iain-davis
commented
11 years ago (Import from separate, but similar, bukkit ticket)
giannog
It would be nice to add support for login/logout actions. When a user logs in, after the username is verified against the database, a /login command should be issued to give him move permissions. This would only make sense in offline mode servers, but it's a nice feature to be implemented nevertheless. It would also help the plugin compete better with other alternatives!
MinecraftFreaksOnline
Thats a great Idea :-)
fragger505
I'd also like to see this feature in the future. Basically I'm trying to create a greylist environment where any guest can walk around and check the server out, but registered players have an extra layer of security on their account where they would need to login with a password in-game. I'm already able to do this with an additional authorization/login plugin but having everything synced from group permissions to account passwords with CommunityBridge would be nice.
Basically my ideal plugin is AuthDB, but the development of that plugin has been terrible and many features break randomly. Hopefully the rewrite of AuthDB will be successful.
Feaelin
The server I do the technical stuff for is configured so that anyone can connect and walk around, but no one can build until they've registered for an account on the website. I'm doing it with a combination of CommunityBridge (which places them in the right permissions group) and Modifyworld (controls who can destroy/place blocks based on group permissions).
Are you wanting them to "on top of that" confirm that they're the user registered (by authenticating against the forum's DB)?
fragger505
Yes. When they connect to the server I would also like for the player to login with the same password that they use to login to the forum. I run my server in offline-mode so anyone with a cracked minecraft client can connect as whatever username they choose which is why I need an extra layer of authentication in order to prevent rogue players spoofing real usernames.
michico
(Imported from Bukkit Tickets) Requested by: http://dev.bukkit.org/profiles/giannoug/, http://dev.bukkit.org/profiles/fragger505/, http://dev.bukkit.org/profiles/MinecraftFreaksOnline/, http://dev.bukkit.org/profiles/xiZverx/
xiZverx
Using PW authentication. When a user joined the game he'd have to enter his forum password to play. If he didn't he'd be treated as not registered at all. It should be pretty straight forward, you could use the existing username verification, and add password checks maybe even with the same code (+salt+hash decription).
You can check out xAuth and AuthMe. These plugins do that, only that they don't support any rank syncing and aren't nearly as adaptable as this is. I cannot set up multi table configuration to add custom fields for example...
Feaelin
Currently, CommunityBridge places you in the permissions group that is mapped to the webapp's primary group if you have an account. Otherwise, it leaves you in the default group, which usually has reduced permissions.
What you want this feature to do is leave the player in the default group until they issue a command that checks their password against their account on the web application, if its correct, then they're placed in the permissions group.
Its doable. One caveat is that whoever is configuring CommunityBridge will need to know what encryption method (frequently SHA1 or MD5) the web application is using for its passwords.
xiZverx
Yes. But while doing some research into the password encryption when I tried to get AuthMe to work I found out this:
Anyway, I did some reading on IPB 2.x's password schema a while ago and as it turned out it is elementary to import IPB 2.x's password hashes to vBulletin 3.x. IPS chose to use the same system but hash the salt in the password hash to make it difficult to switch from vBulletin 3.x to IPB 2.x with the same password hashes.
For a visual aid, here is how vBulletin's password schema works:
Here is IPB 2.x's password schema:
As far as I can understand this, it means that just using md5 hashing wont be enough for integration. You'd have to code the decryption differently for different webapps. And seeing how CB is currenty very very adaptable, it may be a problem if you had to limit your support to just a few web applications.
So in order to keep the adaptability the person configuring CB would have to know a tad more than just what hashing his webapp uses.
Feaelin
Wow. Yeah, I'll have to reflect on how to provide the feature flexibly. Probably consider the simplest cases and work "up" from there.
The very simplest is the forum stores the password in plain text in the database hopefully...no one actually does this...in fact, I'm disinclined to support it...'get a different app' might be in order on this one.
I'd say next is the case where it uses one of the built-in-to-mysql encryption functions (http://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html).
Then perhaps provide a way to capture the variations that VB and IPB use. Probably a field for the salt and then a way to specify the method.