CrazyLogin
Version 7.24
Its recommended to run your server in online mode!
Minecraft is a excellent game. If you want to play it, you should buy it, like every other game you play.
Description
Adds per player passwords to your server. This will increase your server's protection against griefers and account thiefs.
Keep these two things in mind:
- The protection is only as good as your passwords.
- The server is still less secure then a server in online mode.
- My plugin is not limited to offline mode servers,
therefore you can increase security for both server types (offline and online mode servers).
- My plugin is not limited to offline mode servers,
Features
- This plugin supports two modes. Maybe-Password and Password-Only
- Maybe-Password:
The user can create a password, if he wants to
(a password is required for ops/players with permission) - Password-Only:
The user has to create a password and login.
- Maybe-Password:
- Users who aren't logged in, cannot chat, build, fight, drop items, move, teleport.
- (Optional) Ability to hide/change Join/Quit-Messages, hide players who aren't logged in.
- Multiple password Encryption algorithms
- AuthMe, xAuth support
- Integrated Config, Flat, MySQL and SQLite-Database support.
- Integrated Logging support.
- Integrated CrazyPipes support.
- Session support
- Supports single sessions
- saveLogins (teleport to spawn until login).
- If you do not logout and autoLogout is disabled, you can rejoin from the same IP.
- Permission + option to disable ingame registration.
- forceSaveLogin option to hide the players current location until login
- this fixes the issues with AntiCheat being kicked for flying due to anti move protection.
- maxRegistrationsPerIP and maxOnlinesPerIP options
- Command usage is stricktly limited, when not logged in (whitelist).
- Possibility to block guest commands, chat and join.
- Warn players with permission, if some fails to login or execute a command if he isn't allowed to.
- (Optional) Kick players who don't register, don't login, fail to login, execute a command.
- (Optional) TempBan players who don't login or fail to login.
- Adminlogin and Tokenlogin commands available
- Command to logout automatically when leaving the server
- Command to expire passwords (force players to change their passwords)
- Filter- & Sortable Accountlist
- Playerinfo (Name, IP, Connection and more)
- Ability to delete inactive accounts.
- PluginAPI available
- Client AutoLogin Plugin available (can be blocked)
Requirements
- CrazyCore (Version 10.7.7 or later)
Related Plugins
- CrazyLoginAutoLogin (Client-Plugin)
- CrazyCaptcha (Captcha)
- CrazyLoginFilter (IP/Connection Access Filter)
- CrazyLoginRank (Join Ranking)
Configuration & Options
(with description of all available options)
Commands with their Permissions
Issues ?
CommandHelper
Have a look at this CommandHelper Extension
Factions
Factions uses a very special way to execute commands, which bypasses default command protection.
Use this plugin to fix that until Faction fixed that:
CrazyLogin_FactionProtection
Convert database
You can convert your database with /crazylogin mode database <Type>".
Especially on huge flat databases this may take very long.
You can use this tool to convert your flat database to a mysql import script.
CrazyLogin_Flat_2_MySQL
(Notice: This file has NOT been reviewed by any Bukkit staff!)
Just copy this jar to your accounts.db then execute this jar.
This will create an accounts.db.sql file.
Others ?
Create a ticket or post a message!
Metrics
(Generated by MCStats.org)
Languages
- en_GB (English)
- de_DE (German - Deutsch)
- bg_BG (Bulgarian - български, thanks to LocoFreak)
- el_GR (Greek - ελληνικά, thanks to razorrazor)
- es_AR (Spanish (Argentina) - argentino, thanks to LynnJordison)
- es_ES (Spanish - Español, thanks to Sirikon, vicente947)
- fi_FI (Finnish - Suomi, thanks to suomenlippis)
- fr_FR (French - Français, thanks to FireBurst699)
- it_IT (Italian - italiano, thanks to giuditta1974)
- kr_KR (Korean - 한국어, thanks to TABtech)
- lt_LT (Lithuanian - Lietuvos, thanks to donatass162)
- nl_NL (Dutch - Nederlands, thanks to blipman17, jekeke123)
- pl_PL (Polish - polski, thanks to MegaManNT)
- pt_BR (Portuguese (Brazil) - brasileiro, thanks to bchilelli)
- ro_RO (Romanian - Romana, thanks to Cozzmy13)
- ru_RU (Russian - русский, thanks to kilolife, SannyOK)
- zh_CN (Chinese - 简体中文, thanks to cdcp998, mindcat, Liouftgoo)
- zh_TW (Traditional Chinese - 繁體中文, thanks to Chanmo)
(Please post additional translations here, so i can share them to everybody!)
Comments
-
theonemadhawk Owner
-
View User Profile
-
Send Message
Posted Jan 13, 2013Just finished translating CrazyLogin "el_gr.lang" ;)
http:dev.bukkit.org/paste/6891/
-
View User Profile
-
Send Message
Posted Jan 13, 2013Ok thanks!
-
View User Profile
-
Send Message
Posted Jan 13, 2013@razorrazor
There is a list of parameter names available too
https://github.com/ST-DDT/Crazy/blob/master/CrazyLogin/src/resource/lang/messages.lang
in this case:
$0$=Name
$1$=IP
-
View User Profile
-
Send Message
Posted Jan 13, 2013@TheOneMadHawk
Can I have some help here?
In line 9 of en_en.lang (in CrazyLogin) it says "Couldn't detach the IP $1$ from $0$'s connections."
The question: What $0$'s stands for?(a player?... In other translations people have translated it as a list or something...),I need some help because I am translating it.
Thanks ;)
-
View User Profile
-
Send Message
Posted Jan 9, 2013@mindcat
Fixed in 7.7.2
http://dev.bukkit.org/server-mods/crazylogin/files/99-crazy-login-v7-7-2/
-
View User Profile
-
Send Message
Posted Jan 9, 2013If I removed "saveLoginLocations:" options in config and CrazyLogin config exists, then "saveLoginLocations:" options can't be regenerated, I will be getting an error.
-
View User Profile
-
Send Message
Posted Jan 8, 2013@LOCOxKILLER
/crazylogin player chgpw <Name> <Password>
Change a players password.
Permission: crazylogin.player.password
-
View User Profile
-
Send Message
Posted Jan 8, 2013How do i change some ones password ???
-
View User Profile
-
Send Message
Posted Jan 7, 2013@TheOneMadHawk
Ok, I see.
-
View User Profile
-
Send Message
Posted Jan 7, 2013@mindcat
Directly use hashed password should be not allowed.
It is not allowed, but when using plaintext encryption the hashed password = unhashedpassword.
But if I setting files stored "..\..\CrazyLogin", that files will stored in here "d:\helloiamfolder\CrazyLogin" , FTP only can access Bukkit directory and sub folder.[...]
this requires a custom build and i currently have no time for such a remarkable custom build. Sorry.
-
View User Profile
-
Send Message
Posted Jan 7, 2013@TheOneMadHawk
What? why not "input password -> hashed -> check the database hashed password -> both corrected -> Verification Successful"?
Directly use hashed password should be not allowed.
Plugins can access the previous directory. for example:
Bukkit in here "d:\helloiamfolder\bukkit\"
Normally the CrazyLogin files will stored in here "d:\helloiamfolder\bukkit\plugins\CrazyLogin"
But if I setting files stored "..\..\CrazyLogin", that files will stored in here "d:\helloiamfolder\CrazyLogin" , FTP only can access Bukkit directory and sub folder.
I want to setting database password, only know the password then you can use CrazyLogin to modify and delete database. And this password is stored in a text file, the text file stored "d:\helloiamfolder\CrazyLogin" only owner can access.
-
View User Profile
-
Send Message
Posted Jan 7, 2013@mindcat
"he could hack the server by changing the algorithm to plaintext to get the main password."
But how? hash algorithm is irreversible
They are but i they know the hash he can use the hash to login when plaintext encryption is enabled. (Because of this plaintext encrytpion is recommended to be not used.)
I still don't get the point
What do you want from me to do?
-
View User Profile
-
Send Message
Posted Jan 7, 2013@TheOneMadHawk
1, Impossible, because if he can access other shared database server, I can't control it.
2, Possible, but how about log IPs? limit his access is limited plugin access.
3, Impossible, I am not really server owner. But they are limited in a folder access.
I think just add a database access password, if you are human, then type the password, or you are Crazy plugins won't type. The password must hashed and stored in a file they can't modify and delete by FTP.
For example, they can access "d:\helloiamfolder\bukkit\" and sub folders.
But they can't access "d:\helloiamfolder\".
Don't give them a way to modify or delete the hashed password , so I think this is possible.
Other ways, get the hashed password by HTTP or FTP or Dropbox.No, this can be changed by config. be sure locked the folder setting.
If he change the database savetype, he need the password to convert Mysql to other save type.
"he could hack the server by changing the algorithm to plaintext to get the main password." But how? hash algorithm is irreversible, he did not have enough computing resource to crack the hashed password.
So how do you think? he did not have all permissions.
Server owners can exchange hashed password. If someone leaked, it is owners problems.
-
View User Profile
-
Send Message
Posted Jan 6, 2013@mindcat
Currently there is no feature against that.
Maybe i could add a feature but i guess this would make everything too complicated.
The only thing i could image i can do is to disable all admin commands.
When he has access to the database itself how shall i protect the server against that?
i could add a "primary" database with not modifyable accounts.
but he still could change the database savetype
he could hack the server by changing the algorithm to plaintext to get the main password.
if he also has FTP access there is nothing left i can do against him.
i can just tell you this. Don't give someone who would do this the permission to do so.
1) Use a permission plugin to block this players access to important features and commands.
2) Limit his access on the SQL Server. (No modify/delete permission at the CrazyLogin database)
3) No access to CrazyCore/CrazyLogin/PermissionPlugin files and folders via FTP or Webaccess
-
View User Profile
-
Send Message
Posted Jan 6, 2013@TheOneMadHawk
For example, one day, a player is trusted by server owner, he got permissions could access some critical plugins like CrazyLogin, WorldEdit.
Another day, did not know why the player do some bad thing for now, delete buildings, crash the server, or even delete a login database.
So I want to ask, how to prevent bad guy to access login database doing bad things, even bad guy got access other shared database server.
Maybe I wasn't speaking well. But no problem, just explain again. I have enough times to explain.
-
View User Profile
-
Send Message
Posted Jan 6, 2013@mindcat
Ok, so how to prevent like OP griefer?
What are op griefers?
-
View User Profile
-
Send Message
Posted Jan 5, 2013@TheOneMadHawk
Ok, so how to prevent like OP griefer?
Well, I am planning server sync blacklist to prevent griefer, but I don't want someone broken the database for security reasons.
I know my English not well, but I can talk you that is enough.
-
View User Profile
-
Send Message
Posted Jan 5, 2013@mindcat
I don't know if i understand you corretly.
It is impossible to access more than one databases at once.
But you can access the databases from muliple servers at once.
-
View User Profile
-
Send Message
Posted Jan 5, 2013Could support multiple mysql database? I want to do like some multi-server login database.
-
View User Profile
-
Send Message
Posted Jan 3, 2013@Fexer
Ok, i'll ask them if something has changed.
@The_Wizard
Where can I find the php functions to encrypt password to CrazyCrypt1 and to check if the password is ok?
https://raw.github.com/ST-DDT/Crazy/master/CrazyLogin/php/Encryptors/CrazyCrypt1.php
Can I add more columns, like email to mysql from the plugin's config file?
No, adding new columns to the config won't change anything, but you can add to mysql table and it won't be deleted. On the other hand it isn't used for anything in the plugin, but it can be usefull when using it for your forum.