I guess it is outdated. But i tried the 1.7 SimpleAuth to protect a new server. The plugin does work in a way. But if i try to register a new user it tells me, i got no permission to do so. Any hint? Or do i just have to wait due to all of the server changes?
Try using a permissions plugin. https://forums.pocketmine.net/plugins/pureperms.862/ will work for now. Make sure to bump the API and other paraphernalia
To explain better: First, I don't recommend using SimpleAuth anyways, ServerAuth has more features, is more secure... But everyone has his/her opinion so, I'll explain you a few steps/fixes: Make sure to bumb the API to 2.1.0 (using http://pmt.mcpe.me/api2 for example) Install a permission manager and give players the needed permissions (explained in the SimpleAuth Docs I think) Also, I think since 0.16.0 there is a bug with commands (isn't it @archie426?) so players have to do ./ instead of /, that's why I recommend using SimpleAuthHelper for that. Correct me if I was wrong somewhere...
@HimbeersaftLP is right, if you do choose to use SimpleAuth I'd recommend SimpleAuthHelper as well. It adds some little extras like allowing people to type the password in chat directly.
Greetings, Like everyone has said, SimpleAuth is eh, ServerAuth is more up-to-date and actually WORKS. Anyways, you are/were using SimpleAuth; add a permission manager plugin and add these permission-nodes: to register: simpleauth.command.register to login: simpleauth.command.login
So many helpful people here I tried to switch to ServerAuth which i found here https://github.com/EvolSoft/ServerAuth. Before i installed PurePerms trying to get SimpleAuth to work. But i did not succeed as added permissions just got ignored. Ok, now i got a ServerAuth 2.13 plugin and this one tells me at the start up it can't be loaded due to a wrong API version. I see, got something to learn here
Unsalted SHA256 can cracked by someone with just a single computer with a good graphics card. The hashing is just some wrapping to make it look nice at this point. Oh, and this.
XOR hashing SHA256 and Whirlpool won't save you from the fact that you're using an easily-guessed salt. I'm appalled that nobody gets password hashing right when PHP 7 provides a perfectly usable suite of functions precisely for this purpose.
Hey, HereAuth works by just dropping it into the plugins folder. fine Does it have any server commands? The wiki did not tell too much about the plugin.
Yes, they are actually in the readme of the repo. Note that these commands are not guaranteed to work well when ForceRegister in the config is enabled. But the essence of HereAuth is in the config file, not in the commands!
I got it working and translated some of the messages to german. As the kids who will use this server do not really understand English
Thank you. Now I don't know what I'm trying to mess up with :/ https://github.com/PEMapModder/HereAuth/commit/d1a1847bbe7b346d1f033a71eceb68c8d42d1698 HereAuth is too complicated when you have to handle renaming accounts, multiple database providers, imported databases' hashes and changing passwords in order to change the hash algorithm. The irony was... HereAuth claimed that it is simple to add new hash algorithms for It, but when you change the core default hash algorithm... All the features and abstractions come out to haunt you together.
Lot's of nice alternatives but they all share one problem. They're all fairly simple and rely on the Minecraft server to handle the authentication. For most people this will be just okay. I've created a authentication server that can be self-hosted, aimed at replacing the centralised LeetAuth system for third-party users. I've quit leet a long time ago and I rarely speak out against them, but the LeetAuth backend (which I had no part in) is severely lacking and limits the client plugin as well. There will be a authentication plugin that talks to the authentication server that you need to host yourself (this means you can create your own centralised login solution easily). But since the main point of the project is the server itself, any plugin can talk to it and the more that does, the more portable your data is and there will be no loss of data switching from one authentication client to another. The release date is TBA as I have quite a lot on my plate right now and it is in need of a lot of finishing touches before I will consider releasing it to the public. Again this only targets power users, but I assume a lot of the people reading on this forum will be power users. Edit: I need to address that this means that the authentication server itself can have a lot of the functionality without having to stress the Minecraft server threads, nor does it care if the plugin actually implements those features or not as the authentication server dictates which features are enabled or not (which are configurable of course).