Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    PinguinAman

    Are you people blind?

    [SEC] xAuth v2.0 (Under [Re-]Development) - Offline-mode Authentication [xxxx - xxxx]
     
    Anthony13 likes this.
  3. Offline

    MissPicket

    I don't see what that has to do with my bug. I didn't just download it this morning, it's been on for 2 weeks and was working fine until last night. So maybe someone around here's got an idea what's wrong and can help me out with 2 words.
     
  4. Offline

    Pr07o7yp3

    I don't know if this is caused from this plugin, but I get this error:

    And everytime after this error, nobody can't log in my server.
    Then I have to stop it and start it again.

    So, can you tell me if this error is caused from this plugin?
     
  5. Offline

    PinguinAman

  6. Offline

    Amsek

    Is there is working version without that bug with OP command? :\
     
  7. Offline

    CypherX

    So I heard you like customization.


    Not unless someone put out a fixed copy during my absence.
     
  8. Offline

    MissPicket

    Thanks a lot Pinguin :)

    I'm not too sure what I'm supposed to do - should I edit my h2 as well (it sounds like it's only for people with the enchantment issue?).

    I installed xAuth Sync and deleted the old xAuth.jar , but it didn't work, the server got confused and kept asking me to log in while telling me it was already done. So I tried having them both running at the same time, but the sync error is still happening, so obviously that's not it either.

    I'm sorry for the confusion, there's no instructions at all and I'm wondering what I should do. Any thoughts would be very much appreciated :)

    ^^
     
  9. Offline

    PinguinAman

    No. Using
    Code:
        reverse-enforce-single-session: false
    is a workaround for this issue though.

    MissPicket Just follow the instructions by _Robert and rename the file to xAuth.jar
     
  10. Offline

    Anthony13

    thx for the updated plugin man, it works well, i was wondering how this one server was using this plugin up with minecraft 1.0 to 1.1. PinguinAman, maybe CypherX would add this plugin to his description.



    (if u do decide to download xAuth Sync, rename it to xAuth and run your server)
     
  11. Offline

    mati123se

    when i install it it's red and not worrking...i relly liked this plugin on my 1.7.3 server..then i had a lil break of MC and then came back when 1.0.0 was released... but now, when getting it for 1.1, its broken :( no errers in console...
     
  12. Offline

    djrazr

    Well.. am still using this in 1.1 with phpBB and it still works as expected :D
    Pretty solid work thought, Hope that the new version will be published on mc 1.2 publication.
     
  13. Offline

    Hydrosis

    Once you've finished updating this, can you add a feature that is similar to the one that limits how far from spawn someone can walk? Rather than just having a block radius, maybe add a region in which they can move, maybe add something like block markers that can mark the area of the polyhedron where they can move freely.
     
    Anthony13 likes this.
  14. Offline

    Krazy

    @CypherX have a any R4 BETA TEST xauth ?:)
     
  15. Offline

    aehoooo

  16. Offline

    CypherX

    Yep, for now. Apparently the term "offline-mode" promotes piracy or some idiotic bullshit so I've been asked to remove it (which I'm refusing to do). If it's forcibly removed, I'm done with this place and moving to the Spout forum.

    I've spent a bit of time looking into this since returning and it'll most likely happen after the re-development is complete.
     
  17. Offline

    aehoooo

    +1
     
    robxu9 likes this.
  18. CypherX
    It isn't a problem for me if there's a link and the plugin is being developed.

    Now, it's time for suggestions: Performance Tweak
    As you know there's a feature so not logged-in users can't see where the real user stopped playing (protect-location: true). After joining a server the player will be teleported to the spawn. The chunks will unload and then load again when the player typed his password correctly. And these unloads are bad for TPS. Is there a way to save the location and teleport the player to spawn before he leaves the game completely? So on every join he needs only to load spawn chunks and load the chunks where he stopped playing. (Hope you understand it)

    2. Checking players for same passwords:
    Could you make a command that checks whether 2 users have the same passwords? So it's much easier to figure out griefers and multiaccounts!
    /xauth check Troll EpicGuy
     
  19. Offline

    CypherX

    1. It's definitely possible but not very feasible in the sense that if a server owner chooses to remove xAuth, all players will lose their location.

    2. Also won't work because of how xAuth salts and hashes passwords. A randomly generated salt is used to add a layer of security resulting in completely different hashes for equal passwords. Instead of comparing passwords, how about comparing registration or last login IP addresses? Those are stored in the database and have never been used for anything.

    I do appreciate the support and your thinking of ways to improve xAuth though.

    When it's ready? I work full time, relax.
     
    VADemon likes this.
  20. Offline

    moparisthebest

    That's ridiculous! You could just do everything straight from github, that's where I look most of the time anyhow. :)

    Also, I'm hoping you'll consider my new authURL code, I think it's quite improved:
    https://github.com/CypherX/xAuth/issues/28
     
  21. Offline

    gbsn

    I allways used your plugins, i need to say iam suporting you! Re publish it and i will download again and donate again!
    Great job.
     
  22. Offline

    Dooderdo

    How do you upgrade to the new version? Is their a new version that supports enchantments? I could not find it in the change log.
     
  23. Offline

    MrMag518

    Could you actually read or/and understand what's written in this thread and title? *hint* Re-Develpment *hint*
     
  24. Offline

    lomix

    Will this work for my current server ? R 4 ?
     
  25. Offline

    CypherX

    Why would I develop something that didn't work with the current version?
     
    robxu9 likes this.
  26. Offline

    Krazy

    R4 have some bugs,
    /register all time u join in server
     
  27. Offline

    dja12123

    이거 인첸트 안풀리는거?
    음..
     
  28. Offline

    CypherX

    Posting in Korean on an English-language forum. Great plan.
     
    XtenD likes this.
  29. Offline

    kremington

    Enchantments will work with the next update.

    마법 부여 다음 업데이 트와 함께 작동합니다.

    Sorry if my Korean is bad. :(
     
  30. Offline

    xwyz

    My Whitelisted server RUINED by hackers. They hacked our xAUTH plugin. Fu*k

    Admin = Me
    Hacker = Hacker

    [SEVERE] Could not pass event org.bukkit.event.player.PlayerCommandPreprocessEvent to xAuth
    java.lang.NullPointerException
    at com.cypherx.xauth.util.Util.getHostFromPlayer(Util.java:86)
    at com.cypherx.xauth.xAuthMessages.replace(xAuthMessages.java:257)
    at com.cypherx.xauth.xAuthMessages.get(xAuthMessages.java:226)
    at com.cypherx.xauth.xAuthMessages.send(xAuthMessages.java:203)
    at com.cypherx.xauth.xAuthPlayer.sendIllegalActionNotice(xAuthPlayer.java:72)
    at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerCommandPreprocess(xAuthPlayerListener.java:143)
    at org.bukkit.plugin.java.JavaPluginLoader$5.execute(JavaPluginLoader.java:298)
    at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:61)
    at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:460)
    at net.minecraft.server.NetServerHandler.handleCommand(NetServerHandler.java:777)
    at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:744)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:732)
    at net.minecraft.server.Packet3Chat.handle(Packet3Chat.java:33)
    at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:100)
    at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:78)
    at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:537)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:435)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:465)
    I think they tried to add whitelist with my username. and they successed.
    [INFO] Admin: Added Hacker to white-list[0m
    [INFO] Connection reset
    [INFO] Admin lost connection: disconnect.quitting
    [INFO] Hacker [/88.235.221.133:59079] logged in with entity id 13146496 at ([sosaria])
    [INFO] [xAuth] Hacker has registered!
    [INFO] Admin [/88.235.221.133:59092] logged in with entity id 13161009 at ([sosaria])
    [INFO] Disconnecting Admin [/88.235.221.133:59123]: You are online!
    [SEVERE] Could not pass event org.bukkit.event.player.PlayerMoveEvent to xAuth
    java.lang.NullPointerException
    at com.cypherx.xauth.util.Util.getHostFromPlayer(Util.java:86)
    at com.cypherx.xauth.xAuthMessages.replace(xAuthMessages.java:257)
    at com.cypherx.xauth.xAuthMessages.get(xAuthMessages.java:226)
    at com.cypherx.xauth.xAuthMessages.send(xAuthMessages.java:203)
    at com.cypherx.xauth.xAuthPlayer.sendIllegalActionNotice(xAuthPlayer.java:72)
    at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerMove(xAuthPlayerListener.java:218)
    at org.bukkit.plugin.java.JavaPluginLoader$7.execute(JavaPluginLoader.java:312)
    at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:61)
    at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:460)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:191)
    at net.minecraft.server.Packet10Flying.handle(SourceFile:126)
    at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:100)
    at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:78)
    at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:537)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:435)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:465)
    [SEVERE] Could not pass event org.bukkit.event.player.PlayerCommandPreprocessEvent to xAuth
    java.lang.NullPointerException
    at com.cypherx.xauth.util.Util.getHostFromPlayer(Util.java:86)
    at com.cypherx.xauth.xAuthMessages.replace(xAuthMessages.java:257)
    at com.cypherx.xauth.xAuthMessages.get(xAuthMessages.java:226)
    at com.cypherx.xauth.xAuthMessages.send(xAuthMessages.java:203)
    at com.cypherx.xauth.xAuthPlayer.sendIllegalActionNotice(xAuthPlayer.java:72)
    at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerCommandPreprocess(xAuthPlayerListener.java:143)
    at org.bukkit.plugin.java.JavaPluginLoader$5.execute(JavaPluginLoader.java:298)
    at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:61)
    at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:460)
    at net.minecraft.server.NetServerHandler.handleCommand(NetServerHandler.java:777)
    at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:744)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:732)
    at net.minecraft.server.Packet3Chat.handle(Packet3Chat.java:33)
    at net.minecraft.server.NetworkManager.b(NetworkManager.java:226)
    at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:100)
    at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:78)
    at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:537)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:435)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:465)
    [INFO] Admin: Opping Hacker
    [INFO] The End.

    I need to FIX this bug.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
Thread Status:
Not open for further replies.

Share This Page