CrazyLogin
Version 7.24
Its recommended to run your server in online mode!
Minecraft is a excellent game. If you want to play it, you should buy it, like every other game you play.
Description
Adds per player passwords to your server. This will increase your server's protection against griefers and account thiefs.
Keep these two things in mind:
- The protection is only as good as your passwords.
- The server is still less secure then a server in online mode.
- My plugin is not limited to offline mode servers,
therefore you can increase security for both server types (offline and online mode servers).
- My plugin is not limited to offline mode servers,
Features
- This plugin supports two modes. Maybe-Password and Password-Only
- Maybe-Password:
The user can create a password, if he wants to
(a password is required for ops/players with permission) - Password-Only:
The user has to create a password and login.
- Maybe-Password:
- Users who aren't logged in, cannot chat, build, fight, drop items, move, teleport.
- (Optional) Ability to hide/change Join/Quit-Messages, hide players who aren't logged in.
- Multiple password Encryption algorithms
- AuthMe, xAuth support
- Integrated Config, Flat, MySQL and SQLite-Database support.
- Integrated Logging support.
- Integrated CrazyPipes support.
- Session support
- Supports single sessions
- saveLogins (teleport to spawn until login).
- If you do not logout and autoLogout is disabled, you can rejoin from the same IP.
- Permission + option to disable ingame registration.
- forceSaveLogin option to hide the players current location until login
- this fixes the issues with AntiCheat being kicked for flying due to anti move protection.
- maxRegistrationsPerIP and maxOnlinesPerIP options
- Command usage is stricktly limited, when not logged in (whitelist).
- Possibility to block guest commands, chat and join.
- Warn players with permission, if some fails to login or execute a command if he isn't allowed to.
- (Optional) Kick players who don't register, don't login, fail to login, execute a command.
- (Optional) TempBan players who don't login or fail to login.
- Adminlogin and Tokenlogin commands available
- Command to logout automatically when leaving the server
- Command to expire passwords (force players to change their passwords)
- Filter- & Sortable Accountlist
- Playerinfo (Name, IP, Connection and more)
- Ability to delete inactive accounts.
- PluginAPI available
- Client AutoLogin Plugin available (can be blocked)
Requirements
- CrazyCore (Version 10.7.7 or later)
Related Plugins
- CrazyLoginAutoLogin (Client-Plugin)
- CrazyCaptcha (Captcha)
- CrazyLoginFilter (IP/Connection Access Filter)
- CrazyLoginRank (Join Ranking)
Configuration & Options
(with description of all available options)
Commands with their Permissions
Issues ?
CommandHelper
Have a look at this CommandHelper Extension
Factions
Factions uses a very special way to execute commands, which bypasses default command protection.
Use this plugin to fix that until Faction fixed that:
CrazyLogin_FactionProtection
Convert database
You can convert your database with /crazylogin mode database <Type>".
Especially on huge flat databases this may take very long.
You can use this tool to convert your flat database to a mysql import script.
CrazyLogin_Flat_2_MySQL
(Notice: This file has NOT been reviewed by any Bukkit staff!)
Just copy this jar to your accounts.db then execute this jar.
This will create an accounts.db.sql file.
Others ?
Create a ticket or post a message!
Metrics
(Generated by MCStats.org)
Languages
- en_GB (English)
- de_DE (German - Deutsch)
- bg_BG (Bulgarian - български, thanks to LocoFreak)
- el_GR (Greek - ελληνικά, thanks to razorrazor)
- es_AR (Spanish (Argentina) - argentino, thanks to LynnJordison)
- es_ES (Spanish - Español, thanks to Sirikon, vicente947)
- fi_FI (Finnish - Suomi, thanks to suomenlippis)
- fr_FR (French - Français, thanks to FireBurst699)
- it_IT (Italian - italiano, thanks to giuditta1974)
- kr_KR (Korean - 한국어, thanks to TABtech)
- lt_LT (Lithuanian - Lietuvos, thanks to donatass162)
- nl_NL (Dutch - Nederlands, thanks to blipman17, jekeke123)
- pl_PL (Polish - polski, thanks to MegaManNT)
- pt_BR (Portuguese (Brazil) - brasileiro, thanks to bchilelli)
- ro_RO (Romanian - Romana, thanks to Cozzmy13)
- ru_RU (Russian - русский, thanks to kilolife, SannyOK)
- zh_CN (Chinese - 简体中文, thanks to cdcp998, mindcat, Liouftgoo)
- zh_TW (Traditional Chinese - 繁體中文, thanks to Chanmo)
(Please post additional translations here, so i can share them to everybody!)
@TheOneMadHawk
There are no problems with the lower length restriction, i already mentioned that in one of my previous posts ;-)
The upper length restriction is where the server gives an unexpected reply/output (End of stream):
01:09:22 [SEVERE] java.io.IOException: Received string length longer than maximum allowed (21 > 16)01:09:22 [SEVERE] at net.minecraft.server.Packet.a(Packet.java:130)
01:09:22 [SEVERE] at net.minecraft.server.Packet1Login.a(SourceFile:39)
01:09:22 [SEVERE] at net.minecraft.server.Packet.a(Packet.java:83)
01:09:22 [SEVERE] at net.minecraft.server.NetworkManager.h(NetworkManager.java:149)
01:09:22 [SEVERE] at net.minecraft.server.NetworkManager.c(NetworkManager.java:268)
01:09:22 [SEVERE] at net.minecraft.server.NetworkReaderThread.run(SourceFile:76)
01:09:22 [INFO] /127.0.0.1:49676 lost connection
Thanks for the updated CrazyCore and CrazyLogin :-)
@ThisUsernameIsMine
Does the length restrictions work?
Please test both upper and lower Limit. (Ignoring names longer than 16)
@TheOneMadHawk
Strange.. i've tested different auth/login plugins and never saw the error before
(i can tell because i've created a Portable Minecraft Launcher where you can choose your own player name).
@ThisUsernameIsMine
Yes, I did.
I think minecraft checks username length first before i can catch it.
So I have no influence on this error.
My protection don't work? Or is it just weaker than minecraft ones?
I'm not sure why this happens. I assume that u've used the same type of code to set/restrict maximum namelength as you did for minimum namelength?
Thanks for the fixes!
@ThisUsernameIsMine
Of course i can change the value to 16 or less, but changing the default value to 16 in your plugin's source will also prevent people from complaining because they aren't aware of Minecraft's username-length restrictions ;-)
Like me, thanks didn't know that.
edit: Setting the default maximum value to 16 and connecting with a name longer than 16 characters still generates a 'Connection Lost: End of stream.' error. This doesn't happen when choosing a name with less than minimum allowed characters.
My protection don't work? Or is it just weaker than minecraft ones?
update: The following happens when typing /logout if you don't have an account
fixed in v4.16
@TheOneMadHawk
I'm sorry man, my mistake.. and thanks for the update.
One remark on the default maximum name length:
I see u've choosen 30 as maximum allowed characters.
When typing a name of 30 characters the server gives a 'Connection lost: End of stream' error:
03:42:10 [SEVERE] java.io.IOException: Received string length longer than maximum allowed (30 > 16)
03:42:10 [SEVERE] at net.minecraft.server.Packet.a(Packet.java:130)
03:42:10 [SEVERE] at net.minecraft.server.Packet1Login.a(SourceFile:39)
03:42:10 [SEVERE] at net.minecraft.server.Packet.a(Packet.java:83)
03:42:10 [SEVERE] at net.minecraft.server.NetworkManager.h(NetworkManager.java:149)
03:42:10 [SEVERE] at net.minecraft.server.NetworkManager.c(NetworkManager.java:268)
03:42:10 [SEVERE] at net.minecraft.server.NetworkReaderThread.run(SourceFile:76)
Of course i can change the value to 16 or less, but changing the default value to 16 in your plugin's source will also prevent people from complaining because they aren't aware of Minecraft's username-length restrictions ;-)
With the above said, i really enjoy (using) your plugin. And so are my users!
edit: Setting the default maximum value to 16 and connecting with a name longer than 16 characters still generates a 'Connection Lost: End of stream.' error. This doesn't happen when choosing a name with less than minimum allowed characters.
update: The following happens when typing /logout if you don't have an account:
05:15:51 [SEVERE] null
org.bukkit.command.CommandException: Unhandled exception executing command 'logout' in plugin CrazyLogin vC6.5_4.15
at org.bukkit.command.PluginCommand.execute(PluginCommand.java:42)
at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:166)
at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:479)
at net.minecraft.server.NetServerHandler.handleCommand(NetServerHandler.java:821)
at net.minecraft.server.NetServerHandler.chat(NetServerHandler.java:781)
at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:764)
at net.minecraft.server.Packet3Chat.handle(Packet3Chat.java:34)
at net.minecraft.server.NetworkManager.b(NetworkManager.java:229)
at net.minecraft.server.NetServerHandler.a(NetServerHandler.java:113)
at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:78)
at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:558)
at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:450)
at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
Caused by: java.lang.NullPointerException
at de.st_ddt.crazyutil.databases.FlatDatabase.save(FlatDatabase.java:99)
at de.st_ddt.crazyutil.databases.FlatDatabase.save(FlatDatabase.java:1)
at de.st_ddt.crazylogin.CrazyLogin.commandLogout(CrazyLogin.java:391)
at de.st_ddt.crazylogin.CrazyLogin.command(CrazyLogin.java:315)
at de.st_ddt.crazyplugin.CrazyPlugin.onCommand(CrazyPlugin.java:61)
at org.bukkit.command.PluginCommand.execute(PluginCommand.java:40)
... 12 more
I'm sorry if you prefer a Paste of it. I'm so damn tired atm :$ :(
@ThisUsernameIsMine
/crazylogin reload
Drops ALL changes and reload setting from config,...
->It logs everyone out
@bchilelli
I have to register to download that file!?
I won't do that. Anyway thanks for your fast response!
You can attach it to a pm or ticket.
There you go, updated:
http://www.4shared.com/file/nMhXZcxx/pt_br.html
@TheOneMadHawk
As a matter of fact, i tested it while players were logged in and when i reloaded crazylogin from console it kicked everyone that used a non-whitelisted command (including logged in players).
proof: http://dev.bukkit.org/paste/5427/
@ThisUsernameIsMine
You never used that option, did you?
Players who are logged in, can type any command.
It only affects player who aren't logged in.
@TheOneMadHawk
Thanks, i really appreciate that :-)
About the autoKickCommandUsers:
I know its there and i like the idea of it but with around 60 plugins enabled its impossible to add each allowed/known command to the whitelist.
That's why i like to see an option/setting so that it only kicks command-users that haven't registered or logged in yet ;) (with the exception of /register , /login and /crazylogin of course)
Looking forward to v4.15 and v5 mein freund.
@ThisUsernameIsMine
Filter:
ok, will be added (may take some time) (v5)
CommandWhitelist:
there is an option autoKickCommandUsers
i currently add a command to add/remove commands to whitelist. (v4.15)
min/maxNameLength:
added (v4.15)
@TheOneMadHawk
I don't know much of programming-/script-languages, all i've done was some QuickBASIC (Extended), Borland/Turbo Pascal and batch :-p I know how to set-up a webserver, PHP, MySQL and such (no all-in-one packages but one by one) but only know basic HTML xD
About the filter: yes, something like that :-) This is especially useful for me as Op/Admin as i connect from/to a local ip-address most of the time. So in my case the allow/bypass/exempt-list could look like this:
MyPlayerName:
- 68.64.47.243 (example public ip-address)
- 127.0.0.1
- 192.168.*.*
(and possibly named hosts)
- localhost
- my.host.name
A Country filter isn't on my priority list ;-)
Not logged in, but they can enter the server under my name. This is the reason why i would like to see the requested feature :-)
By the way: any chance to implement the additional not-allowed commands-kick for non-(registered/logged) in players? (with the exception of the /register and /login commands)
@ThisUsernameIsMine
Woah, impressive list! U've made me jealous hehe ;-)
Oh, just remembered 2 addition language i know (and hate) [CrazyPrivacyGuard: Data removed]
About the 'bypass same ip' suggestion: sounds good to me but what will happen if the ip address of that person changes and someone else with that ip address joins under the same player name?
Will be added
My second request: a playername+ip address (combo) black-/exempt-list
Like a filtering, for example disallow ips from china? (don't know whether China has own IP Addresses)
Example Entry:
Username:
whitelist: false
- 127.0.0.1
- 192.168.*.*
Is that what you want?
I also could add some kind of internet-provider filter, but some don't send propper names.
There are situations where someone connect/join the server under my name when i'm not there.
They weren't logged in as you, were they?
@TheOneMadHawk
Woah, impressive list! U've made me jealous hehe ;-)
About the 'bypass same ip' suggestion: sounds good to me but what will happen if the ip address of that person changes and someone else with that ip address joins under the same player name?
I also have two new (pretty important) feature requests for you: A setting to (dis)allow player names of a certain character-length
As of now people can join the server even if they have a name of only one character (and perhaps also with long names).
My second request: a playername+ip address (combo) black-/exempt-list
There are situations where someone connect/join the server under my name when i'm not there.
I would love to have the ability to deny people server-access if they connect under a disallowed playername+ip address-combination, but allow (exempt) people if they have the correct playername+ip address-combination (this will probaby need its own config/file).
Hopefully you understand what i mean with this :-)
update: In addition to the 3 x wrong password @ login kick, can you make it so that entering commands before logging in also increases the kick-counter/integer?
Thanks again for making your plugins more...Crazy :D
@ThisUsernameIsMine
About the session-timeout, i never had this when using AuthDB, that's why i wondered if it was a normal thing.
I could add a "same ip buypass" if you wants me to do that.
How long have you been coding/programming (this can be any programming-/script-language)
[CrazyPrivacyGuard: Data removed]
@TheOneMadHawk
Thanks for the update! You're a cool guy :-)
About the session-timeout, i never had this when using AuthDB, that's why i wondered if it was a normal thing.
Before i go to bed i have a somewhat more personal question for you:
How long have you been coding/programming (this can be any programming-/script-language)
Güte nacht! :-)
@ThisUsernameIsMine
It sometimes happens that someone can't relog because CrazyLogin says there's already another person with that name on the server.
This is connected to forceSingleSessions. Because the online player needs some time to time out. So he is still online when you try to reconnect.
Something else i quite often see is duplicate messages in the chat, i.e. double 'has left the server' messages.
I haven't changed that this may be a bukkit issue.
edit: ah yes! Please add an option to set how many times someone can enter a wrong password at login, before getting kicked.
Will be added EDIT: added in v4.14
This plugin is awesome! (and not just because of the frequent updates).
I really appreciate the effort you put into this and your other plugins! :-)
Now, i've been testing the new version and haven't experienced any problems with it,
apart from the following two things:
- It sometimes happens that someone can't relog because CrazyLogin says there's already another person with that name on the server.
This while autoLogout is set to 0 (-1 = disabled, 0 = instant)
- Something else i quite often see is duplicate messages in the chat, i.e. double 'has left the server' messages.
I haven't seen this happen with older versions but it could also be because of the new CraftBukkit build i use (latest Recommended Build).
Beside these two things everything's A-ok (knock on wood)
Thanks for the hard work und auf wiedersehen! :-)
edit: ah yes! Please add an option to set how many times someone can enter a wrong password at login, before getting kicked.
- ThisUsernameIsMine