Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    aD_Reaper

    I still need help :3
     
  3. Offline

    drog92

    we have to "buy" this now?
     
  4. Offline

    skiba

    Heh lol trial version really???
     
  5. Offline

    sharkale

    i use vault and xauth without problem.
    i make a pull request but cypher dont like my code :p i using my pull in the server and noone was kicked or exploited.
    check my xf_auth.php
    https://gist.github.com/2275090
     
  6. Offline

    skiba

    Players cant move on my server its this joke could be reson of this?
     
  7. Offline

    beleg

    nope, everything is fine on my server ;)
     
  8. Offline

    nicholasl

    Line 202601: 2012-04-01 16:49:52 [WARNING] [xAuth] Your trial version of xAuth expires today!
    Line 202602: 2012-04-01 16:49:52 [WARNING] [xAuth] Purchase the full version on Steam for $19.99.

    Well you did not advertise this before I downloaded the plugin.
     
  9. Offline

    Adrenaline

    This is April joke :D (i think)
     
  10. Offline

    nicholasl

    lol just incase I have swapped out the plugin for a different one :p jokes on me.

    Code:
        Line 202601: 2012-04-01 16:49:52 [WARNING] [xAuth] Your trial version of xAuth expires today!
        Line 202601: 2012-04-01 16:49:52 [WARNING] [xAuth] Your trial version of xAuth expires today!
        Line 202602: 2012-04-01 16:49:52 [WARNING] [xAuth] Purchase the full version on Steam for $19.99.
        Line 202603: 2012-04-01 16:49:52 [INFO] [xAuth] v2.0.3 Enabled!
        Line 202712: 2012-04-01 16:49:59 [INFO] [xAuth] Disabling xAuth v2.0.3
        Line 202712: 2012-04-01 16:49:59 [INFO] [xAuth] Disabling xAuth v2.0.3
     
  11. Offline

    ChemicallyGodly

    It doesnt cost money, its a joke. we have the source code. so we could get a cracked version of xauth :p
     
  12. Offline

    simon_yognaught

    You used to be able to set it so people didnt get kicked by players logging in as them when they are already on, i cant find this option. How do you do it now?
     
  13. Offline

    wiigor

    You are right there used to be an option enforce-single-session = true which would kick the connecting player if he had the same name if a player who was already logged in. But this was removed because of this option had the vulnerability that a person connecting with 2 clients with the same name would make one client semi logged in and able to execute commands. Therefore as a fast "solution" this functionality was removed. But i hope cypherx finds the time and will to fix this.

    Nice what was wrong with your code then. It seems you found a solution then? Can you please share youre code so i can see it. Im interested on how you solved this puzzle

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
  14. Offline

    CypherX

    Updated to version 2.0.4:
    • Fixed (for the most part) the loss of items/location when a non-logged in player is kicked as a result of a player with the same name joining. (This can still occur under extremely rare conditions that should never happen in the first place)
    • Fixed issue where a player could register one more account than the account limit.
    • Reduced the number of SQL queries run in an attempt to reduce lag/resource usage.
    • Added /xauth activate command (Allows you to activate inactive accounts)
    • Added /xauth config command (Allows you to edit the configuration without having to open the file and perform a reload)
    • Allow/disallow permission checks are now only executed when a player is not logged in.
     
  15. Offline

    anders4431

    Hi. Thank you for this awesome plugin!

    I just have 1 question. I updated from 2.0 to 2.0.4, and now i'm getting this error:
    Code:
    08:39:06 [INFO] [xAuth] Enabling xAuth v2.0.4
    08:39:07 [INFO] [xAuth] Bukkit Permissions enabled (no plugin detected)
    08:39:07 [INFO] [xAuth] Successfully established connection to MySQL database
    08:39:07 [SEVERE] [xAuth] Failed to create table: accounts
    com.cypherx.xauth.database.TableUpdateException: Table 'accounts' already exists
            at com.cypherx.xauth.database.DatabaseUpdater.executeQuery(DatabaseUpdater.java:174)
            at com.cypherx.xauth.database.DatabaseUpdater.runUpdate(DatabaseUpdater.java:72)
            at com.cypherx.xauth.database.DatabaseController.runUpdater(DatabaseController.java:146)
            at com.cypherx.xauth.xAuth.onEnable(xAuth.java:83)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
            at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:336)
            at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:381)
            at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:250)
            at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:232)
            at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:374)
            at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:361)
            at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:187)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:425)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:490)
    08:39:07 [SEVERE] [xAuth] Something went wrong while updating table [lockouts] to revision [001]
    com.cypherx.xauth.database.TableUpdateException: Duplicate column name 'id'
            at com.cypherx.xauth.database.DatabaseUpdater.executeQuery(DatabaseUpdater.java:174)
            at com.cypherx.xauth.database.DatabaseUpdater.runUpdate(DatabaseUpdater.java:101)
            at com.cypherx.xauth.database.DatabaseController.runUpdater(DatabaseController.java:146)
            at com.cypherx.xauth.xAuth.onEnable(xAuth.java:83)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
            at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:336)
            at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:381)
            at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:250)
            at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:232)
            at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:374)
            at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:361)
            at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:187)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:425)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:490)
    08:39:07 [INFO] [xAuth] v2.0.4 Enabled!
    Seems like xAuth is trying to create the tables "accounts" and "id" in MySQL, but they already exists.

    xAuth still works great, but how to get rid of this error?


    Edit:
    Error log from 2.0.5:
    Code:
    06:30:54 [INFO] [xAuth] Enabling xAuth v2.0.5
    06:30:54 [INFO] [xAuth] Bukkit Permissions enabled (no plugin detected)
    06:30:55 [INFO] [xAuth] Successfully established connection to MySQL database
    06:30:55 [SEVERE] [xAuth] Failed to create table: accounts
    com.cypherx.xauth.database.TableUpdateException: Table 'accounts' already exists
            at com.cypherx.xauth.database.DatabaseUpdater.executeQuery(DatabaseUpdater.java:174)
            at com.cypherx.xauth.database.DatabaseUpdater.runUpdate(DatabaseUpdater.java:72)
            at com.cypherx.xauth.database.DatabaseController.runUpdater(DatabaseController.java:146)
            at com.cypherx.xauth.xAuth.onEnable(xAuth.java:83)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
            at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:336)
            at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:381)
            at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:250)
            at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:232)
            at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:374)
            at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:361)
            at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:187)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:425)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:490)
    06:30:55 [INFO] [xAuth] Table created: playerdata
    06:30:55 [SEVERE] [xAuth] Something went wrong while updating table [playerdata] to revision [001]
    com.cypherx.xauth.database.TableUpdateException: Duplicate column name 'potioneffects'
            at com.cypherx.xauth.database.DatabaseUpdater.executeQuery(DatabaseUpdater.java:174)
            at com.cypherx.xauth.database.DatabaseUpdater.runUpdate(DatabaseUpdater.java:101)
            at com.cypherx.xauth.database.DatabaseController.runUpdater(DatabaseController.java:146)
            at com.cypherx.xauth.xAuth.onEnable(xAuth.java:83)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
            at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:336)
            at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:381)
            at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:250)
            at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:232)
            at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:374)
            at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:361)
            at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:187)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:425)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:490)
    06:30:55 [INFO] [xAuth] Table created: sessions
    06:30:55 [INFO] [xAuth] Table created: locations
    06:30:55 [INFO] [xAuth] Table created: lockouts
    06:30:55 [SEVERE] [xAuth] Something went wrong while updating table [lockouts] to revision [001]
    com.cypherx.xauth.database.TableUpdateException: Duplicate column name 'id'
            at com.cypherx.xauth.database.DatabaseUpdater.executeQuery(DatabaseUpdater.java:174)
            at com.cypherx.xauth.database.DatabaseUpdater.runUpdate(DatabaseUpdater.java:101)
            at com.cypherx.xauth.database.DatabaseController.runUpdater(DatabaseController.java:146)
            at com.cypherx.xauth.xAuth.onEnable(xAuth.java:83)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
            at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:336)
            at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:381)
            at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:250)
            at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:232)
            at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:374)
            at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:361)
            at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:187)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:425)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:490)
    06:30:55 [INFO] [xAuth] v2.0.5 Enabled!
     
  16. Offline

    Krazy


    nice update, but can the player that is online is not disconnected when another try enter?
     
  17. Offline

    Luwiego

    Theres a huge problem with the plugin. Sometimes, when someone reconnects, it says that you already logged in, if you try to move it says u need to login. You have to wait sometime to login again :O
     
  18. Offline

    vicuuu

    I have the same problem too.
    and I use console to /xauth logout <player>
    player can loging but all items losing and at spawn point.

    I use mysql for xAuth.
     
  19. Offline

    Floydrose

    Im having the same problem as the people above. A player logs in fine then when they relog it says they are already online.
     
  20. Offline

    CypherX

    Updated to version 2.0.5:
    • Fixed: Players unable to log in after their session has expired. Issue #101
    • Added: Configuration node to toggle AuthURL login broadcasts (authurl.broadcast-login).
    • Added: Permission node to bypass account limit (xauth.bypass.acclimit).

    Luwiego vicuuu Floydrose
     
    Krazy likes this.
  21. Offline

    vicuuu

    I love this plugin!
    Thanks CypherX:)
     
  22. Offline

    _Robert

    Hey CypherX , i'm having some issues using maven to compile xAuth. I'll add the repos manually latter, just wanna let you know:

    When i use mvn clean package im having problems in the downloads of Bukkit, PermissionsEx and bPerms.

    The full console execution:

    Code:
    [INFO] Scanning for projects...
    [INFO]
    [INFO] ------------------------------------------------------------------------
    [INFO] Building xAuth 2.0.4
    [INFO] ------------------------------------------------------------------------
    Downloading: [URL]http://repo.bukkit.org/content/groups/public/ru/tehkode/Permissions[/URL]
    Ex/1.20-SNAPSHOT/maven-metadata.xml
    Downloading: [URL]http://repo.tehkode.ru/repository/bukkit-plugins/ru/tehkode/Permiss[/URL]
    ionsEx/1.20-SNAPSHOT/maven-metadata.xml
    Downloading: [URL]http://nexus.spout.org/content/groups/public/ru/tehkode/Permissions[/URL]
    Ex/1.20-SNAPSHOT/maven-metadata.xml
    [WARNING] Could not transfer metadata ru.tehkode:permissionsEx:1.20-SNAPSHOT/mav
    en-metadata.xml from/to pex-repo ([URL]http://repo.tehkode.ru/repository/bukkit-plugi[/URL]
    ns): Error transferring file: Connection reset
    Downloading: [URL]http://repo.tehkode.ru/repository/bukkit-plugins/ru/tehkode/Permiss[/URL]
    ionsEx/1.20-SNAPSHOT/maven-metadata.xml
    [WARNING] Could not transfer metadata ru.tehkode:permissionsEx:1.20-SNAPSHOT/mav
    en-metadata.xml from/to pex-repo ([URL]http://repo.tehkode.ru/repository/bukkit-plugi[/URL]
    ns): Error transferring file: Connection reset
    Downloading: [URL]http://repo.bukkit.org/content/groups/public/ru/tehkode/Permissions[/URL]
    Ex/1.20-SNAPSHOT/PermissionsEx-1.20-SNAPSHOT.pom
    Downloading: [URL]http://nexus.spout.org/content/groups/public/ru/tehkode/Permissions[/URL]
    Ex/1.20-SNAPSHOT/PermissionsEx-1.20-SNAPSHOT.pom
    Downloading: [URL]http://repo.tehkode.ru/repository/bukkit-plugins/ru/tehkode/Permiss[/URL]
    ionsEx/1.20-SNAPSHOT/PermissionsEx-1.20-SNAPSHOT.pom
    Downloading: [URL]http://nexus.spout.org/content/groups/public/de/bananaco/bPermissio[/URL]
    ns/dev-SNAPSHOT/maven-metadata.xml
    Downloading: [URL]http://repo.tehkode.ru/repository/bukkit-plugins/de/bananaco/bPermi[/URL]
    ssions/dev-SNAPSHOT/maven-metadata.xml
    Downloading: [URL]http://repo.bukkit.org/content/groups/public/de/bananaco/bPermissio[/URL]
    ns/dev-SNAPSHOT/maven-metadata.xml
    Downloaded: [URL]http://nexus.spout.org/content/groups/public/de/bananaco/bPermission[/URL]
    s/dev-SNAPSHOT/maven-metadata.xml (770 B at 0.8 KB/sec)
    [WARNING] Could not transfer metadata de.bananaco:bPermissions:dev-SNAPSHOT/mave
    n-metadata.xml from/to pex-repo ([URL]http://repo.tehkode.ru/repository/bukkit-plugin[/URL]
    s): Error transferring file: Connection reset
    [INFO] ------------------------------------------------------------------------
    [INFO] BUILD FAILURE
    [INFO] ------------------------------------------------------------------------
    [INFO] Total time: 5:38.153s
    [INFO] Finished at: Tue Apr 03 03:52:16 GMT-03:00 2012
    [INFO] Final Memory: 5M/184M
    [INFO] ------------------------------------------------------------------------
    [ERROR] Failed to execute goal on project xAuth: Could not resolve dependencies
    for project com.cypherx:xAuth:jar:2.0.4: Failed to collect dependencies for [org
    .bukkit:bukkit:jar:1.2.4-R1.0 (compile), ru.tehkode:permissionsEx:jar:1.20-SNAPS
    HOT (compile), de.bananaco:bPermissions:jar:dev-SNAPSHOT (compile)]: Failed to r
    ead artifact descriptor for ru.tehkode:permissionsEx:jar:1.20-SNAPSHOT: Could no
    t transfer artifact ru.tehkode:permissionsEx:pom:1.20-SNAPSHOT from/to pex-repo
    ([URL]http://repo.tehkode.ru/repository/bukkit-plugins[/URL]): Error transferring file: Con
    nection reset -> [Help 1]
    [ERROR]
    [ERROR] To see the full stack trace of the errors, re-run Maven with the -e swit
    ch.
    [ERROR] Re-run Maven using the -X switch to enable full debug logging.
    [ERROR]
    [ERROR] For more information about the errors and possible solutions, please rea
    d the following articles:
    [ERROR] [Help 1] [URL]http://cwiki.apache.org/confluence/display/MAVEN/DependencyReso[/URL]
    lutionException
    
    Thanks!
     
  23. Offline

    wiigor

    For the enforce single session. wouldnt it be possible to do this:

    case 1: When a player tries to connect with the same name as a -not logged in- player. The not logged in player is kicked and the new connecting player can join.

    case:2 When a player tries to connect with the same name as a -logged in- player. The connecting player is disconnected with a message "already logged in"

    In this way you could fix both the exploit and the annoyance of being logged out when you are logged in by people connecting with the same name.

    (This all relies on the assumption that when a playername has logged in. All other connections are not legitimate. And the logged in player must first log out.) The exploit wont work anymore, since in case 2 even although both players have the same name and kicking one of them grants the others rights to move around and execute commands, this does not matter since he is already logged in and entitled to do so.
     
  24. Offline

    clavat

    Why when new player connect for first time are spawning on area ~16 blocs around the real point of spawn ?

    I have Essentials and i configured newbies spawn so it's don't work...
     
  25. Offline

    aD_Reaper

    So now players are joining with illegal characters after their name and are using my name. And they can talk in chat without logging in?

    In the playerlist it shows like "aD_Reaper¤®µ£¢" When my name is aD_Reaper so they can talk and people think its me. He shows as a whole different name in the players list, but when he talks. it comes up as my name because minecraft wont show the characters.
     
  26. Offline

    Furball75

    have this set in your config--

    allowed: ABCDEFGHIJKLMNOPQRSTUVWXYZ_-abcdefghijklmnopqrstuvwxyz0123456789

    it will only let those be used in peoples names
     
  27. Offline

    Danielk0703

    I would like to add Player names in a "not allowed" list...
    On my server there are many people and i would like to deaktivate names like "Gronkh", someone joined as "Gronkh" he sayed something (-not nice)... I have banned him... and 2 minutes later "xXGronkh" has joined my server... This is the reason i would like to diasable this name... (this was an example)
    Sry for my bad english, i hope you understand me...
     
  28. Offline

    CypherX

    IP ban him?
     
  29. Offline

    Danielk0703

    if you would like to change your ip --> internet off --> internet on --> (restart your PC) --> new Ip --> join server --> write bad things...
    and THX for you fantastic plugin!
     
  30. Offline

    ChemicallyGodly

    maybe have their name be added from the ban list instead of manually. if you add the feature
     
  31. Offline

    CypherX

    That only works if they have a dynamic address.
     
Thread Status:
Not open for further replies.

Share This Page