LoginSecurity
LoginSecurity
LoginSecurity is a lightweight password authorization plugin. You can optionally set a password each time you enter the server, adding a double layer of security to your account. The password is stored inside the configuration file, nobody else except the server owner can access or modify it.
How does it work?
Install the pluign to your /plugins/ directory, then start your server.
Type /register <password>, your account is now locked with a password.
For each time you login, make sure to use /login <password>.
Features
- Register your account optional or required (change in config)
- 5 Useful commands to mangage your password
- Advanced administrative control
- Advanced documentation via wiki
- Secure password storage using BCrypt
- Secure sessions storing to improve user experience
- Customizable time-out
- Map captcha upon registration (user friendly)
- Conversion from AuthMe and xAuth (check wiki for more info)
- Premium support through AutoIn
- Automatic update with changelog overview
- Username filtering (length and characters)
- Highly detailed configuration
- Automatically updated translation manager (user-submitted)
- Prevents being kicked by orther players loging in with your name
Session login allows the user to log in right after they logged out and not have to type in their password again. (1 minute time limit of being logged out, stores IP during that time to keep everything safe)
Commands
/lac - Admin command, rmpass and reload
/register <password> - Set your password
/login <password> - Login with your password
/changepass <old> <new> - change your password
/logout - Logout
Permissions
- loginsecurity.admin - allows admin command
- loginsecurity.update - shows update notifications
Video
Thanks to ServerMiner for making this informative tutorial
Orther tutorials: German (by MineCraftler4Live)
Planned
- Add translation interface for easier language selection
- Suggestions?
Known Bugs
- Players can mount/dismount and ride on vehicles while not logged in
Disclaimer
By default, LoginSecurity will check for updates from bukkitdev every 3 hours.
This feature can be disabled by setting "update-checker" to "false"
Anyone with the permission node ls.admin will be notified of updates, and it also able to download them via /lac update.
Which again can be disabled by disabling the update-checker
This plugin utilises Hidendra's plugin metrics system, which means that the following information is collected and sent to mcstats.org:
- A unique identifier
- The server's version of Java
- Whether the server is in offline or online mode
- The plugin's version
- The server's version
- The OS version/name and architecture
- The core count for the CPU
- The number of players online
The Metrics version Opting out of this service can be done by editing plugins/Plugin Metrics/config.yml and changing opt-out to true.
Additionally, when the language setting is changed, information is retrieved from lang.lenis0012.com to aquire up to date translations.
Links
- v3.0.2 - Download (18 - 1.15)
- Source code (GitHub)
- https://github.com/lenis0012/LoginSecurity-2/wiki (Wiki)
- https://github.com/lenis0012/Translations/wiki/Contribute (Translation Contribution)
Donate
If you want to support me working on this project, please donate.
It helps me alot to keep my projects up.
Donate at the top right corner
Another suggestion:
Sessions bound to ip. today i saw a player with bad connection. So he had to login very often. A Session time would make it a lot easier for those to relogin with same ip and name.
Suggestions: ~~~~~~~~~~~
Well I was thinking you could try to add an Ip lock so when they log on they can lock their Ip to the one on their main computer. And on top of that let them add another Ip address incase they go to a friends house or something to allow them to login there.
I also dont know yet but im going to try this on my server but, maybe freezing them in one spot? i dont know yet if you have it, but im going to try it out and edit if it has it. If it does sorry lol
@TeamCobalt
They can can change your inventory but they cant drop now
@darkh3r0
i blocked a few new things in v1.5.1 (included Item dropping)
@RasCas
in v1.5.1 you can disable encryption in config
can you fix inventory bug?
@TeamCobalt
Surely not, why not a firstrun conversion by loginsecurity? Or better make MD5 optional, i personally would prefer the old plain text format. On my server only trusted people have access to the file, so why encode it.
@phofe
ill fix that in 1.5.1
@RasCas
well if you want to manualy change all the passwords to MD5..
Hm, REMOVE YOUR DATA.YML .. That means all passwords get lost. Who will explain this to my users? There must be a better way!
Looks like an unlogged user can access the inventory of the player and throw items away.
@TeamCobalt
Bad news, no startup error but now it does not accept my password anymore. It always says wrong password. Back to 1.42 and all works.
@RasCas
haha, thats the thing of non-tested builds try 1.5(fix)
2012-08-23 15:03:38 [SEVERE] Error occurred while enabling LoginSecurity v1.5 (Is it up to date?) java.lang.NullPointerException
See here: http://pastie.org/4574328
@BoboTheTwit
why would they need perms to secure their own account? MD5 Encryption comming out today
Would it be possible to use a MD5 hash to store the password, and to only let users with a certain permission use any of the commands?
Thanks!
a Wish: could you implement blindness like in PasswordProtect http://dev.bukkit.org/server-mods/passwordprotect/
I want to center my users attention to the welcome message, which says what to do. ;-) I am tired of "Help i can't move! What happened!"
Best would be a black screen with only welcome message and light, when they typed the correct password. :-))))))
@TeamCobalt
Yes indeed, error stopped right after RB Build of Bukkit
@RasCas
seems to crash with some plugins, this issue will be fixed soon i tested it with 1.3.1-R1.0 and it worked
@Laloeka
im working on using a hashmap, wait till its done
This version is VERY unsafe, if you look at data.yml, you can see the plaintext passwords.. PLEASE!!! Hash passwords safely!!