Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    CypherX

    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

    ------------------------------------------------------------------​

    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.


    Features
    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
     
  2. Offline

    CypherX

    alexlv4
    Seriously? Take a look at the AuthURL configuration again. Hint: it starts with an 'e'.
     
    Danielk0703 and LlmDl like this.
  3. Offline

    Danielk0703

    I get kicked because someone logget in from another location...
    Can you fix this please? :(
    Its a big problem on my server..
     
  4. Offline

    alexlv4

    Hi

    Sorry for my mistake, I copy the configuration after my test
    I change to enable: true, but it does not work, all players login automatically.

    All my config and my php it's ok?

    Thanks in advance
     
  5. Offline

    sephiroth7240

  6. Offline

    findus1994

    hey,
    is there any possibility to add the features like "lastlogin" again???
    That was really cool ;)
     
  7. Offline

    Kowak

    I would to know how to set a block for IP.
    Sometimes a "b****" try to enter into my player accounts. They often get disconnect and lose all items. How to block ip player? I would like that none can access a player account while he is playing.
     
  8. Offline

    Luwiego

    Because a f**** bug, xauth disabled it self........
    Code:
    [xAuth] Something went wrong while deleting session for account: 72
    org.h2.jdbc.JdbcSQLException: General error: "java.lang.LinkageError: loader constraint violation: when resolving method ""org.h2.result.RowList.<init>(Lorg/h2/engine/Session;)V"" the class loader (instance of org/bukkit/plugin/java/PluginClassLoader) of the current class, org/h2/command/dml/Delete, and the class loader (instance of sun/misc/Launcher$AppClassLoader) for resolved class, org/h2/result/RowList, have different Class objects for the type (Lorg/h2/engine/Session;)V used in the signature"; SQL statement:
    DELETE FROM `sessions` WHERE `accountid` = ? [50000-164]
        at org.h2.message.DbException.getJdbcSQLException(DbException.java:329)
        at org.h2.message.DbException.get(DbException.java:158)
        at org.h2.message.DbException.convert(DbException.java:277)
        at org.h2.command.Command.executeUpdate(Command.java:230)
        at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(JdbcPreparedStatement.java:143)
        at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPreparedStatement.java:129)
        at com.cypherx.xauth.PlayerManager.deleteSession(PlayerManager.java:397)
        at com.cypherx.xauth.PlayerManager.checkSession(PlayerManager.java:136)
        at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerJoin(xAuthPlayerListener.java:80)
        at sun.reflect.GeneratedMethodAccessor193.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:301)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:459)
        at net.minecraft.server.ServerConfigurationManager.c(ServerConfigurationManager.java:132)
        at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:129)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:94)
        at net.minecraft.server.Packet1Login.handle(SourceFile:68)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:229)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:48)
        at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:61)
        at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:551)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:449)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
    Caused by: java.lang.LinkageError: loader constraint violation: when resolving method "org.h2.result.RowList.<init>(Lorg/h2/engine/Session;)V" the class loader (instance of org/bukkit/plugin/java/PluginClassLoader) of the current class, org/h2/command/dml/Delete, and the class loader (instance of sun/misc/Launcher$AppClassLoader) for resolved class, org/h2/result/RowList, have different Class objects for the type (Lorg/h2/engine/Session;)V used in the signature
        at org.h2.command.dml.Delete.update(Delete.java:59)
        at org.h2.command.CommandContainer.update(CommandContainer.java:73)
        at org.h2.command.Command.executeUpdate(Command.java:226)
        ... 21 more
    2012-04-27 10:07:45 [SEVERE] Could not pass event PlayerJoinEvent to xAuth
    org.bukkit.event.EventException
        at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:303)
        at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
        at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:459)
        at net.minecraft.server.ServerConfigurationManager.c(ServerConfigurationManager.java:132)
        at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:129)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:94)
        at net.minecraft.server.Packet1Login.handle(SourceFile:68)
        at net.minecraft.server.NetworkManager.b(NetworkManager.java:229)
        at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:48)
        at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:61)
        at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:551)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:449)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
    Caused by: java.lang.LinkageError: loader constraint violation: when resolving method "org.h2.index.RangeIndex.<init>(Lorg/h2/table/RangeTable;[Lorg/h2/table/IndexColumn;)V" the class loader (instance of org/bukkit/plugin/java/PluginClassLoader) of the current class, org/h2/table/RangeTable, and the class loader (instance of sun/misc/Launcher$AppClassLoader) for resolved class, org/h2/index/RangeIndex, have different Class objects for the type mn;)V used in the signature
        at org.h2.table.RangeTable.getScanIndex(RangeTable.java:117)
        at org.h2.table.TableFilter.getBestPlanItem(TableFilter.java:161)
        at org.h2.table.Plan.calculateCost(Plan.java:110)
        at org.h2.command.dml.Optimizer.testPlan(Optimizer.java:177)
        at org.h2.command.dml.Optimizer.calculateBestPlan(Optimizer.java:81)
        at org.h2.command.dml.Optimizer.optimize(Optimizer.java:230)
        at org.h2.command.dml.Select.preparePlan(Select.java:919)
        at org.h2.command.dml.Select.prepare(Select.java:823)
        at org.h2.command.dml.Insert.prepare(Insert.java:241)
        at org.h2.command.Parser.prepareCommand(Parser.java:218)
        at org.h2.engine.Session.prepareLocal(Session.java:415)
        at org.h2.engine.Session.prepareCommand(Session.java:364)
        at org.h2.jdbc.JdbcConnection.prepareCommand(JdbcConnection.java:1121)
        at org.h2.jdbc.JdbcPreparedStatement.<init>(JdbcPreparedStatement.java:71)
        at org.h2.jdbc.JdbcConnection.prepareStatement(JdbcConnection.java:267)
        at com.cypherx.xauth.PlayerDataHandler.storeData(PlayerDataHandler.java:78)
        at com.cypherx.xauth.PlayerManager.protect(PlayerManager.java:156)
        at com.cypherx.xauth.listeners.xAuthPlayerListener.onPlayerJoin(xAuthPlayerListener.java:88)
        at sun.reflect.GeneratedMethodAccessor193.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:301)
        ... 12 more
    EDIT: Possible conflict with mcdocs ?
     
  9. Offline

    TDDxD

  10. Offline

    siemaeniu500

    if I can somehow go with authme the xauth?
     
  11. Offline

    Danielk0703

    I get kicked because someone logget in from another location...
    Can you fix this please? :(
    Or can someone help me? (ideas?, tipps?)
    Its a big problem on my server...
     
  12. Offline

    siemaeniu500

    What can I do to move the registered account in authme to xauth?
     
  13. Offline

    ZachKiller121

    Hey I can't register with the plugin version 1.2.5-R1.0 :(
     
  14. Offline

    Riolu

    Any tutorial (exactly about MySQL for Windows), please!
     
  15. Offline

    vlado2portos

    Hello all,

    My moderators are reporting a "bug" that xAuth is not recognizing difference between small and capital letters.

    Like when somebody logs in with name John and logs out, somebody log in with john and its treat as the same person. Did i miss something in config ?

    Regards,
    Vladimir
     
  16. Offline

    Danielk0703

    I have the same "bug"/problem!
    And i have a big problem with the "login from another location!".
     
  17. Offline

    CypherX

    The importer will be updated soon to support converting from AuthMe to xAuth.

    Why would xAuth differentiate between character case if the name is the same when Minecraft doesn't in the first place?

    Do you refuse to read or are you just naturally illiterate? Stop posting this shit in my thread, it's been answered numerous times.
     
  18. Offline

    siemaeniu500

    Later, that is, at what time?
     
  19. Offline

    CypherX

    If I knew I would have given an exact date and time.

    Updated to version 2.0.7:
    • Added option (main.reload-on-join) to reload cached player data when they connect to the server.
    • Added option (account.update-last-login) to toggle updating of the lastlogindate & lastloginip database fields.
    • Added ability to check if a new update is available.
    • Fixed /xauth reload allowing non-logged in players to bypass /login.
    • Re-added reverse-enforce-single-session feature for those also running the Spout plugin. Will be fully implemented when I figure out how using Spout resolves the exploit.
    • Removed support for individual Permissions plugins since they all support Bukkit Permissions.
    • Added option to enable/disable required login after registration.
    • Fixed server crash involving a player logging out with no solid block below them while location protection was disabled.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 17, 2016
  20. Offline

    vlado2portos

    Thats a answer, because minecraft don't ? This plugin is security for minecraft in offline mode, and possibility to get OP privileges just by changing letter in name its not much secure, is it ?

    Don't get me wrong, you did great job with the plugin and there is no equal, all I'm trying to do to make it better.
     
  21. Offline

    siemaeniu500

    A can not be any other way to convert?
     
  22. Offline

    Adrenaline

    Give me converter from AuthMe to xAuth :D
     
  23. Offline

    wiigor

    Thanks for re adding the reverse-enforce-single-session option.

    I have noticed in the releasenotes of the 1.2.5R1.3 bukkit release of yesterday that a bug has been solved that might be related to this problem:

    PreLoginEvent called before PlayerQuit if the same user logs on more than once.

    I dont know if this possible could lead to a fix of the reverse-enforce-single-session option issue.
     
  24. Offline

    316peti

    How can i dasable space in player names?
     
  25. Offline

    CypherX

    I did a quick test with this new CB build and whatever was changed does seem to resolve the exploit without the need of Spout. I'll do a more in depth test when I get home from work to verify this.
     
  26. Offline

    908070p

    is there a flatfile version?
     
  27. Offline

    GlitchHero9724

    Hi CypherX,

    I'm trying to update my server to 1.2.5, and so far it all went well. But then it was xAuth's turn.
    I simply downloaded the new version and pasted the .jar and folder in the plugins folder, opened my server, and received this message:
    Code:
    20:45:56 [INFO] [xAuth] Enabling xAuth v2.0.7
    20:45:56 [INFO] [xAuth] Downloading required H2 library..
    20:46:03 [INFO] [xAuth] Download complete, reloading xAuth..
    20:46:03 [INFO] [xAuth] Disabling xAuth v2.0.7
    20:46:03 [INFO] [xAuth] Enabling xAuth v2.0.7
    20:46:04 [SEVERE] [xAuth] Failed to create instance of H2 JDBC Driver!
    java.lang.ClassNotFoundException: org.h2.Driver
            at java.net.URLClassLoader$1.run(Unknown Source)
            at java.security.AccessController.doPrivileged(Native Method)
            at java.net.URLClassLoader.findClass(Unknown Source)
            at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.
    java:41)
            at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.
    java:29)
            at java.lang.ClassLoader.loadClass(Unknown Source)
            at java.lang.ClassLoader.loadClass(Unknown Source)
            at java.lang.Class.forName0(Native Method)
            at java.lang.Class.forName(Unknown Source)
            at com.cypherx.xauth.database.ConnectionPool.<init>(ConnectionPool.java:
    19)
            at com.cypherx.xauth.database.DatabaseController.dbInit(DatabaseControll
    er.java:50)
            at com.cypherx.xauth.database.DatabaseController.<init>(DatabaseControll
    er.java:24)
            at com.cypherx.xauth.xAuth.onEnable(xAuth.java:78)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
            at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
    .java:336)
            at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
    r.java:381)
            at com.cypherx.xauth.xAuth.onEnable(xAuth.java:70)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
            at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
    .java:336)
            at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
    r.java:381)
            at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:250)
            at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:232
    )
            at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:371)
            at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:358)
            at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:187)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:422)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
    20:46:04 [SEVERE] [xAuth] Failed to borrow H2 connection from pool!
    java.lang.NullPointerException
            at com.cypherx.xauth.database.DatabaseController.getConnection(DatabaseC
    ontroller.java:87)
            at com.cypherx.xauth.database.DatabaseController.isConnectable(DatabaseC
    ontroller.java:76)
            at com.cypherx.xauth.xAuth.onEnable(xAuth.java:81)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
            at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
    .java:336)
            at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
    r.java:381)
            at com.cypherx.xauth.xAuth.onEnable(xAuth.java:70)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
            at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
    .java:336)
            at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
    r.java:381)
            at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:250)
            at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:232
    )
            at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:371)
            at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:358)
            at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:187)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:422)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
    20:46:04 [SEVERE] [xAuth] Failed to establish H2 database connection!
    20:46:04 [INFO] [xAuth] Disabling xAuth v2.0.7
    20:46:04 [SEVERE] [xAuth] Failed to close H2 connection pool!
    java.lang.NullPointerException
            at com.cypherx.xauth.database.DatabaseController.close(DatabaseControlle
    r.java:138)
            at com.cypherx.xauth.xAuth.onDisable(xAuth.java:38)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:217)
            at org.bukkit.plugin.java.JavaPluginLoader.disablePlugin(JavaPluginLoade
    r.java:362)
            at org.bukkit.plugin.SimplePluginManager.disablePlugin(SimplePluginManag
    er.java:399)
            at com.cypherx.xauth.xAuth.onEnable(xAuth.java:85)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
            at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
    .java:336)
            at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
    r.java:381)
            at com.cypherx.xauth.xAuth.onEnable(xAuth.java:70)
            at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
            at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
    .java:336)
            at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
    r.java:381)
            at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:250)
            at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:232
    )
            at net.minecraft.server.MinecraftServer.t(MinecraftServer.java:371)
            at net.minecraft.server.MinecraftServer.a(MinecraftServer.java:358)
            at net.minecraft.server.MinecraftServer.init(MinecraftServer.java:187)
            at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:422)
            at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
    Could you please help me out? Because my server is nothing without xAuth!
    Gr. GlitchHero9724
     
  28. Offline

    CypherX

    No. The default datasource is H2 which is fully automatic and requires no user interaction.

    GlitchHero9724
    What version of xAuth did you upgrade from? Were you using MySQL?
     
  29. Offline

    908070p

    well it didnt work for me when i installed and reloaded/restarted 5 times
     
  30. Offline

    CypherX

    How do you expect me to help you if you don't provide any information? Let's start with the error from the server log.
     
  31. Offline

    908070p

    no errors it just wont show the ./login when i restart but it shows in the ./plugins as green. I use Mpserv hosting
     
Thread Status:
Not open for further replies.

Share This Page