Skip to content

Latest commit

 

History

History
92 lines (82 loc) · 3.9 KB

README.md

File metadata and controls

92 lines (82 loc) · 3.9 KB

HereAuth Build Status

Join the chat at https://gitter.im/PEMapModder/HereAuth

Your auth plugin is here, for you. The PocketMine auth plugin with the most customization ever.

Phar download

Latest Dev build number

228

Latest Beta build number

227

Latest RC build number

nil

License

Copyright (C) 2016 PEMapModder
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Project history:

  • First byte written: Jan 14 2016
  • First beta released: Jan 21 2016

Features

  • Authentication by typing password into chat
    • sorry, no alternative, but there is an option to disallow passwords starting with slashes
  • Blocks player from talking password into chat directly
    • disable this in config
  • Players can choose not to register (but using the /register command to start registering)
    • enable this in config
  • Advanced session control system over PocketMine's default one
    • PocketMine by default kicks the old player if a player joins with the same name as an online player.
    • HereAuth checks if the players have the same client secret (and IP address too, optional in config). If they do, that means it is from the same genuine player, so kick the old player. If they aren't, this most likely means that the new player is trying to get the old player kicked.
  • Multiple database types supported
    • MySQL
    • filesystem (zlib-encoded JSON + SQLite3)
    • External database through other plugins
  • Count-limit or rate-limit accounts per IP (account-throttle)
  • Time-based and attempts-based brute-force protection
  • Customized automatic authentication methods
    • By "customized", I mean to customize per player! This basically refers to /opt
  • Customized multi-factor authentication methods
  • Customized data masking when player is not authenticated
    • Don't let impostors see what is in your inventory!
    • Don't let impostors see where you are!
    • Don't let impostors see what chat messages are sent to you!
  • Account management commands
    • /chpw: change password
    • /unreg: unregister account
    • /opt: change account options (things in config.yml:DefaultSettings)
    • /lock: temporarily logout (deauthenticate) without entirely leaving the server
    • /rename: rename account
  • Server-customized events to block when not authenticated
    • Only blocks events that you want to block!
  • Enforced password control
    • Maybe we are being nanny, but we should disallow players to have weak passwords!
  • Require custom extra information from players
  • Server-customized messages
  • Extensive audit logging
  • Database importing
    • AccountReader
      • SimpleAuth
        • YAML
        • SQLite3
        • MySQL
      • ServerAuth
        • ServerAuth hash algorithm detection
        • YAML
        • MySQL
    • AccountWriter
      • JSON
      • MySQL
  • An extensive API (W.I.P.)

Entry script

Open this phar directly with PHP binaries to automatically extract the config files.

Code Statistics

  • 71 PHP source files
  • 5304 lines of PHP code
    • minus 1065 lines of license header
    • Total: 4239