LoginSecurity
LoginSecurity
LoginSecurity is a lightweight password authorization plugin. You can optionally set a password each time you enter the server, adding a double layer of security to your account. The password is stored inside the configuration file, nobody else except the server owner can access or modify it.
How does it work?
Install the pluign to your /plugins/ directory, then start your server.
Type /register <password>, your account is now locked with a password.
For each time you login, make sure to use /login <password>.
Features
- Register your account optional or required (change in config)
- 5 Useful commands to mangage your password
- Advanced administrative control
- Advanced documentation via wiki
- Secure password storage using BCrypt
- Secure sessions storing to improve user experience
- Customizable time-out
- Map captcha upon registration (user friendly)
- Conversion from AuthMe and xAuth (check wiki for more info)
- Premium support through AutoIn
- Automatic update with changelog overview
- Username filtering (length and characters)
- Highly detailed configuration
- Automatically updated translation manager (user-submitted)
- Prevents being kicked by orther players loging in with your name
Session login allows the user to log in right after they logged out and not have to type in their password again. (1 minute time limit of being logged out, stores IP during that time to keep everything safe)
Commands
/lac - Admin command, rmpass and reload
/register <password> - Set your password
/login <password> - Login with your password
/changepass <old> <new> - change your password
/logout - Logout
Permissions
- loginsecurity.admin - allows admin command
- loginsecurity.update - shows update notifications
Video
Thanks to ServerMiner for making this informative tutorial
Orther tutorials: German (by MineCraftler4Live)
Planned
- Add translation interface for easier language selection
- Suggestions?
Known Bugs
- Players can mount/dismount and ride on vehicles while not logged in
Disclaimer
By default, LoginSecurity will check for updates from bukkitdev every 3 hours.
This feature can be disabled by setting "update-checker" to "false"
Anyone with the permission node ls.admin will be notified of updates, and it also able to download them via /lac update.
Which again can be disabled by disabling the update-checker
This plugin utilises Hidendra's plugin metrics system, which means that the following information is collected and sent to mcstats.org:
- A unique identifier
- The server's version of Java
- Whether the server is in offline or online mode
- The plugin's version
- The server's version
- The OS version/name and architecture
- The core count for the CPU
- The number of players online
The Metrics version Opting out of this service can be done by editing plugins/Plugin Metrics/config.yml and changing opt-out to true.
Additionally, when the language setting is changed, information is retrieved from lang.lenis0012.com to aquire up to date translations.
Links
- v3.0.2 - Download (18 - 1.15)
- Source code (GitHub)
- https://github.com/lenis0012/LoginSecurity-2/wiki (Wiki)
- https://github.com/lenis0012/Translations/wiki/Contribute (Translation Contribution)
Donate
If you want to support me working on this project, please donate.
It helps me alot to keep my projects up.
Donate at the top right corner
Also, you should make the safe ip optional, what if someone logged in from a friends house, and the friend either knew there Minecraft password, or they left remember password on, or the server had offline mode on, and someone used their username from a computer they already used, they would have access because the ip was regarded by the plugin as "Safe"
You should add a permission node to force that group to use a password, so all ops, moderators and admins have to use a password, while normal users have it optional for extra security.
@Zombiemold
config:
password-required: false
you can change it to:
password-required: true
@golfin98
consider blindness:true Imho it has almost the same effect.
@Zombiemold
Take a look at config.yml password-required: true
@TeamCobalt
I would love to be able to FORCE players to do it, while not making it mandatory across the server. Good for making sure player's accounts aren't accessed by outside parties.
For instance, a moderator on my server has had his kid jump on his computer and grief/troll. Would love to force him to use a password, to possibly avoid catastrophic destruction by his kid :S
@TeamCobalt
Please do. Or at least when once you type a password u go to spawn but b4 u r stuck in a small room and cant do anything.
@SquizzelBoy
maybe, ill think about it
Great plug-in I'm using right now but is there a possibility to make it compulsory when you log in the server as in before you can move/chat you need to do 2/setpass [password]"?
Will
@segundo03
ill do that :)
Add one way to disable session login, and to translate this too
@RasCas
glad i helped you
Well done, all seems to work ..only the typo ;-)
My last wish translation via language.yml
and maybe not only storing ip but also last login date ... and to complete it, option to delete inactive users after a preset period of time.
@TeamCobalt
Lucky You, my best wishes to the Bride!
@RasCas
they probably did not update yet because i have been busy with Marriage
@TeamCobalt One Question, is it only me having this errors? I am surprised that noone else is posting.
@diannetea
i could do that :)
@RasCas
most be a error in my code, i coded the new release as quick as possible cause i thought it was important
ill release a fix today
As i get no answer, i tested a bit with interesting observation. I use 1.5.6fix and 1.3.2r02 beta build
I set password required to true and md encryption to false: result, i am prompted to setpass and all seems ok. during session no problem. If session is ended and i try to login i am prompted to setpass -> already settpassword -> login with password result Wrong Password.
I set md encryption to true: i am prompted to setpass, all is ok. Relogin during session result prompted for password again, login with password no problem.
In summ:
Is there a way to kick or ban/tempban an ip after x wrong passwords?