Please make it so players don't have to use /login or /register so they can just type their password into chat.
Thanks. :D

Maybe add this

max-login-attempts does not work( the Player does not kick, if he enters more than 5 times wrong password

max-login-attempts: 5
enable-failed-logins-kick: true

Please make registration only with such characters [a-z].[0-9],[A-Z]

If a player comes from the nickname of a player who is already playing on the server kick them both and says "sardor disconnected: Kicked by admin. Reason: logged in from another location ."
I would like to see the ability to disable this feature, but my player is not very happy.

Ok so i was playing and i saw alot of lag and i took all my maps and plugins exept ChatLogin and ServerAuth.. Then the lag was still there.. Any way to fix? Or make a lagg free auth

I have included "password-confirm-required: true", but the message "Please register with /register password " Incorrect text

I want to port the data from SimpleAuth to your plugin. Can u make a program or for porting data, or backward compatibility with SimpleAuth (which I can enable in config.yml)?

P.S.: In my opinion, it will be easier to make backward compatibility.

i will add the language dutch for you

2015-08-10 [16:38:54] �[Server thread/NOTICE]: ArrayOutOfBoundsException: "Undefined index: kick" (E_NOTICE) in "/ServerAuth_v1.11.phar/src/ServerAuth/Tasks/MessageTask" at line 56�

Says I have already entered the IP, but in a bunch of console errors and the game asks you to re-enter /login password

ServerAuth v2.00 upcoming features:

• Fix bugs on server reload (MessageTask.php)
• Update database data on plugin reload
• Implement cancellable events
• Allow player unregistration from console
• Block player joining with the same username when the player is authenticated
• Block EntityDamageEvent for not authenticated/registered users
• Fix logout
• Fixed permissions for /serverauth command (Thanks to @Pub4Game)
• Fixed a /give command related bug (Thanks to @Pub4Game)
• Kick players after n° of failed login attempts feature

Can you add to the register action an email? So i can send a welcome mail to my players.

ServerAuth v2.12 Upcoming Features:

• Customizable no-permissions and player-only-command strings (in languages)
• Issue #33 possible fix
• Possible blocking of crafting for non authenticated players (#35)
• Add operation cancelled message on ChangePassword.php command
• Possible help command with language support
• Add SQL Injection protection in ServerAuthWebAPI (issue #47)
• Performance Improvements (Thanks to @legoboy0215 and @PEMapModder)
• Possible SQLite Support

Please add /log /l /r

The plugin was tested on hosting

ArrayOutOfBoundsException: "Undefined offset: 1" (E_NOTICE) in "/ServerAuth_v1.10 (1).phar/src/ServerAuth/ServerAuth" at line 257�

:(

ArrayOutOfBoundsException: "Undefined offset: 0" (E_NOTICE) in "/ServerAuth_v2.11.phar/src/ServerAuth/EventListener" at line 112

This line looks suspicious. https://github.com/EvolSoft/ServerAuth/blob/master/ServerAuth/src/ServerAuth/EventListener.php#L116

ServerAuth v1.10 upcoming features:

• Check and block all events
• Automatic default languages saving
• Limit number of registrations for IP

Notice: Undefined offset: 1 in phar:///Users/Ronny/Desktop/Lobby V3/plugins/ServerAuth_v2.11.phar/src/ServerAuth/EventListener.php on line 112

[18:36:25] [Server thread/WARNING]: RuntimeException: "fopen(/home/game/plugins/ServerAuth/languages/EN_en.yml): failed to open stream: No such file or directory" (E_WARNING) in "/src/pocketmine/plugin/PluginBase" at line 213

Some of the event handlers are unnecessary. Removing them may help by improving performance very slightly.

When I try to craft something, I see it on the console:

[Server thread/CRITICAL]: "Could not pass event 'pocketmine\event\inventory\CraftItemEvent' to 'ServerAuth v2.12': Call to undefined method pocketmine\event\inventory\CraftItemEvent::getPlayer() on ServerAuth\EventListener
[18:59:17] [Server thread/CRITICAL]: Error: "Call to undefined method pocketmine\event\inventory\CraftItemEvent::getPlayer()" (EXCEPTION) in "/plugins/phar_ServerAuth_I0RKJMlYJhvCH2l.phar/src/ServerAuth/EventListener" at line 167
[18:59:24] [Server thread/CRITICAL]: "Could not pass event 'pocketmine\event\inventory\CraftItemEvent' to 'ServerAuth v2.12': Call to undefined method pocketmine\event\inventory\CraftItemEvent::getPlayer() on ServerAuth\EventListener
[18:59:24] [Server thread/CRITICAL]: Error: "Call to undefined method pocketmine\event\inventory\CraftItemEvent::getPlayer()" (EXCEPTION) in "/plugins/phar_ServerAuth_I0RKJMlYJhvCH2l.phar/src/ServerAuth/EventListener" at line 167
[18:59:24] [Server thread/CRITICAL]: "Could not pass event 'pocketmine\event\inventory\CraftItemEvent' to 'ServerAuth v2.12': Call to undefined method pocketmine\event\inventory\CraftItemEvent::getPlayer() on ServerAuth\EventListener
[18:59:24] [Server thread/CRITICAL]: Error: "Call to undefined method pocketmine\event\inventory\CraftItemEvent::getPlayer()" (EXCEPTION) in "/plugins/phar_ServerAuth_I0RKJMlYJhvCH2l.phar/src/ServerAuth/EventListener" at line 167

Использую это ядро: https://github.com/iTXTech/Genisys

Warn or abort if config password_hash is different from database password_hash.

Can you add when a player have 2 or 3 accounts,in the server have to show [ServerAuth] the player juanito have 2 accounts: juanito,Juan

If you can tell me how to do it now, I tried, but I failed

1. OMG. Change all the isPlayerRegistered in events to isPlayerAuthed. You are executing so many queries per-second.
2. PlayerMoveEvent should be replaced with a task running every tick, checking every player.
3. @PEMapModder's suggestions :)
4. I may make a PR, but I don't have time yet.

In the plugin there is a strange bug, if I things "/give Pub4Game 20 32" you won't see them in the inventory, we will need to move to the server

12.02 21:48:38 [Server] INFO [Tag]kivi884: csak a pvp hülyült be ?
12.02 21:48:38 [Server] INFO Notice: Undefined offset: 0 in phar:///plugins/ServerAuth_v2.11.phar/src/ServerAuth/EventListener.php on line 112
12.02 21:48:38 [Server] INFO Notice: Undefined offset: 1 in phar:///plugins/ServerAuth_v2.11.phar/src/ServerAuth/EventListener.php on line 112
12.02 21:48:38 [Server] INFO Notice: Undefined offset: 2 in phar:///plugins/ServerAuth_v2.11.phar/src/ServerAuth/EventListener.php on line 112
12.02 21:48:38 [Server] INFO Notice: Undefined offset: 3 in phar:///plugins/ServerAuth_v2.11.phar/src/ServerAuth/EventListener.php on line 112
12.02 21:48:38 [Server] INFO Notice: Undefined offset: 4 in phar:///plugins/ServerAuth_v2.11.phar/src/ServerAuth/EventListener.php on line 112
12.02 21:48:38 [Server] INFO Notice: Undefined offset: 5 in phar:///plugins/ServerAuth_v2.11.phar/src/ServerAuth/EventListener.php on line 112

As you finish a C++ project, could you add:
1)Invisibility of players until they log in to your account
2)to Add more events
3)Add constraint registrations under "->getClientId()" (Not sure if I'm allowed)
4)Add automatic teleporting to spawn when you log on to the server.
tpSpawn: true/false
5)To add, the function of a temporary ban, if a certain number of times incorrectly entered the password
6)To make a command /unregister name, /changepassword name password, /logout name
7)To make the list of banned nicks

I would be interested to hear your opinion on these ideas

I think this plugin is better than simple auth and i want to change to use this plugin, but my server has nearly 18000 accounts so i affraid to lose it all, how can move players's password from simpleauth to serverauth? Ths :)

I found one very strange bug.
If the server comes OP with IP e.g. 127.0.0.1, and then re-enter with this nick, and another ip 123.122.23.1, then asks everyone to re-enter the password. All including those who have already entered the login and password.

Please take a look at using Prepared Statements the ServerAuthWebAPI.php is just waiting to be exploited. Way too many SQL Injections exist.

For example:

<?php
//Include ServerAuth Web API
include 'ServerAuthWebAPI.php';
//Player to check
$player = "1' or '1' = '1";
//Initialize a ServerAuthWebAPI instance (put your ServerAuth MySQL data)
$api = new ServerAuthWebAPI("host", 3306, "username", "password", "serverauth", "srvauth_");
var_dump($api->isPlayerRegistered($player));
?>

Where $player = "1' or '1' = '1";
to demonstrate this issue. The result would be true.

++#ServerAuth plugin Russian language file
++#Translation by Pub4Game

Please remove "+"

ServerAuth v1.11 upcoming features:

• Fix automatic language files saving not working on Unix based OS
• Fix register with password confirmation message not working
• Add missing serverauth.help permission on plugin.yml file

Why I can crafting anything before login?for example，a player have some wood，and another player can make wood become sticks by crafting ，without login .Can u fix it？

To make the description of commands in a file for languages

/sa help

Can this be simplified to just type their password? If not... Please add it and if so tell me how

If require-password: true, when I write /unregister I hope you can unregister message-success: "&aYou are now unregistered!"

If require-password: false, when I write /unregister writes me a message
user-not-authenticated: "&can you are not logged in!"

Although I have registered and signed in to your account.

(If you write /reload and log back on the server, I have not asked to enter /login password, but I can't break blocks) - no bug

Crash

Fatal error: Call to undefined method pocketmine\event\entity\EntityDamageByBlockEvent::getPlayer() in C:\PocketMine-MP\plugins\ServerAuth1234\src\ServerAuth\EventListener.php on line 172

If you write /reload, then a couple seconds ServerAuth will require to enter a password /login , where players can walk, break the blocks to write in the chat! This bug remains until a full restart of the server.

The admin.php page (after I've logged in) doesn't show any users.

Add to auth system without using the / login command, only type the password n.n

is a suggestion :)

hello. Server auth wasen connect to MySql data base
016-01-25 [20:05:21] [Server thread/INFO]: Preparing level "world"
2016-01-25 [20:05:22] [Server thread/INFO]: Starting GS4 status listener
2016-01-25 [20:05:22] [Server thread/INFO]: Setting query port to 19588
2016-01-25 [20:05:22] [Server thread/INFO]: Query running on 0.0.0.0:19588
2016-01-25 [20:05:22] [Server thread/INFO]: Default game type: Survival Mode
2016-01-25 [20:05:22] [Server thread/INFO]: Done (2.243s)! For help, type "help" or "?"
2016-01-26 [07:46:15] [Server thread/INFO]: Loading pocketmine.yml...
2016-01-26 [07:46:15] [Server thread/INFO]: Loading server properties...
2016-01-26 [07:46:15] [Server thread/INFO]: Selected English (eng) as the base language
2016-01-26 [07:46:15] [Server thread/INFO]: Starting Minecraft: PE server version v0.12.1 alpha
2016-01-26 [07:46:15] [Server thread/INFO]: Starting remote control listener
2016-01-26 [07:46:15] [Server thread/INFO]: RCON running on 0.0.0.0:34538
2016-01-26 [07:46:15] [Server thread/INFO]: Opening server on 0.0.0.0:19588
2016-01-26 [07:46:15] [Server thread/INFO]: This server is running PocketMine-MP version 1.6dev-29 "[REDACTED]" (API 1.13.0)
2016-01-26 [07:46:15] [Server thread/INFO]: PocketMine-MP is distributed under the LGPL License
2016-01-26 [07:46:15] [Server thread/INFO]: Loading ServerAuth v2.12
2016-01-26 [07:46:16] [Server thread/INFO]: Enabling ServerAuth v2.12
2016-01-26 [07:46:20] [Server thread/WARNING]: InvalidArgumentException: "mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given" (E_WARNING) in "/phar_ServerAuth-master_VuWSDhi3MeAHPJj.phar/src/ServerAuth/ServerAuth" at line 244
2016-01-26 [07:46:20] [Server thread/INFO]: Disabling ServerAuth v2.12
2016-01-26 [07:46:20] [Server thread/INFO]: Preparing level "world"
2016-01-26 [07:46:20] [Server thread/INFO]: Starting GS4 status listener
2016-01-26 [07:46:20] [Server thread/INFO]: Setting query port to 19588
2016-01-26 [07:46:20] [Server thread/INFO]: Query running on 0.0.0.0:19588
2016-01-26 [07:46:20] [Server thread/INFO]: Default game type: Survival Mode
2016-01-26 [07:46:20] [Server thread/INFO]: Done (4.929s)! For help, type "help" or "?"

When players are not logged in yet, they can fill and empty buckets. There are many more other events that should be added.

Bug?

and

Hello, I went to the ServerAuthWebApi index page and it said to make an admin password, so I did and then it keeps asking, seems as if admin_config.php never gets created. Please fix this issue

Hash security can be strengthened with salt. If you add the username as salt (remember to make it case-insensitive) to the password, in case the database is leaked, it is less easy to find out that two people have the same password.