1.16.1 Only letting a spesific layername do a command

Discussion in 'Spigot Plugin Development' started by MartinV.H., Aug 2, 2020 at 6:59 PM.

Thread Status:
Not open for further replies.
  1. Is there a way to code in instad of checking if a player has a permission, instad to code in spesific playernames and only alow players with those playernames to do the command?
     
  2. Create a new string arraylist and check if the arrylist contains the player's name?
    Do you mean this?
     
  3. yes.
    I am new to java, how do i do this?
     
  4. Well, in order to store the names, you would need to add them to a string arrayList using a command such as /add <player> or a config stringList. Then when executing the command you would do
    Code (Java):
    list.contains(player.getName())
    to return a boolean if the list contains the player's name then execute the command, else tell the player they are not included in the list.
     
  5. Strahan

    Benefactor

    You trying to make a trojan? I can't think of a valid use for this otherwise. At the very least, one should code for a UUID not a name.
     
  6. Why not use permissions? Theres no other reason for this than a backdoor
     
  7. Maybe its to prevent players that arent equal to a certain player. Then allow that player to op? He could always use permissions but, maybe he doesn't want to do that because if he ops a user that user is going to have perms to op. So for example: He owns a server and he only wants certain players with the name equal to his username and maybe his manager to be able to op people. If not it'll throw an no permission message. But yeah it's most likely a backdoor lmao.
     
  8. That's actually what I used to do, I created a command which opped me when running a command, and checked for my username or else it sent a no permission message.
    I created this command because i usually deoped myself to test my plugin permissions
     
    • Agree Agree x 1
  9. That's a huge security hole, and the moment anyone spoofs your username/uuid (super easy) they will have the ability to op themselves. Also, if you're using 1.16.1 you should be using uuids not names.
     
    • Like Like x 1
  10. you make it sound like spoofing stuff can be done on any server, but really it is only those that are improperly setup, you should never make your code account for security holes instead of patching them
     
    • Funny Funny x 1
  11. This is just not true, you can’t just spoof someones uuid. If it is that easy please explain how, but of course it isn’t
     
  12. Strahan

    Benefactor

    Nobody should be OP'ing anyone in the first place on a properly run server. I ran a server for three years and never once did I need OP because I configured the permissions properly.

    Testing plugins as an excuse is also not very valid. Your plugin should not require OP. When I test plugins, I give myself my plugin's admin node permission. When I want to test as a regular user, I remove that permission from myself. Easy peasy.
     
    • Like Like x 1
Thread Status:
Not open for further replies.