LoginSecurity
LoginSecurity
LoginSecurity is a lightweight password authorization plugin. You can optionally set a password each time you enter the server, adding a double layer of security to your account. The password is stored inside the configuration file, nobody else except the server owner can access or modify it.
How does it work?
Install the pluign to your /plugins/ directory, then start your server.
Type /register <password>, your account is now locked with a password.
For each time you login, make sure to use /login <password>.
Features
- Register your account optional or required (change in config)
- 5 Useful commands to mangage your password
- Advanced administrative control
- Advanced documentation via wiki
- Secure password storage using BCrypt
- Secure sessions storing to improve user experience
- Customizable time-out
- Map captcha upon registration (user friendly)
- Conversion from AuthMe and xAuth (check wiki for more info)
- Premium support through AutoIn
- Automatic update with changelog overview
- Username filtering (length and characters)
- Highly detailed configuration
- Automatically updated translation manager (user-submitted)
- Prevents being kicked by orther players loging in with your name
Session login allows the user to log in right after they logged out and not have to type in their password again. (1 minute time limit of being logged out, stores IP during that time to keep everything safe)
Commands
/lac - Admin command, rmpass and reload
/register <password> - Set your password
/login <password> - Login with your password
/changepass <old> <new> - change your password
/logout - Logout
Permissions
- loginsecurity.admin - allows admin command
- loginsecurity.update - shows update notifications
Video
Thanks to ServerMiner for making this informative tutorial
Orther tutorials: German (by MineCraftler4Live)
Planned
- Add translation interface for easier language selection
- Suggestions?
Known Bugs
- Players can mount/dismount and ride on vehicles while not logged in
Disclaimer
By default, LoginSecurity will check for updates from bukkitdev every 3 hours.
This feature can be disabled by setting "update-checker" to "false"
Anyone with the permission node ls.admin will be notified of updates, and it also able to download them via /lac update.
Which again can be disabled by disabling the update-checker
This plugin utilises Hidendra's plugin metrics system, which means that the following information is collected and sent to mcstats.org:
- A unique identifier
- The server's version of Java
- Whether the server is in offline or online mode
- The plugin's version
- The server's version
- The OS version/name and architecture
- The core count for the CPU
- The number of players online
The Metrics version Opting out of this service can be done by editing plugins/Plugin Metrics/config.yml and changing opt-out to true.
Additionally, when the language setting is changed, information is retrieved from lang.lenis0012.com to aquire up to date translations.
Links
- v3.0.2 - Download (18 - 1.15)
- Source code (GitHub)
- https://github.com/lenis0012/LoginSecurity-2/wiki (Wiki)
- https://github.com/lenis0012/Translations/wiki/Contribute (Translation Contribution)
Donate
If you want to support me working on this project, please donate.
It helps me alot to keep my projects up.
Donate at the top right corner
Comments
-
lenis0012 Owner
-
View User Profile
-
Send Message
Posted Sep 6, 2014Everyone is waiting for you to update your amazing plugin to 1.7.9/1.7.10 :D
-
View User Profile
-
Send Message
Posted Aug 25, 2014BUG FOUND
People can use your permissions by changing your name's capital letters (Server owner is Mark, but a hacker can use name MarK or mark to use his permissions)
I NEED AN IMMEDIATE FIX
-
View User Profile
-
Send Message
Posted Aug 23, 2014[19:56:50] [Server thread/INFO]: [LoginSecurity] Enabling LoginSecurity v2.0.9 [19:56:50] [Server thread/ERROR]: [LoginSecurity] Could not read from auth list!
-
View User Profile
-
Send Message
Posted Aug 23, 2014@TheLordofNyrin
Sorry im currently on vacation I will do an update when i am back
-
View User Profile
-
Send Message
Posted Aug 12, 2014people cannot move even if admin with this plugin, even after login, had to remove, using cauldron for MC 1.6.4 r1.0 going to find something else now. this was going to work great except none of my players can move!
-
View User Profile
-
Send Message
Posted Aug 8, 2014@AvengeR9966
they hacked your account
bij using a capital letter in the name
so if your name is Nick
someone can hack your account bij using a cracked clint en make a his name NICK or NiCk or NIck or ....
this is somthing why this plugin does not work on MultiCraft or Linux servers on Windows this hack doesnt work
look at the users who logget in on your server. if there are people with capital letters in the names
-
View User Profile
-
Send Message
Posted Aug 8, 2014add a converter from authme
-
View User Profile
-
Send Message
Posted Aug 4, 2014@tennya
Tennya, I already set the MySQL settings to "true" and it made a table called "ls_users". But when I player tries to register with password, the console displays error and MySQL table is still empty without any information.
-
View User Profile
-
Send Message
Posted Aug 2, 2014@satlagamer
use prefix ls_ on your table
-
View User Profile
-
Send Message
Posted Aug 2, 2014Баги плагина для версии 1.5.2 бесконечны http://griefing.ru/blogs/griefings/bugs-plugin-loginsecurity Bugs plugin LoginSecurity to version 1.5.2 infinite
-
View User Profile
-
Send Message
Posted Jul 29, 2014The plugin is not working well on 1.7.5 and 1.7.9 and 1.7.10. Session option is not working and MySQL is not working, I guess because of the UUID system. Can you please update your amazing plugin to 1.7.9? :D
-
View User Profile
-
Send Message
Posted Jul 28, 2014@live4redline
you must not create tables by yourself just create the username and password and the database directory then run the server the plugin must create the tables on your mysql
let me know if it works
-
View User Profile
-
Send Message
Posted Jul 27, 2014I have the plugin running on each of my servers but wanted to put it on SQL. But when i do, it activates on startup, but once you i try to issue a /register or join the server i get SQL errors in console.
Says "Failed to create User", "com.mysql.jdbc.exceptions/jdbc4.MySQLSyntaxErrorException: You have an eror in your SQL syntax... bla bla bla ....wcla at line 1."
Any idea how to fix this? I have tried several things in the SQL setup and older versions of the plugin and many server restarts and re-installs. Can someone point me in the write direction?
-
View User Profile
-
Send Message
Posted Jul 26, 2014This plugin protect force op?
- invalid username using:
/rmpass /lac
-
View User Profile
-
Send Message
Posted Jul 23, 2014@lenis0012
[18:53:37] [Server thread/INFO]: [LoginSecurity] Enabling LoginSecurity v2.0.9 [18:53:37] [Server thread/INFO]: Username column was detected, conversion to UUID will begin in 10 seconds. [18:53:37] [Server thread/INFO]: This can not be reversed, stop the server NOW if you don't want this. [18:53:37] [Server thread/ERROR]: [LoginSecurity] Could not read from auth list! [18:53:37] [Server thread/INFO]: Server permissions file permissions.yml is empty, ignoring it [18:53:37] [Server thread/INFO]: Done (1,204s)! For help, type "help" or "?" [18:53:37] [Server thread/INFO]: Starting GS4 status listener [18:53:37] [Query Listener #1/INFO]: Query running on 127.0.0.1:25560 [18:53:47] [pool-3-thread-1/INFO]: Conversion to UUID has started, this may take some time [18:53:49] [pool-3-thread-1/INFO]: Loaded 100045 columns, starting to convert usernames to uuid [18:53:49] [pool-3-thread-1/INFO]: Offline-mode detected. uuids will be converted locally [18:53:49] [pool-3-thread-1/WARN]: Exception in thread "pool-3-thread-1" [18:53:49] [pool-3-thread-1/WARN]: org.apache.commons.lang.UnhandledException: Plugin LoginSecurity v2.0.9 generated an exception while executing task 2 at org.bukkit.craftbukkit.v1_7_R3.scheduler.CraftAsyncTask.run(CraftAsyncTask.java:56) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.lang.NullPointerException at com.lenis0012.bukkit.ls.data.MySQL$1.run(MySQL.java:95) at org.bukkit.craftbukkit.v1_7_R3.scheduler.CraftTask.run(CraftTask.java:53) at org.bukkit.craftbukkit.v1_7_R3.scheduler.CraftAsyncTask.run(CraftAsyncTask.java:53) ... 3 more on craftbukkit 1.7.9
[18:37:26] [Server thread/INFO]: [LoginSecurity] Enabling LoginSecurity v2.0.10 [18:37:27] [Server thread/INFO]: Username column was detected, conversion to UUID will begin in 10 seconds. [18:37:27] [Server thread/INFO]: This can not be reversed, stop the server NOW if you don't want this. [18:37:27] [Server thread/ERROR]: [LoginSecurity] Could not read from auth list! [18:37:27] [Server thread/INFO]: Server permissions file permissions.yml is empty, ignoring it [18:37:27] [Server thread/INFO]: Done (2,263s)! For help, type "help" or "?" [18:37:27] [Server thread/INFO]: Starting GS4 status listener [18:37:27] [Query Listener #1/INFO]: Query running on 127.0.0.1:25560 [18:37:37] [Craft Scheduler Thread - 0/INFO]: Conversion to UUID has started, this may take some time [18:37:38] [Craft Scheduler Thread - 0/INFO]: Loaded 100026 columns, starting to convert usernames to uuid [18:37:38] [Craft Scheduler Thread - 0/INFO]: Offline-mode detected. uuids will be converted locally [18:37:39] [Craft Scheduler Thread - 0/WARN]: Exception in thread "Craft Scheduler Thread - 0" [18:37:39] [Craft Scheduler Thread - 0/WARN]: org.apache.commons.lang.UnhandledException: Plugin LoginSecurity v2.0.10 generated an exception while executing task 2 at org.bukkit.craftbukkit.v1_7_R4.scheduler.CraftAsyncTask.run(CraftAsyncTask.java:56) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.lang.NullPointerException at com.lenis0012.bukkit.ls.data.MySQL$1.run(MySQL.java:95) at org.bukkit.craftbukkit.v1_7_R4.scheduler.CraftTask.run(CraftTask.java:71) at org.bukkit.craftbukkit.v1_7_R4.scheduler.CraftAsyncTask.run(CraftAsyncTask.java:53) ... 3 more
on last spigot
please help
-
View User Profile
-
Send Message
Posted Jul 23, 2014I have translated your plugin in French : http://smarturl.it/loginsecurityfr !
-
View User Profile
-
Send Message
Posted Jul 21, 2014@EddieFriday i got the same problem and fix it remove the plugin v 2 0 9 and put the v 2 0 8 and dont create any table on the sql just create the user pass and database the plugin must create the tables ... put the sql inf in config file and start bukkit 1.7.9 it will conect and create all the tables username pass ... the restart bukkit and it will work @EddieFriday
-
View User Profile
-
Send Message
Posted Jul 21, 2014@live4redline
in mi conf works try to test it without other plugins just this plugin and bukkit and see if that happens try other versions of bukkit just to see whatstheproblem
-
View User Profile
-
Send Message
Posted Jul 21, 2014why the encription sha1 is not encriptin as sha1 it set another code on the sql database i cant access that password from another client like a web forum i put on my php forum this code
$sql = "SELECT username FROM users WHERE username = '" . mysql_real_escape_string($_POST['username']) . "' AND password = '" . sha1($_POST['password']) . "'"; and dosent work i think is becouse the encription is not only sha1 cause when i sha1 my password it gives me another code and not the one stores on sql database it works with the username but not the password
-
View User Profile
-
Send Message
Posted Jul 20, 2014Love the plugin, installed it on our server cloud.
The "Session login" doesn't seem to be working though. Moving from one server to another or leaving and logging back in always asks for a login even if its in the 60 seconds or the 600 seconds I set it too. Any ideas...?