LoginSecurity
LoginSecurity
LoginSecurity is a lightweight password authorization plugin. You can optionally set a password each time you enter the server, adding a double layer of security to your account. The password is stored inside the configuration file, nobody else except the server owner can access or modify it.
How does it work?
Install the pluign to your /plugins/ directory, then start your server.
Type /register <password>, your account is now locked with a password.
For each time you login, make sure to use /login <password>.
Features
- Register your account optional or required (change in config)
- 5 Useful commands to mangage your password
- Advanced administrative control
- Advanced documentation via wiki
- Secure password storage using BCrypt
- Secure sessions storing to improve user experience
- Customizable time-out
- Map captcha upon registration (user friendly)
- Conversion from AuthMe and xAuth (check wiki for more info)
- Premium support through AutoIn
- Automatic update with changelog overview
- Username filtering (length and characters)
- Highly detailed configuration
- Automatically updated translation manager (user-submitted)
- Prevents being kicked by orther players loging in with your name
Session login allows the user to log in right after they logged out and not have to type in their password again. (1 minute time limit of being logged out, stores IP during that time to keep everything safe)
Commands
/lac - Admin command, rmpass and reload
/register <password> - Set your password
/login <password> - Login with your password
/changepass <old> <new> - change your password
/logout - Logout
Permissions
- loginsecurity.admin - allows admin command
- loginsecurity.update - shows update notifications
Video
Thanks to ServerMiner for making this informative tutorial
Orther tutorials: German (by MineCraftler4Live)
Planned
- Add translation interface for easier language selection
- Suggestions?
Known Bugs
- Players can mount/dismount and ride on vehicles while not logged in
Disclaimer
By default, LoginSecurity will check for updates from bukkitdev every 3 hours.
This feature can be disabled by setting "update-checker" to "false"
Anyone with the permission node ls.admin will be notified of updates, and it also able to download them via /lac update.
Which again can be disabled by disabling the update-checker
This plugin utilises Hidendra's plugin metrics system, which means that the following information is collected and sent to mcstats.org:
- A unique identifier
- The server's version of Java
- Whether the server is in offline or online mode
- The plugin's version
- The server's version
- The OS version/name and architecture
- The core count for the CPU
- The number of players online
The Metrics version Opting out of this service can be done by editing plugins/Plugin Metrics/config.yml and changing opt-out to true.
Additionally, when the language setting is changed, information is retrieved from lang.lenis0012.com to aquire up to date translations.
Links
- v3.0.2 - Download (18 - 1.15)
- Source code (GitHub)
- https://github.com/lenis0012/LoginSecurity-2/wiki (Wiki)
- https://github.com/lenis0012/Translations/wiki/Contribute (Translation Contribution)
Donate
If you want to support me working on this project, please donate.
It helps me alot to keep my projects up.
Donate at the top right corner
Regarding Blindness, Thanks for implementing. Is it possible to remove Blindness after sending the right PW instead of waiting for the Player to move?
If i use this for a PVP server, will players be able to attack them when they haven't entered a password yet?
ajster1989 thats a great ider!! the plugin should kick the player if they do the password wrong like 10 times. and can i ask a quistion. my brain is rubish at remebering stuff so. if i set it and and forget. can i change it using something like terminal or using the config file?
@ajster1989
No, im thinking about a time limit but ir does not kick him
if password-required is true then the player cant more, talk etc. till he made a password
If it's set to required and a new player joins does it kick them after a set amount of time if they don't create a password?
very hot ;]
@Mashoe
We'll look into adding some language files. Thanks for the suggestion!
Suggestion:
Would be much better if we could change the default messages to fit our servers.
@HighqualityNoob
exactly :) AsyncPlayerChatEvent got added in 1.3.1-R1.0
@chrishillz
i allways got trouble using AthmMe, so i decided to make my own :P
Problem fixed, i downgraded this plugin to 1.2.5. I'm running CraftBukkit 1.3.1-R0.1. (my server hosting didn't add R1.0 and R2.0)
This looks nice. Similar to AuthMe or something. I might give it a try for hacked account problems on my server.
@breezeyboy
I'll pm the source
@HighqualityNoob
Are you running on craft bukkit 1.3.1-R2.0? If not, use v1.4.2
If so, tell me plugin, and bukkit version and your full pkugin list
Can you add permissions please? if not can i have the source so i can add them?
Whan you have a password set up, then disconnect and join, it doesn't force you to log in. 2012-08-31 22:02:04 [INFO] [LoginSecurity] Enabling LoginSecurity v1.5.1 2012-08-31 22:02:04 [INFO] [LoginSecurity] safety first ;) 2012-08-31 22:02:04 [SEVERE] Plugin LoginSecurity is attempting to register event org/bukkit/event/player/AsyncPlayerChatEvent, which does not exist. Ignoring events registered in class me.lenis0012.ls.lsLogin 2012-08-31 22:02:04 [INFO] [LoginSecurity] �aeverything loaded succesfully
LoginSecurity v1.5.2 has been released
whats new:
@Comoreto
true, it saves the passwords as MD5 if you dont want encryption, disable it in config and delete data.yml data.yml saves the passwords but i highly recomment using MD5 for your own securty
@si2136
this is not enough info, give your plugin list, craftbukkit version and plugin version also, if the log gives an error coppy and paste that as well
Guys! This is pretty annoying. When I log in, I can't move at all. Even though it says Successfully Logged In. Also, my password always changes. Help?
nice plugin guys!
Just a suggestion:
- We should be able to customize messages. No problem with them, neither with english. But not all players have a good comprehension of english. If I could translate the messages for my users, it would be very nice!
--- BUG (f this isnt the right place to post, please forgive me.)After some logins and passwords, if you set pass MD5 encryption to false, all logins ingame start to return "wrong password".