Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    Donny

    "or others to switch plugins"
    l2r. The knowledge is common to any griefing group. If you're still using this plugin your server is in risk.
     
  3. Offline

    PinguinAman

    And you're telling even more people how to do it. Good job.
    Oh, and I did read the rest, I was just pointing out that it's nonsense to "force the dev to stop ignoring the issue", since he won't even read it.
    Obviously it's a risk to run this plugin, but there's really no need to spread a "how-to" even more. I was just asking you to remove it, if you don't do it thats fine.
     
  4. Offline

    Korrosive

    Reported the how-to message to staff.
     
  5. Offline

    md_5

    I hope the issue is resolved.
     
    PinguinAman likes this.
  6. Offline

    Grizli

    Hello, enchant you fix, but item repair don't work to! Who knw how fix it?
     
  7. Offline

    MRI

    I test the bug on b4.3/2/1 and work.
    I test xAuth 2.0b4.0 and the bug don't work,but spam in console an error,but work

    xAuth 3-3.5 it's incompatible with db
     
  8. Offline

    Mrchasez

    The author of this is gone
    Please remove this!!
     
  9. Offline

    md_5

    @CypherX has not been seen in the community for a while and next rb this will probably become inactive. PLEASE stop posting these bugs / exploits guys
     
  10. Offline

    The Wizard

    @_Robert can you continue this plugin?
     
  11. Offline

    LlmDl

    I got this to work by doing the following:

    Step 1.
    Step 2.

    Edit DBVERSION in the xAuth folder from 4 to 5

    Step 3.

    Downloading this and renaming it to xAuth.jar
     
  12. Offline

    MRI

    Set the : reverse-enforce-single-session on false to fix Bug!
    reverse-enforce-single-session: false
     
  13. Offline

    beleg

    ya but what if you dont wanna get kicked..?
     
  14. Offline

    Mrchasez

    That still kicks them when someone tries to login as there name
    So that dont really work either
     
  15. Offline

    MRI

    The bug occurs when you get "You are aldredy online".With this option on false,that situation does not repeat
     
  16. Offline

    Mrchasez

    No, it just kicks you
     
  17. Offline

    JRiSETH

  18. Offline

    Korrosive

    xAuth, dead.
    AuthMe, not updated.
    AuthPlayer, not updated.
    MixedModeAuth, canceled.

    Offline mode authentication needs a developer. If BigBrother, LogBlock, Hawkeye merge to develop Guardian, why not some developers work in Ultimate Authentication plugin? :/
     
  19. Offline

    beleg

    icelord is currently working on an xauth part for his plugin AntiMulti
     
  20. Offline

    Korrosive

    Nice :D
     
  21. Offline

    MRI

    Other update
    If you use a Spout plugin on your server the bug don't work,also with reverse-enforce-single-session: true
     
  22. Offline

    QBcrusher

    is there anyway to make it so you dont start off in the world spawn every time the server is restarted?
     
  23. Offline

    MRI

    Set reverse-enforce-single-session to false or use Spout plugin on your server for the moment
     
  24. Offline

    Mrchasez

    Stop posting the bug, Wow.
     
  25. Offline

    Korrosive

    Report, not quote ._.

    Now, a mod have to edit two post.
     
  26. Offline

    Mrchasez

    I reported before i quoted
     
  27. Offline

    resba

    Please refrain from posting exploits for a plugin on that Plugin's thread. Thanks.
     
  28. Offline

    QBcrusher

    so every1 is goin on about the buys but no1 will answer my question
     
  29. Offline

    WingedSpear

    Plz i need one option for disable and enable the inventory, cuz ppl lost their enchanted stuff when they relog with enchanted stuff in their inventory, it will be fixed if u let the ppl to keep their items b4 logging.
     
  30. Offline

    dark_black_side

    I'm sorry but that was my first post on that board here.

    But when you aren't be allowed to describe the bug, how to fix or resolve?
     
  31. Offline

    Celinho234

    My favorite OFFLINE-Mode auth 4ever!
     
Thread Status:
Not open for further replies.

Share This Page