Advertisement
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Official SimpleAuth v1.7.1

Prevents people to impersonate an account, requiring registration and login when connecting.

  1. Haxor104
    Offline

    Haxor104 New Member

    Joined:
    Feb 22, 2014
    Posts:
    3
    Minecraft User:
    Haxor104
    Thanks man I'll get to it.
  2. Asam Munye
    Offline

    Asam Munye New Member

    Joined:
    Oct 17, 2013
    Posts:
    40
    help my server crash every time I log in please help
    thank you
  3. Asam Munye
    Offline

    Asam Munye New Member

    Joined:
    Oct 17, 2013
    Posts:
    40
    oh can anyone help my server crashes when ombody logins
  4. MrTiger
    Offline

    MrTiger Active Member

    Joined:
    Feb 23, 2014
    Posts:
    32
    Minecraft User:
    Mrtiger
    why is that it so easy to steal a account/name.
    I have a real problem with people steal account/name from admins and destroy the world.
    How do the steal a account/name?? is it something i can do about it.
    I use the newest update for the plugin.
  5. decado
    Offline

    decado Active Member

    Joined:
    Dec 22, 2013
    Posts:
    59
    Minecraft User:
    decado
    Greetings

    I have not found any holes in Simpleauth security wise that are not caused by operator error.

    First off, I give out VERY few admin positions on the server. I know there are servers that give away OP and Admin for dontations and other reasons. In the end they get what they deserve. Keep your staff close to you and supervise them closely.

    Also the most common failure is someone will forget the " / " in front of the " /login " command and broadcast their password to the entire server.

    We all make mistakes, I even did it once. You need to drive home to them that if they make a mistake like this not to be worried about you being angry with them but to just let you know instantly.

    Regards
    Decado
  6. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,167
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    if the player isnt logged in yet, he cant broadcast any messages. ;)
  7. decado
    Offline

    decado Active Member

    Joined:
    Dec 22, 2013
    Posts:
    59
    Minecraft User:
    decado
    You would think so however this has taken place in my servers on a number of occasions. I've sat there and watch it happen.

    I don't claim to be any kind of a programmer so I don't pretend to have an answer how but it does happen.

    Regards
    Decado
  8. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,167
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    thats weird ... probably they put the command twice. probably lag issues. shit happens :-/
  9. decado
    Offline

    decado Active Member

    Joined:
    Dec 22, 2013
    Posts:
    59
    Minecraft User:
    decado

    This had occured to me also as I have had console messages appear twice after hitting enter in quick succession however, when I have seen this error happen the login always appears without the " / " like " login <password> " which tell me that it is being entered incorrectly.

    If you do /login <password> in server once logged in nothing is copied via console as far as I am aware (I'm open to being corrected) so it suggests to me me they are entering it without the " / " to begin with.

    *shrug* honestly as I said above, I really don't know why it happens other than to say in my eyes the primary reason for giving your password away is most likely operator error.

    Regards
    Decado
  10. 710583
    Offline

    710583 New Member

    Joined:
    Mar 17, 2014
    Posts:
    25
    Minecraft User:
    710583
    is there anyway for the console or ops to help player recover their password if they forgot it
  11. decado
    Offline

    decado Active Member

    Joined:
    Dec 22, 2013
    Posts:
    59
    Minecraft User:
    decado
    Greetings

    You may be able to read it direct from the users personal file withint the folder I haven't checked, but for my purposes it's just simpler to do a

    /simpleauth unregister <playername>

    and get them to re register. I normally will not do this until a. The player requests it and b. I am onhand to confirm it is the correct player by ip match to avoid account stealing.

    Regards
    Decado
  12. 710583
    Offline

    710583 New Member

    Joined:
    Mar 17, 2014
    Posts:
    25
    Minecraft User:
    710583
    k thanks i'll test that and when its in the folder it is encrypted so i can't completely read it
  13. 710583
    Offline

    710583 New Member

    Joined:
    Mar 17, 2014
    Posts:
    25
    Minecraft User:
    710583
    the command works so what is the encrypting system used so they don't get kicked from the server when i unregister them
  14. decado
    Offline

    decado Active Member

    Joined:
    Dec 22, 2013
    Posts:
    59
    Minecraft User:
    decado
    I have no idea of the encryption used however you can unregister them while they are at the login prompt without them being kicked and it changes to the registration prompt automatically.

    Regards
    Decado
  15. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Is it against the rules if I make a plugin for logging in by tapping signs?
  16. Luigi99999999
    Offline

    Luigi99999999 New Member

    Joined:
    Mar 16, 2014
    Posts:
    1
    Minecraft User:
    Luigi99999999
    Can I know player's passwords?
  17. Bryan52003
    Offline

    Bryan52003 New Member

    Joined:
    Apr 2, 2014
    Posts:
    1
    Minecraft User:
    Bryan
    i cant find out how to accualy log into the servers
  18. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,167
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    i think not. look at permission plus, xti rmgr, numeric ranks. they serve as the same purposes.
    if you have something in your bank, why wont you withdraw it and give it to the needy :p
  19. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Official plugins are protected in unique in specific. Read the plugin submission guidelines.
  20. Dalton Edwards
    Offline

    Dalton Edwards New Member

    Joined:
    Apr 19, 2014
    Posts:
    1
    Minecraft User:
    DALTONTASTIC
    This is a silly question but I'm running a service that allows people to forward their servers IP's through my network to give them something more memorable besides numbers. (Example theirname.mydomain.com). Anyhow, I wish to edit the config of SimpleAuth to allow anybody with the special version of the plugin to have their login info synced across all the servers that use my service. Are you okay with me doing this? The plugin is already pretty stable and I'd much rather build off of it instead of make a whole new one from scratch.

    This would all be possible (I think) because I'll be dedicating a database or two to the login service.

Share This Page

Advertisement