Advertisement
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Login without /login

Comments in 'Plugin Development' started by CookieSteve, Mar 11, 2015.

  1. TonyDroidd
    Offline

    TonyDroidd Active Member

    Joined:
    Sep 6, 2014
    Posts:
    180
    Minecraft User:
    TonyDroidd
    Update please xD
  2. EvolSoft
    Offline

    EvolSoft Notable Member Plugin Developer

    Joined:
    Sep 10, 2014
    Posts:
    821
    Plugins:
    15
    Minecraft User:
    Flavius12
    Yes. When I have time I update it ;)
  3. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Can you tell me how exactly is it better than SimpleAuth?
  4. EvolSoft
    Offline

    EvolSoft Notable Member Plugin Developer

    Joined:
    Sep 10, 2014
    Posts:
    821
    Plugins:
    15
    Minecraft User:
    Flavius12
    Yes.
    It has less bugs and a better database support.
    It has also a basic Web API to manage your MCPE account from your browser.
    Then you can customize messages and it has also /changepassword command.
    You can enable/disable register, changepassword and login commands.
    And you can also register or login in chat without execute the command
    applqpak likes this.
  5. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    OK, now I start making a plugin that works around with SimpleAuth and makes these things.

    What exactly is the "better database support"? Isn't there already a MySQL database?
  6. Dutok
    Offline

    Dutok Notable Member Plugin Developer

    Joined:
    Jun 20, 2014
    Posts:
    371
    Plugins:
    3
    Minecraft User:
    Dutok
    Well, why extend SimpleAuth when you can just make a new one?

    Maybe he added in different databases like MongoDB or PostgreSQL.
    applqpak and EvolSoft like this.
  7. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Because that's the only way we can make people who only trust the forum plugin repository to use better features.
  8. Dutok
    Offline

    Dutok Notable Member Plugin Developer

    Joined:
    Jun 20, 2014
    Posts:
    371
    Plugins:
    3
    Minecraft User:
    Dutok
    Would he even be able to post it on here? It sounds like he made it for his personal use or just to learn then decided to release it to the public.
    applqpak likes this.
  9. EvolSoft
    Offline

    EvolSoft Notable Member Plugin Developer

    Joined:
    Sep 10, 2014
    Posts:
    821
    Plugins:
    15
    Minecraft User:
    Flavius12
    Yes. I wanted to use it on my server but now I want to publish the full source
    RekkuzaRage likes this.
  10. ItzJavaCraft
    Offline

    ItzJavaCraft New Member

    Joined:
    Feb 19, 2016
    Posts:
    14
    Minecraft User:
    ItzJavaCraft
    My full support goes to ServerAuth. I've given up on SimpleAuth.
    applqpak likes this.
  11. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Use HereAuth :) it contains basically all core features of SimpleAuth and ServerAuth, and more.
    Legoboy0215 and applqpak like this.
  12. ItzJavaCraft
    Offline

    ItzJavaCraft New Member

    Joined:
    Feb 19, 2016
    Posts:
    14
    Minecraft User:
    ItzJavaCraft
    Y'know, I've kinda lost respect for you. I'd rather be loyal to EvolSoft than take your advice after your unnecessary rudeness on the other thread.

    Sorry,

    –ItzJavaCraft
  13. minebuilder0110
    Offline

    minebuilder0110 Notable Member

    Joined:
    Dec 8, 2014
    Posts:
    485
    Minecraft User:
    Apparitional
    He's not really rude; he is just telling the truth directly.
  14. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Please, we are discussing about auth plugins, please don't make this become off-topic by discussing other things. Moreover, it was not rudeness; it was just misunderstanding.
    applqpak and Anonymous4life like this.
  15. Legoboy0215
    Offline

    Legoboy0215 Notable Member

    Joined:
    Nov 1, 2014
    Posts:
    1,724
    Minecraft User:
    Legoboy0215
    I prefer ServerAuth and HereAuth. I used ServerAuth until recently when @PEMapModder released HereAuth ;)

    My HereAuth is quite heavily modified, in the source, so it works quite well :p
  16. Tim // robske Büba
    Offline

    Tim // robske Büba Notable Member

    Joined:
    Feb 26, 2014
    Posts:
    606
    Minecraft User:
    robske_110
    I'm still using a heavily modified SimpleAuth, and sadly i don't how i should switch, because simpleauth (after modification) passes thousands of infos to my server core, and if simple auth would be missing my server would crash on the first join. I realy don't like to do all the work again (there are about 500 lines of scrap that power this).
    I would realy appreciate it if there would be a AuthPlugin wich has events (that actually are usable) and a completly open API
  17. Legoboy0215
    Offline

    Legoboy0215 Notable Member

    Joined:
    Nov 1, 2014
    Posts:
    1,724
    Minecraft User:
    Legoboy0215
    Are you even listening? HereAuth is one of the best choices now :p
    applqpak likes this.
  18. Thunder33345
    Offline

    Thunder33345 Notable Member

    Joined:
    Apr 3, 2014
    Posts:
    755
    Minecraft User:
    Thunder33345
  19. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    I'm not trying to advertize, but here are a few comparisons:

    Compatibility
    SimpleAuth: Didn't you say that it has errors in PocketMine?
    ServerAuth: Hadn't heard that it doesn't work with other PocketMine third-party versions
    HereAuth: Limited to PocketMine-MP (and PocketMine-Soft, if it gets updated again); API 2.0.0. Will automatically gracefully crash on other third-party PocketMine versions because they may have different thread mechanics from PocketMine-MP.

    Data importing
    SimpleAuth: You don't need to import at all; it is already SimpleAuth database. But well, no official scripts for converting between its different data provider. Impossible (so far nobody managed) to import databases with different hash algorithms; to do such thing, you must modify the SimpleAuth plugin to support something like the ImportedHash in HereAuth.
    ServerAuth: Very much trouble. Same as SimpleAuth.
    HereAuth: Offers an experimental /import command to import data from SimpleAuth and ServerAuth. Has a feature called ImportedHash, where hash algorithms from other plugins can be imported so that its database can contain hashes from other plugins (but will be converted as soon as player joins again). No official scripts for converting between its own database types yet, but it is not hard to make one.

    Performance and memory efficiency
    Harddisk database
    SimpleAuth: supports YAML and SQLite3. Not sure about SQLite3; YAML will create many files that may be a waste of use of disk space. Has synchronous data saving/reading.
    ServerAuth: supports YAML. Disk space same as SimpleAuth. Has synchronous data saving/reading.
    HereAuth: supports JSON-GZIP. Disk space same as SimpleAuth, but saves more data because the skin is saved too. Files larger than 4 KB are compressed with GZIP (deflate). Asynchronous data saving/reading, preventing overhead during harddisk read/write and data compression/decompression.

    MySQL database
    SimpleAuth: synchronous querying to fetch data once each session and write data (usually) once each session. May cause slight lag.
    ServerAuth: synchronous querying to fetch data and write data, probably more than twice each session. May cause slight lag that is more than SimpleAuth. (But it had been much worse before)
    HereAuth: asynchronous querying (mainly asynchronous; synchronous querying upon startup, but should not affect performance) to fetch data and write data. Should not cause any lag because of MySQL connections.

    Events API
    Authentication
    SimpleAuth: PlayerAuthenticationEvent
    ServerAuth: ServerAuthAuthenticationEvent
    HereAuth: HereAuthAuthenticationEvent

    Registration
    SimpleAuth: PlayerRegisterEvent
    ServerAuth: ServerAuthRegisterEvent
    HereAuth: HereAUthRegistrationEVent

    Unregistering
    SimpleAuth: PlayerUnregisterEvent
    ServerAuth: ServerAuthUnregisterEvent
    HereAuth: HereAuthUnregisterEvent

    Deauthentication
    SimpleAuth: PlayerDeauthenticateEvent, fired when player with same name joins or when player is disabled
    ServerAuth:
    ServerAuthDeauthenticateEvent, fired when player with same name joined, or when player executes /logout
    HereAuth: HereAuthLogoutEvent, fired when a player executes /lock, or when his account is reset (when the account is renamed/unregistered while he is online)

    Password changing
    SimpleAuth: No such feature
    ServerAuth: ServerAuthPasswordChangeEvent
    HereAuth: Has such feature, but no such event due to security reasons (I don't want other plugins to know the password; I hash the password once I receive it, and try to destroy any occurrence of it; having as little references to a confidential value as possible is a good practice)

    Multi-factor authentication
    SimpleAuth: No such feature
    ServerAuth: No such feature
    HereAuth: HereAuthMultiFactorAuthEvent

    Pre-registration
    SimpleAuth: No such event because SimpleAuth forces all players to register, and the process of registration cannot be customized
    ServerAuth: Same as SimpleAuth
    HereAuth: HereAuthRegistrationCreationEvent with a getRegistration() : Registration method, where you can add or customize RegistrationSteps

    Features
    Login/register without /register or /login
    SimpleAuth: No such feature
    ServerAuth: Possible with extension plugin ChatLogin - see post by @EvolSoft below.
    HereAuth: Must login directly (there is a config value that disallows registering with passwords starting with a slash)

    Play without registering (like Lifeboat)
    SimpleAuth: No such feature
    ServerAuth: No such feature
    HereAuth: Optional (if player wants to register, he can use /register)

    Multi-language support
    SimpleAuth: There is a messages.yml to customize messages
    ServerAuth: 5 languages are supported; could probably add more yourself (citation needed)
    HereAuth: Same as SimpleAuth

    Disallow saying password in chat
    SimpleAuth: No such feature
    ServerAuth: No such feature
    HereAuth: Block if exact. Optional.

    Types of database supported
    SimpleAuth: YAML, SQLite3, MySQL. Has an API to add more.
    ServerAuth: Only YAML and MySQL. Not extensible (right now).
    HereAuth: Files (JSON files encoded in zlib deflation) and MySQL. Has an API to add more.

    Style of remind-login messages
    SimpleAuth: chat messages
    ServerAuth: chat messages
    HereAuth: Optional: chat messages, popups or tips

    Rate-limit of accounts per IP address
    SimpleAuth: No such feature
    ServerAuth: Permanent-limited
    HereAuth: Rate-limited

    Brute-force protection
    SimpleAuth: authentication timeout and limited trials (with RakLib address blocking)
    ServerAuth: authentication timeout and limited trials
    HereAuth: Same as SimpleAuth

    Audit logging
    SimpleAuth: No such feature
    ServerAuth: No such feature
    HereAuth: only file logger supported

    Scale of auto-authentication customization
    SimpleAuth: Same on the whole server
    ServerAuth: Same on the whole server
    HereAuth: Can be different for each player with the /opt command; default values defined in config

    Type of auto-authentication methods
    SimpleAuth: last UUID
    ServerAuth: last IP address
    hereAuth: any combination of last IP address, last client secret and last UUID

    Data masking
    SimpleAuth: No data masking
    ServerAuth: No data masking
    HereAuth:
    • (With config.yml or /opt customization) Player can choose to mask their location, such that if he cannot be auto-authenticated, he would login at a certain location in the world (defined by config.yml or /opt)
    • (With config.yml or /opt customization) Player inventory will not be sent to the player until he is authenticated

    Multi-factor authentication (MFA)
    SimpleAuth: No such feature
    ServerAuth: No such feature
    HereAuth: Skin MFA and IP address MFA, with automatic MFA deactivation after a period of time (defined by config.yml)

    Password limitation
    SimpleAuth: Minimum length
    ServerAuth: Minimum and maximum length
    HereAuth: Minimum and maximum length, only numbers, only alphabets, starting with slashes, optional type-twice-to-register

    Appearance changes when not authenticated
    SimpleAuth: None
    ServerAuth: Invisibility with extension plugin InvisibleLogin
    HereAuth: Optional invisibility and nametag prepending/appending

    Other features
    Unregistering: SimpleAuth, ServerAuth, HereAuth
    Logout: ServerAuth, HereAuth
    Changeing password: ServerAuth, HereAuth
    Renaming: HereAuth

    Password safety
    SimpleAuth: Hashed with SHA-512 and Whirlpool with player name as salt
    ServerAuth: Hashed with SHA-256 (or any hash algorithms supported by PHP by default)
    HereAuth: Same as SimpleAuth (encoded with base64 in database, but base64 is not a hash algorithm)

    Development maturity/activity
    SimpleAuth: Official plugin that existed before PocketMine 1.4 beta 1 was released, but rarely updated or managed. (Wait, did @Intyre just update it?)
    ServerAuth: Unofficial plugin (managed by @EvolSoft, which is an organization that only has one member who is active and I can notice), 10 months since first release, 8th release now (7th release if pre-release is not counted).
    HereAuth: Unofficial plugin (managed by @PEMapModder, who is active but never gets concentrated on a single plugin), 2 months and a half old right now, 4 beta pre-releases, no release candidates.

    Code statistics
    SimpleAuth: 14 classes/interfaces containing 1464 lines of code, subtracting 15 lines of license header per file, 1254 lines of code
    ServerAuth: 15 classes/interfaces containing 2144 lines of code, subtracting 8 lines of license header per file, 2024 lines of code
    HereAuth: 71 classes/interfaces containing 5263 lines of code, subtracting 15 lines of license header per file, 4198 lines of code

    What do these mean?
    Many lines of code or classes/interfaces can mean a lot of things:
    • The plugin has a systematic internal code management.
    • The plugin has a good API.
    • It will be easier to add new features to the plugin.
    • The plugin has more features
    • The plugin is harder to make (sometimes it also means that the programmer doesn't understand programming at all, but that's not our case here)
    Wait, all these are good things? So I'm advertising saying that HereAuth is twice as good as ServerAuth? I never said that. Forget it. I said nothing.

    As a matter of fact, if I found anything good in other auth plugins, I'll immediately implement it in HereAuth, so this thread is not really biased :p
    A few features here were just added into HereAuth in the past hour :p
    Last edited: Mar 29, 2016
    Skullex, luca28pet, EvolSoft and 3 others like this.
  20. EvolSoft
    Offline

    EvolSoft Notable Member Plugin Developer

    Joined:
    Sep 10, 2014
    Posts:
    821
    Plugins:
    15
    Minecraft User:
    Flavius12
    Very nice explanation @PEMapModder! I want just to remember that ServerAuth works also with extensions. Chat registration/login is provided by the ServerAuth extension ChatLogin. I thought that this implementation was better than implementing it natively on ServerAuth
    Legoboy0215 and ItzJavaCraft like this.

Share This Page

Advertisement