Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline


    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page:

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel ( #LoveDespite) or toss me a message at Until we meet again, stay gold. Bang.


    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.

    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
  2. Offline


    How is it keeps passwords? I want to integrate auth to web-tool, but some hashes in md5, some in whirlpool, but whirpool(pass) != hash from auth.txt
  3. Offline


    It actively uses Whirlpool. If a players password is still stored as an MD5 hash it means they haven't logged in since the update that changed MD5 to Whirlpool.
  4. Offline


    Any feedback on whether or not v1.2.3 will play nicely with Craftbukkit 716? I'm eager to implement, this plugin does the community a great service. Thank you!!
  5. Offline


    There haven't been any changes that would break plugins as far as I've seen so it should work fine.
  6. Offline



    I've got MultiInv and your plugin, xAuth on my server, I'm not sure who to contact about this, but with MultiInv on, xAuth does not prevent someone impersonated another player from dropping there items, they can't seem to do anything else though, your welcome to test on my server, contact me for info.

  7. Offline


    This will be fixed in the next update, which also seems to fix Backpack compatibility (@MiracleM4n).
  8. Offline


  9. Offline


    i love you man...

    you updated before permissions did
  10. Offline


    im running CraftBukkit 733 and get the folowing error with the plugin:

    [SEVERE] net.minecraft.server.PropertyManager.a(Ljava/lang/String;Z)Z loading xAuth v1.2.3 (Is it up to date?)
    java.lang.NoSuchMethodError: net.minecraft.server.PropertyManager.a(Ljava/lang/String;Z)Z
            at com.cypherx.xauth.xAuth.onEnable(
            at org.bukkit.plugin.SimplePluginManager.enablePlugin(
            at org.bukkit.craftbukkit.CraftServer.loadPlugin(
            at org.bukkit.craftbukkit.CraftServer.loadPlugins(
            at net.minecraft.server.MinecraftServer.e(
            at net.minecraft.server.MinecraftServer.a(
            at net.minecraft.server.MinecraftServer.init(
  11. Offline


    I havnt problems with xAuth and Craftbukkit #733 but(!)
    I am use a Permissions plugin and the Groub "Admins" use the Command [- '*'].
    And the Problem is, the groub "Admins" must not register.
    But they MUST register and i will not remove the Command [- '*'].
    What can i do??
    How can i disable the Command xauth.exclude ???

    I hope you can help me with my Problem and sorry for my very bad english.
  12. Offline


    Can i get the test build which fixes the fall through hole problem when they login.
  13. Offline


    It looks like either something's wrong with your file or you're using an older CraftBukkit build by mistake.

    Just add '-xauth.exclude' to any group/player that also has '*'. The hyphen excludes that group/player from having that permission.
  14. Offline


    Thats not what i mean, i will use the Command - '*' and i will use Registrations for everyone.
    But the '*' gives ALL permission included "xauth.exclude" and that is the problem.
    It uses xauth.exclude too and the admins cant register.
  15. Offline


    this is what he means:

            system: default
            copies: ''
            default: false
                prefix: ''
                suffix: ''
                build: true
            - '*'
            - '-xauth.exclude'
            group: Admin
                prefix: ''
                suffix: ''
            - ''
    This will make me have all permissions but exclude the xauth.exclude functions.
  16. Offline


    Hmm. it seems it doesnt block people from logging in to your char while your online on 733. enforce single session is off and it says that player is logged in but it still disconnects me.

    Also think you can add a setting to place a user in a certain group once they register? I want to have a new protection system where new users cant build until verified by a staff member but I dont want to have to do it with all the current members :p
  17. Offline


    Oh Thanks, It works :D
    I had think if i write it down in the Permissions, it will be enabled...
  18. Offline


    Man one of newbies get ban from xAuth how to unban?
  19. Offline


    is there a way to disable registration unless allowed by an admin?
  20. Offline


    Just tested it with WorldGuard 5 Alpha 10 and it works. It seems the 'enforce-single-session' option was removed from the configuration but the code that handles it still exists so in a sense it's always set to 'on' unless you manually add it to the configuration. Also, I'm not sure when this was implemented, but WorldGuard now allows a different config file for each world, so that might be messing with it.

        item-durability: on
        remove-infinite-stacks: off
        enforce-single-session: off
    I'll look into the feature you requested once Bukkit adds native permissions.

    Use the native Minecraft command pardon-ip.

    You can use /toggle reg to enable/disable registration.
  21. Offline


    i have the falling void bug!
  22. Offline


    I keep getting "An internal error occured while attempting to perform this command" whenever a player tries to /register
    But it then acts as if they have registered.
    (Including creating their entry in auths.txt)

    So... should I just ignore this?
  23. Offline


    Post the error displayed in the server console.
  24. Offline


    Thanks for great plugin, CypherX.

    Can you add a feature: on login player teleports to respawn (on another fixed point) and teleported back only when he enter correct password. Without that anybody can login into, press F3 and know player's coordinates, which can be bad in some situations.
  25. hmm i Can't login Before I even get to my log I will spawn in the sky and will be kicked directly with the message "Flying is not enabled on this server" my Members have this problem too
  26. Offline


    omg /pardon-ip it doesnt works (i cant to console-hosting)
  27. Offline


    Will be in xAuth 2. Implemented this, will be in the next update.

    Don't logout while in the air.

    It can be used in-game if you're an Op.
  28. Offline


    Is it normal that I fall through the floor when I'm not logged in yet? (And subsequently die a horrible death, losing all my items when logging in)
    (Using B733, server shows no error at all)

    Edit : After removing all my plugins and adding them one at a time, I've found that " izone " was the cause, without it I'm not falling through the ground (and dying).
    Could you add compatibility please?
  29. I doesn't log out in the air i was on the ground after install xAuth i register me ingame then after a restart of server (testing with login) i moved with WASD THEN in the Chat "You must login in to do that" or so and its switch/warps me in the air now im in the Air cant do anything and Server restart ect doesnt help
  30. Offline


    [SEVERE] null
    org.bukkit.command.CommandException: Unhandled exception executing command 'login' in plugin xAuth v1.2.3
    at org.bukkit.command.PluginCommand.execute(
    at org.bukkit.command.SimpleCommandMap.dispatch(
    at org.bukkit.craftbukkit.CraftServer.dispatchCommand(
    at net.minecraft.server.NetServerHandler.handleCommand(
    at net.minecraft.server.NetServerHandler.a(
    at net.minecraft.server.Packet3Chat.a(
    at net.minecraft.server.NetworkManager.a(
    at net.minecraft.server.NetServerHandler.a(
    at net.minecraft.server.NetworkListenThread.a(SourceFile:100)
    at net.minecraft.server.MinecraftServer.h(
    Caused by: java.lang.IllegalArgumentException: Invalid inventory size; expected 279
    at org.bukkit.craftbukkit.inventory.CraftInventory.setContents(
    at com.cypherx.xauth.xAuth.restoreInventory(
    at com.cypherx.xauth.xAuth.login(
    at com.cypherx.xauth.CommandHandler.handlePlayerCommand(
    at com.cypherx.xauth.xAuth.onCommand(
    at org.bukkit.command.PluginCommand.execute(
    ... 12 more
  31. Offline


    Does the falling occur WITH iZone and WITHOUT xAuth? Or only when they are both used together?

    It teleports the player back to where they moved from if they aren't logged in, so it should only teleport you into the air if that's where you attempted to move from.

    I'm guessing you have Backpack plugin installed? If so, a fix is included in the next update.
Thread Status:
Not open for further replies.

Share This Page