BungeeAuth now has its own Database importer. You may find it HERE. It currently only supports xAuth's SQL Database.
- Tested Minecraft Versions:
Please rate the plugin once you have tried it so that it can help others who haven't tried it yet.
BungeeAuth is a useful authentication plugin for Bungee servers, especially for those that operate in offline mode. BungeeAuth is similar to xAuth/AuthMe plugins of Bukkit. It uses MySQL database to store and read player login data. The players' passwords are hashed and salted before storing adding them to the database. The main advantage of this plugin is that you only need to place it in the Bungee plugins folder and you are good to go. You dont have to place a plugin in every Bukkit server (Like xAuth).
I suggest that you use a separate void bukkit server for authentication where the players are stuck in one place, unable to move. This is because, since this is a Bungee plugin, it is not able to prevent players from moving before they login.
Please report any issues with this plugin HERE
If you like my work, please consider donating, I would greatly appreciate it.
Plugins For Additional Security
I highly recommend that you use one or both of these plugins in your Bukkit/Spigot servers to protect them from being exploited.
bauth.forceregister - This permission is needed to use the /register force command.
bauth.forcelogin - This permission is needed to use the /login force command.
bauth.reset - This permission is needed for players who can use the /reset command.
/register [password] <email> - This command is used by first time players to register themselves in the server. Email is required if it is enabled in config.yml.
/register force [player] [password] <email> - This command allows you to force register a player without needing them to be online. Email is required if it is enabled in config.yml.
/login [password] - This command is used by returning users to login to the server.
/login force [player] - This commands is used to force login a player without using a password.
/changepw [old password] [new password] - This command is used by players who want to change their password. It can only be used once the player logs in.
/reset [player] - This command is used by admins who want to reset a player's password. Doing this un-registers the player and there is no way of getting his/her password back.
/logout - This command successfully logs out the player and moves them to the AuthLobby.
The config.yml for this plugin is located in its data folder, similar to bukkit plugins. It looks similar to this:
The Plugin automatically creates the MySQL Tables. You just have to input the MySQL Database Host, Login details and Database name in the config file. If you enable SQLite, the plugin creates a SQLite.db file in the config folder. You do not need to change any other database related fields in config.yml if you are using SQLite.Code (Text):# BungeeAuth Config File
Use SQLite: false
# Set this to true if you want to use a file based database (SQLite) rather than MySQL
# Please enter the Host of your MySQL database here.
# Please enter the port where your MySQL database is hosted.
# The Username which should be used to login to the MySQL database.
# The Password which should be used to login to the MySQL database. If you don't have a password, please leave two single quotation marks (') in this field.
#The name of the MySQL database where BungeeAuth's Tables shall be created.
# The name of the lobby server.
Fallback Lobby: Lobby2
# The name of the fallback lobby server in case the main lobby is down.
# The name of the lobby where players are pushed before they authenticate. leave it same as normal lobby if you don't have an auth lobby.
Fallback AuthLobby: AuthLobby2
# The name of the fallback AuthLobby server in case the main AuthLobby is down.
Ask Email: false
# Set this to True if you want the plugin to prompt users to register their email when they login to the server for the first time.
Session Length: 5
# How long (in minutes) does the user's session remains running after a player quits. This allows the user to log back in within the time frame without
# having to type their password again. If user logs in from a different IP, they will be asked to type their password again for security reasons.
Guest Session Length: 60
# How long (in seconds) the user has before they have to register or login. Set this to 0 to disable guest session time limits.
Legal Usernames Characters: "[a-zA-Z0-9_]*"
# Allowed Characters in Usernames (). Enclose in quotation marks.
Users per IP: 5
# Number of users that can register (not login) from the same IP.
Password Tries: 5
# Number of times a player can input a wrong password before getting their account locked. Set this to 0 to disable this feature.
Wrong Password Timeout: 5
# Timeout (in minutes) for players who spam commands. The timeout occurs if a player tries to use a BungeeAuth command more than 10 times. Set this to 0 to disable this feature.
Guest Server Failsafe Check: true
# A failsafe method that runs every 10 seconds to check if a guest player is in AuthLobby, and if not, moves them to AuthLobby.
#---------------------------- PHP API AREA ----------------------------#
Enable PHP API: false
# Enabling this will make the plugin listen to API requests from a port.
PHP API Port: 1395
# The port that the plugin will be listening for API requests on.
API Password: 'pZe8qNCC6s5NKvYj'
# The password required in the API requests for a response. If you don't have a password, please leave two single quotation marks (') in this field.
API Error Limit: 5
# Set the maximum number of wrong api password attempts used by a php script before it's ip gets blocked. IP will be blocked until removed from apithreats.yml
Until the player logs in, he/she wont be able to use any commands except for /register and /login. After disconnecting, depending on the Session Length set by the admin, the player will have a certain amount of time within which they can log back in to the server without having to retype their password, considering they log in from the same IP.
When the player logs in successfully, He/she will be teleported to the Lobby server (if it is different from the Authentication Lobby).
If the player spams /login multiple times (such as in a brute force attack), they are automatically muted for a certain amount of time (specified in the config.yml).
Lobby server and Auth Lobby server in the config CANNOT be the same.
Here is a tutorial on how to install and use this plugin in Spanish:
The Javadoc for BungeeAuth is available at http://api.vik1395.me/
Adding BungeeAuth as a maven dependency:
You can browse the repository at http://repo.vik1395.me/Code (Text):<repositories>
This plugin is licensed under CC Attribution-NonCommercial-ShareAlike 4.0 International. In very basic terms, Do whatever you want with the code of this plugin, as long as you give credits to the author and/or the plugin itself.
Please leave a comment or rate the plugin, and tell me what you think of it. I would really appreciate it.
To have a secure password, I suggest you follow this:
A Player Authentication plugin for Bungee Servers
- Bug Fixes, Added features and commands, API Improvements Oct 4, 2016
- Bug Fix Oct 7, 2015
- Added features (Please reset your config.yml and messages.yml) Oct 6, 2015