login will be far more effective now, less than a second to login.
    As for registration if the MySQL is down, I don't have plans for that yet, but maybe for 3.0.0

    I like your idea about not showing prompt if the username and IP equals to a list of legit players, meaning they only need to login once on their IP.
    We do have plans for 2.3.0 to add a check for a Minecraft cookie. Basicly, if the player is authed with Minecraft.net -> the player only needs to login once and AuthDB will remember for next time that the player is authed with Minecraft.net and stop asking for the player to login when they join the game everytime.

    We have alot of ideas we want to add :), if you have more; please feel free to tell us!
     
  15. Offline

    Wulfspider

    IP checking is a poor method to use for verifying usernames. There could be kids at a college or school with the same IP and they would all be automatically logged in to whatever username logged in from that IP if they are using the same username. IP addresses also change, so players would have issues getting in if they aren't using their original IP. ;)
     
  16. Offline

    ledhead900

    Hey yea I realized this after I said anyway I got this going tested it with OP but it no work ask him what happend we are working on it tho but he had go so Ill talk to him 2moro.
     
  17. Offline

    maetthew

    Is it possible to use this with a WordPress+Buddypress setup?
     
  18. Offline

    Wulfspider

    WordPress will be supported in the next release.
     
  19. Offline

    maetthew

    That automatically includes BuddyPress support?
     
  20. Offline

    contex

    Is that a standalone CMS ?
     
  21. Offline

    Wulfspider

    I believe they use the same database, so it should. I'll have to look to see if BuddyPress makes much changes to WordPress's user table.
    No, it's a plugin for WordPress.
     
  22. Offline

    maetthew

    Would definately use this with BuddyPress support
     
  23. Offline

    jeanpoivrot

  24. Offline

    Wulfspider

    :confused: ... ahhh, because we obfuscate the usage stats code so false values can't be reported. We may have to look into a better way to do this. I'll look into it more.

    It doesn't clear the database. It's because the player's aren't logged in if you do a /reload. We are working on a fix for v2.3.0. Do a proper /stop and start of the server.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Sep 9, 2018
  25. Offline

    jeanpoivrot

    i am using Bukkitcontrib on my server with the setting ForceSinglePlayerClient: true (players who don't use bukkitcontrib clientmod are kicked after 200ticks)
    when a player join the server they send a command, i don't knowif its related but with authdb it dont works (i tested without and its work) the client can't be identified by the server.
    my settings are ok i think :
    Code:
      guest:
        commands: true                                  #
    any idea how to solve it ? thanks ;)
     
  26. Offline

    Wulfspider

    This was reported to us before and we will have a permanent fix in v2.3.0, but for now you can just change the AuthenticateTick in the BukkitContrib config.yml to a higher value to give players more time before it does the force check.

    Basically, you should set the AuthenticateTick value in BukkitContrib's config.yml to higher than what you have your login and register timeouts set for it in AuthDB's config.yml.

    The guest: commands: true value only works for guests, not registered players. That is a bad idea to allow guests all available commands at the default permissions level too. ;)
     
  27. Offline

    jeanpoivrot

    thanks for fast replying, i am using the latest dev version avaible wich include the fix, but it still don't work.

    that ok here all my commands are managed by permissions @groups
     
  28. Offline

    Wulfspider

    Have you tried my other suggestion? I'll double-check that the other fix still works. :/

    Also, there are a lot of unfinished parts in the latest dev builds, so you may have issues elsewhere too.
     
  29. Offline

    abclive

    Every plugins reload, the plugin clear the database and we have to register again and so loosing stuff.
     
  30. Offline

    jeanpoivrot

    i managed to test your suggestion, but now since i updated from the latest stable to latest dev build authdb dont let me login "wrong password"

    i still can loggin on my forum with my password.


    Code:
    03:40:09 [INFO] [AuthDB] Found supported plugin: Permissions 2.7.7
    03:40:09 [INFO] [AuthDB] 7 user registrations in database
    03:40:09 [INFO] [AuthDB] AuthDB plugin dev-SNAPSHOT is enabled
    
    Code:
      script:
        name: punbb                                      # Set the name of the script you are using.
        version: 1.3.5                                   # Set the version of the script you are using.
        tableprefix:                                     # Set the prefix of the database you are connecting to if you use one.
     
  31. Offline

    Wulfspider

    Like I said, there are some unfinished changes in the latest build, especially related to logging in caching the user base in a local database as well. I recommend you stil to v2.2.0 for now at least on a live server until a recommended build is out or v2.3.0 is released.

    Did you look at v2.3.0? I believe it will be in it.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Nov 10, 2018

Share This Page