Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    hekkr

    Can I kick the user when it's isn't logged in? I want to use sql based login system :)

    I mean, when the user try to log in and the id/ip isn't in the sessions db, kick immediately.
     
  3. I have only a short question:
    We are using this plugin a long time now and we want to combine our forum passwords and this plugin.
    So my question is, what coding this plugin is using!
    Is it md5? (This would be grate because our forum is using it, too).

    I hope someone can help me fast!

    greetings
    Chriss
     
  4. Offline

    The Wizard

    I've notice something that is not right.
    I've unregistered "cosmin" and the plugin unregistered "Cosmin95" and also "cosmin".
    "cosmin" was not online, but "Cosmin95" was.
     
  5. Offline

    tylerthanson

    Has any definitive conclusion been reached on how to fix where players spawn?

    I currently have a new player spawn area, but upon testing I find I briefly appear there on login, where I have set the spawn (with both XAuth's location command as well as Essentials "/setspawn" command, but then am immediately whisked away to a nearby location (which unfortunately is in the middle of an ocean). I have enabled and disabled the protect location setting in the configuration, but honestly am at a loss as to how I should protect my server but still have a new player's spawn.

    Any help would be greatly appreciated, thank you.
     
  6. christopher_2007 : I use MCTelnet (search for it) in combination with a Telnet client builtin the forum (Its YaBB and I use Net::Telnet as telnet client).
    When a player registers in the forum, I just do $t->cmd("xauth register $user $password"); , when he change password, $t->cmd("xauth changepw $user $password"), and when he delete account from forum, i just do $t->cmd("xauth unregister $user");

    Make sure to disable public regs and public password changes in the config.

    ----------
    ----------
    ----------

    I have a suggestion to plugin author: Make a authmode configuration option:

    authmode = password

    Would be the standard. (as it works today)
    Then:

    authmode = ip
    Would disable the register/login command.
    If public regs are enabled: When a player joins, his IP is used as a password, hashed and saved into db, and upon subsuquent logins, his IP is used as a password (eg hashed and checked against database).

    If public regs are disabled: When a player joins, he cannot do anything, it would be like being unregistred. A OP registers him with /xauth register [player] [ip]
    A join with a incorrect IP is counted as a incorrect auth attempt, and this can then be controlled/configured through the standard invalid attempts ban/kicking system.

    Only admin can change authed IP by /xauth changepw [player] [ip]
    The changepw command would be disabled for non-OPs regardless of if public password changes are allowed or not.

    authmode = passwordip
    Would append the player's IP after the password on both register and login.
    (If public regs are disabled, only admin can register),

    So when a player with IP 123.123.123.123 registers with /register nicepw, the string "nicepw123.123.123.123" gets hashed and saved into db. Same would happen at login when pw are checked, so if a player have joined from a incorrect location, his password would simply not work.
    If a player/op with IP 99.99.99.99 does a changepw on HIMSELF (by not specifying a name), his ip would be autoappended, like "/changepw anotherpw" would set the pw to "anotherpw99.99.99.99"
    (If public changepw are disabled, only admin can changepw as described further down)

    If a op changes password of a player by specifing player name, he would have to append the IP himself (even if he runs the command against himself).
    So If I want to set the password of player "haha" to "newpw" and also change the allowed IP to 66.66.66.66, I would need to run:
    "/xauth changepw haha newpw66.66.66.66"

    When a op registers a player through /xauth register, he would do "/xauth register player password123.123.123.123" would register a new player with name "player" and password "password" and IP 123.123.123.123
     
  7. Offline

    moparisthebest

    CypherX just accepted my patch for authURL support, so you can make xAuth just use the same password as your forum's use directly from your database, if you are using SMF 2.X, I even included a sample script for you. He hasn't updated the pre-compiled version, but take a look at his github for the latest.

    @CypherX, one tiny thing that's bugging me about your first post. xAuth doesn't do password encryption, it does password hashing. Encryption implies the password could be decrypted, which it cannot (and should not be able to be). Semantics I guess, but I know I investigated thoroughly to make sure you actually were doing a hash and not encryption before I started using it, maybe others just skip it over because of that. :)
     
  8. Offline

    tony687

    can ppl with cracked accounts join with this plugin?
     
  9. Offline

    kopcap23

    Hello! Plugin works great, but I have one error. I'm using mySQL and it's works, budt every 10 minutes i have error:

    Code:
    2011-08-02 15:47:28 [SEVERE] [xAuth] Could not load StrikeBan for host: 87.49.69.197
    com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
    
    The last packet successfully received from the server was 109,249 milliseconds ago.  The last packet sent successfully to the server was 0 milliseconds ago.
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
        at java.lang.reflect.Constructor.newInstance(Unknown Source)
        at com.mysql.jdbc.Util.handleNewInstance(Util.java:407)
        at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1116)
        at com.mysql.jdbc.MysqlIO.reuseAndReadPacket(MysqlIO.java:3082)
        at com.mysql.jdbc.MysqlIO.reuseAndReadPacket(MysqlIO.java:2968)
        at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3516)
        at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1986)
        at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2140)
        at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2626)
        at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2111)
        at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java:2273)
        at com.cypherx.xauth.datamanager.DataManager.loadStrikeBan(DataManager.java:679)
        at com.cypherx.xauth.xAuth.isBanned(xAuth.java:298)
        at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerLogin(xAuthPlayerListener.java:44)
        at org.bukkit.plugin.java.JavaPluginLoader$12.execute(JavaPluginLoader.java:321)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:58)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:332)
        at net.minecraft.server.ServerConfigurationManager.a(ServerConfigurationManager.java:184)
        at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:82)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:74)
        at net.minecraft.server.Packet1Login.a(SourceFile:43)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:40)
        at net.minecraft.server.NetworkListenThread.a(SourceFile:91)
        at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:451)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:361)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    Caused by: java.io.EOFException: Can not read response from server. Expected to read 4 bytes, read 0 bytes before connection was unexpectedly lost.
        at com.mysql.jdbc.MysqlIO.readFully(MysqlIO.java:2529)
        at com.mysql.jdbc.MysqlIO.reuseAndReadPacket(MysqlIO.java:2979)
        ... 23 more
     
  10. Offline

    CypherX

    I'll do some more testing to see if I can replicate the error.

    So you want to kick anyone who doesn't have a session? That means everyone will be kicked eventually.

    xAuth uses a custom hashing method that first uses Whirlpool to hash a password then adds a salt to the hash. Your best choice would be to do what moparisthebest talked about in his post. The next update will include his authURL code.

    What version of xAuth were you using when this occured?

    @sebastiannielsen - I don't really see any kind of mode that uses an IP address in a player's registration working since many people have dynamic addresses that could possibly change every day.

    Try reading the first post.

    @kopcap23 - Looks like the connection to the MySQL server timed out. If you're using beta 3.5 it should be re-established.

    @moparisthebest - Changed 'password encryption' to 'password hashing' in the main post and on my Github wiki.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 12, 2016
  11. CypherX: I understand that it would not be a good idea to use IPs as authentication, but for example, If I link it to my forum like in first post with MCTelnet, I can make sure that for example, the users client IP must match the latest IP the user used at the forum.

    The "ip" only mode, would be used in circumstances where you want to streamline the login process for the user, by instead forcing the user to login to a website for example, and this "updates" the allowed IP for the user, and the end user does not need to login when in minecraft server.
     
  12. Offline

    xsolar66

    Dear Cypher,

    I have had multiple players join my server, only to leave because they didn't know how to /register, and they couldn't do anything (locked mouse movement, talking etc).

    What I would like is for players who join under a name that hasn't been "registered" yet, to be able to do anything they like (ie. they can move, talk, use commands, build etc), without having to use /register. This way they'll not be put off from playing so quickly.

    I think this is currently not possible, or am I missing something obvious?
     
  13. Offline

    CypherX

    Disable forced registration in the configuration file and they'll be able to do all of that and still be able to register if they wish.
     
  14. Offline

    saenokda

    this happens everytime i try to install iConomy.

    Code:
    2011-08-03 03:03:09 [SEVERE] [xAuth] Could not connect to H2 database!
    org.h2.jdbc.JdbcSQLException: Database may be already in use: "Locked by another process". Possible solutions: close all other connection(s); use the server mode [90020-153]
        at org.h2.message.DbException.getJdbcSQLException(DbException.java:327)
        at org.h2.message.DbException.get(DbException.java:167)
        at org.h2.message.DbException.get(DbException.java:144)
        at org.h2.store.FileLock.getExceptionAlreadyInUse(FileLock.java:443)
        at org.h2.store.FileLock.lockFile(FileLock.java:338)
        at org.h2.store.FileLock.lock(FileLock.java:134)
        at org.h2.engine.Database.open(Database.java:535)
        at org.h2.engine.Database.openDatabase(Database.java:218)
        at org.h2.engine.Database.<init>(Database.java:213)
        at org.h2.engine.Engine.openSession(Engine.java:56)
        at org.h2.engine.Engine.openSession(Engine.java:159)
        at org.h2.engine.Engine.createSessionAndValidate(Engine.java:138)
        at org.h2.engine.Engine.createSession(Engine.java:121)
        at org.h2.engine.Engine.createSession(Engine.java:28)
        at org.h2.engine.SessionRemote.connectEmbeddedOrServer(SessionRemote.java:285)
        at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:114)
        at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:98)
        at org.h2.Driver.connect(Driver.java:72)
        at java.sql.DriverManager.getConnection(Unknown Source)
        at java.sql.DriverManager.getConnection(Unknown Source)
        at com.cypherx.xauth.datamanager.DataManager.connectH2(DataManager.java:65)
        at com.cypherx.xauth.datamanager.DataManager.connect(DataManager.java:42)
        at com.cypherx.xauth.datamanager.DataManager.<init>(DataManager.java:35)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:64)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:126)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:857)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:264)
        at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:151)
        at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:136)
        at org.bukkit.craftbukkit.CraftServer.reload(CraftServer.java:358)
        at org.bukkit.command.SimpleCommandMap$ReloadCommand.execute(SimpleCommandMap.java:281)
        at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:129)
        at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:290)
        at net.minecraft.server.MinecraftServer.b(MinecraftServer.java:480)
        at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:465)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:361)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    2011-08-03 03:03:09 [SEVERE] [xAuth] Disabling - No connection to database
    2011-08-03 03:03:12 [SEVERE] [xAuth] Could not connect to H2 database!
    org.h2.jdbc.JdbcSQLException: Database may be already in use: "Locked by another process". Possible solutions: close all other connection(s); use the server mode [90020-153]
        at org.h2.message.DbException.getJdbcSQLException(DbException.java:327)
        at org.h2.message.DbException.get(DbException.java:167)
        at org.h2.message.DbException.get(DbException.java:144)
        at org.h2.store.FileLock.getExceptionAlreadyInUse(FileLock.java:443)
        at org.h2.store.FileLock.lockFile(FileLock.java:338)
        at org.h2.store.FileLock.lock(FileLock.java:134)
        at org.h2.engine.Database.open(Database.java:535)
        at org.h2.engine.Database.openDatabase(Database.java:218)
        at org.h2.engine.Database.<init>(Database.java:213)
        at org.h2.engine.Engine.openSession(Engine.java:56)
        at org.h2.engine.Engine.openSession(Engine.java:159)
        at org.h2.engine.Engine.createSessionAndValidate(Engine.java:138)
        at org.h2.engine.Engine.createSession(Engine.java:121)
        at org.h2.engine.Engine.createSession(Engine.java:28)
        at org.h2.engine.SessionRemote.connectEmbeddedOrServer(SessionRemote.java:285)
        at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:114)
        at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:98)
        at org.h2.Driver.connect(Driver.java:72)
        at java.sql.DriverManager.getConnection(Unknown Source)
        at java.sql.DriverManager.getConnection(Unknown Source)
        at com.cypherx.xauth.datamanager.DataManager.connectH2(DataManager.java:65)
        at com.cypherx.xauth.datamanager.DataManager.connect(DataManager.java:42)
        at com.cypherx.xauth.datamanager.DataManager.getPlayerFromDb(DataManager.java:336)
        at com.cypherx.xauth.datamanager.DataManager.getPlayer(DataManager.java:312)
        at com.cypherx.xauth.xAuth.onDisable(xAuth.java:32)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:128)
        at org.bukkit.plugin.java.JavaPluginLoader.disablePlugin(JavaPluginLoader.java:878)
        at org.bukkit.plugin.SimplePluginManager.disablePlugin(SimplePluginManager.java:280)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:67)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:126)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:857)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:264)
        at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:151)
        at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:136)
        at org.bukkit.craftbukkit.CraftServer.reload(CraftServer.java:358)
        at org.bukkit.command.SimpleCommandMap$ReloadCommand.execute(SimpleCommandMap.java:281)
        at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:129)
        at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:290)
        at net.minecraft.server.MinecraftServer.b(MinecraftServer.java:480)
        at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:465)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:361)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    2011-08-03 03:03:12 [SEVERE] Error occurred while disabling xAuth v2.0b3.5 (Is it up to date?): null
    java.lang.NullPointerException
        at com.cypherx.xauth.datamanager.DataManager.getPlayerFromDb(DataManager.java:341)
        at com.cypherx.xauth.datamanager.DataManager.getPlayer(DataManager.java:312)
        at com.cypherx.xauth.xAuth.onDisable(xAuth.java:32)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:128)
        at org.bukkit.plugin.java.JavaPluginLoader.disablePlugin(JavaPluginLoader.java:878)
        at org.bukkit.plugin.SimplePluginManager.disablePlugin(SimplePluginManager.java:280)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:67)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:126)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:857)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:264)
        at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:151)
        at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:136)
        at org.bukkit.craftbukkit.CraftServer.reload(CraftServer.java:358)
        at org.bukkit.command.SimpleCommandMap$ReloadCommand.execute(SimpleCommandMap.java:281)
        at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:129)
        at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:290)
        at net.minecraft.server.MinecraftServer.b(MinecraftServer.java:480)
        at net.minecraft.server.MinecraftServer.h(MinecraftServer.java:465)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:361)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    
    so instead of iConomy, i tried installing BOSEconomy. i don't have any idea if there's anything different between those two plugins, but at least BOSEconomy looks compatible with xAuth.
     
  15. Offline

    The Wizard

    xauth beta 3.5
    server #1000

    edit:
    some of the players try to guess others password, now the plugin records only the ip (when banned), can you make it record also the username of the account.
    this way i can see what ip tried to entered on XYZ account.
     
  16. Offline

    Gauntlet

    Im not sure but on my server i have forced set to false yet it still requires them to register in order to move chat etc even with beta 3.5
     
  17. Offline

    Trevor_

    @CypherX

    I appreciate this plugin very much, but there is one thing that it is most definitely missing. What this plugin needs is an Email Verification and a Password Reminder. That way this plugin will take the work out for the Administrators, or Moderators helping run the Password Forget Portion. We appreciate the unregister, but I think it's time for an upgrade.

    Regards,
    Trevor
    -Lycosa.org
     
  18. Offline

    CypherX

    @saenokda - There is a known issue between iConomy and xAuth but that error isn't it. It seems the xAuth.h2.db is currently opened by another process.

    The unregister bug is fixed in beta 4 (which will most likely be out tonight). The second player (Comin95 in your example) was never really unregistered, the notification was just sent to him because of the Bukkit getPlayer() method. For your suggestion, would you want to see the username recorded in the database or just in the ".. banned by strike system" message?

    Just tried it on my test server and it works fine.

    Firstly, thanks for the donation! By email verification and password reminder I'm assuming you mean the same kind that forums use where an email is sent containing a link to verify an account or reset your password? Please elaborate if I'm wrong.
     
  19. Offline

    Peter Hsieh

    This issue is being looked into by CypherX - p.g. 25 he quotes.

    I'm pretty sure that is what he means. I would love to see this too~ having to physically manage it xD... can be tiring. Thanks for such a great plugins :).
     
  20. Offline

    Gauntlet

    If its working correctly then is there anything in my config bellow that would be causing everyone to force register anyways? thanks for the help
    Show Spoiler
    Code:
    #
    # Configuration file for xAuth
    #
    
    main:
        # How should xAuth store data (Accounts, sessions, etc.)?
        # Possible values: default (H2), mysql
        datasource: mysql
        # If set to true, xAuth will disable itself if the server is in online-mode
        auto-disable: true
        # When set to true, if a player connects with the same name as someone who is
        # already online, the player connecting will be kicked instead of the online player
        reverse-enforce-single-session: true
    
    mysql:
        # Location of the MySQL server. Can be either a host name or IP address
        host: mysql
    Censored
    
    registration:
        # Enable/disable new registrations
        enabled: true
        # If set to true, everyone must register
        forced: false
        # Setting this to true requires a player to enter an email address when they register
        require-email: false
        # If set to true, a valid email address is required
        validate-email: false
        # Setting this to false will impose a limit of one account per IP address
        allow-multiple: true
        # Used with web registrations that require account activation
        activation: false
    
    login:
        strikes:
            # Amount of times a player can enter an incorrect password before action is taken
            # Set as 0 to disable
            amount: 5
            # What action to take when the strike threshold is reached
            # Possible values: kick, banip
            action: kick
            # Length, in seconds, of a ban given by the strike system
            # Set as 0 for a permanent ban
            length: 3600
    
    password:
        # Minimum length a password may be
        min-length: 6
        # Enable/disable password changes
        allow-change: true
        # Require at least one of the character types below that are set to true
        complexity:
            lowercase: false
            uppercase: false
            number: false
            symbol: false
    
    guest:
        # Amount of time, in seconds, that a player has to log in before they are kicked
        # Set as 0 to disable
        timeout: 0
        # Amount of time, in seconds, between "You must be logged in.." messages
        notify-cooldown: 25
        # Commands that players who are not registered or logged in may execute
        allowed-commands: [register, login, l]
        # Turn on/off location protection
        protect-location: false
    
    session:
        # Amount of time, in seconds, that a session will remain valid
        length: 4000
        # Verify a player's IP address when resuming a session
        verifyip: true
        # Length of time, in seconds, that a player will have godmode upon logging in
        # set as 0 to disable
        godmode-length: 5
    
    filter:
        # Minimum length a players name can be
        min-length: 2
        # Characters that may be present in a players name. Use an asterisk (*) to allow all
        allowed: '*'
        # If set to false, players with blank names can connect
        blankname: true
    
    # INTERNAL USE ONLY! DO NOT TOUCH!
    version: 3
    
     
  21. Offline

    The Wizard

    Yes, I would like to have username and ip recorded in ban strike table.
     
  22. Offline

    Trevor_

    Spot on, relating to the forums would be excellent. Furthermore having to register and use the same password as the forums would be even better. I saw AuthDB using this method and seeing the idea implemented here would be great.
     
  23. Offline

    CypherX

    Updated to version 2.0 beta 4!
    • Spout (BukkitContrib) compatibility fixed
    • authURL support (thanks moparisthebest!)
    • EasyBan conflict fixed
    • Global teleport locations added (/xauth location set|remove [global])
    • Support for IPv6
    • Option to automatically download required libraries
    • Support for Bukkit 'Superperms' Permissions
    • Possible fix for the spawn location issues (needs confirmation, let me know)
    • Fixed the bug reported in this post
    @Peter Hsieh - Thanks for the donation!

    @Gauntlet - Those settings look fine to me. Are you using the xauth.register permission node?

    @The Wizard - I'll throw this in the next update, but it'll probably be the player's account id from the accounts table, is that fine?
     
  24. Offline

    Boon Pek

    So, with authURL mentioned, it's idea still remains vague to me. What exactly does it do? Would it allow for authentication between Forum/Server? :p

    Right now, I'm still waiting for another plugin to update; their DEV builds are extremely buggy :3

    Also, a XenForo bridge would be HIGHLY appreciated! :)
     
  25. Offline

    tinez

    Works GREAT
     
  26. Offline

    The Wizard

    fine for me.
    thx
     
  27. Offline

    NotYetRated

    I apologize if this has been covered, but do I need to manually create the sql tables and such? I attempted to migrate to sql as I have done with most of my other plugins and got this.

    Using your latest 4.0 xAuth with CB 1000. Triple checked my SQL settings and all appears okay, all other plugins are functioning.

    Code:
    2011-08-04 16:39:06 [SEVERE] [xAuth] SQL query failure [read] (SELECT a.*, s.* FROM `accounts` a LEFT JOIN `sessions` s ON a.id = s.accountid WHERE `playername` = ?)
    com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Table 'mc_xauth.accounts' doesn't exist
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:531)
    at com.mysql.jdbc.Util.handleNewInstance(Util.java:407)
    at com.mysql.jdbc.Util.getInstance(Util.java:382)
    at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052)
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3593)
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3525)
    at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1986)
    at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2140)
    at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2626)
    at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2111)
    at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java:2273)
    at com.cypherx.xauth.database.Database.queryRead(Database.java:68)
    at com.cypherx.xauth.database.DbUtil.getPlayerFromDb(DbUtil.java:261)
    at com.cypherx.xauth.xAuth.getPlayer(xAuth.java:206)
    at com.cypherx.xauth.xAuth.onDisable(xAuth.java:48)
    at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:128)
    at org.bukkit.plugin.java.JavaPluginLoader.disablePlugin(JavaPluginLoader.java:899)
    at org.bukkit.plugin.SimplePluginManager.disablePlugin(SimplePluginManager.java:288)
    at org.bukkit.plugin.SimplePluginManager.disablePlugins(SimplePluginManager.java:281)
    at org.bukkit.craftbukkit.CraftServer.disablePlugins(CraftServer.java:157)
    at net.minecraft.server.MinecraftServer.stop(MinecraftServer.java:312)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:391)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:422)
    2011-08-04 16:39:06 [SEVERE] Error occurred while disabling xAuth v2.0b4 (Is it up to date?): null
    java.lang.NullPointerException
    at com.cypherx.xauth.database.DbUtil.getPlayerFromDb(DbUtil.java:270)
    at com.cypherx.xauth.xAuth.getPlayer(xAuth.java:206)
    at com.cypherx.xauth.xAuth.onDisable(xAuth.java:48)
    at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:128)
    at org.bukkit.plugin.java.JavaPluginLoader.disablePlugin(JavaPluginLoader.java:899)
    at org.bukkit.plugin.SimplePluginManager.disablePlugin(SimplePluginManager.java:288)
    at org.bukkit.plugin.SimplePluginManager.disablePlugins(SimplePluginManager.java:281)
    at org.bukkit.craftbukkit.CraftServer.disablePlugins(CraftServer.java:157)
    at net.minecraft.server.MinecraftServer.stop(MinecraftServer.java:312)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:391)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:422) 
     
  28. Offline

    EMOberger

    same problem, appears this version does not auto create the tables?
     
  29. Offline

    CypherX

    That's one possibility. When I player uses the /login command, their username (player name) and the password they entered are sent to a PHP script which can check if they exist in the database and if the password is correct. There's a working script for a SMF forum database on my Github, so if you know PHP you can modify it for XenoForo.

    @NotYetRated @EMOberger - If you change datasources after beta 4, you need to delete the DBVERSION file in /plugins/xAuth/.
     
  30. Offline

    EMOberger

    ohh ok will try, thank you!

    Did not work.

    after the 3rd time of doing this it did work.
     
  31. Offline

    CypherX

    Spout, anyone?

    [​IMG]
     
    Boon Pek likes this.
Thread Status:
Not open for further replies.

Share This Page