Todo for 2.0.1 (Big update, comment features requests & issues!!!)

[DaPigGuy]

Features/Tweaks

• [x] Checks if player trying to connect has same uuid as current player with same name
• [x] Hides items til authenticated
• [ ] Save data in player.dat
• [x] Password Filter
• [x] Capes for registered players.
• [x] VIP Slots?
• [ ] Make xbox bypass compatible with PMMP
• [ ] Allow players to give other players temp keys to login to their account that expire after certain amount of time?
• [x] Add MailGun support
• [x] More configurable
• [x] Events for developers
• [x] Progress Reports
• [x] Choose what events to block
• [x] Different join message for new players
• [x] Block join messages til logged in
• [x] Keys! 🔑
• [x] Boss bar messages
• [x] Preregister
• [x] Adventure mode til logged in
• [x] Hide players til logged in
• [x] Hide health (and stop from healing), xp (and stop from getting xp), potion effects (and stop potion effects too)
• [x] Return to spawn when logged in
• [x] Block accounts in block list from registering/logging in
• [x] Only show the attempted login if there was one.
• [x] Show different authenticated message for users logged in by uuid or xbox bypass
• [ ] Email verification
• [ ] Floating text
• [ ] Message of the day w/ command
• [ ] Account lockdown (locks account if there have been too much login attempts) until unlocked with pin.
• [x] Stop pins for certain users.
• [x] Wait til email to stop effects, event cancel, etc.
• [x] Block usernames as passwords
• [x] Async
• [x] New config
• [x] Hashing cost
• [ ] Transfer players when full
• [x] Allow bypassing login on other accounts (like steve bypass)
• [x] Unregister
• [x] Allow head movement
• [x] Email when logged in from new ip
• [x] Multi lang support

Issues

• [x] Xbox bypass not working
• [x] Blindness & invisibility are given even if disabled
• [x] Crashing for sqlite3 users
• [x] If you logout after you login, you get kicked from previous timeout task 😑
• [x] Fix error if quit before login.
• [x] Fix big problem when server is reloaded.
• [x] Fix errors caused by Slapper.
• [x] Fix error with adventure mode
• [x] Fix hunger at 0 after dying.
• [x] Fix register message not showing unless logged in by xbox live
• [x] Fix confirm password message
• [x] Email Server

[fycarman]

Serverauth to piggyauth importer! :)

[Aericio]

Block people from registering/logging in with explicit names.

[DaPigGuy]

@Aericio Okay, added to to-do list.

[Aericio]

Only show "There has been (X) attempts to login into your account" if someone has tried to login so it doesn't always show on login.

[DaPigGuy]

Added to to-do list.

[Aericio]

Allow option to disable pin for certain players. For example, if owner's pin is found out, there goes your whole server. Don't got a backup? Your dead.

[NyaomiDEV]

@MCPEPIG WE WANT MORE BACON

[Adam1609]

SimpleAuthTransfer to PiggyAuth? Would be possible?

[DaPigGuy]

I think converting isnt needed as password_verify also does SHA256 and thats what simpleauth uses.

[DaPigGuy]

@Aerico Added.

[DaPigGuy]

Will work on this later.

[DaPigGuy]

Update to the latest version to stop the errors!

[DaPigGuy]

Update to the latest version. Fixes a very bad issue & also fixes incompatibility issues for Genisys users.

[ghost]

Hi, I expect MD5 support.

[DaPigGuy]

@Harviy MD5 is bad.

[Aericio]

Check if the user's password is the same as the username.

[SuperKali]

bug

when I died the food not from

[Aericio]

When you die, your food doesn't go back?

[SuperKali]

@Aericio Yes Another bug What I noticed and that if the player enters, does not find anything in the inventory

[DaPigGuy]

That's not a bug, it's an option which hides inventory til logged in. You can turn it off in config.

[DaPigGuy]

Fixed the problem with hunger.

[DaPigGuy]

@Aerico Done.

[Aericio]

Make an option to force certain people to login with Xbox. Extra security for server owners or OPs

[Thunder33345]

proposal: regex blocking for name and password proposal: more then steve bypass, allows owner to configure accounts to be bypassed proposal: a more hierarchy config like https://github.com/PEMapModder/HereAuth/blob/master/resources/config.yml allows user to easily navigate

[DaPigGuy]

1 & 2 I will do, 3 I might add in the next update.

[Thunder33345]

after looking through source code i suggest

https://github.com/MCPEPIG/PiggyAuth/blob/master/src/PiggyAuth/Databases/MySQL.php#L42 changing return to PlayerDataObject instate of using arrays, it helps other developers reading the source code

https://github.com/MCPEPIG/PiggyAuth/blob/master/src/PiggyAuth/Main.php#L407 adding a hashing cost config (there a hash cost option http://php.net/manual/en/function.password-hash.php)

I have seen the whole email failing thing i suggest a mailer support, like using MailGun, local mail(), or a relay mail web sever (like how it is currently) for now at least add a config for mailserver URL allowing owner to host their own if they wish so adding a optional &key=secretpassword allows owner to keep that for their own use if they desire so

also i think you should make use of the projects feature

[Thunder33345]

I never understand the concept of a owner key what is it for? to allow owner to forcelogin to any players without password?

[DaPigGuy]

Planned release for 2.0.1 will be mid-April Moved importing databases to next update.

[Aericio]

ay, heres ye boi with the latest bugs that i found. good luck, oink! 🐷🐷🐷

---

• [x] If wrong password is given for /changepassword, it says Incorrect password. {tries} left.

---

• [x] If wrong password is given for /unregister, it says Incorrect password. {tries} left.

---

• [x] /changepassword (and other aliases) does not change your password. Proven by using /changepassword pass1 pass2, then /changepassword pass2 pass1 and shows Incorrect password. {tries} left. Also tried re-logging and using pass2 as password, showed Incorrect password. 3 left.

---

• [x] /sendpin says Email could not send, when in fact it did send. Mailgun log below.

---

• [x] /changeemail doesn't change your email. Checked mysql table, and it didn't change to what I set it to. Error:

  Notice: Undefined index: ip in phar:///home/gmplus/Server/plugins/PiggyAuth.phar/src/PiggyAuth/Databases/MySQL.php on line 98

---

• [x] /forgotpassword (pin) (newpass) does not change your password. During testing, my pin was set to 1234 and password was pass1. When I tried the new password (which would be pass1), it says Incorrect password. 3 left. Also, it said it changed my pin and gave me a new one, but the pin 1234 still worked and the new pin it gave me did not work.

Error:

Notice: Undefined variable: password in phar:///home/gmplus/Server/plugins/PiggyAuth.phar/src/PiggyAuth/Main.php on line 571

Notice: Undefined variable: password in phar:///home/gmplus/Server/plugins/PiggyAuth.phar/src/PiggyAuth/Main.php on line 576

Notice: Undefined variable: password in phar:///home/gmplus/Server/plugins/PiggyAuth.phar/src/PiggyAuth/Main.php on line 576

Notice: Undefined index: ip in phar:///home/gmplus/Server/plugins/PiggyAuth.phar/src/PiggyAuth/Databases/MySQL.php on line 98

[DaPigGuy]

Should be all fixed.

[Aericio]

/changemail doesn't get errors now, but it still doesn't change.

[DaPigGuy]

Run this: "ALTER TABLE players ADD COLUMN ip VARCHAR(32)"

[Thunder33345]

Save data in player.dat

What does that means? i dont think injecting hashing data into player.dat is a good idea, at least a toggle option would be prefered

also you should create a usage wiki this plugin is getting quite big with a lot of features and so on

[DaPigGuy]

Save hashed passwords & stuff

[DaPigGuy]

I've added a MailGun & database page. What else? Also, you can contribute to it.

[Aericio]

I made the wiki sexier :3

[Aericio]

FEATURE REQUEST: If someone LOGS IN to someone's account from a new ip address, send an email to tell them that someone has logged in, not ATTEMPTED (unless you want it like that too, but this is kinda like what most people do, ex: twitter)

[Thunder33345]

as for saving hashes into player.dat, i still fail to see why that would been better?

maybe we are getting too ahead of our self but, option to toggle email and toggle per notification settings

[DaPigGuy]

I'll add a toggle for email later. And notifications as in emails?

[Thunder33345]

i also tried to implement regex support which ended up with a flop on unexpected logic error(which i intended it to be regex white list :facepalm:) main question is accidentally reformatted the whole code to my own code style (derp) https://github.com/Thunder33345/PiggyAuth/commit/f0c35ec288f1771677c14ca2afee55d71946662c do i need to redone or your ide is capable to reformatting it back into your code style when we merge, or github will sort it for us?

[DaPigGuy]

Reformat

[ghost]

Add something like if player is not registered or logged in, it gets random username, for example Player1, Player2, etc. and it can do everything like normal player but it will not can execute commands? I hope I was clear enough. (Like on LBSG.)

[ghost]

Thanks Aericio.

[Aericio]

causes chat to lag when used on TesserREKT.

[ghost]

On pmmp (PocketMine-MP) too.

[DaPigGuy]

Temporarily fixed. Need a way to add back password checking for messages without lag.

[ghost]

:/

[SleepSpace9]

Because pmmp has no core feature for banning CIDs (and Genisys is discontinued) maybe this could be a new feature of PiggyAuth. By the way I don't know whether somebody already did a request for that at pmmp.

[Thunder33345]

what feature?

[SleepSpace9]

Banning ClientIDs