LoginSecurity
LoginSecurity
LoginSecurity is a lightweight password authorization plugin. You can optionally set a password each time you enter the server, adding a double layer of security to your account. The password is stored inside the configuration file, nobody else except the server owner can access or modify it.
How does it work?
Install the pluign to your /plugins/ directory, then start your server.
Type /register <password>, your account is now locked with a password.
For each time you login, make sure to use /login <password>.
Features
- Register your account optional or required (change in config)
- 5 Useful commands to mangage your password
- Advanced administrative control
- Advanced documentation via wiki
- Secure password storage using BCrypt
- Secure sessions storing to improve user experience
- Customizable time-out
- Map captcha upon registration (user friendly)
- Conversion from AuthMe and xAuth (check wiki for more info)
- Premium support through AutoIn
- Automatic update with changelog overview
- Username filtering (length and characters)
- Highly detailed configuration
- Automatically updated translation manager (user-submitted)
- Prevents being kicked by orther players loging in with your name
Session login allows the user to log in right after they logged out and not have to type in their password again. (1 minute time limit of being logged out, stores IP during that time to keep everything safe)
Commands
/lac - Admin command, rmpass and reload
/register <password> - Set your password
/login <password> - Login with your password
/changepass <old> <new> - change your password
/logout - Logout
Permissions
- loginsecurity.admin - allows admin command
- loginsecurity.update - shows update notifications
Video
Thanks to ServerMiner for making this informative tutorial
Orther tutorials: German (by MineCraftler4Live)
Planned
- Add translation interface for easier language selection
- Suggestions?
Known Bugs
- Players can mount/dismount and ride on vehicles while not logged in
Disclaimer
By default, LoginSecurity will check for updates from bukkitdev every 3 hours.
This feature can be disabled by setting "update-checker" to "false"
Anyone with the permission node ls.admin will be notified of updates, and it also able to download them via /lac update.
Which again can be disabled by disabling the update-checker
This plugin utilises Hidendra's plugin metrics system, which means that the following information is collected and sent to mcstats.org:
- A unique identifier
- The server's version of Java
- Whether the server is in offline or online mode
- The plugin's version
- The server's version
- The OS version/name and architecture
- The core count for the CPU
- The number of players online
The Metrics version Opting out of this service can be done by editing plugins/Plugin Metrics/config.yml and changing opt-out to true.
Additionally, when the language setting is changed, information is retrieved from lang.lenis0012.com to aquire up to date translations.
Links
- v3.0.2 - Download (18 - 1.15)
- Source code (GitHub)
- https://github.com/lenis0012/LoginSecurity-2/wiki (Wiki)
- https://github.com/lenis0012/Translations/wiki/Contribute (Translation Contribution)
Donate
If you want to support me working on this project, please donate.
It helps me alot to keep my projects up.
Donate at the top right corner
@TeamCobalt
I do not understand, i did start with a blank install. No old data.
@RasCas
read the post below yours
@TeamCobalt
It's not working at all. I get register -> setpass and all seems ok. After Server restart i get register -> setpass again. If i setpass it says: You already have a Password. When i try login <Password> it says wrong password. :-(
PS: Typo is still there. ;-) I do not use MD5 Enryption if ths is important, and download is 1.56 no 1.56fix available
notice that you need to remove the data.yml for v1.5.6(fix)
@RasCas
i was wrong :P
but i fixed it in v1.5.6
@TeamCobalt
Good to hear
i have tried this and it blocked it just fine
nothing to care about RasCas and pbe231
@pbe231
Ok, Thanks for the info.
Hijacking accounts. In case of hijacking the owner/admin accounts => "more".
@pbe231
If no Details about exploit, explain, what is possible. Only Highjacking accounts or more?
I think there is a critical security issue with LoginSecurity. I rather not post it here, but I've send an PM to TeamCobalt about it.
If my finding is correct, the LoginSecurity is totally useless in certain circumstances. :(
@RasCas
i made a fix and will be uploading it today "Yay :D"
@TeamCobalt
Hm, a severe error fine?
@wikkidshyt
check the config m8
I installed your plugin, but it doesnt prompt to set password. I would have to manually tell everyone to set a password. Any thoughts on why that is?
@RasCas
just leave it, it'll be fine
Console Error with 1.5.5 pre
2012-09-22 15:35:59 [SEVERE] Exception in thread "pool-1-thread-6" 2012-09-22 15:35:59 [SEVERE] org.apache.commons.lang.UnhandledException: Plugin LoginSecurity v1.5.5 generated an exception while executing task 2632 at org.bukkit.craftbukkit.scheduler.CraftAsyncTask.run(CraftAsyncTask.java:56) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.util.ConcurrentModificationException at java.util.WeakHashMap$HashIterator.nextEntry(Unknown Source) at java.util.WeakHashMap$KeyIterator.next(Unknown Source) at me.lenis0012.ls.LogginSession$1.run(LogginSession.java:31) at org.bukkit.craftbukkit.scheduler.CraftTask.run(CraftTask.java:52) at org.bukkit.craftbukkit.scheduler.CraftAsyncTask.run(CraftAsyncTask.java:53) ... 3 more
@TeamCobalt
session continueing
@RasCas
what typo?
translations...
hmm..
ill look into that soon
@TeamCobalt
Thanks, btw Typo is still in 1.55 pre
Is there a way to translate?
PS Regarding Blindness, it is still removed on move, not on password, just to let you know.