Closed robingall2910 closed 8 years ago
Thanks. I think it is good because it releives the hassle for people with not the best internet so they would be banned by the time they say "Verify" in the shoutbox.
Yeah, i agree with you @xDestroyer217, Someone with the FTP can just take all the admins password.
@alexfreedommod I am not sure that anyone but the special executives like mark, madgeek and darth have ftp.
I mean on another server.
Well @AlexFreedomMod I was also thinking that this is a specific to this totalfreedom server and besides on the superadmin.yml the default is mark, madgeek and Darth so they would preset it to be a password like tf123
@jjkatz613 terrible idea.
if this wants to be passed, it must tell you on login set a password, then live with your life. and it shouldnt show on here either, probs a custom pass that is a requirement on login.
The implementation here could be hard. As the passwords would need to be hidden from the logs. And the passwords couldn't be stored in plain text, so would need to be hashed really and its all just a lot of work to be honest. If it can be done well, it'd be great, but it needs to be done right, and done right the first time.
@Wild1145 Or we can just use something like Camzie's Cam-Verify, and solve the problems completely.
@TheRevalation The point is by not adding extra plugins, and adding it to TFM, thats kinda the point here..
@Wild1145 It sounds more like AuthMe Reloaded with this.
@TheRevalation Thats not actually allowed, while it would be the best solution, it is in breach of Mojangs rules as you are only allowed to enter your Mojang credentials on their own site.
@xDestroyer217 I guess it possibly is.
@Wild1145 So Camzie99 is breaking the rules?
@TheRevalation Yeah
@TheRevalation Technically yes. Its not too big of a deal, but really its not allowed, and a reason we probably wouldn't implement something like that here.
Whilst this is a rather large bump, as far as I can tell, there is nothing stating you cannot use Mojang's authentication servers, in fact, https://www.thecjgcjg.com/scripts/logviewer/ used the same kind of method as I do, if it was so bad to use them, surely they wouldn't be publicly queryable?
@CameronRedmore According to a Minecraft developer at Mojang it is against the EULA to authenticate with minecraft details. I know @thecjgcjg did it with his logviewer, however I believe it is now against the EULA and is strictly forbidden.
As far as I can see, the EULA over at https://account.mojang.com/documents/minecraft_eula contains nothing regarding using their authentication servers.
@CameronRedmore All I know is that the developers said it was illegal to do... I dont remember why or where other than they posted it on their twitter feed to warn people that is is a criminal act... You would have to take it up with Mojang as to the current legality of it.
@Wild1145 That logviewer will soon be removed, making way for something better - Im not too sure it even still works. But, none-the-less it shouldnt be there for much longer
Something similar to to this is implemented in https://github.com/TotalFreedom/TotalFreedomMod/tree/verify Thanks for the suggestion.
So you know how sometimes it is a pain to verify. Well this command would make it easier. On the server there could be a command that is like /verify [admin] [password]. You would set the password when you are supered and to set it would be /set password [password]. This makes it easier and only the admin would know of the password to log in. A side note, on the superadmin.yml it could say in it:
58a6ea8a-3ac3-4033-80e3-41bf9caa634b: last_login_name: jojok95 is_activated: true is_telnet_admin: false is_senior_admin: false console_aliases: [] verify_password: password ips:
Also when I do /verify jojok95 password, it will automatically super me. That makes it so if no telnet+ admin is on then it can super you. This whole thing would be disbaled for you when it saids in the superadmin.yml
is_activated: false
I think this would be a good and useful command for admins
Not posted by me, but @jojok95, I say this is a bad idea due to, it can show on saconfig info, and/or it can be leaked, It isnt my idea.