[Discussion] Playng around with Login / Auth packets

Hallo there.

My intention, is to allow server running in Online mode, allowing non-auth clients to log in. Then, i would have a plugin (or even a code re-do if needed) that would re-send those packages to check if the user has or hasnt bought minecraft (minecraft.net authentication). From this point, user permissions would change (bleh, the easy part).

Im willing to let free users to play a 'trial' on the server, withouth having full acess. If i let only originals log-in, i get 10 players. I can get 150 players allowing free users however this way i aint helping the game i love.

This is what ive got so far:
Allowing all clients loggin in even in online Mode:
@netLoginHandler

Code:

public void a(Packet1Login packet1login) {
    this.g = packet1login.name;
    if (packet1login.a != 14) {
      if (packet1login.a > 14)
        disconnect("Outdated server!");
      else {
        disconnect("Outdated client!");
      }
    }
   // commented those lines
   //else if (!this.server.onlineMode)
      b(packet1login);
   // else
   //  new ThreadLoginVerifier(this, packet1login, this.server.server).start();
  }

Now ill have online mode, allowing free users, even if ill need that Thread running anyway in a future (ull se why).
Now, server is still sending and reciving a HandShake package, generating a random hash number for that packet, as following this method:

Code:

public void a(Packet2Handshake packet2handshake) {
    if (this.server.onlineMode) {
      this.i = Long.toHexString(d.nextLong());
      this.networkManager.queue(new Packet2Handshake(this.i));
    } else {
      this.networkManager.queue(new Packet2Handshake("-"));
    }
  }

So far, ive got the handshake, so ive got the hash number, and ive got the url.
Now lets take a look at that ThreadLoginVerifier (im posting all this just to make things easyer)

Code:

 ThreadLoginVerifier(NetLoginHandler netloginhandler, Packet1Login packet1login, CraftServer server)
  {
    this.server = server;
    this.netLoginHandler = netloginhandler;
    this.loginPacket = packet1login;
  }
  public void run() {
    try {
      String s = NetLoginHandler.a(this.netLoginHandler); // returns string generated by the handshake
      URL url = new  URL("http://www.minecraft.net/game/checkserver.jsp?user=" +  URLEncoder.encode(this.loginPacket.name, "UTF-8") + "&serverId=" +  URLEncoder.encode(s, "UTF-8"));
      BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(url.openStream()));
      String s1 = bufferedreader.readLine();
      bufferedreader.close();
      if (s1.equals("YES"))
      {
        if (this.netLoginHandler.getSocket() == null) {
          return;
        }
        PlayerPreLoginEvent event = new  PlayerPreLoginEvent(this.loginPacket.name,  this.netLoginHandler.getSocket().getInetAddress());
        this.server.getPluginManager().callEvent(event);
        if (event.getResult() != PlayerPreLoginEvent.Result.ALLOWED) {
          this.netLoginHandler.disconnect(event.getKickMessage());
          return;
        }
        NetLoginHandler.a(this.netLoginHandler, this.loginPacket); // sets the last login1packet as a atribute of that login handler
      } else {
        this.netLoginHandler.disconnect("Failed to verify username!");
      }
    } catch (Exception exception) {
      this.netLoginHandler.disconnect("Failed to verify username! [internal error " + exception + "]");
      exception.printStackTrace();
    }
  }

Now, im not sure if i could make a plugin acess those kind of things, however i can sense i can edit the threads code, to simply check a permission or add it. Lets take a closer look to what i could try:

Code:

 ThreadLoginVerifier(NetLoginHandler netloginhandler, Packet1Login packet1login, CraftServer server)
  {
    this.server = server;
    this.netLoginHandler = netloginhandler;
    this.loginPacket = packet1login;
  }
  public void run() {
    try {
      String s = NetLoginHandler.a(this.netLoginHandler); // returns string generated by the handshake

      URL url = new  URL("http://www.minecraft.net/game/checkserver.jsp?user=" +  URLEncoder.encode(this.loginPacket.name, "UTF-8") + "&serverId=" +  URLEncoder.encode(s, "UTF-8"));
      BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(url.openStream()));
      String s1 = bufferedreader.readLine();
      bufferedreader.close();

      boolean hasPermission = permissionsInterface.hasPermission(this.loginPacket.name, "my.permission");

      if (s1.equals("YES"))
      {
        if (this.netLoginHandler.getSocket() == null) {
          return;
        }

       // registering and allowing acess
       if(!hasPermission)
               permissionsInterface.addPermission(loginPacket.name, "my.permission");

        }
        NetLoginHandler.a(this.netLoginHandler, this.loginPacket); //  sets the last login1packet as a atribute of that login handler

       } else {
           // if already registered and its not original account, kick it !
           if(hasPermission)
                this.netLoginHandler.disconnect("Tryed to login as registered original NickName");
                return;
      }
       // logs the player in !
       PlayerPreLoginEvent event = new  PlayerPreLoginEvent(this.loginPacket.name,  this.netLoginHandler.getSocket().getInetAddress());
        this.server.getPluginManager().callEvent(event);
        if (event.getResult() != PlayerPreLoginEvent.Result.ALLOWED) {
          this.netLoginHandler.disconnect(event.getKickMessage());
          return;
    } catch (Exception exception) {
      this.netLoginHandler.disconnect("Failed to verify username! [internal error " + exception + "]");
      exception.printStackTrace();
    }
  }

Im still studyng this, im not really sure about how networking really works so im still kinda lost.

What im tryng to do here is it something possible ?
Is this the right path to be taken ?

Would apreciate any comments.

Thanx alot for your attention !

Thanx alot for your reply, i can see things may be really easyer then i tought. About that code on the link you provided.. Im not really good on Shell Scripting. Is there an easy way to do that on Java ?

As ive understood, i would need to run in OnlineMode to send a hash HandShake, so i could use the same Hash to verify login.

Thanx alot for your help. This would be really important to me.

Talk english
Thanx for your reply, but i still didnt got it heh.

As far as ive understood, this is what i would need to do:

Code:

 URL url = new  URL("http://www.minecraft.net/game/checkserver.jsp?user=" +  URLEncoder.encode(this.loginPacket.name, "UTF-8") + "&serverId=" +  URLEncoder.encode(s, "UTF-8"));

I can have the character name easy on a plugin, however the String s, (serverID hash) is generated on the HandShake packet, witch is only generated on Online Mode. How could i do this at offline ?

Ive tryed that shell script, it seems to work but i cant understand many parts of it. Can someone explain me what is actually doing ?

Thanx for any help.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

There's one hole in this couldn't somebody use the name changer to change their name to somebody who's allowed in ?

 

But then the auth would going to occur with the name he typed in for loggin in, and the name he logged in. if they were dfferent, auth package would return a "NO" from server, no ?

Ty for tha reply @Crash

 

@Ziden
You're going about it the right way, however, it is a violation of MC's license.

 

How so?

 

Since i belive im doing this to help MC i dont think im doing a bad thing. I want free players to have a chance to know the game to buy it instead on simply letting free users join.

Im tryng to understand what the hell this shell-script does.

Code:

#!/bin/sh

user=$1
pass=$2

echo "Login..."
oldIFS="$IFS"
IFS=':'
set -- `curl -d "user=$user&password=$pass&version=9999" https://login.minecraft.net/`
IFS="$oldIFS"
if [ $# -ne 4 ]
then
        echo "ERR: $@"
        exit 1
fi
sid=$4
user=$3
hash=$RANDOM
echo "Now I'm the client ($user)..."
curl -L "http://www.minecraft.net/game/joinserver.jsp?user=$user&sessionId=$sid&serverId=$hash"
echo
echo "Now I'm the server..."
curl -L "http://www.minecraft.net/game/checkserver.jsp?user=$user&serverId=$hash"
echo

Im not really good on shell so i cant understand mostly the whole script. The parts i can understand makes it even more confusing.

Thanx for your help.

 

Indeed, how so? It's better than running your server in plain offline mode; I don't see anything shady here.

 

Also it would be good if MC.net went down to be able to just switch a setting and let people still join

 

Um.. if MC.net went down, how could you authenticate the users with the code "
URL url = new URL("http://www.minecraft.net/game/checkserver.jsp?user=" + URLEncoder.encode(this.loginPacket.name, "UTF-8") + "&serverId=" + URLEncoder.encode(s, "UTF-8"));
"

If MC.net goes down, why not just switch your server into offline mode? I wouldn't want to run a plugin all the time in the background that saves me from having to switch my server into offline mode when MC.net goes down. But then again, I wouldn't really know unless I was trying to connect to it.

I think a better solution is to create a plugin that simply pings MC.net every...minute. If MC.net doesn't respond, change the server.properties file to put the server into offline mode. I believe you can just use /reload to make this take effect, or the plugin would force reload the file (I know a plugin that edits the server.properties file on the fly, so it can be done). Then, while in offline mode, if a ping gets sent back, put the server back in online mode.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

@codename_B: Violation to let anybody play online that hasn't paid.

 

Crash is correct on what she said, Namechanger. I scripted one of them. But I love how you are working on this. It'll protect you from Name-changers.
Hey Ziden, Just a suggestion, what if you created a new Class that replaces the one that generates the hash, and it will first check the list for the name, (It may not be possible) and if it isn't on the list, it goes straight to another class that copies the class you replaced that does Generate the Hash. It may not be possible, but again, I'm a Java Dunce, and I know barely any C#
Again, I'm 14, and feel free to call me out on how I'm wrong. I'm young, I make mistakes, and I can take being corrected. I'd like to learn.

 

Just for my 2 cents, it also returns NOT YET in Firefox, regardless of premium or not. Perhaps minecraft is sending something else with that request so the website treats it...differently.

Do you have any experience with Wireshark?

 

Even if it is a violation of MC's license, that does not control your use of CraftBukkit, which uses GPL/LGPL.

 

The Server Generates a New Hash for every time you login. Using something like Mineshafter, it displays the Hash that is generated.

 

As ive seen, the Hash is not really importante. If im running in online mode, ill have the HandShake packages sent, meaning the Hash will be generated and sent inside the HandShake package. The login package will have that hash as well. Ive made this by simply modifyng minecrafts thread to validade username. I know this is somehow piracy and its not legal, since its the servers code inside bukkit right ? However, i belive the purpose of this is legit and will help mojang. I have no intention on 'waiting' mc.net to be down to do this, since its possible to run an Online server with non-original logins.

Ill post this idea on Minecraft.net before using it, just to be sure. It worked and a permission is added for original users. Ill check about that namechanger soon.

Allright, so this is my fail tryout. Messages aint being sent !

Code:

package net.minecraft.server;

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.Socket;
import java.net.URL;
import java.net.URLEncoder;
import org.bukkit.craftbukkit.CraftServer;
import org.bukkit.entity.Player;
import org.bukkit.event.player.PlayerPreLoginEvent;
import org.bukkit.event.player.PlayerPreLoginEvent.Result;
import org.bukkit.permissions.Permission;
import org.bukkit.plugin.PluginManager;
import com.nijiko.permissions.PermissionHandler;
import com.nijikokun.bukkit.Permissions.Permissions;
import org.bukkit.plugin.Plugin;

class ThreadLoginVerifier extends Thread
{
  final Packet1Login loginPacket;
  final NetLoginHandler netLoginHandler;
  CraftServer server;

  ThreadLoginVerifier(NetLoginHandler netloginhandler, Packet1Login packet1login, CraftServer server)
  {
    this.server = server;

    this.netLoginHandler = netloginhandler;
    this.loginPacket = packet1login;
  }

  public void run() {
    try {
      String s = NetLoginHandler.a(this.netLoginHandler);
      URL url = new URL("http://www.minecraft.net/game/checkserver.jsp?user=" + URLEncoder.encode(this.loginPacket.name, "UTF-8") + "&serverId=" + URLEncoder.encode(s, "UTF-8"));
      BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(url.openStream()));
      String s1 = bufferedreader.readLine();
      bufferedreader.close();
      boolean original = false;
      Player p = server.getPlayer(this.loginPacket.name);

      if (s1.equals("YES")) // original
      {
        original=true;
        if (this.netLoginHandler.getSocket() == null) {
          return;
        }
      }
        PlayerPreLoginEvent event = new PlayerPreLoginEvent(this.loginPacket.name, this.netLoginHandler.getSocket().getInetAddress());
        this.server.getPluginManager().callEvent(event);

        if (event.getResult() != PlayerPreLoginEvent.Result.ALLOWED) {
          this.netLoginHandler.disconnect(event.getKickMessage());
          return;
        }

        NetLoginHandler.a(this.netLoginHandler, this.loginPacket);
        if(original) {
            p.sendMessage("Logged as original minecraft !");
            netLoginHandler.a.info(loginPacket.name+" IS ORIGINAL !");
        }
        else {
            p.sendMessage("Logged as non-original minecraft !");
            netLoginHandler.a.info(loginPacket.name+" IS NOT ORIGINAL !");
        }

    } catch (Exception exception) {
      this.netLoginHandler.disconnect("Failed to verify username! [internal error " + exception + "]");
      exception.printStackTrace();
    }
  }
}

What am i doing wrong ?

Thanx for any help.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

Allright, job has been done !!! YAY !!! I have a message telling if a player is original or not ! YAY ! Now i need to think about how to add a permission for that player using new bukkit superperms . I couldnt figure it out..Or ill be using the whitelist, witch i didnt wanted to.

If anyone intrested in the code, here it is. Ive got 3 classes modifyed.

NetLoginHandler

Code:

package net.minecraft.server;

import java.net.Socket;
import java.util.Random;
import java.util.logging.Logger;

public class NetLoginHandler extends NetHandler
{
  public static Logger a = Logger.getLogger("Minecraft");
  private static Random d = new Random();
  public NetworkManager networkManager;
  public boolean c = false;
  private MinecraftServer server;
  private int f = 0;
  private String g = null;
  private Packet1Login h = null;
  private String i = "";

  public NetLoginHandler(MinecraftServer minecraftserver, Socket socket, String s) {
    this.server = minecraftserver;
    this.networkManager = new NetworkManager(socket, s, this);
    this.networkManager.f = 0;
  }

  public Socket getSocket()
  {
    return this.networkManager.socket;
  }

  public void a()
  {
    if (this.h != null) {
      b(this.h);
      this.h = null;
    }

    if (this.f++ == 600)
      disconnect("Took too long to log in");
    else
      this.networkManager.b();
  }

  public void disconnect(String s)
  {
    try {
      a.info("Disconnecting " + b() + ": " + s);
      this.networkManager.queue(new Packet255KickDisconnect(s));
      this.networkManager.d();
      this.c = true;
    } catch (Exception exception) {
      exception.printStackTrace();
    }
  }

  public void a(Packet2Handshake packet2handshake) {
    if (this.server.onlineMode) {
      this.i = Long.toHexString(d.nextLong());
      this.networkManager.queue(new Packet2Handshake(this.i));
    } else {
      this.networkManager.queue(new Packet2Handshake("-"));
    }
  }

  public void a(Packet1Login packet1login) {
    this.g = packet1login.name;
    if (packet1login.a != 14) {
      if (packet1login.a > 14)
        disconnect("Outdated server!");
      else {
        disconnect("Outdated client!");
      }
    }
    else if (!this.server.onlineMode)
      b(packet1login);
    else
      new ThreadLoginVerifier(this, packet1login, this.server.server).start();
  }

  public void b(Packet1Login packet1login)
  {
    EntityPlayer entityplayer = this.server.serverConfigurationManager.a(this, packet1login.name);

    if (entityplayer != null) {
      this.server.serverConfigurationManager.b(entityplayer);

      a.info(b() + " logged in with entity id " + entityplayer.id + " at ([" + entityplayer.world.worldData.name + "] " + entityplayer.locX + ", " + entityplayer.locY + ", " + entityplayer.locZ + ")");
      WorldServer worldserver = (WorldServer)entityplayer.world;
      ChunkCoordinates chunkcoordinates = worldserver.getSpawn();
      NetServerHandler netserverhandler = new NetServerHandler(this.server, this.networkManager, entityplayer);

      netserverhandler.sendPacket(new Packet1Login("", entityplayer.id, worldserver.getSeed(), (byte)worldserver.worldProvider.dimension));
      netserverhandler.sendPacket(new Packet6SpawnPosition(chunkcoordinates.x, chunkcoordinates.y, chunkcoordinates.z));
      this.server.serverConfigurationManager.a(entityplayer, worldserver);

      this.server.serverConfigurationManager.c(entityplayer);
      netserverhandler.a(entityplayer.locX, entityplayer.locY, entityplayer.locZ, entityplayer.yaw, entityplayer.pitch);
      this.server.networkListenThread.a(netserverhandler);
      netserverhandler.sendPacket(new Packet4UpdateTime(entityplayer.getPlayerTime()));
      entityplayer.syncInventory();

      // simple edited part
      if(packet1login.original)
          server.server.getPlayer(entityplayer).sendMessage("Minecraft Original");
      else
          server.server.getPlayer(entityplayer).sendMessage("Minecraft Pirate");
    }

    this.c = true;
  }

  public void a(String s, Object[] aobject) {
    a.info(b() + " lost connection");
    this.c = true;
  }

  public void a(Packet packet) {
    disconnect("Protocol error");
  }

  public String b() {
    return this.g != null ? this.g + " [" + this.networkManager.getSocketAddress().toString() + "]" : this.networkManager.getSocketAddress().toString();
  }

  public boolean c() {
    return true;
  }

  static String a(NetLoginHandler netloginhandler) {
    return netloginhandler.i;
  }

  static Packet1Login a(NetLoginHandler netloginhandler, Packet1Login packet1login) {
    return netloginhandler.h = packet1login;
  }
}

Login1Packet:

Code:

package net.minecraft.server;

import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;

public class Packet1Login extends Packet
{
  public int a;
  public String name;
  public long c;
  public byte d;
  // the new simple field
  public boolean original;

  public Packet1Login()
  {
  }

  public Packet1Login(String paramString, int paramInt, long paramLong, byte paramByte)
  {
    this.name = paramString;
    this.a = paramInt;
    this.c = paramLong;
    this.d = paramByte;
  }

  public void a(DataInputStream paramDataInputStream) {
        try {
            this.a = paramDataInputStream.readInt();
            this.name = a(paramDataInputStream, 16);
            this.c = paramDataInputStream.readLong();
        } catch (IOException ex) {
            Logger.getLogger(Packet1Login.class.getName()).log(Level.SEVERE, null, ex);
        }

  }

  public void a(DataOutputStream paramDataOutputStream) {
   try {
    paramDataOutputStream.writeInt(this.a);
    a(this.name, paramDataOutputStream);
    paramDataOutputStream.writeLong(this.c);
    paramDataOutputStream.writeByte(this.d);
      } catch (IOException ex) {
            Logger.getLogger(Packet1Login.class.getName()).log(Level.SEVERE, null, ex);
        }
  }

  public void a(NetHandler paramNetHandler) {
    paramNetHandler.a(this);
  }

  public int a() {
    return 4 + this.name.length() + 4 + 5;
  }
}

And finally, ThreadLoginVerifier.

Code:

package net.minecraft.server;

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.Socket;
import java.net.URL;
import java.net.URLEncoder;
import org.bukkit.craftbukkit.CraftServer;
import org.bukkit.entity.Player;
import org.bukkit.event.player.PlayerPreLoginEvent;
import org.bukkit.event.player.PlayerPreLoginEvent.Result;
import org.bukkit.permissions.Permission;
import org.bukkit.plugin.PluginManager;
import com.nijiko.permissions.PermissionHandler;
import com.nijikokun.bukkit.Permissions.Permissions;
import org.bukkit.plugin.Plugin;

class ThreadLoginVerifier extends Thread
{
  final Packet1Login loginPacket;
  final NetLoginHandler netLoginHandler;
  CraftServer server;

  ThreadLoginVerifier(NetLoginHandler netloginhandler, Packet1Login packet1login, CraftServer server)
  {
    this.server = server;

    this.netLoginHandler = netloginhandler;
    this.loginPacket = packet1login;
  }

  public void run() {
    try {
      String s = NetLoginHandler.a(this.netLoginHandler);
      URL url = new URL("http://www.minecraft.net/game/checkserver.jsp?user=" + URLEncoder.encode(this.loginPacket.name, "UTF-8") + "&serverId=" + URLEncoder.encode(s, "UTF-8"));
      BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(url.openStream()));
      String s1 = bufferedreader.readLine();
      bufferedreader.close();
      boolean original = false;
      Player p = server.getPlayer(this.loginPacket.name);

      if (s1.equals("YES")) // original
      {
        original=true;
        if (this.netLoginHandler.getSocket() == null) {
          return;
        }
      }
        loginPacket.original = original;
        PlayerPreLoginEvent event = new PlayerPreLoginEvent(this.loginPacket.name, this.netLoginHandler.getSocket().getInetAddress());
        this.server.getPluginManager().callEvent(event);

        if (event.getResult() != PlayerPreLoginEvent.Result.ALLOWED) {
          this.netLoginHandler.disconnect(event.getKickMessage());
          return;
        }

        NetLoginHandler.a(this.netLoginHandler, this.loginPacket);

    } catch (Exception exception) {
      this.netLoginHandler.disconnect("Failed to verify username! [internal error " + exception + "]");
      exception.printStackTrace();
    }
  }
}

This allows fake users to login in Online Mode, however they will be flagged as non-original, so you can add something to them (a permission would be the best, but i dont know how to add a permission to a player LOL)

Thanx for the discussion, hope this helps someone somehow. Would love to see plugins accepting a original permission to make free users have theyr life on trouble


EDIT: Didnt worked. Free users still have BAD LOGIN =(

 

Just a supid question: If Minecraft.net use ASP as language, why not divert the request from minecraft.net to xyz.com or whatever. Not trying to crack the Core, but simply simulate the Login in the same way as Minecraft.net
the divert can be done over hosts file
Effect:
Make possible to control the udates on the Minecraft client, or even let him download premodded clients.
If coded correctly the login request will be diverted back to minecraft.net if the original login is online
I'm not a coder, and this is simply a stupid queston^^

 

Cool idea but not for what i am tryng to do.

 

You're getting closer! Thank you so much!
I wish I knew how to help.... I'll try looking into the code of the Client and Bukkit to see what is causing the "Bad Login"

 

Any progress yet ?

 

bad login is vanilla related, possible located inside non bukkit modded class, i suggest MCP. (also working on it)

When server is online mode it will send handshake packet to client, handshake packet is for mojang, it will possibly report random number as server id to mojang.

If client is pirated it will close with bad login \ user not premium event and this is CLIENT RELATED and you cant do anything about it without modding client.

With modded client you will be able to IGNORE this exception and continue with login process, in this case server sided verification will occur, and if it fail you may still allow client to join but in pirate mode.

Code:

    public void handleHandshake(Packet2Handshake packet2handshake)
    {
        if(packet2handshake.username.equals("-"))
        {
            addToSendQueue(new Packet1Login(mc.session.username, 14));
        } else
        {
            try
            {
                URL url = new URL((new StringBuilder()).append("http://www.minecraft.net/game/joinserver.jsp?user=").append(mc.session.username).append("&sessionId=").append(mc.session.sessionId).append("&serverId=").append(packet2handshake.username).toString());
                BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(url.openStream()));
[COLOR=rgb(255, 0, 0)]                String s = "ok";[/COLOR]
                bufferedreader.close();
[COLOR=rgb(255, 0, 0)]                if(s.equalsIgnoreCase("ok"))[/COLOR]
                {
                    addToSendQueue(new Packet1Login(mc.session.username, 14));
                } else
                {
                    netManager.networkShutdown("disconnect.loginFailedInfo", new Object[] {
                        s
                    });
                }
            }
            catch(Exception exception)
            {
                exception.printStackTrace();
                netManager.networkShutdown("disconnect.genericReason", new Object[] {
                    (new StringBuilder()).append("Internal client error: ").append(exception.toString()).toString()
                });
            }
        }
    }

i will provide more info later, if you need any help with plugin\mod develop i will assist, but anyway expect metaonline mode by me in near future.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

Is it perhaps possible to do this the other method then?
Offline status, emulate online with the handshake; if succeed ok awesome legit user
if fail, guest privalges to "guest" user.

(by the by im merely interested in this for ALTERNATE reasons, not for allowing "guests" on my server)

 

Client will shutdown login procedure if fail to authentificate itself on mojang, you cant do anything here without modding client.

 

Why is why im suggesting, rather than using online status, use offline status (in the server.properties, have it set to offline mode)
Then use the above code to simulate a handshake (Because I think that's what they've achieved? They said their plugin is allowing registered people to connect but still not letting nons, so unless the plugins now sat doing absolutely nothing this is suggesting it's getting successful handshakes)
IF the handshake fails (again this is a SIMULATED one) then the user must not own Minecraft, but because we're offline we can choose to still allow them in, right?

 

@RawCode Could you please make that Mod to ignore the exception?
@DDRKhat I don't think it is possible to generate the hash without the server being Online and Conncecting to MC.net

 

I thought the above code was performing that?

 

code above is performing that but you need to compile it back into class and put inside game.

After this code posted on first page of this thread will work and users wont get kicked with bad login.

 

So it's not bukkit-side, it's client-side?

 

Thanx for the replies.

I dont like the idea of having a client mod to everyone on the server. Its true the Bad Login is client side, and nothing to do about it, so im thinking a way to do this entirely inside a plugin, and i belive it can be done.

If someone translate this shell script to me im pretty sure i can do it a simple way, inside a plugin, being the only trouble that the player has to type his password ingame to auth, however idk.

Code:

#!/bin/sh

user=$1
pass=$2
oldIFS="$IFS"
IFS=':'
set -- `curl -d "user=$user&password=$pass&version=9999" https://login.minecraft.net/`
sid=$4
user=$3
hash=$RANDOM
curl -L "http://www.minecraft.net/game/joinserver.jsp?user=$user&sessionId=$sid&serverId=$hash"
curl -L "http://www.minecraft.net/game/checkserver.jsp?user=$user&serverId=$hash"

I cant understand how this works out. If i do, and i can code this in java, i belive would be the easyest, not the best tho, way to do this.

 

you may ask player to login on mojang and if he agrees force licence auth just for him.

this will eliminate problem of bad logins and allow you to verify licence of users.

ask player for his real password is not funny, mod is much more viable then this.