Updated for 1.5, added automatic IP block on lots of tries, added pop…

…up message for authentication status

README.md

@@ -34,7 +34,8 @@ You can modify the _SimpleAuth/config.yml_ file on the _plugins_ directory once
 | timeout | integer | 60 | Unauthenticated players will be kicked after this period of time. Set it to 0 to disable. (TODO) |
 | forceSingleSession | boolean | true | New players won't kick an authenticated player if using the same name. |
 | minPasswordLength | integer | 6 | Minimum length of the register password. |
-| authenticateByLastIP | boolean | false | Enables authentication by last IP. |
+| blockAfterFail | integer | 6 | Block clients after several failed attempts |
+| authenticateByLastUniqueId | boolean | false | Enables authentication by last unique id. |
 | dataProvider | string | yaml | Selects the provider to get the data from (yaml, sqlite3, mysql, none) |
 | dataProviderSettings | array | Sets the settings for the chosen dataProvider |
 | disableRegister | boolean | false | Will set all the permissions for simleauth.command.register to false |
@@ -46,7 +47,7 @@ You can modify the _SimpleAuth/config.yml_ file on the _plugins_ directory once
 | :---: | :---: | :--- |
 | simpleauth.chat | false | Allows using the chat while not being authenticated |
 | simpleauth.move | false | Allows moving while not being authenticated |
-| simpleauth.lastip | notop | Allows authenticating using the lastIP when enabled in the config |
+| simpleauth.lastip | true | Allows authenticating using the lastIP when enabled in the config |
 | simpleauth.command.register | true | Allows registering an account |
 | simpleauth.command.login | true | Allows logging into an account |
 

plugin.yml

@@ -1,7 +1,7 @@
 name: SimpleAuth
 main: SimpleAuth\SimpleAuth
 version: 1.7.0
-api: 1.8.0
+api: 1.12.0
 load: STARTUP
 author: PocketMine Team
 authors: [shoghicp]
@@ -28,9 +28,9 @@ permissions:
    simpleauth.move:
     description: "Allows moving while not being authenticated"
     default: false
-   simpleauth.lastip:
-    description: "Allows authenticating using the lastIP when enabled in the config"
-    default: notop
+   simpleauth.lastid:
+    description: "Allows authenticating using the last id when enabled in the config"
+    default: true
    simpleauth.command:
     description: "Allows using SimpleAuth commands"
     default: true

resources/config.yml

@@ -20,8 +20,11 @@ forceSingleSession: true
 #Sets the minimum amount of characters to be used when registering a new account
 minPasswordLength: 6
 
-#If enabled, accounts that are using the same IP when logging in again will be automatically authenticated
-authenticateByLastIP: false
+#Will block user after this number of failed attempts. Set to 0 to disable
+blockAfterFail: 6
+
+#If enabled, accounts that are using the same unique id (ip + clientId + name) when logging in again will be automatically authenticated
+authenticateByLastUniqueId: false
 
 #If enabled, will set all the permissions for simleauth.command.register to false
 disableRegister: false

resources/messages.yml

@@ -1,9 +1,11 @@
 # SimpleAuth 1.4.0 language file
 
 join:
- message: "This server uses SimpleAuth.\nYou must authenticate to play."
- register: "You are not registered.\nPlease register using: /register <password>"
+ message1: "This server requires account registration."
+ message2: "You must authenticate to play."
+ register: "Please register using: /register <password>"
  login: "Please log in using: /login <password>"
+ popup: "You are not logged in"
 
 register:
  usage: "/register <password>"
@@ -21,4 +23,5 @@ login:
  success: "You have been authenticated."
  error:
   password: "Incorrect password!"
-  registered: "This account is not registered."
+  registered: "This account is not registered."
+  block: "Too many tries!"

src/SimpleAuth/EventListener.php

@@ -48,9 +48,9 @@ public function __construct(SimpleAuth $plugin){
 	 * @priority LOWEST
 	 */
 	public function onPlayerJoin(PlayerJoinEvent $event){
-		if($this->plugin->getConfig()->get("authenticateByLastIP") === true and $event->getPlayer()->hasPermission("simpleauth.lastip")){
+		if($this->plugin->getConfig()->get("authenticateByLastId") === true and $event->getPlayer()->hasPermission("simpleauth.lastid")){
 			$config = $this->plugin->getDataProvider()->getPlayer($event->getPlayer());
-			if($config !== null and $config["lastip"] === $event->getPlayer()->getAddress()){
+			if($config !== null and $config["lastip"] === $event->getPlayer()->getUniqueId()){
 				$this->plugin->authenticatePlayer($event->getPlayer());
 				return;
 			}

src/SimpleAuth/SimpleAuth.php

@@ -36,6 +36,7 @@
 use SimpleAuth\provider\MySQLDataProvider;
 use SimpleAuth\provider\SQLite3DataProvider;
 use SimpleAuth\provider\YAMLDataProvider;
+use SimpleAuth\task\ShowMessageTask;
 
 class SimpleAuth extends PluginBase{
 
@@ -48,9 +49,14 @@ class SimpleAuth extends PluginBase{
 	/** @var DataProvider */
 	protected $provider;
 
+	protected $blockPlayers = 6;
+	protected $blockSessions = [];
+
 	/** @var string[] */
 	protected $messages = [];
 
+	protected $messageTask = null;
+
 	/**
 	 * @api
 	 *
@@ -95,9 +101,13 @@ public function authenticatePlayer(Player $player){
 			$player->removeAttachment($attachment);
 			unset($this->needAuth[spl_object_hash($player)]);
 		}
-		$this->provider->updatePlayer($player, $player->getAddress(), time());
+		$this->provider->updatePlayer($player, $player->getUniqueId(), time());
 		$player->sendMessage(TextFormat::GREEN . $this->getMessage("login.success"));
 
+		$this->getMessageTask()->removePlayer($player);
+
+		unset($this->blockSessions[$player->getAddress() . ":" . strtolower($player->getName())]);
+
 		return true;
 	}
 
@@ -124,9 +134,32 @@ public function deauthenticatePlayer(Player $player){
 
 		$this->sendAuthenticateMessage($player);
 
+		$this->getMessageTask()->addPlayer($player);
+
 		return true;
 	}
 
+	public function tryAuthenticatePlayer(Player $player){
+		if($this->isPlayerAuthenticated($player)){
+			return;
+		}
+
+		if(count($this->blockSessions) > 2048){
+			$this->blockSessions = [];
+		}
+
+		if(!isset($this->blockSessions[$player->getAddress()])){
+			$this->blockSessions[$player->getAddress() . ":" . strtolower($player->getName())] = 1;
+		}else{
+			$this->blockSessions[$player->getAddress() . ":" . strtolower($player->getName())]++;
+		}
+
+		if($this->blockSessions[$player->getAddress() . ":" . strtolower($player->getName())] > $this->blockPlayers){
+			$player->kick($this->getMessage("login.error.block"), true);
+			$this->getServer()->getNetwork()->blockAddress($player->getAddress(), 600);
+		}
+	}
+
 	/**
 	 * @api
 	 *
@@ -188,15 +221,17 @@ public function getDataProvider(){
 
 	public function closePlayer(Player $player){
 		unset($this->needAuth[spl_object_hash($player)]);
+		$this->getMessageTask()->removePlayer($player);
 	}
 
 	public function sendAuthenticateMessage(Player $player){
 		$config = $this->provider->getPlayer($player);
-		$player->sendMessage($this->getMessage("join.message"));
+		$player->sendMessage(TextFormat::ITALIC . TextFormat::GRAY . $this->getMessage("join.message1"));
+		$player->sendMessage(TextFormat::ITALIC . TextFormat::GRAY . $this->getMessage("join.message2"));
 		if($config === null){
-			$player->sendMessage($this->getMessage("join.register"));
+			$player->sendMessage(TextFormat::YELLOW . $this->getMessage("join.register"));
 		}else{
-			$player->sendMessage($this->getMessage("join.login"));
+			$player->sendMessage(TextFormat::YELLOW . $this->getMessage("join.login"));
 		}
 	}
 
@@ -220,6 +255,7 @@ public function onCommand(CommandSender $sender, Command $command, $label, array
 					if(hash_equals($data["hash"], $this->hash(strtolower($sender->getName()), $password)) and $this->authenticatePlayer($sender)){
 						return true;
 					}else{
+						$this->tryAuthenticatePlayer($sender);
 						$sender->sendMessage(TextFormat::RED . $this->getMessage("login.error.password"));
 
 						return true;
@@ -300,6 +336,8 @@ public function onEnable(){
 		$loginCommand->setDescription($this->getMessage("login.description"));
 		$loginCommand->setPermissionMessage($this->getMessage("login.permission"));
 
+		$this->blockPlayers = (int) $this->getConfig()->get("blockAfterFail", 6);
+
 		$provider = $this->getConfig()->get("dataProvider");
 		unset($this->provider);
 		switch(strtolower($provider)){
@@ -338,6 +376,8 @@ public function onEnable(){
 	public function onDisable(){
 		$this->getServer()->getPluginManager();
 		$this->provider->close();
+		$this->messageTask = null;
+		$this->blockSessions = [];
 	}
 
 	public static function orderPermissionsCallback($perm1, $perm2){
@@ -377,7 +417,7 @@ protected function removePermissions(PermissionAttachment $attachment){
 
 		unset($permissions["simpleauth.chat"]);
 		unset($permissions["simpleauth.move"]);
-		unset($permissions["simpleauth.lastip"]);
+		unset($permissions["simpleauth.lastid"]);
 
 		//Do this because of permission manager plugins
 		if($this->getConfig()->get("disableRegister") === true){
@@ -411,4 +451,16 @@ protected function removePermissions(PermissionAttachment $attachment){
 	private function hash($salt, $password){
 		return bin2hex(hash("sha512", $password . $salt, true) ^ hash("whirlpool", $salt . $password, true));
 	}
+
+	/**
+	 * @return ShowMessageTask
+	 */
+	protected function getMessageTask(){
+		if($this->messageTask === null){
+			$this->messageTask = new ShowMessageTask($this);
+			$this->getServer()->getScheduler()->scheduleRepeatingTask($this->messageTask, 10);
+		}
+
+		return $this->messageTask;
+	}
 }

src/SimpleAuth/provider/DataProvider.php

@@ -58,10 +58,10 @@ public function savePlayer(IPlayer $player, array $config);
 
 	/**
 	 * @param IPlayer $player
-	 * @param string  $lastIP
+	 * @param string  $lastId
 	 * @param int     $loginDate
 	 */
-	public function updatePlayer(IPlayer $player, $lastIP = null, $loginDate = null);
+	public function updatePlayer(IPlayer $player, $lastId = null, $loginDate = null);
 
 	public function close();
 }

src/SimpleAuth/task/ShowMessageTask.php

@@ -0,0 +1,60 @@
+<?php
+
+/*
+ * SimpleAuth plugin for PocketMine-MP
+ * Copyright (C) 2014 PocketMine Team <https://github.com/PocketMine/SimpleAuth>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+*/
+
+namespace SimpleAuth\task;
+
+use pocketmine\Player;
+use pocketmine\scheduler\PluginTask;
+use pocketmine\utils\TextFormat;
+use SimpleAuth\SimpleAuth;
+
+class ShowMessageTask extends PluginTask{
+
+	/** @var Player[] */
+	private $playerList = [];
+
+	public function __construct(SimpleAuth $plugin){
+		parent::__construct($plugin);
+	}
+
+	/**
+	 * @return SimpleAuth
+	 */
+	public function getPlugin(){
+		return $this->owner;
+	}
+
+	public function addPlayer(Player $player){
+		$this->playerList[$player->getUniqueId()] = $player;
+	}
+
+	public function removePlayer(Player $player){
+		unset($this->playerList[$player->getUniqueId()]);
+	}
+
+	public function onRun($currentTick){
+		$plugin = $this->getPlugin();
+		if($plugin->isDisabled()){
+			return;
+		}
+
+		foreach($this->playerList as $player){
+			$player->sendPopup(TextFormat::ITALIC . TextFormat::GRAY . $this->getPlugin()->getMessage("join.popup"));
+		}
+	}
+
+}