Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    Ziden

    Allright, thanks, ill change from authme to xauth and ill post any issues

    would be awesome a database converter, so players doesnt have to take the risk of theyr accounts being registered.

    thanks for the attention !
     
  3. Offline

    CypherX

    An importer already exists, look at the bottom of the first post.
     
  4. Offline

    Chrispm84

    CypherX:

    I deleted it, so xAuth would connect to my database. Everything seems to be good, so far. Still very little usage of locations and playerdata tables, though. Is that normal? Thanks.
     
  5. Offline

    CypherX

    Don't touch the DBVERSION file unless specifically instructed to.
     
  6. Offline

    ruibullseye

    hi everyone. im about to install xAuth on my server. I have one question, is there any way to integrate the user registration on a website?
    If yes can i have some guidance ?

    Thnx for ur time.
     
  7. Offline

    Ketrel

    I have forced off, and only the admin group has xAuth.register

    However, it's forcing everyone in the members group to register. I can't find any setting that explains it.
     
  8. Offline

    Heliwr

    I had this problem as well, the plugin was setting xauth.register to true as default. It worked properly for me when I explicitly set xauth.register to false for the groups that I didn't want to have it.
     
  9. Offline

    Ketrel

    How could I do that per group?
    I'm using Pex for permissions.
     
  10. Offline

    CypherX

    Just tested and looks like that's a bug. For a temp fix, open xAuth.jar in 7zip or some kind of archive editor, open plugin.yml in a text editor, and under xauth.register in the permissions section change default: true to default: false. This will be fixed in the next update.
     
  11. Offline

    Chrispm84

    @ CypherX:

    I only deleted DBVERSION after xAuth failed to properly update the tables on my data. First try was to delete the DBVERSION which didn't help. Upon deleting the tables, except for accounts, everything was fine. The only reason I deleted it in the first place, was that it was the fix for a previous SQL problem very similar to this one. I always assumed it was just for keeping track of what version the tables were to make future table updates easier. If this could potentially cause a problem, I'd be glad to have your advice on what to do. And I'd also like to know if the seemingly low usage of the locations and playerdata tables is a problem or if they only temporarily store infomation.
     
  12. Offline

    ruibullseye

    hi everyone. im about to install xAuth on my server. I have one question, is there any way to integrate the user registration on a website?
    If yes can i have some guidance ?

    Thnx for ur time.​
     
  13. Offline

    CypherX

    Deleting the DBVERSION will do nothing but cause more issues unless all tables are deleted as well. It keeps track of each table version, like you said, so if it's deleted, it attempts to create and update these tables which will just throw more errors.

    Rather than spam my thread, try reading. Your answer is in the first post.
     
  14. Offline

    texita

  15. Offline

    Paul_VB

    this plugin looks great for my server! :D
    but what do you mean by my server being "exploited"?

    and when you say "Persistent login sessions through server restarts", is it verified by IP adress?

    EDIT: i've installed it on my server and i love it so far :)

    although im still wondering what it means for my server to be "exploited".
     
  16. Offline

    ruibullseye

    i dont see it cypherx can u help me with that? and sorry for "spamming".
     
  17. Offline

    nabakin

    Can you move this plugin to dev.bukkit.org? I don't like that I have to keep checking for an update manually.
     
  18. Offline

    CypherX

    Added to Translations page.

    It means that if you use the wrong version it may be exploited.

    No. BukkitDev is trash and I added the ability to check for new updates to xAuth. If there's a new update it'll display a message when the server is started or restarted.
     
  19. Offline

    djrazr

  20. Offline

    Giuseppe

    Code:
    012-05-10 11:13:51 [WARNING] Task of 'xAuth' generated an exception
    java.lang.NullPointerException
        at com.cypherx.xauth.PlayerDataHandler.storeData(PlayerDataHandler.java:31)
        at com.cypherx.xauth.PlayerManager.protect(PlayerManager.java:156)
        at com.cypherx.xauth.listeners.xAuthPlayerListener$1.run(xAuthPlayerListener.java:276)
        at com.bergerkiller.bukkit.nolagg.examine.TimedWrapper.run(TimedWrapper.java:20)
        at org.bukkit.craftbukkit.scheduler.CraftScheduler.mainThreadHeartbeat(CraftScheduler.java:126)
        at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:517)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:449)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
     
  21. Offline

    CypherX

  22. Offline

    hqSparx

    Can anyone reupload the importer please?

    also, please reupload libraries:
    [​IMG]
    seems like you ran off your transfer on dropbox
     
  23. Offline

    CypherX

  24. Offline

    subxism

    i cant make it work, sorry im new to this, i placed h2.jar in lib folder and still cant conect.. help plz

    edit- nvm
     
  25. Offline

    E@rthQu@ke

    Hello, i'm in trouble with h2-1.3.166.jar, xauth 2.08b, and git-Bukkit-1.2.5-R1.3-b2175jnks.
    Code:
    2012-05-12 17:52:09 [INFO] [xAuth] Enabling xAuth v2.0.8
    2012-05-12 17:52:09 [SEVERE] [xAuth] Failed to create instance of H2 JDBC Driver!
    java.lang.ClassNotFoundException: org.h2.Driver
        at java.net.URLClassLoader$1.run(Unknown Source)
        at java.net.URLClassLoader$1.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(Unknown Source)
        at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:41)
        at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:29)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Unknown Source)
        at com.cypherx.xauth.database.ConnectionPool.<init>(ConnectionPool.java:19)
        at com.cypherx.xauth.database.DatabaseController.dbInit(DatabaseController.java:50)
        at com.cypherx.xauth.database.DatabaseController.<init>(DatabaseController.java:24)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:78)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:336)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:381)
        at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:256)
        at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:238)
        at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:371)
        at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:358)
        at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:187)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:422)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
    2012-05-12 17:52:09 [SEVERE] [xAuth] Failed to borrow H2 connection from pool!
    java.lang.NullPointerException
        at com.cypherx.xauth.database.DatabaseController.getConnection(DatabaseController.java:87)
        at com.cypherx.xauth.database.DatabaseController.isConnectable(DatabaseController.java:76)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:81)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:336)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:381)
        at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:256)
        at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:238)
        at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:371)
        at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:358)
        at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:187)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:422)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
    2012-05-12 17:52:09 [SEVERE] [xAuth] Failed to establish H2 database connection!
    2012-05-12 17:52:09 [INFO] [xAuth] Disabling xAuth v2.0.8
    2012-05-12 17:52:09 [SEVERE] [xAuth] Failed to close H2 connection pool!
    java.lang.NullPointerException
        at com.cypherx.xauth.database.DatabaseController.close(DatabaseController.java:138)
        at com.cypherx.xauth.xAuth.onDisable(xAuth.java:38)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:217)
        at org.bukkit.plugin.java.JavaPluginLoader.disablePlugin(JavaPluginLoader.java:362)
        at org.bukkit.plugin.SimplePluginManager.disablePlugin(SimplePluginManager.java:399)
        at com.cypherx.xauth.xAuth.onEnable(xAuth.java:85)
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:336)
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:381)
        at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:256)
        at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:238)
        at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:371)
        at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:358)
        at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:187)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:422)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
     
  26. Offline

    kremington

    When a anyone tries to do /logout, it throws an error saying that the sessions table doesn't exist. How would I fix this? The importer seemed to work fine....

    Code:
    12.05 21:00:50 [Server] INFO DELETE FROM `sessions` WHERE `accountid` = ? [42102-159]
    12.05 21:00:50 [Server] INFO org.h2.jdbc.JdbcSQLException: Table "SESSIONS" not found; SQL statement:
    Also, how do I enable to reverse-enforce-single-session? I am using CB 1.2.5-RB1.3
     
  27. Offline

    hansahalim15

    Can anyone tell me how to install this?? im using craftbukkit 1.2.5 R1.3
    i put the .jar file in the plugin folder and run the server, it always says Enabling xAuth but then many many error appear. Please Help!!!

    I have the same problem that E@rthQu@ke have

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
  28. I found a problem. When someone tries to login with my name, I kicked and lose the connection to the server. How to solve this?
     
  29. Offline

    jordymanneke

    Could you pleas make it so if someone is logged in. and someone uses a cracked client with same name, they can't "overlogin" and disconnect the user logged in.?
     
  30. Offline

    dragos_shadow

    Hello. I get this error

    Code:
    20:43:30 xAuth: Download complete, reloading xAuth..
    20:43:30 xAuth: Disabling xAuth v2.0.8
    20:43:30 xAuth: Enabling xAuth v2.0.8
    20:43:32 CONSOLE: [WARNING] [xAuth] Could not check for newer version!
    20:43:32 xAuth: Downloading required H2 library..
    20:43:32 CONSOLE: [SEVERE] [xAuth] Failed to download file: h2-1.3.164.jar
    20:43:32 CONSOLE: returned HTTP response code: 509 for URL: http://dl.dropbox.com/u/24661378/Bukkit/lib/h2-1.3.164.jar
    20:43:32 xAuth: Download complete, reloading xAuth..
    20:43:32 xAuth: Disabling xAuth v2.0.8
    20:43:32 xAuth: Enabling xAuth v2.0.8
    20:43:32 CONSOLE: [WARNING] [xAuth] Could not check for newer version!
    20:43:32 xAuth: Downloading required H2 library..
    
    Can you help me?
     
  31. Offline

    E@rthQu@ke

    He's dropbox account was blocked for many downloads. Put library by hand
     
Thread Status:
Not open for further replies.

Share This Page