PlayerLogger
PlayerLogger
Version: 2.9.1
CraftBukkit Build 1.5.1-R0.1 [Not Tested]
Info
Info This plugin lets you store every block place, block break, chat msg, command, enchant, kill, sign text etc. So, if you need proof of something just look them up! You can turn on and off what you actually want or don't want to log, in the main configuration file! The main developer is Kuuichi. I am just continuing and adding stuff. I am obligated to continue this plugin. The forum is http://forums.bukkit.org/threads/admn-playerlogger-v0-7-logs-of-your-players-1-2-5-r0-1.58959/ and has been accepted.
Video
Great video made by Brandon Hopkins
Features:
- Chat Logging
- IP Logging ( Implemented by Mcluke300 )
- Join Logging
- Quit Logging ( Implemented by Mcluke300 )
- Command Logging
- Death Logging
- Console Logging ( Implemented by Mcluke300 )
- Blacklist Block Logging ( Implemented by Mcluke300 )
- Sign Text Logging ( Implemented by Mcluke300 )
- Pvp Logging ( Implemented by Mcluke300 )
- Enchantment Loggin ( Implemented by Mcluke300 )
- Commands not to log ( Implemented by Mcluke300 )
- Bucket Logging ( Implemented by Mcluke300 )
- Metrics
- MySQL support
Log Example
[World One]McLuke300 joined: 192.168.1.101 (-27 64 220) (06-26-2012 20:03:48)
[World One]McLuke300 Killed TestyWestie (-18 64 220) (06-26-2012 19:37:30)
[World One]McLuke300 said: Example chat (-21 64 220) (06-26-2012 20:02:06)
[World One]McLuke300 command: /home (-20 64 219) (06-26-2012 20:02:08)
[World One]McLuke300 Sign: [McLukes][Home][][] (-22 64 222) (06-26-2012 20:02:22)
[World One]McLuke300 command: /give McLuke300 46 1 (-22 64 223) (06-26-2012 20:02:26)
[World One]McLuke300 Placed: TNT (-26 64 218) (06-26-2012 20:02:28)
[World One]McLuke300 Placed: TNT (-26 64 219) (06-26-2012 20:02:29)
[World One]McLuke300 command: /god (-32 64 212) (06-26-2012 20:02:36)
[World One]McLuke300 command: /suicide (-26 64 216) (06-26-2012 20:02:39)
[World One]McLuke300 Died. (-26 64 216) (06-26-2012 20:02:40)
[World One]06-26-2012 20:03:21 [McLuke300]ItemStack{STONE_SWORD x 1} {Enchantment[16, DAMAGE_ALL]=1} Xp Cost:3
[World One]McLuke300 Emptied Bucket of Water (-26 63 224) (06-26-2012 20:08:53)
[World One]McLuke300 Emptied Bucket of Lava (-26 63 221) (06-26-2012 20:08:54)
[World One]McLuke300 quit: 06-26-2012 20:03:45)
[Console]kick McLuke300 05-27 03:46:42
Config
File: LogToFiles: true //False if you want to use just mysql Log: //Log Joins PlayerJoins: true // Log Player quitting PlayerQuit: true //Log Chat PlayerChat: true //Log all Player commands PlayerCommands: true //Log Player deaths PlayerDeaths: true //Log enchantments PlayerEnchants: true //Log Pvp Pvp: true //Log Buckets Placed PlayerBucketPlace: true //Log Console commands ConsoleCommands: true //Log Player sign text PlayerSignText: true //A reload of server is required for this to take effect http://docs.oracle.com/javase/1.4.2/docs/api/java/text/SimpleDateFormat.html DateFormat: MM-dd-yyy HH:mm:ss //If this is true it will make the folder Playerlogger/Staff and all players with the Playerlogger.staff permission will be in there not Users SeparateFolderforStaff: true //False by default- Useful for offline servers where players can change capitalization in name and have a different file. All file names are in lowercase PlayerNamestoLowerCase: false //When true it will only log the players with the playerlogger.staff permissions LogOnlyStaff: false BlackList: LogBlackListedBlocks: true //Enables logging of blacklisted blocks Blocks: - '7' //Bedrock Block id - '46' - '57' - '*' //This will log all block place and breaks Commands: BlackListCommands: true //Enables Command Blacklisting (eg.wont log) BlackListCommandsForMySQL: true If this is true and blacklistcommands false it will blacklist commands for mysql and not files. CommandsToBlock: - /login //Wont log /login - /changepassword - /register MySQL: //More Information Below Enabled: true Server: 127.0.0.1:3306 Database: minecraft User: root Password: '0000'
MySQL
For a full guide on how to use MySQL with playerlogger look at the page for it. http://dev.bukkit.org/server-mods/playerlogger/pages/mys-ql/
Changelog
Comments
-
_ForgeUser7285231 Owner
-
_ForgeUser9317296 Tester
-
InfernoKun Author
-
jonnylin13 Former Author
-
View User Profile
-
Send Message
Posted Aug 2, 2012@javoris767
I'm just gonna do in file handler if player is staff and log only staff is true then it will log and not soothe others.
-
View User Profile
-
Send Message
Posted Aug 1, 2012@Enrux
Yeah :D playerlogger.user and have a config option to disable or enable this permission or something like that.
-
View User Profile
-
Send Message
Posted Aug 1, 2012Could you make a way to just log users with the staff permission? Or make a certain permission that normal users just get logged if have that permission
-
View User Profile
-
Send Message
Posted Aug 1, 2012@auskie
2.4.1 Fixes this. Waiting for approval :D
-
View User Profile
-
Send Message
Posted Aug 1, 2012@auskie
Oh dear last 3 updates have been to fix it and everything I might rewrite the block logging as it could be reduced in size.
-
View User Profile
-
Send Message
Posted Aug 1, 2012@Strahan201
Yeah I knew all about MySQL injection and had used prepared statements for all the fields in playerlogger to prevent someone from dropping a table from in game :D
Also thanks for the help with PHP I will defiantly give it another go. Also they are my credentials but it's just for local host testing so the only person who could hack it is me.
-
View User Profile
-
Send Message
Posted Jul 31, 2012Thank you in advance for reviewing this possible issue with v2.4:
Found a possible issue with the "Blacklist:" feature. When "LogBlackListedBlocks" set to true and Blocks: is set to '*' , only "placed" blocks are reported in text files and in MySQL.
In the same configuration, when LogBlackListedBlocks is set to false and Blocks: is set to '*' , only broken blocks are logged in text files & MySQL.
By design? My impression is that when LogBlackListedBlocks is set to true, everything is logged per what is set in Blocks: - when false, nothing is logged.
My config:
-
View User Profile
-
Send Message
Posted Jul 31, 2012The SQL statement passed to the server would then be:
Since the username had a '; it would complete your intended SQL statement then it would process the next statement it was fed - drop table users :) That's a crude example, you should Google it if you want more indepth explanation but that's the basic danger.
PPS: If root/0000 are your credentials, then be sure when you post examples in the future you also do not do that again (leaving your credentials in the pasted code)
PPPS: Looks like you're off to a good start though, not trying to sound negative or anything, just wanted to head off some bad habits at the pass :)
-
View User Profile
-
Send Message
Posted Jul 31, 20121. If your DB is really using "root" and "0000" to authenticate, change that. Never use root for your web app. Make a service account, give it just the rights it needs to the database/tables it talks to and set a complex password. "0000" would be cracked in probably less than a second, lol. An old password I used to use (I change them every 30 days) for example was H8!)zoL2)b.
2. Never, ever do stuff like this:
$user = $_POST["user"]; $pass = $_POST["password"]; $sql2 = "SELECT * FROM users WHERE Username='$user'"; $result = mysql_query($sql2,$con);Install PDO (php_pdo_mysql.dll). It's far more efficient and safer to process that in this manner:
$user = $_POST["user"]; $pass = $_POST["password"]; $pdo = new PDO("mysql:host=srv;dbname=db", "user", "pwd"); $sql = $pdo->prepare("SELECT * FROM users WHERE Username = ?"); $sql->execute(array($user)); $row = $sql->fetch(PDO::FETCH_ASSOC)); (or if it's multi rows, put the $row = in a while ())That removes (or at least significantly cuts back on) the chances of SQL injection and it also removes the need to worry about nested single quotes in the data fields.
Also, I wouldn't store passwords in plain text store then at least as MD5 hashes. Assuming you've done that, you can also cut out some lines of code that check "does pw = what he gave me" by just doing:
$user = $_POST["user"]; $pass = md5($_POST["password"]); $pdo = new PDO("mysql:host=srv;dbname=db", "user", "pwd"); $sql = $pdo->prepare("SELECT id FROM Users WHERE Username = ? AND pwd = ?"); $sql->execute(array($user, $pass)); if ($sql->rowCount == 0) die("DENIED! You go to hell!"); $pdo = null;I find that a lil easier because if the SQL statement doesn't find records, that means auth failed.
For the sake of speed, I did not get into salting the hash and covering error conditions, but this was just to point a few things out quick :)
-
View User Profile
-
Send Message
Posted Jul 31, 2012@berti2k
Yay, Thanks I spent like last 2 hours trying to learn php and lets just say im not the best http://pastebin.com/4XVqFTyA
I couldn't even get simple logging in right :D
-
View User Profile
-
Send Message
Posted Jul 31, 2012:D MySQL Support :D
I write the PHP Site so you can use it in your project. There are no secrets in the code ;-).
-
View User Profile
-
Send Message
Posted Jul 31, 2012@berti2k
I have 0 to nothing knowledge on coding for php if thats what you use, but if you want to could you maybe release just your playerlogger page as it would be really useful to me and if you wanted it could be the official playerlogger page thingy :D
But im guessing its a special secret page :D.
-
View User Profile
-
Send Message
Posted Jul 31, 2012@auskie
Thanks for finding that in 2.4 the issue has been resolved so you can set the LogBlacklistedBlocks to true and it will work :D.
-
View User Profile
-
Send Message
Posted Jul 31, 2012@Strahan201
http://dev.bukkit.org/server-mods/playerlogger/pages/mys-ql/
I have finished the update its just waiting to be approved.
-
View User Profile
-
Send Message
Posted Jul 31, 2012@berti2k
I have finally finished the update. I have made a quite detailed page about how to use the MySQL and the data types in playerlogger and the columns it uses.
http://dev.bukkit.org/server-mods/playerlogger/pages/mys-ql/
-
View User Profile
-
Send Message
Posted Jul 30, 2012Sorry for the late response. I'd like the way what Strahan201 said. Seperate each part of the Log entry to a seperate colum. It's easyer to write a query like "Select * from log WHERE User = 'xyz' AND action LIKE 'msg';".
I used the plaintextfiles for a testscript but using softlinks or direct access on the VServer to the minecraftplugin directory is much more insecure than calling a simple database via php mysql_query. I think the most people use only mysql databases for web applications so you don't need much more support for other databases like pgsql or MS SQL.
Thanks :-) Berti2k
-
View User Profile
-
Send Message
Posted Jul 30, 2012@McLuke300
Setting LogBlackListedBlocks to False and using '*' resolved the issue, thank you!
Thanks for the great work you and your team are doing on this plugin!
Regards,
Aus
-
View User Profile
-
Send Message
Posted Jul 30, 2012@auskie
I miss typed a single bracket from the looks of the code try setting LogBlackListedBlocks to false with the *, if that doesn't work then in the next update there will be a fix.
-
View User Profile
-
Send Message
Posted Jul 30, 2012v2.3 '*' does not seem to be working under Blocks: in the LogBlackListedBlocks: true section.
If I specify a certain block code, '2' for example.. it's logged just fine.
If I specify '*', no block placement or breaks are logged.
Observed this behavior in craftbukkit-1.2.5-R4.0 & craftbukkit-1.2.5-R5.0
Suggestions? Config below.
Great plugin, by the way!
LS
-
View User Profile
-
Send Message
Posted Jul 25, 2012@McLuke300
Personally, I'd separate them.