Comments (9)
Linking my spigot post here: https://www.spigotmc.org/threads/fastlogin.101192/page-8#post-1577901
->Examples:
Case 1
nameChangeCheck = false
autoRegister = false
Player logins as cracked until the player invoked the command /premium. Then we could override the existing database record.
Case 2
nameChangeCheck = true
autoRegister = false
Connect the Mojang API and check what UUID the player has (UUID exists => Paid Minecraft account). If that UUID is in the database it's an existing player and FastLogin can assume the player is premium and changed the username. If it's not in the database, it's a new player and could be a cracked player. So we just use a offline mode authentication for this player.
Limitation: Cracked players who uses the new username of a paid account cannot join the server if the database contains the old name. (Example: The owner of the paid account no longer plays on the server, but changed the username in the meanwhile).
Case 3
nameChangeCheck = false
autoRegister = true
We will always request a premium authentication if the username is unknown to us, but is in use by a paid minecraft account. This means it's kind of a more aggressive check like nameChangeCheck = true and autoRegister = false, because it request a premium authentication which are completely new to us, that even the premium UUID is not in our database.
Limitation: see below
Case 4
nameChangeCheck = true
autoRegister = true
Based on autoRegister it checks if the player name is premium and login using a premium authentication. After that fastlogin receives the premium UUID and can update the database record.
Limitation from autoRegister: New offline players who uses the username of an existing minecraft cannot join the server.
What should happen if the username is use of an cracked player?
@Blackyvk The fix you described is for the UUID column, but what about the unique index for the name. It's possible that a paid account changes the username to a existing cracked one. My thought is that we in this case cancel the save process and send the user a message like:
This username is protected for a cracked player. If this is your account authenticate with your password and type /premium.
from fastlogin.
Sorry for the big delay. I was too busy with other things.
from fastlogin.
dont worry, i was using "my temp fix" meanwhile, Anything special i need to know before trying this ? beside deleting the duplicate uuid rows generated.
from fastlogin.
Anything special i need to know before trying this ? beside deleting the duplicate uuid rows generated.
Not really. If the option nameChangeCheck is enabled it will make an additional check if the uuid is available in the database. Then if FastLogin wants to save the new record into the database it will run an update query first. (UPDATE premium SET Name=? WHERE UUID=?). If no rows were affected by this query, it will continue to insert a new database record.
But can you change your name back? If so, fastlogin wouldn't know this user.
from fastlogin.
Tested and noticed few things. Before I started, I added again the uuid unique index and deleted the duplicates.
Authme sessions = disabled
autoregister = true
- New cracked players arent registered to the database.
- if nameChangeCheck = false and a premium player logs with new name (that isnt registered) the name row is updated and register/logs normally ( i think thats how its supposed to work )
- if nameChangeCheck = true name row isnt updated but you can play normally but, you get a (auto registered with = xxxx) every time, different password.
- if nameChangeCheck = true and premium player (with new username) tries to logs in as a already registered cracked player, I get this error in console http://pastebin.com/pnwtJLkD
If I authme sessions = enabled
A premium player can log in as cracked player already registered. I tried to /logout many times, but after coming back I always get logged in somehow. ( i didnt test this before this update )
The way i test the name change is by simply changing the database name row with a new name and (registering/unregistering the account from authme) . For cracked check is just adding new records as premium 0 with the premium username. I think its ok to test it like this.
I also noticed that you changed some things to the database in ( this commit ) things like Name
are now just Name, does that matter somehow ? is this something needed to change in the database structure ? because whenever i type mysql queries these are autocorrected from Name to Name
for example.
edit: Name
= backtick Name backtick
from fastlogin.
A premium player can log in as cracked player already registered. I tried to /logout many times, but after coming back I always get logged in somehow. ( i didnt test this before this update )
Could you try it without FastLogin?
from fastlogin.
if nameChangeCheck = true and premium player (with new username) tries to logs in as a already registered cracked player, I get this error in console http://pastebin.com/pnwtJLkD
This error occurred because the UUID is incorrectly formatted.
from fastlogin.
Ok, those two , 1 is authme (maybe be cause i'm on the same ip always) and the other one might be one of the records I created and added a bad uuid, i forgot about that. So the only problem now is the cracked players not being registered in the fastlogin database i guess.
from fastlogin.
Ah I found the source. I'm working on a fix.
EDIT: It happens too, if the user has autoRegister disabled.
from fastlogin.
Related Issues (20)
- NoClassDefFoundError: PlayerInjectionHandler with ProtocolLib builds 721+ HOT 7
- Add support for 1.21 HOT 1
- Fast login Now working HOT 1
- Trying to set up the plugin and getting *Sending request...* HOT 5
- [1.21] If FastLogin is installed with Geyser, an error will be reported and FastLogin doesn't work HOT 3
- FastLogin make Server "Time Out" HOT 6
- Fast login and register not working HOT 6
- Case-senstive search of user profiles HOT 4
- "Server is not fully started yet. Please retry" on fully started server HOT 1
- NoSuchMethodError with Floodgate and ProtocolLib build 723 HOT 4
- Plugin does not function correctly at all using Velocity HOT 8
- autoLogin or autoRegister not working in Purpur 1.21 HOT 2
- Error authenticating tppzwn with minecraft.net io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure HOT 6
- Gayser-Standalone not allowing me to connect without a java account HOT 5
- Plugin is disabled HOT 2
- FastLogin: Automatic login not working with AuthMe integration HOT 1
- Error when play joins: [20:35:04] [Protocol Worker #1 - FastLogin - [recv: START[class=PacketLoginInStart, id=0], ENCRYPTION_BEGIN[class=PacketLoginInEncryptionBegin, id=1], send: ]/ERROR]: [FastLogin] Unhandled exception occurred in onAsyncPacket() for FastLogin HOT 3
- Advice:1.Add an option for premuim players not to change their offline UUID 2.Adding an option can disable the verification of offline players entering premuim player IDs HOT 2
- FastloginVelocity needs SNAP to run correctly HOT 1
- FastLogin isn't working with Authlib-Injector HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fastlogin.