This plugin is now abandon/inactive. If you want to take over development please PM me!
Bungeelock is a simple lightweight authentication system for bungeecord. Designed for servers that are cracked or want extra security, this plugin will work with no problems.
How it works
When a player logs in, they will be moved to the "auth server". This is the server where non-logged in players are transferred, while prompting for a password/registration. Keep in mind that the non-logged in players can still interact with the world and move around, so select a server where you don't mind that happening at (such as the hub server). While being prompted, they cannot send messages and commands (even bungee commands!) or connect to other servers while not logged in.
If they are new, and just registered, they will be able to connect to other servers and send messages.
If they are returning, and just logged in, they will be automatically moved back to the server they were on.
Is it secure?
- Works on cracked and premium servers!
- Uses premium uuids, even if on a cracked server!
- Ready for 1.8!
- Customizable messages/language!
- No additional libraries required!
- MySql support and flatfile support!
- Advance configuration!
- Can require registration from a specific permission!
- Smart asynchronous threading to reduce lag!
All passwords are strongly encrypted, and hash salted.
Here is an example of an encrypted password with 6 characters.
In addition, this plugin is compatible with most other bungeecord/bukkit/spigot plugins that move players to other servers. For example, players can't use the plugin Janus to bypass the authentication system.Code (Text):1000:5b4240636363343734:e48c1f42dc407a3d36ebdd86c867477a7aafc0263debe7362388f6d282e4b1d150a531869508a1ad8dfb3eaa1a45f069a40b75854732eae42dfda31266a9849c
/login - The bungeelock login command.
/register - The command to register a player.
/changepassword - Changes the player's password.
bungeelock.login - Allows the player to login.
bungeelock.register - Allows the player to register.
bungeelock.register.force - Requires players with this node to register.
bungeelock.change - Allows players to change their password.
All you need to do is drag and drop BungeeLock to the plugins folder of bungeecord. Then open the bungeelock config file, which is at plugins/BungeeLock/config.txt, and configure to your desire.
If this is on a cracked server, set post-uuids to true.
If this is on a premium server, set post-uuids to false.
Finally save the config file and do /blreload in-game or at the console.
I run a premium server, why would I need this?
What if an account you own, or another staff member, was shared by another person. You can use this plugin to give the account extra security.
Q: Help! I run a cracked server and when a player registers, but logs back in, they need to register again!
A: You forgot to set post-uuids to true!
Q: How does the premium uuids work on cracked servers?
A: It preforms a direct connection to the official mojang servers to get the uuid, then stores it in a cache for future use.
Q: What if a player logs in with a name that doesn't have a uuid with it?
A: They are simply disconnected, and logs it in the console.
Q: When a player logs in successfully, and connects to another server, they are prompted to log in again but it says they are already logged in!
A: Remove any authentication plugin on the back-end servers.
Source code - https://github.com/johnnywoof/BungeeLock - (Under the MIT license)
Found a bug or error? PM me on the forums or make a forum post in the discussion (if it's not a security issue).
I am not responsible for any damage caused by this plugin. Please make sure your back-end servers are secured, using iptables and ip white-listing plugins, and that the bungeelock config file is configured correctly.