Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline


    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page:

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel ( #LoveDespite) or toss me a message at Until we meet again, stay gold. Bang.


    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.

    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
  2. Offline


    Theoretically it shouldn't, but I've never had the chance to test with such a large database. You should send me a copy, heh.
  3. Offline


    CypherX you can add to authURL a key config for some type of encription of the pasword? so in the php (forum side) i use the same key to decript the password. and the password travel more secure between servers?
  4. Offline


    Is this in version 1.2 now?
  5. Offline


    Not yet.
  6. Offline


    My apologies, I didn't bother to view your profile before I posted. Everything makes sense now.
  7. Offline


    Where is the downloadlink? I can't find it!
  8. Offline


  9. Offline


    That's actually a pretty good idea security-wise. The PHP mcrypt_decrypt() function would work for this so I just have to research how to do it in Java.

    Edit: Looked into it a bit more, PHP requires a separate library to use the mcrypt module. The creator of AuthURL also posted this which brings up some good points.
  10. Offline


    Will it take long time?, I really need to get my server up! :D
    I would be very happy, if it came out :F
    Best Regards, Tixo.
  11. Offline


    hmm so I my server has to run in only mode or I need an temp fix for 1.2 hmmm :)
  12. Offline


    Just wanted to say thanks for picking dev back up! I've used xAuth for a long time now and I've stuck with it, even when buggy, because it was the best. Glad to see you back on board!
  13. Offline


    Turn offlien mode to [FALSE] for two weeks?

    end of issue?

    (Inb4: BUT I DONT OWN MINECRAFT, then don't host a server)
  14. Offline


    Good afternoon!
    When there will be an updating to version 1.2?
    Or where it is possible to download an alpha, a beta the version?
    Used your plug-in of registration, and anything I can not find under 1.2 version is better....
    In advance thanks.
  15. Offline


    What do you mean?
  16. Offline


    there is no download link because its not ready. Just read ;)
  17. Offline

    The Wizard

    Can you make names case sensitive and insensitive at the same time?
    Something like:
    If a player registered with name USER, another player will not be able to register with name User.
    If a player registered with name USER, he will not be able to connect to the server with name User.
    der_robert likes this.
  18. Offline


    but i cant use https. mc server x.x.x.x -> php forum side y.y.y.y (not https).
    and the moparisthebest code dont use https for connection.
  19. Offline


    HELP ME they hack my xauth plugin and steal passwords every time :'( how to fix it ,please tell me I dont want to be hacked anymore !
  20. Offline


    Hmmm, 16? Thats a long time, but ok, I will wait, will keep my server 1.1. I am assuming that the current version does not work with this new 1.2.3 build right?

    Anyway, at least we will have a good version now :3

    Install spout, it corrects the double login exploit.
  21. Offline


    Can I have a old version of this plugin, please.
  22. Offline


    Unless you've used xAuth and need to to continue to use it, don't use it now. It's very buggy and has security exploits.
  23. Offline


    Link,please ! (or no ,can someone tell me how to ban dynamic ip ? ) please

    I want to ban that ip but it is dynamic and i cant do it :X That idiot hacks my xauth every time ..but when i banip him he changes it to or sort of it and i cant ban him ! Please tell me what to write in ban-list to ban that ip forever !

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
    Last edited by a moderator: Jul 17, 2016
  24. Offline


    niki101296 You can't ban a dynamic ip. Turn off reverse-enforce-single-session.
  25. Offline


    Love this plugin.

    Hope to see an update soon for 1.2
  26. Offline


    are there maybe beta builds available before release? Cannot update without xAuth to 1.2
  27. Offline


  28. Offline


    how long will take to update to MC 1.2.3
  29. Offline


    what is reverse-enforce-single-session..ive seen somewherethat I can ban dynamic ip ,it was something like
  30. Offline


    March 16th
  31. Offline


    When it it be back
Thread Status:
Not open for further replies.

Share This Page