Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline


    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page:

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel ( #LoveDespite) or toss me a message at Until we meet again, stay gold. Bang.


    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.

    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
  2. Offline


    Sigh... right before your post someone already answered that question.
    The release date is also in the damn first post!
    ._. PEOPLE, Y U NO READ?
  3. Offline


    lol i did not see that i did read it
  4. Offline


  5. Offline


    Whauw you're quite far with it I see, nice!
    Glad my favorite authentication plugin is (almost) back :D

    Do you think it will be done by the time the Bukkit 1.2 RB is released?
  6. Offline



    No hurt in asking, but, is it possible to include a auto-login feature if player Premium=true?

  7. Offline


    Premium as in has a valid Minecraft account?
  8. Offline


    Yes, exactly.
  9. Offline


    Discussed before and it isn't possible with Bukkit/CraftBukkit. It may be possible using Spout, which I'll be looking into at some point.
  10. Offline


    Ok CypherX,

    Thanks for your feedback anyway ;)

  11. Offline


    It isn't too big of a deal, but is there any possible way to have the old xAuth functioning in 1.2? Should I even attempt a 1.2 upgrade or wait? I have a fairly popular server and would like to update to 1.2, but if there is no temporary fix then I will have to stick with 1.1. I have been using xAuth since beta 1.7 and it has worked (although buggy), but I'm not sure what I should do now. Anyone else find a way to get things working in 1.2?

    Also (sorry if this was already said), when the new release of xAuth comes out, will we be able to convert the h2 database to a mySQL database (Or h2 if it is still supported)? Will the old database be compatible? This could be a major issue for me as I have about 3500 registered accounts and need to plan for the update to 1.2. I've been thinking of different ways to solve this problem, but obviously a conversion would be best. By the way, I think many peopled did a simple fix for enchantments by adding a new table in the database (I did anyway). Will this cause issues if there is a conversion option?

    Thanks for continuing development of this CypherX. I plan on donating in the future :cool:
  12. Offline


    I accepted a pull request yesterday on Github which apparently updates the old version to work with 1.2, but I haven't tested it myself nor do I plan to. My plan is to release a test build later this week which works in 1.2, so you could use that. I apologize for the bugginess of previous versions, I barely knew any Java going into the development of xAuth and it quickly spiraled into a much, much bigger project than I originally planned. xAuth 2.0 "beta", if it can even be called that, is easily the low point of this plugin's life. I don't know what I was thinking when I developed that.

    Yes, you'll be able to convert the h2 database to MySQL. I plan to create an import tool that will convert multiple formats (xAuth v1, xAuth v2 beta, AuthMe) into the new one. There's nothing to worry about with the enchantment fix either. My method of storing them is very similar to the method used by the fix and the import tool will take care of the rest.

    Thanks for your continued support of xAuth!
    columb and sm7tcd like this.
  13. Offline


    Looking forward to the best authorization plugin.
    Thank you very much for your efforts to release a new version!

    By the way, I used "RazorSQL" to convert the h2 database into mySQL.
    Worked excellent!
  14. Offline


    looking forward too, to try this out..
  15. Offline


    I got a problem! Im still using xAuth 1.2.5.

    Didnt even know i was this far behind... lol... but the thing still worked perfectly!
    BUT how do i convert my xauth registrations from 1.2.5... to 2.0 or 3.0 xauth?

    Help would be greatttttly appreciated!
  16. Offline


    An importer tool will be made available when the new re-development version is released. Until then, don't bother upgrading.
  17. Offline


    Sorry, I'm kind of a noob. How would I use the fix in the pull request? I've tried compiling the source in Eclipse and nothing is working. Is there just a simple new xAuth.jar I can download? xD

    Also as for the bugginess, I just meant after 1.0. Before 1.0, things were great :)
  18. Offline


    Just realized the fix doesn't even include enchantment support so don't bother, I'll be removing it shortly in preparation for the new source.
  19. Offline


    So i have to wait until march 16 before i can upgrade to 1.2? :(
  20. Offline


    He said he hoped to get a beta test before then :)
  21. Offline


    Will there be some kind of option to prevent people with spaces in their name from registering/joining?
    Because of the spaces etc. those people are hard to ban since most of the commands don't work with that.

    (Space as in " ")
  22. Offline


    hope there will be a beta or something similar for R6 soon, this is the only plugin preventing us upgrading to the latest, which means buggy hawkeye and a whole lot of others :(

    Hopefully soon :):)
  23. Offline


    Could you fix nicknames? Some logging plugins cap sensitivity, so force players so use only one nickname.
    Like "Nickname", not "niCKNAME" or "nickname", or even "NICKNAME"
  24. Offline


    Previous versions (and the re-development) have a name filter that lets you specify which characters are and are not allowed. That can be used to block spaces.

    Look for a test build sometime this week.

    So basically, prevent them from logging in if their nick doesn't match the case they registered with?
  25. Offline


    I think he means let xauth detect ExampleUser as the same account like exampleuser... not sure though.
  26. Offline


    It already does that.
  27. Offline


    Thank you for your work on this mod. Keep up the good work. I am looking forward to the test build.
  28. Offline


    Yeah C:
  29. Offline


    But does that also include the importer tool?
  30. Offline


    You must use meaven! The fix was okey, i got xAuth working in 1.2 now, i can give you my version but it's a little modified cause i use AuthURL to let the players register in the forums using the /register command.

    Also i patched again the enchantments thing, and maked the Async task Sync to be compatible with NoLagg.

    The only problem it's has been not tested with the normal xAuth autentication, and messages config by default it's traduced to spanish, cause it was giving me problems with some messages.

    When CypherX got the new version i will make some pull requests with features i like to see integrated!
  31. Offline


    I think he meant that some plugins see "Name" and "nAME" as different nicknames for example and xAuth should be case-sensitive.

    I'd prefer it to be added as a config option though because I like it more the way it is :)
Thread Status:
Not open for further replies.

Share This Page