Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline


    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page:

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel ( #LoveDespite) or toss me a message at Until we meet again, stay gold. Bang.


    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.

    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
  2. Offline


    I love you :) I ever just opened the h2.db -.- please dont stop to work on it and create an bukkitdev page :)
  3. Offline


  4. Offline


    Glad to hear that! But...

    Give the thanks to him :D.

    I don't know if i'm going to develop this, i'm very short of time =/. I just fixed the "easy" bugs, i must learn a LOT to improve this.
  5. Offline


    @_Robert what is that you uploaded?
    Is it an updated xauth.jar ?
    If it is, why did you change the name? How to update to your version?
  6. Offline


  7. Offline


    Thanks for your help again, absolutely awesome work.
    _Robert likes this.
  8. Offline


    What are all of the available colors?
  9. Offline


    _Robert --- thank you very much for completely macking this issue!

    very! appreciative!
  10. Offline


    After many complaining and the problem going ignored Im going to explain how they (griefers) are getting Op off servers with xAuth.

    MOD EDIT: It's probably best for everyone if you don't.

    Congrats you have bypassed xAuths command blocker and have sent the "/op command" to console

    Hope this forces the dev to stop ignoring the issue and or others to switch plugins.
  11. Offline


    What alternative plugins are there?
  12. Offline


    /hi robert

    this error pop up when plugin loaded

    07:14:09 [INFO] [xAuth] 'Permissions' v3.1.6 support enabled!
    07:14:09 [INFO] [xAuth] Connection to database established!
    07:14:09 [SEVERE] error in opening zip file
    07:14:09 [SEVERE]     at Method)
    07:14:09 [SEVERE]     at<init>(
    07:14:09 [SEVERE]     at java.util.jar.JarFile.<init>(
    07:14:09 [SEVERE]     at java.util.jar.JarFile.<init>(
    07:14:09 [SEVERE]     at com.cypherx.xauth.database.DbUpdate.loadSQLFiles(
    07:14:09 [SEVERE]     at com.cypherx.xauth.database.DbUpdate.<init>(
    07:14:09 [SEVERE]     at com.cypherx.xauth.xAuth.onEnable(
    07:14:09 [SEVERE]     at
    07:14:09 [SEVERE]     at
    07:14:09 [SEVERE]     at org.bukkit.plugin.SimplePluginManager.enablePlugin(
    07:14:09 [SEVERE]     at org.bukkit.craftbukkit.CraftServer.loadPlugin(
    07:14:09 [SEVERE]     at org.bukkit.craftbukkit.CraftServer.enablePlugins(
    07:14:09 [SEVERE]     at net.minecraft.server.MinecraftServer.t(
    07:14:09 [SEVERE]     at net.minecraft.server.MinecraftServer.a(
    07:14:09 [SEVERE]     at net.minecraft.server.MinecraftServer.init(
    07:14:09 [SEVERE]     at
    07:14:09 [SEVERE]     at
    07:14:09 [INFO] [xAuth] Accounts: 5080, Sessions: 0
    07:14:09 [INFO] [xAuth] v2.0b4.3 Enabled! - Fixed for R1 by Robert
  13. Offline


    How can i switch to AuthDB or AuthMe
  14. Offline


    I have a hacker on my server named Szakalo and he can bypass xAuth and he changes the passwords of my Admins and he gets on their accounts.I changed the passwords back but he keeps changing them again.Idk how he can bypass this.
  15. Offline


    Robert, I think you should continue the development of this plugin. Just make sure that license allows that. It's a bit messy here. We need a repo for this so we could keep an eye on all changes. I've seen few critical errors reported above. Otherwise there is no reason for keeping this plugin alive while its officialy unmaintained because it is and will be vulnerable and unsafe to use.
  16. Offline


    think so too :) I will help you if you continue this plugin. I cant code but I could help with support und such stuff :)
  17. Offline


  18. Offline


    authme, it even has a XAUTH encription type so there is no need to reset passwords.
  19. Offline


    How do i change my xauth.h2 database into MYSQL?
    How to i transfer?
  20. Offline


    Yeah, this would be useful knowledge :/
  21. Offline


    You cant. But authme accepts the h2 just copy a copy of it into authme's folder
  22. Offline


  23. Offline


    I've used xAuth for such a long time... I don't want to switch, as it does everything that's needed. It's light-weight and an all-around great plugin. I've been in several popular dev's IRCs trying to get someone to fork this... Hopefully someone will and xAuth can live on!
  24. Offline


    Did you not read my whole sentence?..

    Authme is exactly the same =D
  25. Offline


    yeah im sure there is nothing else.
    You just drop it in, and your finished...
  26. Offline


    fragmented sentences are cool

    you half go then put file. k?
  27. Offline


    I knew you were wrong the second you said that.
    You can get your xAuth.h2.db file and put it in the authme folder, and start your server.
    Any information on that xAuth file, will do nothing.
    That is not how you transfer at all, your ignorant.

    If you do want to see how to transfer, See this:
  28. Offline


    thats for sql
  29. Offline


    Thats the only way.
  30. Offline


    Did all of this world think like notch? After official released they just leave minecraft?
  31. Offline


    Guess what? The author wasn't online for 2 months, genius.
    Please remove the part of your post EXPLAINING HOW TO DO that bug. IMO that doesn't belong here.
Thread Status:
Not open for further replies.

Share This Page