LoginSecurity
LoginSecurity
LoginSecurity is a lightweight password authorization plugin. You can optionally set a password each time you enter the server, adding a double layer of security to your account. The password is stored inside the configuration file, nobody else except the server owner can access or modify it.
How does it work?
Install the pluign to your /plugins/ directory, then start your server.
Type /register <password>, your account is now locked with a password.
For each time you login, make sure to use /login <password>.
Features
- Register your account optional or required (change in config)
- 5 Useful commands to mangage your password
- Advanced administrative control
- Advanced documentation via wiki
- Secure password storage using BCrypt
- Secure sessions storing to improve user experience
- Customizable time-out
- Map captcha upon registration (user friendly)
- Conversion from AuthMe and xAuth (check wiki for more info)
- Premium support through AutoIn
- Automatic update with changelog overview
- Username filtering (length and characters)
- Highly detailed configuration
- Automatically updated translation manager (user-submitted)
- Prevents being kicked by orther players loging in with your name
Session login allows the user to log in right after they logged out and not have to type in their password again. (1 minute time limit of being logged out, stores IP during that time to keep everything safe)
Commands
/lac - Admin command, rmpass and reload
/register <password> - Set your password
/login <password> - Login with your password
/changepass <old> <new> - change your password
/logout - Logout
Permissions
- loginsecurity.admin - allows admin command
- loginsecurity.update - shows update notifications
Video
Thanks to ServerMiner for making this informative tutorial
Orther tutorials: German (by MineCraftler4Live)
Planned
- Add translation interface for easier language selection
- Suggestions?
Known Bugs
- Players can mount/dismount and ride on vehicles while not logged in
Disclaimer
By default, LoginSecurity will check for updates from bukkitdev every 3 hours.
This feature can be disabled by setting "update-checker" to "false"
Anyone with the permission node ls.admin will be notified of updates, and it also able to download them via /lac update.
Which again can be disabled by disabling the update-checker
This plugin utilises Hidendra's plugin metrics system, which means that the following information is collected and sent to mcstats.org:
- A unique identifier
- The server's version of Java
- Whether the server is in offline or online mode
- The plugin's version
- The server's version
- The OS version/name and architecture
- The core count for the CPU
- The number of players online
The Metrics version Opting out of this service can be done by editing plugins/Plugin Metrics/config.yml and changing opt-out to true.
Additionally, when the language setting is changed, information is retrieved from lang.lenis0012.com to aquire up to date translations.
Links
- v3.0.2 - Download (18 - 1.15)
- Source code (GitHub)
- https://github.com/lenis0012/LoginSecurity-2/wiki (Wiki)
- https://github.com/lenis0012/Translations/wiki/Contribute (Translation Contribution)
Donate
If you want to support me working on this project, please donate.
It helps me alot to keep my projects up.
Donate at the top right corner
@xxOrpheus
thanks :)
There are a bunch of changes in the latest dev build:
If you encouter any of these issues be sure to download the latest dev build, a new version is coming soon after i've done some more testing
@lenis0012
Many folks are saying they've lost inventories etc, but I haven't experienced this once since the last build that claimed to fix it. Everything is operating perfectly so far! I'll let you know if anything bad happens :)
@xxOrpheus
Alright it sounds reasonable.
Other then that, have you encountered any issues?
Please fix the inventory issue for items added before you use /login
It can easily be fixed if you simply bind the inventory from before /login to after. I'm sure this will be safe, and will prevent (my players in particular lol) players from losing items that they earned by voting (while offline.)
If you don't think this is a viable option I suppose I could do it myself on my own build :)
@Blackyvk
LoginSecurity performs seperate checks on UUID.
It also saves what type of uuid is being used.
Either way, using AutoIn you can support both online and offline mode players, at is is officially supported by LoginSecurity and bypasses the account generation in general.
For offline mode servers it uses a uuid based of their lower case name, for online mode servers it uses their online uuid.
@FrostDX
Did you use MySQL or SQLite?
I tested conversion and it seemed to work fine.
If this issue occurs you can downgrade to 2.0.14 by renaming the backup file if you are using sqlite
So i updates my LoginSecurity to the newest version a couple of days ago, and after the updates installed, all of the Login data got resetted! Some of my members are having account thief issue, and the thing that made it even worse is that there is no command to reset their password back or unregister their accounts!
@lenis0012
if the server is set to offline mode all uuids will be generaed using the offline uuid not mojang uuid.
Just wondering, if delete all uuid data it will fill that with new data when a player logs in?
Spigot 1.10 LoginSecurity 2.2.1 - Optional password
When users first register a password, it gives this error: http://pastebin.com/S41YPfr2
They then have to log off, log back in, and then register a second time for it to work.
@Grellas
migrating from 2.0.14 to 2.1.X creates a backup file.
@FrostDX
coming in next update ;d
@Blackyvk
there will indeed be issues when converting from mixed mode servers.
this is because LoginSecurity chooses not to use outdated name-based storage.
lower case and upper case names are treated in the same way and it should not cause any issues as far as i know, but i will double check.
why do you use a databse to store inventories ? isnt there another way like authme does ? I think thats the problem with the dissapearing inventories...
also, converting from authme, uses the username to generate the uuid, and if every username in authme is in lowercase it will generate the wrong uuid, plus if using it in a mixed mode server, it will generate cracked uuids for premium players.
wait.. so how do i unregister other people accounts from the console now?
@lenis0012
@lenis0012 where can i find user.backup.db I made an backup of user.db in start of june so that mean maybe i will lost all the new users
Thanks for the help!
@lenis0012
Is there some kind of addItem event? Or could you hook into it some how and just add the items after they're logged in?
@MinecraftKid45
this issue occurs when you log in through session and THEN switch world?
Yeah, needs some work still.
You FINALLY fixed "Succesfully Logged In" to "Successfully" :D
There is 1 thing though, in this from the BETA, you fixed the inventory switching when you join after you login (THANKS!), but if you login from a continued session, if you go to another world, your blindess effect is there. Which sucks, please fix this.
Also, please add "/lac rmpass <name>", so that if someone forgets their password, and I verify it's them, I can reset it.
@xxOrpheus
theres not much i can do against this.
I dont get why people would vote when they are online but not logged in tho, seems weird to me.
@Grellas
form what version did you upgrade?
2.0.14 to 2.1 beta?
You can run the 2.0.14 jar and rename users.backup.db to users.db
that should fix it, but i have never gotten this issue
@lenis0012: all the database of players deleted i think your plugin auto update so people lost their password how can i fix it?
Should i upload the old file of user.db and old .jar???
@lenis0012
I haven't had an inventory reset (yet), which is great. Someone on the Spigot forum mentioned it happened to them.
However, I believe this plugin is not compatible with Votifier and GAListener as a result of the inventory updating. I use GAListener to give players items when they vote but unless they're logged in when they vote they do not get their item. I'm sure this is because LoginSecurity saves the inventory to load for later? Is there something you can do about this?
@xxOrpheus
when you stopped the server and logged back on your inventory was gone?
EDIT: I released another dev build which should fix this issue