Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
Download v2.0.10

lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page: http://dev.bukkit.org/server-mods/xauth/

Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel (irc.rizon.net #LoveDespite) or toss me a message at http://love-despite.com/forum. Until we meet again, stay gold. Bang.

------------------------------------------------------------------​

xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.

Video Tutorial | Commands & Permissions | Configuration | Messages | Translations | Source | Donate!​

Features

• Before registering/logging in, players cannot:
  • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
  • Break or place blocks
  • Receive or give damage, be targeted (followed) by hostile mobs
• Inventory and location protection
• In-depth setting and message configuration
• Persistent login sessions through server restarts
• Player name filter and password complexity configuration
• Kick non-logged in (but registered) players after a configurable amount of time
• Bukkit Permissions support
• Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
• Custom, highly secure password hashing
• H2 and MySQL support
• Authentication over URL (AuthURL) allows for connection to forum or website databases

Changelog (click for full changelog)

• Version 2.0.10
  • [Fixed] Exploit to completely bypass login system.
  • [Fixed] xAuth commands not working with Rcon
  • [Fixed] Exploiting login system to avoid fire & drowning damage.
  • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
  • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
  • [Fixed] Exploiting location protection after dieing to return to the spot of death.
• Version 2.0.9
  • Added several reverse single session configuration options.
  • Fixed registration.forced: false not working.
  • Updated version check and H2 download links.

xAuth Importer
xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.

 

Looks awesome, im going to install that, but i have got one question please..
Code:
java -jar xAuthImporter.jar
Where do i have to put that code? in the auths.txt in plugins/xAuth/ ???

My admins and OP's dont have to register and login and i tried everything to change that, i want them to authenticate themselfs too, but i dont know how.. Could someone help me please? I tried everything..

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

xauth.exclude
That's all i'm gonna say

 

it randomly started working... I don't know how. But I downloaded the latest version again today and it worked fine...

 

I can't thank you enough!
Oh my god this plugin is amazing!
Much love from me!
Incase you couldn't tell it works for me.

 

This did not fix the problem for me :S! Can anyone help me? This is my permissions file for admins:

Code:

    Admins:
        default: false
        info:
            prefix: ''
            suffix: ''
            build: true
        inheritance:
        permissions:
            - 'xauth.exclude'
            - '*'

Also I have another problem, if someone logs in with the same name as me (the admin), it still disconnects me from the server. Anyway to stop this?

 

I'll test some of these to see if they are causing the issue you're having. It'll help if you could test some as well by disabling them one at a time and trying it.

That's only used if you're trying to import the auths database from AnjoSecurity in a Unix environment with xAuth Importer.

Your initial question has been answered multiple times in the previous two pages of this thread. As for your other question, if you're using WorldGuard you need to disable enforce-single-session in it's configuration.


To acknowledge the /toggle command conflicting with the Citizens plugin; I don't feel the need to change anything as it was working fine until the developer of Citizens changed his command syntax.

 

great realease. Thank you!

 

need ingame Account making for Admins pls

 

am i doing something wrong? i got an outdated anjosecurity plugin for the .db file and imported it to a .txt but nothing happened...yes i've added the file in /plugins/xAuth

 

i really need to reconfigure the /toggle command please Citizens plugin is useless with your xAuth -.-

 

I have just downloaded it and installed the mod but "Players are no longer kicked if someone with the same name joins" i still get kicked... ive already got an account but when i try with two minecraft cilents logging i get kicked for that reason.... im i doing something wrong?​

 

Hi,

First, I found this to be a great plugin. However, I've got a major issue that will actually decide whether or not I'll be using this on my server:

Everytime a player logs in and is re-teleported from the spawn to the location where he was, it inflicts fall damage randomly (from a couple of hearts to four or five). Why is this caused?

EDIT: It seems to be caused by the /logout command, because it only happens in-game, and not when you join. Also, it does not happen if you toggle off the safezone option so that it does not teleport you to the spawn.

 

I believe this is a feature of Minecraft already...

 

DeltaDevil i just find a solution .. open your Citizens.jar eg. in WinRar, open plugin.yml and add this line under Toggle command (yml format, use spaces)

Code:

aliases: [t, tog, togg]

Safe and profit !

 

xAuth 2 will allow this in some form.

"nothing happened" is very generic and can mean anything.

If you are also using WorldGuard, enforce-single-session needs to be disabled.

Before they are logged in and are being teleported to the spawn, are they constantly falling then being re-teleported back up?

 

My problem is happening again. I also disabled enforce-single-session option. But now somebody can login he sees a message he/she is online now and he gets disconnected and i disconnected too. Sorry for my bad English.

 

It just doesn't work, i dont understand it anymore :s can't they make a video with a tutorial or something?

 

doesn't work cuz there's no xAuth folder inside the .jar

 

Is there a possibility to "autologout" when you end your session ? ....because its not that comfortable to type
"/logout" everytime you disconnect from your server for a long time.

 

When a player connects it checks if they have a session and if it's expired, removing it if necessary.


Attention all xAuth users! If you're interesting in discussing or sharing your ideas for xAuth 2.0, visit this thread: http://forums.bukkit.org/threads/xauth-2-0-discussion-ideas.18083/

 

Hey,
Why I get almost everytime killed after I log in? I know it must be something with height difference between respawn point and the place where I was, but why doesn't this plug just teleport the player to the place where he stood earlier? What can I do to prevent from getting killed? I know I can logout while being on water, but it is no solution for me.

EDIT: I know why, my respawn point WAS ON THE WATER and because of that my char was jumping for most of the time and when he was teleported, sometimes he fell.

 

@CypherX
Heya. I really really wanna use this plug-in. Can you please tell me what the problem is:

I'm not sure what's wrong. Do you know?
Thanks a lot,
Great plug-in,
-DanJames

 

Uhh Is it me or is this plugin showing your inventory and allows ops to use the give command cause I can use it. =(

 

How do we configure the player to have to login at the spawn location. I use SpawnControl and I people to spawn at the "global spawn point".

 

Help me please! I have xAuth installed with permissions plugin and only members of default group have to authorize. For members of other groups xAuth do not work!

 

Looks like something is causing the code used to teleport a player back to their original position is failing. Is it still happening?

Not possible at the moment, although it has already been implemented in xAuth 2 (which has been making a lot of progress lately).

Any groups/players with the '*' permission must also have '-xauth.exclude' (note the hyphen).

 

Yes it is still happening. I really need this plug-in on my sever Do you know why it's happening?
Also, someone said something about spawning? So does xAuth set its own spawn and have that as default?
-DanJames

 

Hi,

I want to translate your plugin in french. But :

How to allow special characters ?

 

hi all

Im admin and i put -'*' in my permission cause i need all permissions, and lots of plugins.
Problem is take xauth.exclude
but i want the person who want to take my nickname have to login ! but with this exclusion, no protection on my nickname.

Is there a way to correct that ?

thanks you

 

Check your config.yml for xAuth and make sure misc.protect-location has a proper boolean value.

Surround the text with single quotes.

This has been answered multiple times already, including in 3 posts above yours.