UUID's and name changing..

Discussion in 'Plugin Development' started by Creepster197, May 27, 2014.

Thread Status:
Not open for further replies.
  1. Offline



    Iam currently about to develop a new ban plugin. Now I was wondering how I could handle the following situation:

    PlayerOne griefed on the server.
    PlayerOne changed name to PlayerTwo.
    PlayerThree changed name to PlayerOne.
    PlayerOne gets banned.

    Would that mean, that I ban a completely wrong UUID as another account owns the PlayerOne name now. And don't forget: The name changing is valid as PlayerOne changes his name first and the name "PlayerOne" is free again.

    Iam just wondering what will happen if you take over a name which was already existing once.

    Thanks in Advance.
  2. Offline


    So your plugin works like this:
    PlayerOne get banned, so you save his UID.
    Name changes to PlayerTwo. Same UID.
    PlayerThree changes his name to PlayerOne, but he has still a different UID, so he don't get banned.
  3. Offline


    I had the exact same problem when updating my own ban plugin. I solved it by saving the name with it's current UUID every time a player joins with an unknown combination of UUID and name. Then, when someone issues the ban command, I get the current uuid from the mojang servers and those I saved in the history. If there are multiple matches, the command issuer has to select one of them.
  4. Offline



    There was an missunderstanding. Lets say Iam just banning PlayerOne after all the namechanging process is done. Does that mean that I will accidentally ban a whole different UUID?


    I also thought about that. So player <-> uuid is locked. You cant login if either your UUID or your Name is already written down to the database. If both does match its all fine. If someone wants to change their name I could create a form on our forums. I think its the best way
  5. Offline


    That's not what I ment :) I would never deny someone to change their name unless there is absolutely no way around it. But I guess that's on every server admin to decide :)
  6. Offline



    Well in my opinion this is the only "real" secure way yet. Otherwise you can never be sure who has owned the name before except using your method. However, you would have to implement your function into every plugin (rollbacks / regions / etc..). Otherwise you could never be sure if PlayerOne is the same PlayerOne he was one week ago. ;)
  7. The risk of referencing another player than intended will always be there with using names, either you ban the last known player with that name, but intended to ban the new guy, or you ban the new guy by looking up the uuid at Mojang, but you intended to ban the guy who was rampaging yesterday (and so on with some other variations). In my opinion one would need to have a database on who is/was who and be able to query the history, like "uuid for brian, yesterday evening" - some lot to add :p. Realistically names won't change around all the time for the same players, but more people than expected will change their names, some silly things will happen too.

    That's why i think this change is so much not "just change to uuids" :) - you have to consider the whole user interfacing and consistency between plugins. If you are unlucky one of your plugins depending on WorldGuard handles name changing differently than WorldGuard itself and similar things.

    I will deny people who are not "original name owners" to join until i have updated+migrated all plugins+data. Of course i have fetched all uuids for all past players names and can do some migration for other plugins like PEX based on the local database. Later i might hook into all / recode parts of all plugins to use some central API for checking if the player might intend to reference a certain other player (could be they were online the same time, set the other as a contact/buddy, original name owners for protection signs and such). On the long run we will have to use tokens/bank-account-number-thinsg for signs and ... bank accounts (etc).
  8. Offline


    when you issue the ban command from within your coding you need to put the UUID into the banned players list or yml or whatever you are using.

    Don't worry about the players name because it will not be needed

    2. Player p = this.getserver.getplayer(args[1]);
    4. String uid = p.getuniqueid().replace("-", null);
    6. bannedlist.add(uid)

    then in playerjoin do something like this

    2. public void playerJoin(playerloginevent event){
    4. String uid = event.getplayer.getuniqueid.replace("-", null);
    6. if(bannedlist.contains(uid)){
    7. event.disallow("Your banneded!");
    8. }

    the above is psuedo code, not tested but you get the idea.

    so with the above code, if playerONE griefs and you ban him/her, it will ban the UUID of that player. so now that player changed his/her name to playerTWO and tries to rejoin, the player will still be banned.
    if someone else joins the server with the name playerONE they will be able to join and play like normal because their UUID is not banned.
  9. Offline


    Yes indeed, as it will only cause problems I only can recommend doing it as follow:

    Create a database where only Player and UUID are stored at. Use the preloginevent and search for the players UUID. Now check if the players name matches the UUID in the database. There are the following cases that could appear:

    Case 1: Player & UUID matches -> Player is allowed to connect.
    Case 2: No Player & UUID found -> New index created -> Player is allowed to connect.
    Case 3: Name found with different UUID -> Disallow: "Please contact [email protected]"
    Case 4: UUID found with different Name -> Disallow: "Please contact [email protected]"

    Doing it this way would allow each player to connect with ONE choosen name. You wouldnt have the problem, that players could take over other names. If someone wants to change their name he just has to contact the staff team. A command like "/changename <oldname> <newname>" would be easily coded. Also you could check when executing the command, if the UUID from the oldname fits the newname. If not -> Abort!

    + You would never have to worry about unexpected namechanges again.
    + No bans by misstake. Banning can be handled like we already do it except we use the players UUID.
    + No false: Rollbacks, Regions, Warps, Homes, Shops, Economy Accounts, and MUCH more..
    + Prevent player multiaccounting.

    - Players would have to open a ticket / send an e-mail / contact the server staff to change their name.

    Iam not a person who changes the name every 5 seconds. In my opinion players should be a little bit patient and sending an email or opening a support ticket is no problem at all. I will definitely do it that way.

  10. Offline


    Creepster197 If all plugins are well coded (and they should be) there is no need to do this.
    But maybe players, who never ever have joined your server must contact a staff first. It wouldn't like that.
  11. Offline



    Thats indeed a big problem :confused:

    So lets say all plugins are well coded. If you make a lookup using Logblock for example, it will show the players name. If you use the players name for banning, you can never be sure, that you're banning the right one. You would actually have to link every plugin together so that bans lookup the date when the griefer has griefed and get the UUID from that date.

    EDIT: Found a solution for the problem:

    Case 1: UUID & Name not found -> Creating index -> Allowed to login
    Case 2: UUID & Name matches -> Allowed to login
    Case 3: UUID found but different Name -> "Please request namechange" (You can also handle this automatically [changing the name onConnect] but then other plugins would have to hook into your plugin to show the changed playername. So plugins would use %UUID% for their messages and replace that by the name when the message is send.)
    Case 4: Name found but different UUID -> Remove old index, create new one -> Allowed to login

    Iam pretty sure that you cant fix the problem of getting confused when players change their name. I recommend to add this plugin so that only ONE name is displayed for the UUID. Lets say you play as PlayerOne for 2 months. Then you change your name to PlayerTwo. Doesnt matter, all plugins would hook into the new name. If another player takes the name PlayerOne, it would A.) Still ban the old player or B.) if the new PlayerOne joins, it would remove the old index. This would cause to show the UUID instead of the playersname (as it no longer exists in the database).

    In fact: You will always just see one name OR in a few cases the UUID. NO false bans at all.
    I think its a good way to handle UUID's. Its the same like on every forum / facebook / etc..
    You change your name -> Old posts change the username as well
  12. Offline


    You are right if you say that playerA can grief than changes his name to playerB and if he is then be banned, it would not work.
    Hopefully Mojang will add something that an old name is "reserved" for a time to prevent this, otherwise your solution is needed I think..:oops:
  13. Offline


    if your ban plugin works correctly you shouldnt have to worry about this.

    when you ban, ban the UUID... when they connect check their UUID and not the NAME.

    Then it doesnt matter who changes their name or when, as long as the UUID is banned they will not be allowed to join.
  14. Offline


    Please read the thread and its posts first before posting.. ^^
  15. That's a fast to make mini-game: "guess a UUID" :p
  16. Offline


    If you're wrong your friend may gets banned. If NOT you get banned! :)
    Play it today for free and checkout who gets banned first ;)

    Would be a great minigame :rolleyes:
  17. That reminds me of the mini game with "1st action = ban", so players can place one block or drop one stack and are gone. The complex variation is with one block per week per player - creative mode would not matter much ("hardcore building").
Thread Status:
Not open for further replies.

Share This Page