Git Product home page Git Product logo

serverauth's Introduction

start2

THE PLUGIN IS NOT READY TO BE USED YET. IT HAS NOT BEEN TESTED CAREFULLY AND IT STILL CONTAINS LOTS OF BUGS! PLEASE WAIT THE OFFICIAL RELEASE ON POGGIT!

ServerAuth

Join the chat at https://gitter.im/EvolSoft/ServerAuth

An advanced authentication plugin for PocketMine

Download!

Category

PocketMine-MP plugins, PHP Web scripts

Requirements

PocketMine-MP API 3.0.0-ALPHA7 - 3.0.0-ALPHA8
PHP >= 5.4.0 (for ServerAuthAccountManager)
PHP MySQLi extension

Overview

ServerAuth is the most advanced authentication system for PocketMine-MP.

This Plugin uses the New API. You can't install it on old versions of PocketMine.

To prevent bugs, delete all old plugin data if you are updating ServerAuth.

WARNING: If you're updating from old versions of ServerAuth to ServerAuth v2.12 or newer you MAY NEED to delete the current language folder!!!

Features:

  • MySQL support
  • Multi-language support
  • Web API
  • Online Account Manager
  • IP Sessions
  • /register, /unregister, /login, /logout and /changepassword commands

And more...

What is included?

In the ZIP file you will find:
- ServerAuth_v2.13.phar : ServerAuth Plugin + API
- ServerAuthAccountManager : An advanced online script to manage ServerAuth accounts
- ServerAuthWebAPI : ServerAuth Web API to use on your own web scripts

Commands:

/serverauth - ServerAuth commands (aliases: [sa, sauth, auth])
/register - Allows registering an account (aliases: [reg])
/login - Allows logging into an account
/changepassword - Allows changing account password (aliases: [ch, chp, chpass])
/unregister - Allows unregistering an account
/logout - Allows to do the log out

To-Do:

- Bug fix (if bugs will be found)

Documentation

Documentation available at ServerAuth Wiki

Download

You can download precompiled versions of ServerAuth on ServerAuth Releases section

Extensions

EvolSoft/ChatLogin: A ServerAuth extension to do login/register directly on chat

EvolSoft/InvisibleLogin: A ServerAuth extension to make players invisible when they are not authenticated

EvolSoft/EmailConfirm: A ServerAuth extension which implements email confirmation when registering ServerAuth accounts

If you want to submit your own ServerAuth Extension PM us on Twitter @Flavius12_ or @_EvolSoft or ask in ServerAuth Gitter Channel

Contributing

If you want to contribute to this project please follow the Contribution Guidelines

serverauth's People

Contributors

010101010101011110 avatar andrew1481432 avatar anilmisirlioglu avatar flavius12 avatar gitter-badger avatar herojhjhlb avatar itzantiftw avatar legoboy0215 avatar letsplaydev avatar lukeeey avatar pemapmodder avatar pikyxos avatar poggit-bot avatar pub4game avatar tonydroidd avatar yetterry avatar zkoz210 avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

serverauth's Issues

Admin does not register

Hello, I went to the ServerAuthWebApi index page and it said to make an admin password, so I did and then it keeps asking, seems as if admin_config.php never gets created. Please fix this issue

Logged in from another location

If a player comes from the nickname of a player who is already playing on the server kick them both and says "sardor disconnected: Kicked by admin. Reason: logged in from another location ."
I would like to see the ability to disable this feature, but my player is not very happy.

messages

I have included "password-confirm-required: true", but the message "Please register with /register password " Incorrect text

Auth

I found one very strange bug.
If the server comes OP with IP e.g. 127.0.0.1, and then re-enter with this nick, and another ip 123.122.23.1, then asks everyone to re-enter the password. All including those who have already entered the login and password.

Error

ArrayOutOfBoundsException: "Undefined offset: 0" (E_NOTICE) in "/ServerAuth_v2.11.phar/src/ServerAuth/EventListener" at line 112

Admin.php

The admin.php page (after I've logged in) doesn't show any users.

max login attempts bug

max-login-attempts does not work( the Player does not kick, if he enters more than 5 times wrong password

max-login-attempts: 5
enable-failed-logins-kick: true

/login

Can this be simplified to just type their password? If not... Please add it and if so tell me how

Enter a email

Can you add to the register action an email? So i can send a welcome mail to my players.

Player events

When players are not logged in yet, they can fill and empty buckets. There are many more other events that should be added.

Redundant event handlers

Some of the event handlers are unnecessary. Removing them may help by improving performance very slightly.

Event Reason for redundancy
PlayerBedEnterEvent Player must interact with the bed to enter it
PlayerBucketFillEvent Player must interact with liquid blocks to fill a bucket
PlayerBucketEmptyEvent Similar reason
BlockPlaceEvent Similar reason
BlockBreakEvent Similar reason

PHP 7 error

12.02 21:48:38 [Server] INFO [Tag]kivi884: csak a pvp hülyült be ?
12.02 21:48:38 [Server] INFO Notice: Undefined offset: 0 in phar:///plugins/ServerAuth_v2.11.phar/src/ServerAuth/EventListener.php on line 112
12.02 21:48:38 [Server] INFO Notice: Undefined offset: 1 in phar:///plugins/ServerAuth_v2.11.phar/src/ServerAuth/EventListener.php on line 112
12.02 21:48:38 [Server] INFO Notice: Undefined offset: 2 in phar:///plugins/ServerAuth_v2.11.phar/src/ServerAuth/EventListener.php on line 112
12.02 21:48:38 [Server] INFO Notice: Undefined offset: 3 in phar:///plugins/ServerAuth_v2.11.phar/src/ServerAuth/EventListener.php on line 112
12.02 21:48:38 [Server] INFO Notice: Undefined offset: 4 in phar:///plugins/ServerAuth_v2.11.phar/src/ServerAuth/EventListener.php on line 112
12.02 21:48:38 [Server] INFO Notice: Undefined offset: 5 in phar:///plugins/ServerAuth_v2.11.phar/src/ServerAuth/EventListener.php on line 112

dutch

i will add the language dutch for you

Error when crafting.

When I try to craft something, I see it on the console:

[Server thread/CRITICAL]: "Could not pass event 'pocketmine\event\inventory\CraftItemEvent' to 'ServerAuth v2.12': Call to undefined method pocketmine\event\inventory\CraftItemEvent::getPlayer() on ServerAuth\EventListener
[18:59:17] [Server thread/CRITICAL]: Error: "Call to undefined method pocketmine\event\inventory\CraftItemEvent::getPlayer()" (EXCEPTION) in "/plugins/phar_ServerAuth_I0RKJMlYJhvCH2l.phar/src/ServerAuth/EventListener" at line 167
[18:59:24] [Server thread/CRITICAL]: "Could not pass event 'pocketmine\event\inventory\CraftItemEvent' to 'ServerAuth v2.12': Call to undefined method pocketmine\event\inventory\CraftItemEvent::getPlayer() on ServerAuth\EventListener
[18:59:24] [Server thread/CRITICAL]: Error: "Call to undefined method pocketmine\event\inventory\CraftItemEvent::getPlayer()" (EXCEPTION) in "/plugins/phar_ServerAuth_I0RKJMlYJhvCH2l.phar/src/ServerAuth/EventListener" at line 167
[18:59:24] [Server thread/CRITICAL]: "Could not pass event 'pocketmine\event\inventory\CraftItemEvent' to 'ServerAuth v2.12': Call to undefined method pocketmine\event\inventory\CraftItemEvent::getPlayer() on ServerAuth\EventListener
[18:59:24] [Server thread/CRITICAL]: Error: "Call to undefined method pocketmine\event\inventory\CraftItemEvent::getPlayer()" (EXCEPTION) in "/plugins/phar_ServerAuth_I0RKJMlYJhvCH2l.phar/src/ServerAuth/EventListener" at line 167

Использую это ядро: https://github.com/iTXTech/Genisys

Lag

Ok so i was playing and i saw alot of lag and i took all my maps and plugins exept ChatLogin and ServerAuth.. Then the lag was still there.. Any way to fix? Or make a lagg free auth

ServerAuth v2.00 To-Do

ServerAuth v2.00 upcoming features:

  • Fix bugs on server reload (MessageTask.php)
  • Update database data on plugin reload
  • Implement cancellable events
  • Allow player unregistration from console
  • Block player joining with the same username when the player is authenticated
  • Block EntityDamageEvent for not authenticated/registered users
  • Fix logout
  • Fixed permissions for /serverauth command (Thanks to @Pub4Game)
  • Fixed a /give command related bug (Thanks to @Pub4Game)
  • Kick players after n° of failed login attempts feature

No /login command

Add to auth system without using the / login command, only type the password n.n

is a suggestion :)

MySql Data Base

hello. Server auth wasen connect to MySql data base
016-01-25 [20:05:21] [Server thread/INFO]: Preparing level "world"
2016-01-25 [20:05:22] [Server thread/INFO]: Starting GS4 status listener
2016-01-25 [20:05:22] [Server thread/INFO]: Setting query port to 19588
2016-01-25 [20:05:22] [Server thread/INFO]: Query running on 0.0.0.0:19588
2016-01-25 [20:05:22] [Server thread/INFO]: Default game type: Survival Mode
2016-01-25 [20:05:22] [Server thread/INFO]: Done (2.243s)! For help, type "help" or "?"
2016-01-26 [07:46:15] [Server thread/INFO]: Loading pocketmine.yml...
2016-01-26 [07:46:15] [Server thread/INFO]: Loading server properties...
2016-01-26 [07:46:15] [Server thread/INFO]: Selected English (eng) as the base language
2016-01-26 [07:46:15] [Server thread/INFO]: Starting Minecraft: PE server version v0.12.1 alpha
2016-01-26 [07:46:15] [Server thread/INFO]: Starting remote control listener
2016-01-26 [07:46:15] [Server thread/INFO]: RCON running on 0.0.0.0:34538
2016-01-26 [07:46:15] [Server thread/INFO]: Opening server on 0.0.0.0:19588
2016-01-26 [07:46:15] [Server thread/INFO]: This server is running PocketMine-MP version 1.6dev-29 "[REDACTED]" (API 1.13.0)
2016-01-26 [07:46:15] [Server thread/INFO]: PocketMine-MP is distributed under the LGPL License
2016-01-26 [07:46:15] [Server thread/INFO]: Loading ServerAuth v2.12
2016-01-26 [07:46:16] [Server thread/INFO]: Enabling ServerAuth v2.12
2016-01-26 [07:46:20] [Server thread/WARNING]: InvalidArgumentException: "mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given" (E_WARNING) in "/phar_ServerAuth-master_VuWSDhi3MeAHPJj.phar/src/ServerAuth/ServerAuth" at line 244
2016-01-26 [07:46:20] [Server thread/INFO]: Disabling ServerAuth v2.12
2016-01-26 [07:46:20] [Server thread/INFO]: Preparing level "world"
2016-01-26 [07:46:20] [Server thread/INFO]: Starting GS4 status listener
2016-01-26 [07:46:20] [Server thread/INFO]: Setting query port to 19588
2016-01-26 [07:46:20] [Server thread/INFO]: Query running on 0.0.0.0:19588
2016-01-26 [07:46:20] [Server thread/INFO]: Default game type: Survival Mode
2016-01-26 [07:46:20] [Server thread/INFO]: Done (4.929s)! For help, type "help" or "?"

Suggestion

Please make it so players don't have to use /login or /register so they can just type their password into chat.
Thanks. :D

ServerAuth v2.12 To-Do

ServerAuth v2.12 Upcoming Features:

  • Customizable no-permissions and player-only-command strings (in languages)
  • Issue #33 possible fix
  • Possible blocking of crafting for non authenticated players (#35)
  • Add operation cancelled message on ChangePassword.php command
  • Possible help command with language support
  • Add SQL Injection protection in ServerAuthWebAPI (issue #47)
  • Performance Improvements (Thanks to @legoboy0215 and @PEMapModder)
  • Possible SQLite Support

register

Please make registration only with such characters [a-z].[0-9],[A-Z]

Uhm...

[18:36:25] [Server thread/WARNING]: RuntimeException: "fopen(/home/game/plugins/ServerAuth/languages/EN_en.yml): failed to open stream: No such file or directory" (E_WARNING) in "/src/pocketmine/plugin/PluginBase" at line 213

Strengthening hash

Hash security can be strengthened with salt. If you add the username as salt (remember to make it case-insensitive) to the password, in case the database is leaked, it is less easy to find out that two people have the same password.

Error!!!

The plugin was tested on hosting

ArrayOutOfBoundsException: "Undefined offset: 1" (E_NOTICE) in "/ServerAuth_v1.10 (1).phar/src/ServerAuth/ServerAuth" at line 257�

:(

ServerAuth v1.10 To-Do

ServerAuth v1.10 upcoming features:

  • Check and block all events
  • Automatic default languages saving
  • Limit number of registrations for IP

Port the data from SimpleAuth to your plugin

I want to port the data from SimpleAuth to your plugin. Can u make a program or for porting data, or backward compatibility with SimpleAuth (which I can enable in config.yml)?

P.S.: In my opinion, it will be easier to make backward compatibility.

Can SimpleAuth's data be moved to ServerAuth?

I think this plugin is better than simple auth and i want to change to use this plugin, but my server has nearly 18000 accounts so i affraid to lose it all, how can move players's password from simpleauth to serverauth? Ths :)

incorrect display of messages

If require-password: true, when I write /unregister I hope you can unregister message-success: "&aYou are now unregistered!"

If require-password: false, when I write /unregister writes me a message
user-not-authenticated: "&can you are not logged in!"

Although I have registered and signed in to your account.

Crafting something before login?

Why I can crafting anything before login?for example,a player have some wood,and another player can make wood become sticks by crafting ,without login .Can u fix it?

Performance Improvements

  1. OMG. Change all the isPlayerRegistered in events to isPlayerAuthed. You are executing so many queries per-second.
  2. PlayerMoveEvent should be replaced with a task running every tick, checking every player.
  3. @PEMapModder's suggestions :)
  4. I may make a PR, but I don't have time yet.

ServerAuth v1.11 To-Do

ServerAuth v1.11 upcoming features:

  • Fix automatic language files saving not working on Unix based OS
  • Fix register with password confirmation message not working
  • Add missing serverauth.help permission on plugin.yml file

Feature request

Can you add when a player have 2 or 3 accounts,in the server have to show [ServerAuth] the player juanito have 2 accounts: juanito,Juan

Error

2015-08-10 [16:38:54] �[Server thread/NOTICE]: ArrayOutOfBoundsException: "Undefined index: kick" (E_NOTICE) in "/ServerAuth_v1.11.phar/src/ServerAuth/Tasks/MessageTask" at line 56�

Says I have already entered the IP, but in a bunch of console errors and the game asks you to re-enter /login password

Hmm...

In the plugin there is a strange bug, if I things "/give Pub4Game 20 32" you won't see them in the inventory, we will need to move to the server

Bug!

(If you write /reload and log back on the server, I have not asked to enter /login password, but I can't break blocks) - no bug

Crash

Fatal error: Call to undefined method pocketmine\event\entity\EntityDamageByBlockEvent::getPlayer() in C:\PocketMine-MP\plugins\ServerAuth1234\src\ServerAuth\EventListener.php on line 172

php7

Notice: Undefined offset: 1 in phar:///Users/Ronny/Desktop/Lobby V3/plugins/ServerAuth_v2.11.phar/src/ServerAuth/EventListener.php on line 112

SQLi Injection

Please take a look at using Prepared Statements the ServerAuthWebAPI.php is just waiting to be exploited. Way too many SQL Injections exist.

For example:

<?php
//Include ServerAuth Web API
include 'ServerAuthWebAPI.php';
//Player to check
$player = "1' or '1' = '1";
//Initialize a ServerAuthWebAPI instance (put your ServerAuth MySQL data)
$api = new ServerAuthWebAPI("host", 3306, "username", "password", "serverauth", "srvauth_");
var_dump($api->isPlayerRegistered($player));
?>

Where $player = "1' or '1' = '1";
to demonstrate this issue. The result would be true.

Ideas

As you finish a C++ project, could you add:
1)Invisibility of players until they log in to your account
2)to Add more events
3)Add constraint registrations under "->getClientId()" (Not sure if I'm allowed)
4)Add automatic teleporting to spawn when you log on to the server.
tpSpawn: true/false
5)To add, the function of a temporary ban, if a certain number of times incorrectly entered the password
6)To make a command /unregister name, /changepassword name password, /logout name
7)To make the list of banned nicks

I would be interested to hear your opinion on these ideas

Problem with /reload

If you write /reload, then a couple seconds ServerAuth will require to enter a password /login , where players can walk, break the blocks to write in the chat! This bug remains until a full restart of the server.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.