Skip to content

Latest commit

 

History

History
96 lines (83 loc) · 4.46 KB

File metadata and controls

96 lines (83 loc) · 4.46 KB

Introduction

The AuthModule is a module to provide security measures to a ForgeEssentials server. This module can force players to register on the server, login, and be unable to do ANYTHING until they do so. This module was designed with the fact that the Minecraft Authorization Services go offline quite often, and thus we have included a feature where the module can detect such a disturbance, and automatically switch the server to offline mode until the servers come back on.

Configuration

The configuration file can be found in ./ForgeEssentials/AuthLogin/config.cfg

When this Module is enabled...

  • Anyone logging into the server that has not registered will be forced to register.
  • Anyone logging into the server that has registered will be forced to login.
  • Anyone who has not registered or not logged in will be unable to do the following...
  • --- break/place blocks
  • --- send chat messages
  • --- use commands other than /register and /login
  • --- hit mobs or other players
  • --- be hurt by anything
  • --- move
  • --- interact with mobs or blocks
  • --- use items

B:allowOfflineReg=false This configuration is geared towards server owners that usually keep their servers "Online". That means that the servers check to ensure that the players logging in have paid, and are using their Minecraft accounts. Setting this property to true will allow players to register their usernames even if the server is offline. The default false of the property makes it so that players can only register their usernames while the server is using the Minecraft Authorization Services.

B:autoEnable=true If this is set to true, then the AuthModule will check the Minecraft Authorization Service. When the authorization service goes down, the module will turn itself on and set the server to the "Offline" state. When the Authorization Services come back on, the Module will turn itself off and return the server to the "Online" state. If this property is set to false, the AuthModule will never check the status of the Minecraft Authorization Services, and never enable or disable itself automatically.

B:forceEnable=false If this property is set to true, then this module will be enabled at all times regardless of the server's "Online" or "Offline" status. If this property is set to false, the Module will only be enabled if/when the server is in "Offline" mode.

S:salt=############# This property property will automatically be set with an auto-generated salt to be used when encryption passwords. Setting this property and reloading the server will change the salt. Once the salt has been generated, it will never be auto-generated again unless this entire property line is deleted.

java >> password = sha1(rawpassword + salt);

PHP >> $password = sha1($rawPassword.$salt);

The sha1 encryption algorithm is designed to work flawlessly to imitate PHP.

Commands

Command Usage Permission Node Description
/auth help none Shows the player help for the
/auth command
/auth register [password] none Registers the player with the
supplied password
/auth login [password] none Allows the player to login if they supply
the correct password for their username
/auth changepass [oldpass] [newpass] none Allows the player to change their password
/auth setpass [player] [password] ForgeEssentials.ModuleAuth.admin Sets the named players password to the
one supplied
/auth kick [player] ForgeEssentials.ModuleAuth.admin Forces the named player to login again
/auth unregister [player] ForgeEssentials.ModuleAuth.admin Forces the named player to register again

Other Info

The following improvements are planned for the Auth module.. Mind you these are my dream improvements

  • password complexity nforcement
  • variable encryption, not just SHA1
  • per-player generated salts
  • failed login punishments
  • AuthModule bans
  • Web request authentication
  • configurable login and register commands. (force an email anyone?)