Filled Operator Password on Join

Discussion in 'Archived: Plugin Requests' started by DeJay6424, Sep 19, 2014.

Thread Status:
Not open for further replies.
Page 1 of 2
  1. Offline

    DeJay6424

    Plugin category: Admin Tools

    Suggested name: OPSignin

    What I want: I want a plugin where I set the below permission on a person, and they are required to setup a password and login everytime they signin. Not that difficult, if possible set thier passwords and usernames to goto a config file so I can reset it manually if needed.

    Ideas for commands: /passwordset /login

    Ideas for permissions: operator.passset operator.login

    When I'd like it by: Whenever is okay for the person filling. I do not want this to be rushed ;).
     
    DeJay6424, Sep 19, 2014
    #1
  2. Offline

    Epicballzy

    Epicballzy, Sep 19, 2014
    #2
  3. Offline

    DeJay6424

    Is that for the whole server or only specific people, and it's only for CB 1.6..........
     
    DeJay6424, Sep 19, 2014
    #3
  4. Offline

    Epicballzy

    The whole server. And just because it's 1.6, doesn't mean it's broken until proven otherwise
     
    Epicballzy, Sep 19, 2014
    #4
  5. Online

    timtower Administrator Administrator Moderator

    timtower, Sep 19, 2014
    #5
    PapiDimmi, glasseater and Jaaakee224 like this.
  6. Offline

    Epicballzy

    Epicballzy, Sep 20, 2014
    #6
  7. Online

    timtower Administrator Administrator Moderator

    That outdated stuff is a regular comment of me.
     
    timtower, Sep 20, 2014
    #7
    PapiDimmi and XD 3VIL M0NKEY like this.
  8. Offline

    Epicballzy

    timtower Oh haha, never seen it before ^.^ I don't really hang out on the requests forum too often
     
    Epicballzy, Sep 20, 2014
    #8
  9. Offline

    Crud41


    I might have some time later today. Unless someone else wants to steal.
     
    Crud41, Sep 20, 2014
    #9
  10. Offline

    DeJay6424

    Crud41 Thanks :), like said take your time.
     
    DeJay6424, Sep 20, 2014
    #10
  11. Offline

    Crud41

    Working on it right now.

    Update: ran into a bit of a problem. I blame the way java works. If any DEV's are looking to help, feel free.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jun 14, 2016
    Crud41, Sep 21, 2014
    #11
  12. Offline

    TheWolfBadger

    Crud41 What's the problem?
     
    TheWolfBadger, Sep 21, 2014
    #12
  13. Offline

    Crud41

    My initial attempt was unsuccessful. I am redoing it. I haven't made a plugin in 3 mos and forgot you can't put a listener into a method. No worries, I think I've got it. TheWolfBadger

    EDIT: Issue now is the command pre processor is being silly and not distinguishing chat from commands. -sigh-

    TheWolfBadger

    Basically, the idea is that I cancel all commands except for the excluded ones until they enter the password.
    For this, I am using PlayerCommandPreprocessEvent eventhandler to detect commands and set them to null.

    Currently trying to find the way to bypass it and have exclusion commands that don't trigger cancelation. Such as the setpassword command and the login command.

    Nearly done
     
    Crud41, Sep 21, 2014
    #13
  14. Offline

    Forge_User_60359873

    "A bad workman blames his tools".
     
    Forge_User_60359873, Sep 21, 2014
    #14
    timtower likes this.
  15. Offline

    Crud41


    Not my fault java doesn't like methods inside methods :V
     
    Crud41, Sep 21, 2014
    #15
  16. Offline

    Forge_User_60359873

    Crud41 No, but you don't need to do that. And it's hardly the language's fault now, is it?
     
    Forge_User_60359873, Sep 21, 2014
    #16
  17. Offline

    Crud41

    AdamQpzm It is always the language's fault. :V

    Finished. Adding finishing touches.

    DeJay6424 It is finished. Took me me a little while to get it working 100%. If you find any bugs, tell me.

    Download

    Features:
    - Blocks ALL commands except for the commands from the plugin until user has logged in.
    - Will not allow users to change their passwords unless it is deleted by system admin from YML in plugins folder.
    - Disallows users to login multiple times.
    - Easy commands
    - Command node based restrictions.

    Commands:
    /opsetpass - Sets the password. Exmaple: /opsetpass potatoes
    /oplogin - Logs in user. Example: /oplogin potatoes

    Command Nodes:
    op.setpass - Allows access to /opsetpass
    op.login - Allows access to /opsetpass
    is.op - Adds that group or user to list of people affected by plugin

    Instructions:
    1) Extract Jar file into /plugins/ directory
    2) Add the is.op permission node to desired affected groups and or individuals in permissions
    3) Start server
    4) Join
    5) /opsetpass to set your password
    6) /oplogin log in with your password
    7) Have fun.

    PS: I am planning to add more to this. Such as in-game password adjustments and time-based purging and SQL support. I'll look into it when bukkit plugins are back up.
     
    Crud41, Sep 21, 2014
    #17
  18. Offline

    DeJay6424

    @Crud41 Thanks :)
    Wrong link?
     
    DeJay6424, Sep 21, 2014
    #18
  19. Offline

    Crud41

    DeJay6424
    Bukkit is being stupid.
    I sent you a plugin download link in PM.

    DeJay6424 I'll send you link through PM

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jun 14, 2016
    Crud41, Sep 21, 2014
    #19
  20. Offline

    AronTheGamer

    Crud41 how are you storing the passwords? I hope not as plain text
     
    AronTheGamer, Sep 22, 2014
    #20
    timtower likes this.
  21. Offline

    Forge_User_60359873

    I think the OP wanted it in plain text to be fair.
     
    Forge_User_60359873, Sep 22, 2014
    #21
  22. Offline

    EgyptianKing

    I can do this for you if Crud41 has not completed it yet.
     
    EgyptianKing, Sep 22, 2014
    #22
  23. Offline

    Forge_User_60359873

    Forge_User_60359873, Sep 22, 2014
    #23
  24. Offline

    AronTheGamer

    Oh that's cool. I just have to send him a plugin that reads out the config files of this plugin and I get all his staff's passwords!

    Saving passwords as plain text is the worst thing you can do. Reason described above.
    This is the best way to check a login:
    On the set of the password, just hash it with either Blowfish or SHA521 and put it in the config/db.
    When soneone tries to log in with a password, just hash the entered password again and see if it matches the password in the configuration file. If you don't, you are just DUMB.

    This is Java, not javascript
     
    AronTheGamer, Sep 22, 2014
    #24
  25. Offline

    Forge_User_60359873

    AronTheGamer Quote me where I said it was in any way a good idea.
     
    Forge_User_60359873, Sep 22, 2014
    #25
  26. Offline

    AronTheGamer

    You can still remove the Blowfish/SHA521 hashes
     
    AronTheGamer, Sep 22, 2014
    #26
  27. Offline

    Crud41

    AronTheGamer AdamQpzm EgyptianKing
    I have completed the plugin. And yes, it is being stored in "Plain Text" unless the author requested me to Hash it. Either way, I posted a download link but forms keeps turning it into a google search link. Let me try this again, if it doesn't work, then PM me for the plugin.

    Download Link: https://dl.dropboxusercontent.com/u/50059382/Bukkit Plugins/Forum Requests/OPLogin/OPLogin.zip

    Well, first off; he requested plain text. Also, in the case he does get a malicious plugin which reads out the passwords from that file; there would probably be no repercussions. Unless he is running this on a 1.8+ server and or has a cracked server he is running this on, there is no way 2 people can log in as the same username. Therefore, there is no risk in leaving it in plain text.

    All cracked servers have a login system. So this is basically another stage in security if that is the case. On top of which, 1.8v of bukkit has not come out (or maybe will never come out). Until that time comes, there are no worries.

    These being the reasons why I decided not to take the extra step to hash them. Also, it helps to leave them in plain text in case the owner has someone who forgot their password. Instead of having to delete it, they can just recover it. Which is a plus.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jun 14, 2016
    Crud41, Sep 22, 2014
    #27
  28. Offline

    AronTheGamer

    Removed offensive message by myself (open)
    You are such an idiot.
    The owners can now invite random people they don't like and explain the security thing.
    After a reload they can just look up their password in the config file and log in to their skype, msn, twitter and whatever and change password or say nasty things.

    Remove it from your dropbox immediately and change the way passwords are stored.

    @ Everyone
    Reply with: "I agree" if you think like this too.
     
    AronTheGamer, Sep 22, 2014
    #28
  29. Online

    timtower Administrator Administrator Moderator

    AronTheGamer Report the post, quote from the rules:
     
    timtower, Sep 22, 2014
    #29
  30. Offline

    ColonelHedgehog

    First of all, it's "idiot." If you're going to insult someone, do it right.

    Second of all, it IS a silly idea, but what's even sillier is using the same password for everything. Not one of my passwords are the same. I set a different one for each thing I sign up for. Why? Well, if someone finds one of my passwords, at least he doesn't have them all. This is called using something at your own risk.
     
    ColonelHedgehog, Sep 22, 2014
    #30
Page 1 of 2
Thread Status:
Not open for further replies.

Share This Page