Advertisement
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Discussion] New way to login

Comments in 'Plugin Development' started by MyNameIsTriXz, Sep 9, 2016.

  1. thebigsmileXD
    Offline

    thebigsmileXD Banned

    Joined:
    May 19, 2015
    Posts:
    845
    Plugins:
    1
    Minecraft User:
    XenialDan
    Thats what @Salmon__GER does. Works.

    The overall solution: protect your databases with passwords, and not pancake12!
    Second: encrypt the passwords in the database. the login plugin has to check if the hashes are the same. #ServerAuth
  2. Extreme_Heat
    Offline

    Extreme_Heat Active Member

    Joined:
    Apr 19, 2016
    Posts:
    76
    Minecraft User:
    Extreme_Heat
    OpenSSL is needed so you can verify the signature that the client sends with the login packet. This could be done in PHP but it's not trivial to implement in PHP when things like this are performance critical. What could be done in a fraction of a second natively can easily take 10x more time to complete when interpreted in PHP.

    Most people have no idea what they're doing when it comes to authentication and player data so traditional chat or whatever server based verification will continue to exist.
  3. Intyre
    Offline

    Intyre Staff Member PocketMine Team

    Joined:
    Aug 24, 2013
    Posts:
    118
    Minecraft User:
    Intyre
    OpenSSL is not needed, https://github.com/phpecc/phpecc works fine. ;)
    Blabla, thebigsmileXD and Primus like this.
  4. MyNameIsTriXz
    Offline

    MyNameIsTriXz Notable Member

    Joined:
    Aug 17, 2015
    Posts:
    538
    Minecraft User:
    MyNameIsTriXz
    Just experienced that with my old sony xperia j. Now I have samsung s6 and everything is fine, but there are still users with cheap phones.
  5. Primus
    Offline

    Primus Notable Member

    Joined:
    Apr 7, 2015
    Posts:
    1,470
    Minecraft User:
    PrimusLV
    Have you already tested this in context of PocketMine?
  6. MyNameIsTriXz
    Offline

    MyNameIsTriXz Notable Member

    Joined:
    Aug 17, 2015
    Posts:
    538
    Minecraft User:
    MyNameIsTriXz
    Same can happen with MCPC accounts, and the discussion to use sign login, you just have a bad first experience of the server. And I mean that soft lag, which is still annoying. And about Xbox Live, read my last posts.
  7. MyNameIsTriXz
    Offline

    MyNameIsTriXz Notable Member

    Joined:
    Aug 17, 2015
    Posts:
    538
    Minecraft User:
    MyNameIsTriXz
    I dont say that because I am to stupid to encrypt the password (I use secure hashes and unique salts), I just say that because it's annoying to type in your password everytime (except the ability to login by clientid which is rare on servers), and its faster to login by sign or generally by MCPC accounts.
  8. MyNameIsTriXz
    Offline

    MyNameIsTriXz Notable Member

    Joined:
    Aug 17, 2015
    Posts:
    538
    Minecraft User:
    MyNameIsTriXz
    In my opinion Mojang should use the MCPC login system, so you can use the MCPC account features and you will know how to login from MCPC.
  9. archie426
    Offline

    archie426 Active Member

    Joined:
    Apr 26, 2015
    Posts:
    193
    Minecraft User:
    archie426
    I'm am quite shocked about lb being hacked. I'm sure willtdr will be sorting things out though. As, lets face it, they have a pretty good system.
    Last edited: Sep 13, 2016
  10. thebigsmileXD
    Offline

    thebigsmileXD Banned

    Joined:
    May 19, 2015
    Posts:
    845
    Plugins:
    1
    Minecraft User:
    XenialDan
    You can't. FFS! MCPC != MCPE!
    All you find is their outdated plugins, and wasn't this thread made because LB was hacked?
  11. MegaSamNinja
    Offline

    MegaSamNinja Active Member

    Joined:
    Sep 13, 2013
    Posts:
    138
    Minecraft User:
    Bamuel
    you can always encrypt your password in sha1, sha256, md5, whirlpool etc...
    and instead of using one encryption you can link several
    example
    Code:
    $newpassword = hash('whirlpool' ,hash('sha256' ,md5(sha1($password))));
    This will make it useless to hack as it is encrypted several times, + You can change the order or repeat the encryption twice(or a thousands times)

    *No one will be bothered decrypting your code several times and yet they need to know what order it is in
    Primus and thebigsmileXD like this.
  12. thebigsmileXD
    Offline

    thebigsmileXD Banned

    Joined:
    May 19, 2015
    Posts:
    845
    Plugins:
    1
    Minecraft User:
    XenialDan
    I think thats what ServerAuth and hereauth use.
    Primus likes this.
  13. CallumDouglas
    Offline

    CallumDouglas New Member

    Joined:
    Jan 20, 2016
    Posts:
    32
    Minecraft User:
    Callum9966
    The only issue with XBox live authentication is the "age restrictions". For users under age (most of the people playing MCPE) are unable to chat, add friends or go on most servers if their age is under the limit.

    Dam Microsoft.
  14. Legoboy0215
    Offline

    Legoboy0215 Notable Member

    Joined:
    Nov 1, 2014
    Posts:
    1,724
    Minecraft User:
    Legoboy0215
    Well, we have to assume the worst case scenario. If the server gets hacked, database is dumped. Salt and rehashing or whatever it is called would do the job, but remember they have your code. They really should have did it like MCPC…
  15. MyNameIsTriXz
    Offline

    MyNameIsTriXz Notable Member

    Joined:
    Aug 17, 2015
    Posts:
    538
    Minecraft User:
    MyNameIsTriXz
    Isnt it possible for mcpe to use mojang's mcpc database and implement an own login startscreen (forgot the name of the screen of MCPC where you login and choose your user)
  16. MyNameIsTriXz
    Offline

    MyNameIsTriXz Notable Member

    Joined:
    Aug 17, 2015
    Posts:
    538
    Minecraft User:
    MyNameIsTriXz
    Good way to hash, I use heavy hash ways too and also have unique salts ^^
  17. MyNameIsTriXz
    Offline

    MyNameIsTriXz Notable Member

    Joined:
    Aug 17, 2015
    Posts:
    538
    Minecraft User:
    MyNameIsTriXz
    Saw that today on my friend's phone, "You are not able to chat on this server" (translated). That is useles...
  18. MyNameIsTriXz
    Offline

    MyNameIsTriXz Notable Member

    Joined:
    Aug 17, 2015
    Posts:
    538
    Minecraft User:
    MyNameIsTriXz
    The big problem is that many users dont know what's login, even though its so easy and actually understandable, newbies always think your server has a password (experienced by myself as a newbie and I know that I am not the only one, as you can see on the comments when a YouTuber posts a server video). That wouldnt happen at all on MCPC alike login.
  19. MyNameIsTriXz
    Offline

    MyNameIsTriXz Notable Member

    Joined:
    Aug 17, 2015
    Posts:
    538
    Minecraft User:
    MyNameIsTriXz
    Yes! Another good argument
  20. Legoboy0215
    Offline

    Legoboy0215 Notable Member

    Joined:
    Nov 1, 2014
    Posts:
    1,724
    Minecraft User:
    Legoboy0215
    I am saying just enforce password regulations like 10 characters with alphabets and numbers etc. Servers usually do not force users to have longer passwords.
    archie426 likes this.

Share This Page

Advertisement