Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    EvilJackCarver

    Pop it open, gotcha.

    >Opens database in a text editor
     
  3. Offline

    andrew2060

    I'm not sure what I am doing wrong: I am using Authme-Reloaded v2.6.5 (since the original authme went up to v2.5 and your requirements state v2.6.2+, I am assuming you mean Authme-Reloaded) and am attempting to convert to xauth using mysql:

    I first create the relevent mysql tables using xauth, shut down the server, copy auths.db to the same folder as the importer, change importer.ini to fit my mysql settings, and then run it. I end up with this:
    Code:
    Loading accounts from file..
    Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 2
            at com.cypherx.xauthimporter.importers.AuthMe.FlatFileToMySQL.doImport(F
    latFileToMySQL.java:67)
            at com.cypherx.xauthimporter.Importer.main(Importer.java:70)
    Is it something I'm doing wrong? or
     
  4. Offline

    CypherX

    andrew2060
    Uploaded a new build of the importer that should fix that. Download it here.
     
  5. Offline

    andrew2060

    CypherX
    with the new link:
    Code:
    Loading accounts from file..
    Exception in thread "main" java.lang.NumberFormatException: For input string: "1
    329560482darulio"
            at java.lang.NumberFormatException.forInputString(Unknown Source)
            at java.lang.Long.parseLong(Unknown Source)
            at java.lang.Long.parseLong(Unknown Source)
            at com.cypherx.xauthimporter.importers.AuthMe.FlatFileToMySQL.doImport(F
    latFileToMySQL.java:72)
            at com.cypherx.xauthimporter.Importer.main(Importer.java:70)
     
  6. Offline

    CypherX

    andrew2060
    There's an error in your auths.db file. Open it with a text editor, search for '1329560482darulio' without the quotes and remove the 'darulio'.
     
  7. Offline

    Luwiego

    We meet again.......
     
  8. Offline

    WERSAS1

    Ohai. Don't think that I've left you.
     
  9. Offline

    EvilJackCarver

    Is there currently a way to make certain groups required to register, but not all of them?
     
  10. Offline

    CypherX

    Disable forced registration in the configuration then use the permission node 'xauth.register' for the players/groups.
     
  11. Offline

    Regulus123

    Is this plugin using any coding other than "Whirlpool"? M5 and others.
     
  12. Offline

    Masterflapdrol

    Dude I'm seartching for a way players can change names without hacked client
     
  13. Offline

    omnija

    when i set protection logout at logout, when i login and return to my save point i start in the ground? not sure if this is an xauth bug or bukkit bug?
     
  14. Offline

    CypherX

    Updated to version 2.0.10:
    • [Fixed] Exploit to completely bypass login system.
    • [Fixed] xAuth commands not working with Rcon
    • [Fixed] Exploiting login system to avoid fire & drowning damage.
    • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
    • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
    • [Fixed] Exploiting location protection after dieing to return to the spot of death.
     
  15. Do i have so set a password here, so other users can´t hack my database?
    Code:
    mysql:
      enabled: false
      host: localhost
      port: 3306
      user: user
      password: password
      database: xauth
      tables:
    
    it´s in the config.yml

    Code:
    authurl:
      enabled: false
      url: http://
      registration: false
      status: false
      groups: false
      broadcast-login: true
    
    Do have set the Server-IP to "url:"? I i do not so, the users can login, register, too. So what does this "url" make? Why is it set to "http://google.com" all the time i delete it?
    What does "broadcast-login" do?

    thx :)
     
  16. Offline

    CatsyLady

    i still got kicked sometimes when someone login with my name ..

    weird

    o0Julia0o

    you dont need it at all
     
  17. Offline

    BMXEDWIN

    please give me an german message.yml that work

    the old from pastebin is not working :-(
     
  18. Thx.. do you mean the password or the url? And what is the sence of this two things? Can i add every Url and every password and nothing happens?

    Julia :)
     
  19. Offline

    CatsyLady

    i mean both.
    when your turn off mysql you dont need a password
    and this web thingy is even optional
     
  20. thank you, CatsLday. how can i turn on mysql or.. what will then be, if i turn on mysql? So what´s the difference between turning it on or off?

    o.k. - but what does it do?
     
  21. Offline

    CatsyLady

    you already turned mysql off

    Code:
    mysql:
      enabled: false
    not even sure for what this web is,
    login from a website or something
     
  22. oh, your right ;). And what´s the use of it, if you turn it on?
     
  23. Offline

    CatsyLady

    you have better performance by using mysql-server,
    i guess

    i already have 3500 registered accounts and no lagg at all.
     
  24. Offline

    Timberwolf77

    Does this plugin prevent server run kill commands on the player when they have not yet logged in? As this could pose a problem with another plugin I'm using (Combat Tag) which helps t prevent combat logging by killing players that log off during combat when they log back on.
     
  25. Can you reset an account, if a player has lost his password?
     
  26. Offline

    CatsyLady

    /xauth changepw <player> <newpassword>

    or

    /xauth unregister <player>

    so he can register new
     
  27. Offline

    Anketho

    I have this error :
    SEVERE] [xAuth] Failed to nsert player data into database
    Or
    = something went wrong while updating table[playerdata] to revision [002]
    What is the problem ?
    Thanks
     
  28. Offline

    acecheesecr14

    is there a way to unhash it i dont want to reset peoples passwords when i access their account??
     
  29. how do you can access their accounts!?
     
  30. Offline

    siemaeniu500

    When I moved to 2.0.10

    12:52:20 [SEVERE] [xAuth] Failed to insert player data into database!
    org.h2.jdbc.JdbcSQLException: Column count does not match; SQL statement:
    INSERT INTO `playerdata` SELECT ?, ?, ?, ?, ?, ?, ? FROM DUAL WHERE NOT EXISTS (SELECT * FROM `playerdata` WHERE `playername` = ?) [21002-164]
    at org.h2.message.DbException.getJdbcSQLException(DbException.java:329)
    at org.h2.message.DbException.get(DbException.java:169)
    at org.h2.message.DbException.get(DbException.java:146)
    at org.h2.message.DbException.get(DbException.java:135)
    at org.h2.command.dml.Insert.prepare(Insert.java:243)
    at org.h2.command.Parser.prepareCommand(Parser.java:218)
    at org.h2.engine.Session.prepareLocal(Session.java:415)
    at org.h2.engine.Session.prepareCommand(Session.java:364)
    at org.h2.jdbc.JdbcConnection.prepareCommand(JdbcConnection.java:1121)
    at org.h2.jdbc.JdbcPreparedStatement.<init>(JdbcPreparedStatement.java:71)
    at org.h2.jdbc.JdbcConnection.prepareStatement(JdbcConnection.java:267)
    at com.cypherx.xauth.PlayerDataHandler.storeData(PlayerDataHandler.java:84)
    at com.cypherx.xauth.PlayerManager.protect(PlayerManager.java:160)
    at com.cypherx.xauth.listeners.xAuthPlayerListener$1.run(xAuthPlayerListener.java:287)
    at org.bukkit.craftbukkit.scheduler.CraftScheduler.mainThreadHeartbeat(CraftScheduler.java:126)
    at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:533)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:459)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
     
  31. Offline

    Keiaxx

    I am with siemaeniu500, Getting this error when I upgraded: http://pastie.org/4114663

    I deleted the lib folder and let it do it's downloads again, then restart the server and still getting that error. Any ideas?
     
Thread Status:
Not open for further replies.

Share This Page