Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    beleg

    I love you :) I ever just opened the h2.db -.- please dont stop to work on it and create an bukkitdev page :)
     
  3. Offline

    GameFAQsRolo

  4. Offline

    _Robert

    Glad to hear that! But...

    Give the thanks to him :D.

    I don't know if i'm going to develop this, i'm very short of time =/. I just fixed the "easy" bugs, i must learn a LOT to improve this.
     
  5. Offline

    Mrchasez

    @_Robert what is that you uploaded?
    Is it an updated xauth.jar ?
    If it is, why did you change the name? How to update to your version?
     
  6. Offline

    _Robert

  7. Offline

    Zorkin3

    Thanks for your help again, absolutely awesome work.
     
    _Robert likes this.
  8. Offline

    Dooderdo

    What are all of the available colors?
     
  9. Offline

    iburnbud

    _Robert --- thank you very much for completely macking this issue!

    very! appreciative!
     
  10. Offline

    Donny

    After many complaining and the problem going ignored Im going to explain how they (griefers) are getting Op off servers with xAuth.

    MOD EDIT: It's probably best for everyone if you don't.

    Congrats you have bypassed xAuths command blocker and have sent the "/op command" to console


    Hope this forces the dev to stop ignoring the issue and or others to switch plugins.
     
  11. Offline

    NotYetRated


    What alternative plugins are there?
     
  12. Offline

    BioBG

    /hi robert

    this error pop up when plugin loaded

    Code:
    07:14:09 [INFO] [xAuth] 'Permissions' v3.1.6 support enabled!
    07:14:09 [INFO] [xAuth] Connection to database established!
    07:14:09 [SEVERE] java.util.zip.ZipException: error in opening zip file
    07:14:09 [SEVERE]     at java.util.zip.ZipFile.open(Native Method)
    07:14:09 [SEVERE]     at java.util.zip.ZipFile.<init>(ZipFile.java:131)
    07:14:09 [SEVERE]     at java.util.jar.JarFile.<init>(JarFile.java:150)
    07:14:09 [SEVERE]     at java.util.jar.JarFile.<init>(JarFile.java:87)
    07:14:09 [SEVERE]     at com.cypherx.xauth.database.DbUpdate.loadSQLFiles(DbUpdate.java:103)
    07:14:09 [SEVERE]     at com.cypherx.xauth.database.DbUpdate.<init>(DbUpdate.java:30)
    07:14:09 [SEVERE]     at com.cypherx.xauth.xAuth.onEnable(xAuth.java:95)
    07:14:09 [SEVERE]     at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:228)
    07:14:09 [SEVERE]     at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:970)
    07:14:09 [SEVERE]     at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:280)
    07:14:09 [SEVERE]     at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:186)
    07:14:09 [SEVERE]     at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:169)
    07:14:09 [SEVERE]     at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:348)
    07:14:09 [SEVERE]     at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:335)
    07:14:09 [SEVERE]     at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:165)
    07:14:09 [SEVERE]     at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:399)
    07:14:09 [SEVERE]     at net.minecraft.server.ThreadServerApplication.run(SourceFile:457)
    07:14:09 [INFO] [xAuth] Accounts: 5080, Sessions: 0
    07:14:09 [INFO] [xAuth] v2.0b4.3 Enabled! - Fixed for R1 by Robert
    
     
  13. Offline

    Mrchasez

    How can i switch to AuthDB or AuthMe
     
  14. Offline

    FunCraft

    I have a hacker on my server named Szakalo and he can bypass xAuth and he changes the passwords of my Admins and he gets on their accounts.I changed the passwords back but he keeps changing them again.Idk how he can bypass this.
     
  15. Offline

    jackks

    Robert, I think you should continue the development of this plugin. Just make sure that license allows that. It's a bit messy here. We need a repo for this so we could keep an eye on all changes. I've seen few critical errors reported above. Otherwise there is no reason for keeping this plugin alive while its officialy unmaintained because it is and will be vulnerable and unsafe to use.
     
  16. Offline

    beleg

    think so too :) I will help you if you continue this plugin. I cant code but I could help with support und such stuff :)
     
  17. Offline

    jackks

  18. Offline

    Donny

    authme, it even has a XAUTH encription type so there is no need to reset passwords.
     
  19. Offline

    Mrchasez

    How do i change my xauth.h2 database into MYSQL?
    How to i transfer?
     
  20. Offline

    Hydrosis

    Yeah, this would be useful knowledge :/
     
  21. Offline

    Donny

    You cant. But authme accepts the h2 just copy a copy of it into authme's folder
     
  22. Offline

    Mrchasez

    Then?
     
  23. Offline

    Chrispm84

    I've used xAuth for such a long time... I don't want to switch, as it does everything that's needed. It's light-weight and an all-around great plugin. I've been in several popular dev's IRCs trying to get someone to fork this... Hopefully someone will and xAuth can live on!
     
  24. Offline

    Donny

    Did you not read my whole sentence?..

    Authme is exactly the same =D
     
  25. Offline

    Mrchasez

    yeah im sure there is nothing else.
    You just drop it in, and your finished...
     
  26. Offline

    Donny

    yep....
    fragmented sentences are cool

    you half go then put file. k?
     
  27. Offline

    Mrchasez

    I knew you were wrong the second you said that.
    You can get your xAuth.h2.db file and put it in the authme folder, and start your server.
    Any information on that xAuth file, will do nothing.
    That is not how you transfer at all, your ignorant.

    If you do want to see how to transfer, See this:
    http://dev.bukkit.org/server-mods/authme/pages/migrate-from-xauth-to-auth-me/
     
  28. Offline

    Donny

    thats for sql
     
  29. Offline

    Mrchasez

    Thats the only way.
     
  30. Offline

    xeNium

    Did all of this world think like notch? After official released they just leave minecraft?
     
  31. Offline

    PinguinAman

    Guess what? The author wasn't online for 2 months, genius.
    Please remove the part of your post EXPLAINING HOW TO DO that bug. IMO that doesn't belong here.
     
Thread Status:
Not open for further replies.

Share This Page