General
- Summary: Simplifies the way people authenticate to servers
- PocketMine-MP version: 1.7dev (3.0.0-ALPHA7/8/9)
Overview
A plugin that simplifies the login process. Instead of
asking for commands, users simply chat away.
It also provides a number of tweaks that can improve the usability of SimpleAuth.
Register process
Player connects for the first time. They are prompted to enter a
NEW password. They enter their password directly, without having to
enter /register.
They are asked for the password again to confirm. They re-enter their
password (again without /register).
Login process
Player connects again. They are prompted to enter their login
password. They type their login password directly (without
/login). And they are in.
Commands
-
chpwd <old-pwd>
- Used by players to change their passwords.
-
resetpwd <player>
- Used by ops to reset a players password. This actually unregisters
the password.
-
preregister <player> <passwd>
- Used by ops to pre-register players.
-
logout
- De-authenticates a player.
Permissions
- simpleauthhelper.command.chpwd: Allow users to change passwords
- simpleauthhelper.command.logout: Allow users to logout
- simpleauthhelper.command.resetpwd (op): Allow ops to reset other's passwords
- simpleauthhelper.command.prereg (op): Allow ops to pre-register users
Configuration
Configuration is through the config.yml file.
main
- max-attemps: kick player after this many login attempts. NOTE: This conflicts with SimpleAuth's blockAfterFail setting
- login-timeout: must authenticate within this number of seconds
- leet-mode: lets players use also /login and /register
- chat-protect: prevent player to display their password in chat
- hide-unauth: EXPERIMENTAL, hide unauthenticated players
- event-fixer: EXPERIMENTAL, cancels additional events for unauthenticated players
- hack-login-perms: EXPERIMENTAL, overrides login permisions to make sure players can login
- hack-register-perms: EXPERIMENTAL, overrides register permisions to make sure players can register
- db-monitor: EXPERIMENTAL, enable database server monitoring
- monitor-settings: Configure database monitor settings
monitor-settings
- canary-account: account to query this account is tested to check database proper operations
- check-interval: how to often to check database (seconds)
Translations
This plugin will honour the server language configuration. The
languages currently available are:
- English
- German
- Spanish
- 中文
You can provide your own message file by creating a file called
messages.ini in the plugin config directory.
Check github
for sample files.
Alternatively, if you have
GrabBag
installed, you can create an empty messages.ini using the command:
pm dumpmsgs SimpleAuthHelper [lang]
Advanced
Player pre-registration
It is possible to implement a web based pre-registration system with this
plugin.
-
rcon must be enabled on the PocketMine server.
- web server must be able to send rcon commands to PocketMine.
- Enable the whitelist functionality in PocketMine.
- Install SimpleAuth and SimpleAuthHelper.
-
Optionally install PurePerms and disable
simpleauthhelper.command.chpwd
permission. You probably want
users to change passwords from the web site.
- Whenever a user registers in web site, the web site script uses rcon
to send the follwoing:
- whitelist add player
- preregister player passwd
- Whenever a user changes password in web site, we use rcon with:
- resetpwd player
- preregister player passwd
Database Monitor
This module is responsible for monitoring the SimpleAuth data provider
to make sure that it is up and running and disable logins if it is not
available.
It kicks off a background task that will poll the SimpleAuth data provider
by trying to retrieve the data from the "canary-account". It is important
that you have configured and have working SimpleAuth provider the first
time you enable the database monitor. This is because the "canary-account"
needs to be created (if it doesn't exist already).
On a regular interval, the SimpleAuth
data provider is checked. If it is not running, all unauthenticated players
are kicked and any new joins are not allowed.
Changes
- 2.0.4: event-fixer
- Disabled the craftItem event in event-fixer.
- 2.0.3: Password disclosure work-around
- Works around bugs in SimleAuth that makes users' passwords visible.
- 2.0.2: Added translation
- Added a zho.ini (中文) message file. (Contributed by @edwinyoo44, closes #23)
- Added a deu.ini (German) message file. (Contributed by @thebigsmileXD)
- Documentation and library updates.
- 2.0.1: language defaults
- make sure that languages default to English (reported by @minebuilder0110)
- 2.0.0: Major upgrade
- uses now a common translation library
- Removed little used feature: nest-egg
- leet-mode also works for /register.
- Removed auto-ban. It is now done in SimpleAuth.
- Added support for hiding unauthenticated players (Suggested by @CaptainKenji17)
- Added pre-register and logout command
- forces permissions to be set
- Added a task to monitor database server status
- Thanks @rvachvg for helping debug this.
- 1.2.3: Security improvements
- prevent user from chatting away their password
- add option so that players can also use "/login" to login.
- 1.2.2: Auto-Ban
- Too many login attempts will cause the player to be banned.
- 1.2.1: CallbackTask deprecation
- Removed CallbackTask deprecation warnings
- 1.2.0: max-logins
- Suggestion from @MCPEPIG
- kick user out after
max-attempts
.
- Added a chpwd command.
- Kick user out if not authenticated after
timeout
seconds.
- Added resetpwd command for ops
- 1.1.0: Small update
- Added
nest-egg
- Messages can be configured.
- 1.0.0: First release
Copyright
SimpleAuthHelper
Copyright (C) 2015 Alejandro Liu
All Rights Reserved.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.