Hi all, Is there a PocketMine API function or a package MCPE sends to the server to get the IP address / hostname the player used to connect to the server?
Nah, it's about to get the hostname / IP of the server the player connected to, so the address the player entered into the address field of his MCPE client. Like, server1.example.com pointing to 123.123.123.123 and server2.example.com pointing to my server 123.123.123.123 And I'm trying to get this hostname, not sure if this is even possible with MCPE packets.
It's in the LoginPacket: https://github.com/pmmp/PocketMine-...network/mcpe/protocol/LoginPacket.php#L52-L53
Be aware that players can send arbitrary addresses. Even without modding, everyone who has control to an arbitrary DNS can create an arbitrary hostname that points to your IP. Beware security issues if you rely on its format.
An example attack: Plugin idea is to use domain name to check which server player wants to join. Since the player typed the IP in their client, if they wanted to join area51.myserver.com, they know that they are joining area51 of my server, and so I can hold them responsible for joining (e.g. transfer all their area50 money into area51 money, so they lose all area50 money). But actually player just joined area51.pmmp.io and got directed to your server. Your plugin only checks the first part of the domain, and unexpectedly transferred away all the player's area50 money. Another example attack: So you trust the addresses you see. If the player IP says survival server, you expect them to be joining the survival server, but you are actually using the same plugin over multiple servers and you are actually on a pvp server. Now your plugin has wrong assumptions and this bug could be exploited.