CrazyLogin
Version 7.24
Its recommended to run your server in online mode!
Minecraft is a excellent game. If you want to play it, you should buy it, like every other game you play.
Description
Adds per player passwords to your server. This will increase your server's protection against griefers and account thiefs.
Keep these two things in mind:
- The protection is only as good as your passwords.
- The server is still less secure then a server in online mode.
- My plugin is not limited to offline mode servers,
therefore you can increase security for both server types (offline and online mode servers).
- My plugin is not limited to offline mode servers,
Features
- This plugin supports two modes. Maybe-Password and Password-Only
- Maybe-Password:
The user can create a password, if he wants to
(a password is required for ops/players with permission) - Password-Only:
The user has to create a password and login.
- Maybe-Password:
- Users who aren't logged in, cannot chat, build, fight, drop items, move, teleport.
- (Optional) Ability to hide/change Join/Quit-Messages, hide players who aren't logged in.
- Multiple password Encryption algorithms
- AuthMe, xAuth support
- Integrated Config, Flat, MySQL and SQLite-Database support.
- Integrated Logging support.
- Integrated CrazyPipes support.
- Session support
- Supports single sessions
- saveLogins (teleport to spawn until login).
- If you do not logout and autoLogout is disabled, you can rejoin from the same IP.
- Permission + option to disable ingame registration.
- forceSaveLogin option to hide the players current location until login
- this fixes the issues with AntiCheat being kicked for flying due to anti move protection.
- maxRegistrationsPerIP and maxOnlinesPerIP options
- Command usage is stricktly limited, when not logged in (whitelist).
- Possibility to block guest commands, chat and join.
- Warn players with permission, if some fails to login or execute a command if he isn't allowed to.
- (Optional) Kick players who don't register, don't login, fail to login, execute a command.
- (Optional) TempBan players who don't login or fail to login.
- Adminlogin and Tokenlogin commands available
- Command to logout automatically when leaving the server
- Command to expire passwords (force players to change their passwords)
- Filter- & Sortable Accountlist
- Playerinfo (Name, IP, Connection and more)
- Ability to delete inactive accounts.
- PluginAPI available
- Client AutoLogin Plugin available (can be blocked)
Requirements
- CrazyCore (Version 10.7.7 or later)
Related Plugins
- CrazyLoginAutoLogin (Client-Plugin)
- CrazyCaptcha (Captcha)
- CrazyLoginFilter (IP/Connection Access Filter)
- CrazyLoginRank (Join Ranking)
Configuration & Options
(with description of all available options)
Commands with their Permissions
Issues ?
CommandHelper
Have a look at this CommandHelper Extension
Factions
Factions uses a very special way to execute commands, which bypasses default command protection.
Use this plugin to fix that until Faction fixed that:
CrazyLogin_FactionProtection
Convert database
You can convert your database with /crazylogin mode database <Type>".
Especially on huge flat databases this may take very long.
You can use this tool to convert your flat database to a mysql import script.
CrazyLogin_Flat_2_MySQL
(Notice: This file has NOT been reviewed by any Bukkit staff!)
Just copy this jar to your accounts.db then execute this jar.
This will create an accounts.db.sql file.
Others ?
Create a ticket or post a message!
Metrics
(Generated by MCStats.org)
Languages
- en_GB (English)
- de_DE (German - Deutsch)
- bg_BG (Bulgarian - български, thanks to LocoFreak)
- el_GR (Greek - ελληνικά, thanks to razorrazor)
- es_AR (Spanish (Argentina) - argentino, thanks to LynnJordison)
- es_ES (Spanish - Español, thanks to Sirikon, vicente947)
- fi_FI (Finnish - Suomi, thanks to suomenlippis)
- fr_FR (French - Français, thanks to FireBurst699)
- it_IT (Italian - italiano, thanks to giuditta1974)
- kr_KR (Korean - 한국어, thanks to TABtech)
- lt_LT (Lithuanian - Lietuvos, thanks to donatass162)
- nl_NL (Dutch - Nederlands, thanks to blipman17, jekeke123)
- pl_PL (Polish - polski, thanks to MegaManNT)
- pt_BR (Portuguese (Brazil) - brasileiro, thanks to bchilelli)
- ro_RO (Romanian - Romana, thanks to Cozzmy13)
- ru_RU (Russian - русский, thanks to kilolife, SannyOK)
- zh_CN (Chinese - 简体中文, thanks to cdcp998, mindcat, Liouftgoo)
- zh_TW (Traditional Chinese - 繁體中文, thanks to Chanmo)
(Please post additional translations here, so i can share them to everybody!)
@selfservice0
It keeps changing the config
It doesn't do that at my place, maybe you lost some spaces when you copy it?
I tried to fix that, so i hope this works now. Have a try (Same downloadlink)
How is the columns options supposed to work? I know its for the mysql columns, but there is no clue to its setup.
I'll add an help page for that
EDIT: there had been a typo, which prevends showing the entries, should be fixed by now.
@TheOneMadHawk It keeps changing the config from this:
to this
How is the columns options supposed to work? I know its for the mysql columns, but there is no clue to its setup.
@selfservice0
[Link removed]
Have a try.
@TheOneMadHawk
It's the encryption type xAuth uses.
@Fecer5
ok i'll change that
EDIT: Done
CAn you make it so that on first time on server it says "Please use /register (Password)" Instead of doing "Do /login (Password)" Then when you enter the password it says "You have no password, Please do /crazylogin (password)" And then you do /login (password). Can you fix that?
@katoru007
Is an error message shown or a reason why isn't allowed to join?
Are you using different user names?
I took a look at my code and i didn't find a reason why my code could cause this issue.
So you have to offer some additional information
I have a small issue on my server. If one person login using this ip 'example,' then the 2nd person from the same household won't be able to login if they both have the ip called 'example.'
@selfservice0
What is this xAuth whrilpool db?
Is that a database type?
Is that a special mysql table?
Is that an encryption type?
Where exactly shall i search for it?
@ThisUsernameIsMine
But obviously if they guy is asking for plaintext passwords he doesn't know any of this.
No xAuth whrilpool db support yet =(
https://github.com/CypherX/xAuth/tree/master/src/main/java/com/cypherx/xauth
PLEASE UPDATE TO VERSION 4.2 IF YOU ARE USING THE MYSQL FEATURE
in Combination with Forums or external login databases.
4.0 and 4.1 may delete some entries.
@ThisUsernameIsMine
You are right, but reading is much simplier than decrypting.
When i wrote that i didn't thought about the weak encryptions.
@TheOneMadHawk
In response to: Decrypt a SHA-512 Key? Have a nice try.
Multiple password encryption algorithms:
MD2, MD5, SHA-1, SHA-256, SHA-512, Whirlpool, CrazyCrypt1 (default), Plaintext (not recommended),
As you can see there are enough weak encryptions to choose from.
@All
If someone wants me to add support for another offline mode authentification plugin, please give me a link to the source code.
I'll add AuthMe support asap
EDIT: finsihed, testing phase started
@selfservice0
1) i'll add an option for that.
EDIT: shall i delete just the last line? or the whole message (HEADER+MESSAGE)
btw. you can make it empty just make a single space after "="
2) What do you want to say? I don't know exactly how databases are handled in your forum, but you need 3 Columns Name CHAR(50), Password CHAR(255), IPs CHAR(255), everthing else, database, table etc can be changed ramdomly
EDIT: done
3) This bug is new, i haven't seen it before.
If you aren't logged in, it will prevent moving and if you are getting damage it will teleprt you to spawn.
If I should change this behaviour make a suggestion.
4) I'll add something like that
5) I'll have a look, what differs
EDIT: Added complete AuthMe support
@selfservice0
Language files:
try /crazylanguage download CrazyLogin
@ThisUsernameIsMine
Decrypt a SHA-512 Key?
Have a nice try.
I didn't know that this is possible.
I'll prevent this
@ImaginecraftMcServer
I'll searching for an ability, to do that.
If you know what you are doing change columns to this Name CHAR(50), Password CHAR(255), IPs CHAR(255), I don't know whether there can be other columns (should not matter from my point of view), but this ones should exist (case sensitive) the length is not required its just an definition of mine. (Ips can be empty)
EDIT: Added complete AuthMe support (please test if you can use the same database without changes)
Several complains.
1) Beginners who have not registered are hit with CRAZYLOGIN.REGISTER.MESSAGE They shouldn't, its just confusing them.
2) You cant customize the mysql database at all. Which means we will not be able to use this to match forum passwords.
3) When not registered if you move around it will not snap you back to spawn. Eventually it will just kick you for " Moved too quickly, Hacking???"
4) No method to purge old inactive accounts. Might I suggest adding a "LastLogin" to the mysql
5) Does not directly support xAuths whirlpool encryption.
getting this, its missing from the english.lang
[CrazyLocale] Missing language entry _HEAD_.CRAZYLOGIN.REGISTER.HEADER
CRAZYLOGIN.REGISTER.HEADER=YOU NEED TO REGISTER! "/register password"
Also this
CRAZYLOGIN.LOGIN.FAILEDWARN=You entered the wrong password.
@TheOneMadHawk
He could also decrypt them so whatever his reasons are, he can still get them.
Question: I'm using AuthDB when running in offline-mode, but there's a problem.
Sometimes logged in players lose their ability to see their own chat. I've been able to reproduce it and this is how it goes.
Whenever someone tries to login under the name of a connected player, the connected player won't be able to see what they send. The message is broadcasted but the sender simply doesn't see it. They have to relog in order to see their chat again.
I've seen this happen with every offline-mode auth-plugin, but can't figure out what's causing it.
Best regards,
- ThisUsernameIsMine
i use xAuth because authme reloaded gave me all time errors can i update tou your plugin but without delete my authed players ??? because i dont want them to re-register
If you use the flat database, you can try this now.
If you are using MySQL you have wait a few days maybe a week, then mysqlsupport is through testing and will be released.
I don't know how exactly SHA-256 is implemented in Auth-Me reloaded, this is the first thing which musst be equal. Have a try, if it does not work I'll dive into authme code and search some clues. Coding another encryption algo only take a few seconds.
Btw. the next version will include plaintext encryption although its highly recommended to not use this one.
I'll also add a custom encryption mode, to be able to change encrpytion via additional plugins. (NO SUPPORT!)
MySQL: Maybe you'll have to change table columns by hand.
There are (currently) 3 columns: Name, Password and IPs
If you have to add/change ips, this column can be empty (String).
Remember to backup your database before testing.
More information will be published if requested.
Im curious Would it be possible to transfer database over from the authme-reloaded plugin?
Its stored in SHA-256
Thanks in advance!