[INACTIVE][SEC] AnjoSecurity v1.6c - Offline-Mode User Registration [440-531+]

Discussion in 'Inactive/Unsupported Plugins' started by AnjoCaido, Feb 15, 2011.

  1. Offline

    AnjoCaido

    AnjoSecurity - Offline-Mode User Registration System
    Version: v1.6c

    This version it's just a minor update to make it work with newer CB and GM. When GM gets it's final version I'll start working on future plans for this.

    ---

    This plugin uses GroupManager plugin(optional, but recommended if you want to block commands):
    http://forums.bukkit.org/threads/ad...0-7-because-permissions-is-past-326-353.4723/
    With this you can block all commands of plugins that uses Permissions plugin.

    This plugin is to help people prevent griefing and abusing while your server is in offline-mode. When mineceraft server is down you have no choice than setting up offline-mode. When this option is enabled anyone can connect within your server with their desired username, it brings up the problem that someone can connect with administrator name and abuse with all his loot and commands. This plugin will set up user registration with a custom password for your server, and only the person with that password will be able to use that username.

    Did I say it is open-source? You can get it on GitHub and modify as you want.

    Features:
    • Prevents registered users to do anything while not logged in.
    • (toggle-able)Prevents non-registered users to do actions(move,destroy,etc).
    • (toggle-able)Prevents non-registered users to do summon commands.
    • (toggle-able)Remove all loot of non-registered users when joining the server(and tp to spawn).
    • (toggle-able)Registration system. You can deactivate registrations anytime.
    • Every user can remove their registration, so they can register with other password.
    • Users listed on settings.properties, while logged in, can remove any user registration.
    • (configurable) Session time. You can set the session duration, so if a user drops connection a lot, he would not need to /login again.(default 30 minutes)
    • Interacts with GroupManager permission plugin(the one replacing Nijikokun's Permissions plugin, yet fully compatible) to prevent running registered commands.
    • ALLOW List. You can allow certain users to register, even if registration is deactivated.
    Commands (all of them speech for themselves):
    • /register <password> - it registers with the given password
    • /login <password> - it tries to login with the given password
    • /reset <password> - if the password is correct, remove registration
    • /adminreset <username> - remove the registration of the given username
    • /toggleregistration - (yes it is long, in purpose) - toggle registration mode ON/OFF.
    • /adminallow <username> - allow user to register even if registration is deactivated.
    Changelog:
    Version 1.6c
    • Made it work with newer CB builds.
    • Made it work with GroupManager 1.0 alpha
    Version 1.6b
    • Made it work with newer GM builds.
    Version 1.6
    • Fixed a nasty bug.
    Version 1.5
    • Fixed die-menu-respawn item duping(I think).
    Version 1.4
    • Compatible with the latest bukkit builds(#353)
    Version 1.3b
    • Removed some debugging messages.
    Version 1.3
    • Fixed small bugs. (I think all exceptions reported by now are fixed)
    • Added allow list.
    Version 1.2
    • Fixed small bugs
    • Improved how God Mode works(now it's verly like the God Mode plugin)
    • Added a God Mode timout after login of 5 seconds, to prevent die of falling on the ground.
    • Added a command to toggle registrations on/off.
    Version 1.1
    • Prevent non-logged-in users to lose health(and die).
    Version 1.0
    • First fully working release.
    Future plans:
    • (done!) Create a toggle command that opens and closes registration
    • Store users activities, such as typing wrong passwords and such(to catch hackers)
    Download:
    Version 1.6c (to use with GroupManager 1.0 or higher):
    http://www.mdn.fm/files/272681_rqyw0/AnjoSecurity-1.6c.zip

    Version 1.6b (to use with GroupManager 0.99b or lower):
    http://www.mdn.fm/files/271609_dvt1f/AnjoSecurity-1.6b.zip

    Source:
    https://github.com/gmcouto/AnjoSecurity

    Flat-file Authentication importer(import auth db from older plugins):
    http://www.mdn.fm/files/261879_yjodh/uber-AnjoSecurityImporter-1.0-SNAPSHOT.jar
    It is destinated for the following format(plugins that used MineSecurity format, from hMod):
    username:md5passhash

    Just double click on the jar(or run via terminal with java -jar), select the old flat-file... it will generate a AnjoSecurityDB.db file, which you put on your server folder. If you want to merge the old file with the new database, just put the jar on the same folder of the AnjoSecurityDB.db...


    ===============================
    Everyone with an Off-Line server might like the NameChecker plugin I made, it super simple. It only filters huge names (> 20 chars), short names(<3 chars), and invalid characters in names(only letters, numbers, and underscores allowed).
    It kicks the player and shows him the reason of why his name is invalid. It even has a configurable file for you to put forbidden names to join the server(like Player, or Scruffy_Puppy)
    http://www.mdn.fm/files/273443_hynys/NameChecker-0.1-SNAPSHOT.jar
     
    xcession, FlingeR and methos like this.
  2. Offline

    Wulfspider

    Just curious, why does this plugin display "Alguem chamou o handler" in the console every so often? I guess it means something like... "Someone called the handler", but does it need to be displayed and what is it's purpose? It seems to be as often as the "WIN!" from your other plugin, except it doesn't show when you walk like the GroupManager does.
     
  3. Offline

    AnjoCaido

    Sorry, I was on a bit of a rush last days, and I forgot to take off a lot of debugging messages. At least those mistakes won't harm anyone.

    Tomorrow I'll release a new Version of GroupManager without this(with some improvements). AnjoSecurity will receive a small update too.

    ---

    Any suggestions are appreciated.
     
  4. Offline

    Cubox

    Hello, thank you for this :)

    But I need some help.
    I'm using CB b345 - permission 2.0 and some other plugins.

    I've deleted permission.jar and placed groupmanager along with AnjoSecurity inside the plugins directory,
    and when I start the server, I got this:

    [​IMG]

    Do you know what I've been doing wrong? I know it's gotta be on my end, but I have no idea.

    Thank you.
     
  5. Offline

    AnjoCaido

    It says there Permissions was disabled. Probably GroupManager was not properly loaded(couldn't find Permissions/config.yml) or installed. Is there any exception above this?

    Check out GroupManager topic for more information.
     
  6. Offline

    Wulfspider

    I'm using build 345 and have no problems. I did have that error earlier when my data.yml was messed up somehow. I am using GroupManager, but both Permissions and GroupManager seem particular with how they are edited manually. Perhaps backup your data.yml and try the default data.yml and see if you get the error still?
     
  7. Offline

    AnjoCaido

    Yeah, could be that too(if he scrolls up probably will see another exception). I don't know how to save the file the way Permissions want. The way I use to load/save the file is the same way used in essentials modgrp.

    It saves the file in a very different way than the Permissions template. The problem is that those YAML files are very sensitive about spaces and other things. I don't recommend edit the file without a editor that parses it(like netbeans).

    I plan to make a desktop tool to edit the file easily.
     
  8. Offline

    Wulfspider

    Sounds like an excellent idea. Would make it easy for users to create and edit permissions then outside of the game... such as Deatlev in your other plugin thread. ;)

    Also, can I PM you a question and a couple ideas Anjo?
     
  9. Offline

    AnjoCaido

    Of course you can.

    I'll be off for the next 8 hours. Going to sleep now. 7 am here.

    But I'll answer you as soon as I get up.
     
  10. Offline

    Cubox

    This belongs to the GroupManager thread actually,
    but since I start here, I might as well finish it here.

    @Wulf: I tried your suggestion and it worked, thank you.
    I also found what caused it, it's the group names. Everytime I changed one of the group names,
    the problem re-occurs, for instance when I changed Default to Citizen.
    I'm using http://yaml-online-parser.appspot.com/ to edit the files.

    It's working now with the default group names.
    Thank you Wulf and Anjo :)
     
  11. Offline

    GermanyMember

    Suuupppper!!! Blocked commend WorldGuard and WorldEdit !!
    Now blocked inventory :(
     
  12. Offline

    AnjoCaido

    If that is a concern. Please explain more.
     
  13. Offline

    Wulfspider


    You are welcome! Are you making sure you change the inheritance for each group with the new names as well? If you don't, that would make it break I think.

    I have noooo idea what any of that means...
     
  14. Offline

    marmot

    It doesn't bother me :)
     
  15. Offline

    Wulfspider

    I think leaving it as is is good. Having them do the initial sign-in is a good way to test that their password works, instead of giving you grief later about how they can't sign in.
     
  16. Offline

    WMisiedjan

    Somehow I get errors with Essentials plugins:
    Code:
     SEVERE: Could not pass event PLAYER_JOIN to Essentials
    java.lang.NoClassDefFoundError: Lcom/nijiko/Misc;
            at java.lang.Class.getDeclaredFields0(Native Method)
            at java.lang.Class.privateGetDeclaredFields(Unknown Source)
            at java.lang.Class.getField0(Unknown Source)
            at java.lang.Class.getField(Unknown Source)
            at com.earth2me.essentials.Essentials.isPlayerAuthorized(Essentials.java
    :112)
            at com.earth2me.essentials.EssentialsPlayerListener.onPlayerJoin(Essenti
    alsPlayerListener.java:136)
            at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.ja
    va:124)
            at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.jav
    a:60)
            at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.j
    ava:214)
            at net.minecraft.server.ServerConfigurationManager.a(ServerConfiguration
    Manager.java:88)
            at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:86)
    
    And
    Code:
    2011-02-19 11:32:32 [INFO] [PLAYER_COMMAND] WMisiedjan: /help
    java.lang.NoClassDefFoundError: Lcom/nijiko/Misc;
            at java.lang.Class.getDeclaredFields0(Native Method)
            at java.lang.Class.privateGetDeclaredFields(Unknown Source)
            at java.lang.Class.getField0(Unknown Source)
            at java.lang.Class.getField(Unknown Source)
            at com.earth2me.essentials.Essentials.isPlayerAuthorized(Essentials.java
    :112)
            at com.earth2me.essentials.Essentials.isPlayerAuthorized(Essentials.java
    :97)
            at com.earth2me.essentials.help.EssentialsHelpWorker.onCommand(Essential
    sHelpWorker.java:22)
            at com.earth2me.essentials.help.EssentialsHelp.onCommand(EssentialsHelp.
    java:51)
            at org.bukkit.command.PluginCommand.execute(PluginCommand.java:17)
    
    I think it somehow cannot find Permissions?
     
  17. Offline

    Wulfspider

    Have you tried replacing your data.yml for your permissions plugin with a known working data.yml, perhaps the example one? Sounds like that is the problem.
     
  18. Offline

    WMisiedjan

    I acctually don't have Permissions itself installed. I thought it wasn't needed?
     
  19. Offline

    Wulfspider

    My mistake, it shouldn't be needed. Have you made sure the config.yml is in the AnjoSecurity folder under plugins? If it is, have you edited it at all? What version of Essentials are you using? Does Essentials work fine without AnjoSecurity.jar in the plugins folder?
     
  20. Offline

    WMisiedjan

    I use the latest version of essentials, Just grabbed from the SVN.

    I have this config.yml:
    http://pastebin.com/m7dJGB4v

    And I think its a GroupManager problem. Because it still doesn´t work without AnjoSecurity.
     
  21. Offline

    GermanyMember

    plugin blocks the Q key throwing things, but no manual.
    Plugin does not hide itemów as in other plugins ...
    No need to type /login password
     
  22. Offline

    methos

    i have big bug.
    when u die click 'back to menu' and login again - u can then dupe all items in ure eq.
     
  23. Offline

    anon

    So it stores player ip on sqltite, and I think this is great. So, a think I would like to ask is for this plugin to have a toggable option to force only one registration per ip. It would stop people being banned and just changing name to reenter. At least it would stop some of them....those without dynamic ip.
     
  24. Offline

    Wulfspider

    I am having the same issue with it not hiding items. Perhaps it is recognizing the IP address and not hiding them? For the login, if you are within the default 30 minute session time, then it will automatically log you back in. You can change that time in the config.yml file if you would like it shorter or longer.
    The problem with that, is that sometimes people share a connection or have LANs. It would be worth adding though as an option I think.
     
  25. Offline

    ChrisProlls

    I get to ban a user without login, is this normal?
     
  26. Offline

    AnjoCaido

    So what happens when someone changes it's IP.

    Most people don't have static IP. Maybe they have a lease time of some days. But it will change after that.

    If you need to ban, just ban the guy by their IP. It's way more effective than masking the problem with a feature that will create another problem.
    --- merged: Feb 19, 2011 8:35 PM ---
    Every command that is registered on Bukkit, if doesn't pass over Permissions plugin, can't be blocked.

    Unfortunately there is no way to change that. I highly recommend not having OP players, and use GroupManager, if you use Permissions dependent plugins.
    --- merged: Feb 19, 2011 8:38 PM ---
    I really don't know hoe to die while not logged in. Can you tell me how?

    If I can't reproduce the problem I cant find a solution(if there is any)
    --- merged: Feb 19, 2011 8:41 PM ---
    I still don't get it.
    Yes it blocks Q.
    but no... no what?

    Yes it doesn't hide the items. If I find a good and secure way to do that, I'll implement it.

    Why no need to /login?
    --- merged: Feb 19, 2011 8:43 PM ---
    It's the Essentials at SVN playing if some hidden stuff of Permissions Plugin. Those stuff aren't on GroupManager yet.


    ---
    Now i've went to Essentials repository, and seems they arent using Misc field anymore... probably you got a bugged version.
     
  27. Offline

    WMisiedjan

    Ok, Tnx.
     
  28. Offline

    kamyker

    Big bug is, when u die, close game with cross and log to game. I'm not sure about, but this problem is in authme and authorization. Anjo can u add something to block using commands when someone isnt log in?


    Sorry for english :/
     
  29. Offline

    Chikken

    Hi,

    i really want this Plugin running on my Server but i always get this Error...
    Latest version of Groupmanager is running and Craftbukkit is build #351
    screenshot2.png
     
  30. Offline

    Vlyn91

    Always get the error: Severe: Could not pass event PLAYER_JOIN to AnjoSecurity blabla.. :-/

    And suddenly sometimes invisible users :confused:
     
  31. Offline

    methos

    so, i connect to server, and when i die i click "Title menu" and next i reconnect to server. I have items in eq and same in death place.
     

Share This Page