LoginSecurity
LoginSecurity
LoginSecurity is a lightweight password authorization plugin. You can optionally set a password each time you enter the server, adding a double layer of security to your account. The password is stored inside the configuration file, nobody else except the server owner can access or modify it.
How does it work?
Install the pluign to your /plugins/ directory, then start your server.
Type /register <password>, your account is now locked with a password.
For each time you login, make sure to use /login <password>.
Features
- Register your account optional or required (change in config)
- 5 Useful commands to mangage your password
- Advanced administrative control
- Advanced documentation via wiki
- Secure password storage using BCrypt
- Secure sessions storing to improve user experience
- Customizable time-out
- Map captcha upon registration (user friendly)
- Conversion from AuthMe and xAuth (check wiki for more info)
- Premium support through AutoIn
- Automatic update with changelog overview
- Username filtering (length and characters)
- Highly detailed configuration
- Automatically updated translation manager (user-submitted)
- Prevents being kicked by orther players loging in with your name
Session login allows the user to log in right after they logged out and not have to type in their password again. (1 minute time limit of being logged out, stores IP during that time to keep everything safe)
Commands
/lac - Admin command, rmpass and reload
/register <password> - Set your password
/login <password> - Login with your password
/changepass <old> <new> - change your password
/logout - Logout
Permissions
- loginsecurity.admin - allows admin command
- loginsecurity.update - shows update notifications
Video
Thanks to ServerMiner for making this informative tutorial
Orther tutorials: German (by MineCraftler4Live)
Planned
- Add translation interface for easier language selection
- Suggestions?
Known Bugs
- Players can mount/dismount and ride on vehicles while not logged in
Disclaimer
By default, LoginSecurity will check for updates from bukkitdev every 3 hours.
This feature can be disabled by setting "update-checker" to "false"
Anyone with the permission node ls.admin will be notified of updates, and it also able to download them via /lac update.
Which again can be disabled by disabling the update-checker
This plugin utilises Hidendra's plugin metrics system, which means that the following information is collected and sent to mcstats.org:
- A unique identifier
- The server's version of Java
- Whether the server is in offline or online mode
- The plugin's version
- The server's version
- The OS version/name and architecture
- The core count for the CPU
- The number of players online
The Metrics version Opting out of this service can be done by editing plugins/Plugin Metrics/config.yml and changing opt-out to true.
Additionally, when the language setting is changed, information is retrieved from lang.lenis0012.com to aquire up to date translations.
Links
- v3.0.2 - Download (18 - 1.15)
- Source code (GitHub)
- https://github.com/lenis0012/LoginSecurity-2/wiki (Wiki)
- https://github.com/lenis0012/Translations/wiki/Contribute (Translation Contribution)
Donate
If you want to support me working on this project, please donate.
It helps me alot to keep my projects up.
Donate at the top right corner
Comments
-
lenis0012 Owner
-
View User Profile
-
Send Message
Posted Apr 30, 2013@ricyosma
You can no longer acces passwords since 2.0 It is stored in a binary file (.db) This can only be loaded using JDBC in java (SQLite)
And when you acces it using that it is still encrypted in md5 by default
-
View User Profile
-
Send Message
Posted Apr 30, 2013@deleted_9859142
hhm weird. Ill fix it soon
-
View User Profile
-
Send Message
Posted Apr 29, 2013how do i translate this?
-
View User Profile
-
Send Message
Posted Apr 29, 2013@ricyosma
Works now, but I found another big error.
Every player can insert other comments like /time and if I type /reload I don't have to login. Thats a big security gap. Please fix :)
-
View User Profile
-
Send Message
Posted Apr 29, 2013oke where can i find the passwords of other people in my bukkit map. i have no idea anymore and since 2.0 i have no data file anymore where first all the passwords was. (sorry not good correct english)
-
View User Profile
-
Send Message
Posted Apr 28, 2013@lenis0012
Oh jeah, sry my fault :s Is there already a pre download link for version 2.0.1? Thx for this nice plugin.
-
View User Profile
-
Send Message
Posted Apr 28, 2013@deleted_9859142
Actualy its not that.
It kicks everyone who has capitalized characters in his name.
Fixed in v2.0.1
-
View User Profile
-
Send Message
Posted Apr 28, 2013@BadDog8891
Yep, except of admins. (people with full permissions)
-
View User Profile
-
Send Message
Posted Apr 27, 2013Kicks out players that are already logged in.
-
View User Profile
-
Send Message
Posted Apr 27, 2013with mysql: true my server crashed, i use your plugin the first time. (my bukkit and vault are the latest release Version)
2013-04-28 06:17:45 [SEVERE] Failed to get data from SQLite db com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Table 'felixcraft.users' doesn't exist at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) at java.lang.reflect.Constructor.newInstance(Unknown Source) at com.mysql.jdbc.Util.handleNewInstance(Util.java:407) at com.mysql.jdbc.Util.getInstance(Util.java:382) at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052) at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3593) at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3525) at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1986) at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2140) at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2626) at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2111) at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java:2273) at com.lenis0012.bukkit.ls.data.MySQL.isRegistered(MySQL.java:69) at com.lenis0012.bukkit.ls.LoginListener.onPlayerJoin(LoginListener.java:49) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:425) at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62) at org.bukkit.plugin.SimplePluginManager.fireEvent(SimplePluginManager.java:477) at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:462) at net.minecraft.server.v1_5_R2.PlayerList.c(PlayerList.java:204) at net.minecraft.server.v1_5_R2.PlayerList.a(PlayerList.java:100) at net.minecraft.server.v1_5_R2.PendingConnection.d(PendingConnection.java:129) at net.minecraft.server.v1_5_R2.PendingConnection.c(PendingConnection.java:44) at net.minecraft.server.v1_5_R2.DedicatedServerConnectionThread.a(DedicatedServerConnectionThread.java:41) at net.minecraft.server.v1_5_R2.DedicatedServerConnection.b(SourceFile:29) at net.minecraft.server.v1_5_R2.MinecraftServer.r(MinecraftServer.java:580) at net.minecraft.server.v1_5_R2.DedicatedServer.r(DedicatedServer.java:225) at net.minecraft.server.v1_5_R2.MinecraftServer.q(MinecraftServer.java:476) at net.minecraft.server.v1_5_R2.MinecraftServer.run(MinecraftServer.java:409) at net.minecraft.server.v1_5_R2.ThreadServerApplication.run(SourceFile:573)
-
View User Profile
-
Send Message
Posted Apr 27, 2013Timeout kicks already logged in players. Players (or maybe just OPs) can still execute commands without logging in. Other than that, it's fine.
-
View User Profile
-
Send Message
Posted Apr 27, 2013What the hec is going on, I just got this plugin i sucessfully logged in but it kicks me saying login timed out?
-
View User Profile
-
Send Message
Posted Apr 27, 2013Suggestions - Lock the INV, Repeat the log message ;P
-
View User Profile
-
Send Message
Posted Apr 27, 2013Can you add a converter for AuthmeReloaded?
-
View User Profile
-
Send Message
Posted Apr 27, 2013need update for 1.5.1 i think i want it :S
-
View User Profile
-
Send Message
Posted Apr 26, 2013Second try on LoginSecurity v2.0
I have recoded the SQL system and it seems to be bugfree now.
Reloaded the 2.x release and waiting for approval.
Enjoy LoginSecurity v2.0!
Converters (Authomaticly hapends on startup)
v1.x -> v2.x - Support as well YAML as MySQL from v1.x to be fully converted
SQLite -> MySQL - Used when SQLite file is found and MySQL enabled
xAuth -> LoginSecurity - hapends when xAuth is detected and enabled (restart server after this is done and remove xAuth)
-
View User Profile
-
Send Message
Posted Apr 26, 2013My problem Someone can use my bow while he didn't logged in I lost all my arrows
-
View User Profile
-
Send Message
Posted Apr 25, 2013i have a small problem with this plugin (v1.6.10)
the potion effect blindness dont work becasue this plugin disables instantly the effect...
I try to put blindness to false, but it does not work
please help me :(
-
View User Profile
-
Send Message
Posted Apr 24, 2013not working in 1.5.1?
-
View User Profile
-
Send Message
Posted Apr 21, 2013@Sniperzerox
thats becausde the latest version contains: [BLEEDING]
It will be fixed soon.
@vahanar
Use v1.6.10