Does Minecraft already do this? If it doesn't, would this work? 1. Check if the username is premium If it is, continue. If it is not, let them in. 2. Check the UUID of the user joining If it matches the UUID of the actual account, let them in. If it does not, kick them Or can the UUID be faked?
1. Unless your server is set to offline mode then no. 2. If using bungeecord, there is a small chance of that happening if you didn't set up the software properly.
I am trying to make this work for a cracked bungee network. I can set up the bungee so you can't join servers without going through it. Would the process I suggested in my original post work though?
Pretty sure it doesn't say "no support for offline mode" anywhere. He wants to do this, let him. He's obviously well aware of the risks as this thread wouldn't exist if not. No need to be an asshole about it if you don't agree with cracked. Keep that opinion to yourself as its unneeded and honestly doesn't help him solve the issue behind the thread.
Just fetch their UUID using the username. If it can be found, follow premium authentication. Otherwise, let them bypass it and use your own auth. (note, on Bukkit/Spigot without BungeeCord you need to set online-mode to true, otherwise premium auth will not at all)
UUIDs in offline mode are name-based (UUID variant 3) for every user who logs in. If you want premium authentication, please just use it.
This UUID variant would be different from the one the Mojang API uses, right? e.g. http://api.mojang.com/users/profiles/minecraft/0RW0 would be different from a cracked user with the name 0RW0
