[INACTIVE][SEC] AnjoSecurity v1.6c - Offline-Mode User Registration [440-531+]

AnjoSecurity - Offline-Mode User Registration System
Version: v1.6c

This version it's just a minor update to make it work with newer CB and GM. When GM gets it's final version I'll start working on future plans for this.

---

This plugin uses GroupManager plugin(optional, but recommended if you want to block commands):
http://forums.bukkit.org/threads/ad...0-7-because-permissions-is-past-326-353.4723/
With this you can block all commands of plugins that uses Permissions plugin.

This plugin is to help people prevent griefing and abusing while your server is in offline-mode. When mineceraft server is down you have no choice than setting up offline-mode. When this option is enabled anyone can connect within your server with their desired username, it brings up the problem that someone can connect with administrator name and abuse with all his loot and commands. This plugin will set up user registration with a custom password for your server, and only the person with that password will be able to use that username.

Did I say it is open-source? You can get it on GitHub and modify as you want.

Features:

• Prevents registered users to do anything while not logged in.
• (toggle-able)Prevents non-registered users to do actions(move,destroy,etc).
• (toggle-able)Prevents non-registered users to do summon commands.
• (toggle-able)Remove all loot of non-registered users when joining the server(and tp to spawn).
• (toggle-able)Registration system. You can deactivate registrations anytime.
• Every user can remove their registration, so they can register with other password.
• Users listed on settings.properties, while logged in, can remove any user registration.
• (configurable) Session time. You can set the session duration, so if a user drops connection a lot, he would not need to /login again.(default 30 minutes)
• Interacts with GroupManager permission plugin(the one replacing Nijikokun's Permissions plugin, yet fully compatible) to prevent running registered commands.
• ALLOW List. You can allow certain users to register, even if registration is deactivated.

Commands (all of them speech for themselves):

• /register <password> - it registers with the given password
• /login <password> - it tries to login with the given password
• /reset <password> - if the password is correct, remove registration
• /adminreset <username> - remove the registration of the given username
• /toggleregistration - (yes it is long, in purpose) - toggle registration mode ON/OFF.
• /adminallow <username> - allow user to register even if registration is deactivated.

Changelog:
Version 1.6c

• Made it work with newer CB builds.
• Made it work with GroupManager 1.0 alpha

Version 1.6b

• Made it work with newer GM builds.

Version 1.6

• Fixed a nasty bug.

Version 1.5

• Fixed die-menu-respawn item duping(I think).

Version 1.4

• Compatible with the latest bukkit builds(#353)

Version 1.3b

• Removed some debugging messages.

Version 1.3

• Fixed small bugs. (I think all exceptions reported by now are fixed)
• Added allow list.

Version 1.2

• Fixed small bugs
• Improved how God Mode works(now it's verly like the God Mode plugin)
• Added a God Mode timout after login of 5 seconds, to prevent die of falling on the ground.
• Added a command to toggle registrations on/off.

Version 1.1

• Prevent non-logged-in users to lose health(and die).

Version 1.0

• First fully working release.

Future plans:

• (done!) Create a toggle command that opens and closes registration
• Store users activities, such as typing wrong passwords and such(to catch hackers)

Download:
Version 1.6c (to use with GroupManager 1.0 or higher):
http://www.mdn.fm/files/272681_rqyw0/AnjoSecurity-1.6c.zip

Version 1.6b (to use with GroupManager 0.99b or lower):
http://www.mdn.fm/files/271609_dvt1f/AnjoSecurity-1.6b.zip

Source:
https://github.com/gmcouto/AnjoSecurity

Flat-file Authentication importer(import auth db from older plugins):
http://www.mdn.fm/files/261879_yjodh/uber-AnjoSecurityImporter-1.0-SNAPSHOT.jar
It is destinated for the following format(plugins that used MineSecurity format, from hMod):
username:md5passhash

Just double click on the jar(or run via terminal with java -jar), select the old flat-file... it will generate a AnjoSecurityDB.db file, which you put on your server folder. If you want to merge the old file with the new database, just put the jar on the same folder of the AnjoSecurityDB.db...


===============================
Everyone with an Off-Line server might like the NameChecker plugin I made, it super simple. It only filters huge names (> 20 chars), short names(<3 chars), and invalid characters in names(only letters, numbers, and underscores allowed).
It kicks the player and shows him the reason of why his name is invalid. It even has a configurable file for you to put forbidden names to join the server(like Player, or Scruffy_Puppy)
http://www.mdn.fm/files/273443_hynys/NameChecker-0.1-SNAPSHOT.jar

 

Getting errors in build 531

 

I love this idea, but I have a few questions not answered.
The _ONLY_ plugins I have at the moment are AnjoSecurity, GroupManager, and the included [scrap|chat]bukkit.

How do I block Permissions commands, but allow then once logged in?
How do I block OP commands (give, tp, etc), but allow them once logged in?

I'm not sure exactly how AnjoSecurity and GroupManager work together if at all. I see GroupManager has a "NotRegistered" group. Does that have any correlation with AnjoSecurity?

I don't want to start adding other plugins (Permissions, PreciousStones, etc) until I have at least this foundation built properly.

 

Please, make one command to count how many registrations there is on the db.

Thanks

 

I know you develop GroupManager, but I think a lot more people would use your plugin (including me!) if you could support Permissions (by TheYeti). Compatiblity = I know I could use the "fake permissions," but I rather not.
[MERGETIME="1299821999"][/MERGETIME]

I'm not sure if this can block normal console/op commands, like /tp, /kick, /ban, etc. because they bypass Bukkit. The solution to this is simply to not have any ops on your server. I don't, I use a server wrapper to manage my regular server permissions (NOT Bukkit plugins, for that I use Permissions).

 

Code:

org.bukkit.plugin.InvalidPluginException
        at org.bukkit.plugin.java.JavaPluginLoader.loadPlugin(JavaPluginLoader.java:113)
        at org.bukkit.plugin.SimplePluginManager.loadPlugin(SimplePluginManager.java:159)
        at org.bukkit.plugin.SimplePluginManager.loadPlugins(SimplePluginManager.java:107)
        at org.bukkit.craftbukkit.CraftServer.loadPlugins(CraftServer.java:59)
        at net.minecraft.server.MinecraftServer.e(MinecraftServer.java:204)
        at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:191)
        at net.minecraft.server.MinecraftServer.d(MinecraftServer.java:131)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:246)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:366)
Caused by: unacceptable character #FFFD special characters are not allowed
in "<reader>", position 619
        at org.yaml.snakeyaml.reader.StreamReader.checkPrintable(StreamReader.java:68)
        at org.yaml.snakeyaml.reader.StreamReader.update(StreamReader.java:159)
        at org.yaml.snakeyaml.reader.StreamReader.peek(StreamReader.java:117)
        at org.yaml.snakeyaml.reader.StreamReader.peek(StreamReader.java:106)
        at org.yaml.snakeyaml.scanner.ScannerImpl.scanToNextToken(ScannerImpl.java:964)
        at org.yaml.snakeyaml.scanner.ScannerImpl.fetchMoreTokens(ScannerImpl.java:237)
        at org.yaml.snakeyaml.scanner.ScannerImpl.checkToken(ScannerImpl.java:183)
        at org.yaml.snakeyaml.parser.ParserImpl$ParseImplicitDocumentStart.produce(ParserImpl.java:200)
        at org.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:163)
        at org.yaml.snakeyaml.parser.ParserImpl.checkEvent(ParserImpl.java:148)
        at org.yaml.snakeyaml.composer.Composer.getSingleNode(Composer.java:104)
        at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:124)
        at org.yaml.snakeyaml.Yaml.load(Yaml.java:264)
        at org.bukkit.util.config.Configuration.load(Configuration.java:73)
        at org.bukkit.plugin.java.JavaPlugin.initialize(JavaPlugin.java:149)
        at org.bukkit.plugin.java.JavaPluginLoader.loadPlugin(JavaPluginLoader.java:111)
        ... 8 more

error with build 531

sorry fixed it by removing all the files and reinstall!

 

why i can drop items without logging in? so if i drop 64 or other number of something i get back only one! is it normal?

 

What about blocking commands enabled by plugins that use permissions(fakepermissions), until logged in?
Sorry for being a noob, I just don't see a way to have an effective admin user. Not saying there isn't one, but the docs are a bit lacking. :/

EDIT: I see now that it blocks them by default until logged in, but I think an explanation of this process is due.

 

HP is full when i reconnect :/

 

Same bug here..

Edit: Using Recommended Build #531

 

same bug here, #493

 

The same... and antoher one : non-logged people can use commands... so people take my nickname and put themselves Admin of the serv... 490 is out of date, will you update your plugin one day ?

 

use groupmanager

 

I do... is there something special to do ?

 

It should work then. Be sure to be using the latest groupmanager. Also, take your name out of the ops.txt, as no plugin can stop op commands. Anjosecurity can stop every permission comands, but not Ops.

 

I removed all users from ops.txt, remove chatbukkit and scrapbukkit, and used this to provide the basic commands.

http://forums.bukkit.org/threads/gen-general-3-2-1-sibelius-a-plugin-for-general-commands-493.7366/

 

Is there any auto-ban ip feature if someone fails to log into an account to many times?

 

Any chance of moving saved password/username combinations to a text file in the plugin directory so I can add people myself and give out passwords?

 

Make it permission compatible. This is just forcing players to use group manager, like you're just waiting till someone forks this to make it work with permissions...

 

I have my reasons to keep GM on this plugin. And it is not to promote GM... just think: almost no one cares about AnjoSecurity.

There is a big update coming. But no Permissions.

If you want: Go and fork it. There will be no offense taken. That's why it is called OpenSource.

 

;// I dont want to use GM, i dont know whym but just dont... why you cant make this for permissions to?

 

Use SQLite Editor, and export login/passwords.

 

Good news. Hope you fix bug with iConomy.

 

adminreset not work, chaos into config file, some option if changed will crash server(bukit server).... i delete this plugin, not like
+ with this plugin: when player login all another player lags, i dont know why but i tested without and lag be too but low. maybe need remake code?
idea of plugin nice . looking what will be in future.

 

it seems like this plugin causes players to get max hp when they relog to the server... :/

i hope this could be fixed, it ruins the whole game.

 

Yup, having that problem too. but it DOESNT BLOCK CONSOLE COMMANDS! anyone can login with the OP's name and use all console commands, now i will change login plugin.

 

don't have OPs! i installed admincomands plugin and admin comands now secured. but i can connect with other player name and drop all his items...

 

Cool, i wanted to update to the newest bukkit, but I've been waiting on this. Also hoping for Iconomy cooperation

 

Blocking all commands and movements for unregistered users works perfectly.
However, is there any possibility to prevent loosing all inventory-item at the first login? I dont have a chance to contact all users of my servers outside the game...
Also, dropping items by dragging them out of the inventory is still working while not being logged in.

 

It again I.
if (i write /reload in consol) and (In game there are people) then i get this:
19:10:30 [SEVERE] java.lang.UnsatisfiedLinkError: Native Library C:\Users\Faunris\AppData\Local\Temp\sqlite3.7.2-sqlitejdbc.dll already loaded in another classloader
19:10:34 [SEVERE] null
java.sql.SQLException: [SQLITE_BUSY] The database file is locked (database is l
ocked)
please fix it...

 

You have to set "resetatlogin" in the config file to false