LoginSecurity
LoginSecurity
LoginSecurity is a lightweight password authorization plugin. You can optionally set a password each time you enter the server, adding a double layer of security to your account. The password is stored inside the configuration file, nobody else except the server owner can access or modify it.
How does it work?
Install the pluign to your /plugins/ directory, then start your server.
Type /register <password>, your account is now locked with a password.
For each time you login, make sure to use /login <password>.
Features
- Register your account optional or required (change in config)
- 5 Useful commands to mangage your password
- Advanced administrative control
- Advanced documentation via wiki
- Secure password storage using BCrypt
- Secure sessions storing to improve user experience
- Customizable time-out
- Map captcha upon registration (user friendly)
- Conversion from AuthMe and xAuth (check wiki for more info)
- Premium support through AutoIn
- Automatic update with changelog overview
- Username filtering (length and characters)
- Highly detailed configuration
- Automatically updated translation manager (user-submitted)
- Prevents being kicked by orther players loging in with your name
Session login allows the user to log in right after they logged out and not have to type in their password again. (1 minute time limit of being logged out, stores IP during that time to keep everything safe)
Commands
/lac - Admin command, rmpass and reload
/register <password> - Set your password
/login <password> - Login with your password
/changepass <old> <new> - change your password
/logout - Logout
Permissions
- loginsecurity.admin - allows admin command
- loginsecurity.update - shows update notifications
Video
Thanks to ServerMiner for making this informative tutorial
Orther tutorials: German (by MineCraftler4Live)
Planned
- Add translation interface for easier language selection
- Suggestions?
Known Bugs
- Players can mount/dismount and ride on vehicles while not logged in
Disclaimer
By default, LoginSecurity will check for updates from bukkitdev every 3 hours.
This feature can be disabled by setting "update-checker" to "false"
Anyone with the permission node ls.admin will be notified of updates, and it also able to download them via /lac update.
Which again can be disabled by disabling the update-checker
This plugin utilises Hidendra's plugin metrics system, which means that the following information is collected and sent to mcstats.org:
- A unique identifier
- The server's version of Java
- Whether the server is in offline or online mode
- The plugin's version
- The server's version
- The OS version/name and architecture
- The core count for the CPU
- The number of players online
The Metrics version Opting out of this service can be done by editing plugins/Plugin Metrics/config.yml and changing opt-out to true.
Additionally, when the language setting is changed, information is retrieved from lang.lenis0012.com to aquire up to date translations.
Links
- v3.0.2 - Download (18 - 1.15)
- Source code (GitHub)
- https://github.com/lenis0012/LoginSecurity-2/wiki (Wiki)
- https://github.com/lenis0012/Translations/wiki/Contribute (Translation Contribution)
Donate
If you want to support me working on this project, please donate.
It helps me alot to keep my projects up.
Donate at the top right corner
Hello! One player forgot his pwd, so I have to change/reset his pwd. How could I do it from console? Thank you.
I don't think you can do it from the console, but in-game, you type /changepassword (oldpassword) (newpassword). For example, the password now is 1234 and I want to change it to 2345, I would do /changepassword 1234 2345
If you HAVE to do it from the console, you can reset a player's password by typing /lac rmpass (username). Example, resetting PlayerA would be /lac rmpass PlayerA
I would spell out the username as it is, not playa or something else. Hope this helps :D
You can only remove their password.
If you wish to submit a feature request, please visit https://github.com/lenis0012/LoginSecurity-2/issues
Removing the password cases the error:
>lac rmpass CyperMeh
[17:22:59 ERROR]: Could not pass event AuthModeChangedEvent to LoginSecurity v2.1.6
org.bukkit.event.EventException
at org.bukkit.plugin.EventExecutor$1.execute(EventExecutor.java:46) ~[PaperSpigot.jar:git-Paper-819]
at co.aikar.timings.TimedEventExecutor.execute(TimedEventExecutor.java:74) ~[PaperSpigot.jar:git-Paper-819]
at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62) ~[PaperSpigot.jar:git-Paper-819]
at org.bukkit.plugin.SimplePluginManager.fireEvent(SimplePluginManager.java:517) [PaperSpigot.jar:git-Paper-819]
at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:502) [PaperSpigot.jar:git-Paper-819]
at com.lenis0012.bukkit.loginsecurity.session.PlayerSession.performAction(PlayerSession.java:175) [LoginSecurity.jar:git-LoginSecurity-cc5768e]
at com.lenis0012.bukkit.loginsecurity.session.PlayerSession$2.run(PlayerSession.java:142) [LoginSecurity.jar:git-LoginSecurity-cc5768e]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_121]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_121]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]
Caused by: java.lang.IllegalArgumentException: Name cannot be null
at org.apache.commons.lang.Validate.notNull(Validate.java:192) ~[PaperSpigot.jar:git-Paper-819]
at org.bukkit.craftbukkit.v1_10_R1.CraftServer.getPlayer(CraftServer.java:404) ~[PaperSpigot.jar:git-Paper-819]
at org.bukkit.Bukkit.getPlayer(Bukkit.java:401) ~[PaperSpigot.jar:git-Paper-819]
at com.lenis0012.bukkit.loginsecurity.session.PlayerSession.getPlayer(PlayerSession.java:128) ~[?:?]
at com.lenis0012.bukkit.loginsecurity.modules.general.PlayerListener.onAuthChange(PlayerListener.java:156) ~[?:?]
at com.destroystokyo.paper.event.executor.asm.generated.GeneratedEventExecutor31.execute(Unknown Source) ~[?:?]
at org.bukkit.plugin.EventExecutor$1.execute(EventExecutor.java:44) ~[PaperSpigot.jar:git-Paper-819]
... 9 more
As I can see - this feature removed since 2.1
Is there a way to create a public password and not individual ones?
If you mean a shared password, no. This plugin is only for individuals' protection against hackers. As stated in the main thread above, players have an option to register an account with LoginSecurity or not, if you tweak the config a bit. That is the whole purpose of the plugin. If there's a public password, why do you even bother installing the plugin? (Just sayin') Hope this helps a bit.
Ok thanks, but is there any plugin you know of that has shared passwords?
I don't think so. If you are going to have shared passwords, might as well just let everyone connect the way they are suppose to.
how do i set this up in mysql
there is a database config
yea, i kinda figured that out 30 mins after i posted this
Adds dual password please!!! Login and register.
So this plugin requires a password to do anything? So if i log in on my OP account it wont be able to bypass this? Meaning that someone who hacked my account cant do anything because they dont have my password? or can someone get around that for being OP?
Obviously, they cant get around it by logging in as an op.
Nobody can mess up anything, they need your pass to activate any command.
@LueLusten
Hi, how did you diallow the /register command? I don's see a permission related to this command.
I need version to 1.10.2, please!!!
Java 8!!
@lenis0012
Some players in my server continuously try to bruteforce passwords and sometimes they succeed. Kick on failed login attempts do not stop them usually if they are serious about it (tho it can get staff to look what they do...). :)
I decided to make a player lockdown functionality instead of kicking. When player makes too many failed login attemps he is kicked and his uuid+ipaddr are turned to uuid and added to list. When he tries to login in AsyncPlayerPreLoginEvent he is checked and disalowed to enter. I made a thread to expire lockdowns in like 2 hours (setting is cofigurable).
This method have some flaws, but it is more effective than simple kicking. Hope you like the idea - i coded it in my fork of the old loginsecurity so you can look at it if you wish to.
@LueLusten
This maybe helps you out. https://gist.github.com/games647/2b6a00a8fc21fd3b88375f03c9e2e603
But remember it's only for offline-mode UUIDs