(3.0.0-ALPHA11 - 3.0.0-ALPHA12) 2.1.2-7 (3.0.0-ALPHA11 - 3.0.0-ALPHA11) 2.1.2-6 (3.0.0-ALPHA7 - 3.0.0-ALPHA10) 2.1.2-5 (3.0.0-ALPHA7 - 3.0.0-ALPHA9) 2.1.2-2 (3.0.0-ALPHA7 - 3.0.0-ALPHA8) 2.0.0-2.alpha8 (3.0.0-ALPHA7 - 3.0.0-ALPHA7) 2.0.0-alpha7 (3.0.0-ALPHA5 - 3.0.0-ALPHA6) 1.8.1-dev1 (2.0.0 - 3.0.0-ALPHA5) 1.8.1 (2.0.0 - 3.0.0-ALPHA4) 1.8
Plugin for PocketMine-MP that prevents people from impersonating an account, requiring registration and login when connecting.
SimpleAuth plugin for PocketMine-MP Copyright (C) 2014 PocketMine Team <https://github.com/PocketMine/SimpleAuth>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
This version of SimpleAuth adds automatic hack detection/protection to SimpleAuth.
When users register (or log in the first time after install or upgrade) they will be given a 4 digit PIN code.
If any player tries to login to an account with 2 or more changes to the previously recorded IP, CID or SKIN, then they will
need to login with /login <password> <PIN>
, for example, /login dadada 1234
. They will then receive a new PIN.
If a user only changes IP, SKIN or CID (*) the PIN is not required, and the players security info is updated for the new IP/CID/SKIN (not the PIN).
0: Never check IP and SKIN data
1: Players must have EITHER the same IP or SKIN as last visit, or type the PIN code on login
2: Players must have BOTH the same IP and SKIN, or type the PIN code on login
If a player forgets their PIN, and cannot login because they joined with a new SKIN + IP, SKIN + CID, IP + CID or SKIN + CID
their security info can be reset on CONSOLE with login <player>
. They will then get a new PIN code next time they login.
Players logging in normally will see a reminder on their PIN code.
Players can change their pin code by typing /login when already logged in.
Warnings are displayed on Console when players try to join with >= 2 changes to the security info (IP, CID, SKIN).
SimpleAuth2 is compatible with SimpleAuthHelper, and works with any provider: MySQL (tested), YAML (tested) and SQLITE (untested)
/login <password>
/login <password> <PIN>
(If 2 changes detected for a players IP, SKIN or CID since last login)/register <password>
/unregister <password>
(TODO)/simpleauth <command: help|unregister> [parameters...]
(TODO)/login <player>
to reset hack detection data for a player/login
when logged in to get a new PIN codeYou can modify the SimpleAuth/config.yml file on the plugins directory once the plugin has been run at least once.
Configuration | Type | Default | Description |
---|---|---|---|
timeout | integer | 60 | Unauthenticated players will be kicked after this period of time. Set it to 0 to disable. (TODO) |
forceSingleSession | boolean | true | New players won't kick an authenticated player if using the same name. |
minPasswordLength | integer | 6 | Minimum length of the register password. |
blockAfterFail | integer | 6 | Block clients after several failed attempts |
authenticateByLastUniqueId | boolean | false | Enables authentication by last unique id. |
dataProvider | string | yaml | Selects the provider to get the data from (yaml, sqlite3, mysql, none) |
dataProviderSettings | array | Sets the settings for the chosen dataProvider | |
disableRegister | boolean | false | Will set all the permissions for simleauth.command.register to false |
disableLogin | boolean | false | Will set all the permissions for simleauth.command.login to false |
You can modify the SimpleAuth/antihack.yml file on the plugins directory once the plugin has been run at least once.
Configuration | Type | Default | Description |
---|---|---|---|
enabled | boolean | true | Enable AntiHack features |
protectsuperadmins | boolean | true | Enable LOGIN protection ONLY for PurePerms SuperAdmin ranks (and OP if enabled) |
protectops | boolean | true | Enable LOGIN protection for OPs |
threat | integer | 2 | How many out of IP and SKIN must be the same to allow unchecked login (CID - deprecated) |
Permission | Default | Description |
---|---|---|
simpleauth.chat | false | Allows using the chat while not being authenticated |
simpleauth.move | false | Allows moving while not being authenticated |
simpleauth.lastip | true | Allows authenticating using the lastIP when enabled in the config |
simpleauth.command.register | true | Allows registering an account |
simpleauth.command.login | true | Allows logging into an account |
All methods are available through the main plugin object
You can register an instantiated object that implements SimpleAuth\provider\DataProvider to the plugin using the setDataProvider() method
To enable antihack please change antihack to 'true' in antihack.yml AND UPDATE YOUR DATABASE, if you use MySQL or SQLite:
TO UPDATE AN EXISTING MySQL DATABASE PLEASE RUN THE FOLLOWING QUERIES. FOR THE CAUTIOUS, STOP YOUR SERVER AND BACKUP THE DATABASE FIRST:
ALTER TABLE simpleauth.simpleauth_players ADD ip VARCHAR(50);
ALTER TABLE simpleauth.simpleauth_players ADD cid BIGINT;
ALTER TABLE simpleauth.simpleauth_players ADD skinhash VARCHAR(60);
ALTER TABLE simpleauth.simpleauth_players ADD pin INT;
TO UPDATE AN EXISTING SQLITE DATABASE:
ALTER TABLE simpleauth.simpleauth_players ADD ip TEXT;
ALTER TABLE simpleauth.simpleauth_players ADD cid INTEGER;
ALTER TABLE simpleauth.simpleauth_players ADD skinhash TEXT;
ALTER TABLE simpleauth.simpleauth_players ADD pin INTEGER;