Closed DaPigGuy closed 7 years ago
Serverauth to piggyauth importer! :)
Block people from registering/logging in with explicit names.
@Aericio Okay, added to to-do list.
Only show "There has been (X) attempts to login into your account" if someone has tried to login so it doesn't always show on login.
Added to to-do list.
Allow option to disable pin for certain players. For example, if owner's pin is found out, there goes your whole server. Don't got a backup? Your dead.
@MCPEPIG WE WANT MORE BACON
SimpleAuthTransfer to PiggyAuth? Would be possible?
I think converting isnt needed as password_verify also does SHA256 and thats what simpleauth uses.
@Aerico Added.
Will work on this later.
Update to the latest version to stop the errors!
Update to the latest version. Fixes a very bad issue & also fixes incompatibility issues for Genisys users.
Hi, I expect MD5 support.
@Harviy MD5 is bad.
Check if the user's password is the same as the username.
bug
when I died the food not from
When you die, your food doesn't go back?
@Aericio Yes Another bug What I noticed and that if the player enters, does not find anything in the inventory
That's not a bug, it's an option which hides inventory til logged in. You can turn it off in config.
Fixed the problem with hunger.
@Aerico Done.
Make an option to force certain people to login with Xbox. Extra security for server owners or OPs
proposal: regex blocking for name and password proposal: more then steve bypass, allows owner to configure accounts to be bypassed proposal: a more hierarchy config like https://github.com/PEMapModder/HereAuth/blob/master/resources/config.yml allows user to easily navigate
1 & 2 I will do, 3 I might add in the next update.
after looking through source code i suggest
https://github.com/MCPEPIG/PiggyAuth/blob/master/src/PiggyAuth/Databases/MySQL.php#L42 changing return to PlayerDataObject instate of using arrays, it helps other developers reading the source code
https://github.com/MCPEPIG/PiggyAuth/blob/master/src/PiggyAuth/Main.php#L407 adding a hashing cost config (there a hash cost option http://php.net/manual/en/function.password-hash.php)
I have seen the whole email failing thing i suggest a mailer support, like using MailGun, local mail(), or a relay mail web sever (like how it is currently) for now at least add a config for mailserver URL allowing owner to host their own if they wish so adding a optional &key=secretpassword allows owner to keep that for their own use if they desire so
also i think you should make use of the projects feature
I never understand the concept of a owner key what is it for? to allow owner to forcelogin to any players without password?
Planned release for 2.0.1 will be mid-April Moved importing databases to next update.
ay, heres ye boi with the latest bugs that i found. good luck, oink! 🐷🐷🐷
/changepassword
, it says Incorrect password. {tries} left.
/unregister
, it says Incorrect password. {tries} left.
/changepassword
(and other aliases) does not change your password.
Proven by using /changepassword pass1 pass2
, then /changepassword pass2 pass1
and shows Incorrect password. {tries} left.
Also tried re-logging and using pass2
as password, showed Incorrect password. 3 left.
/sendpin
says Email could not send
, when in fact it did send. Mailgun log below.
/changeemail
doesn't change your email. Checked mysql table, and it didn't change to what I set it to.
Error:
Notice: Undefined index: ip in phar:///home/gmplus/Server/plugins/PiggyAuth.phar/src/PiggyAuth/Databases/MySQL.php on line 98
/forgotpassword (pin) (newpass)
does not change your password. During testing, my pin was set to 1234
and password was pass1
. When I tried the new password (which would be pass1
), it says Incorrect password. 3 left.
Also, it said it changed my pin and gave me a new one, but the pin 1234
still worked and the new pin it gave me did not work.Error:
Notice: Undefined variable: password in phar:///home/gmplus/Server/plugins/PiggyAuth.phar/src/PiggyAuth/Main.php on line 571
Notice: Undefined variable: password in phar:///home/gmplus/Server/plugins/PiggyAuth.phar/src/PiggyAuth/Main.php on line 576
Notice: Undefined variable: password in phar:///home/gmplus/Server/plugins/PiggyAuth.phar/src/PiggyAuth/Main.php on line 576
Notice: Undefined index: ip in phar:///home/gmplus/Server/plugins/PiggyAuth.phar/src/PiggyAuth/Databases/MySQL.php on line 98
Should be all fixed.
/changemail
doesn't get errors now, but it still doesn't change.
Run this: "ALTER TABLE players ADD COLUMN ip VARCHAR(32)"
Save data in player.dat
What does that means? i dont think injecting hashing data into player.dat is a good idea, at least a toggle option would be prefered
also you should create a usage wiki this plugin is getting quite big with a lot of features and so on
Save hashed passwords & stuff
I've added a MailGun & database page. What else? Also, you can contribute to it.
I made the wiki sexier :3
FEATURE REQUEST: If someone LOGS IN to someone's account from a new ip address, send an email to tell them that someone has logged in, not ATTEMPTED (unless you want it like that too, but this is kinda like what most people do, ex: twitter)
as for saving hashes into player.dat, i still fail to see why that would been better?
maybe we are getting too ahead of our self but, option to toggle email and toggle per notification settings
I'll add a toggle for email later. And notifications as in emails?
i also tried to implement regex support which ended up with a flop on unexpected logic error(which i intended it to be regex white list :facepalm:) main question is accidentally reformatted the whole code to my own code style (derp) https://github.com/Thunder33345/PiggyAuth/commit/f0c35ec288f1771677c14ca2afee55d71946662c do i need to redone or your ide is capable to reformatting it back into your code style when we merge, or github will sort it for us?
Reformat
Add something like if player is not registered or logged in, it gets random username, for example Player1, Player2, etc. and it can do everything like normal player but it will not can execute commands? I hope I was clear enough. (Like on LBSG.)
Thanks Aericio.
causes chat to lag when used on TesserREKT.
On pmmp (PocketMine-MP) too.
Temporarily fixed. Need a way to add back password checking for messages without lag.
:/
Because pmmp has no core feature for banning CIDs (and Genisys is discontinued) maybe this could be a new feature of PiggyAuth. By the way I don't know whether somebody already did a request for that at pmmp.
what feature?
Banning ClientIDs
Features/Tweaks
Issues