Todo for 2.0.1 (Big update, comment features requests & issues!!!) about piggyauth HOT 57 CLOSED

@MCPEPIG WE WANT MORE BACON

from piggyauth.

Serverauth to piggyauth importer! :)

from piggyauth.

@Aericio Okay, added to to-do list.

from piggyauth.

causes chat to lag when used on TesserREKT.

from piggyauth.

i think this shouldnt be tied into a auth plugin

from piggyauth.

Block people from registering/logging in with explicit names.

from piggyauth.

Only show "There has been (X) attempts to login into your account" if someone has tried to login so it doesn't always show on login.

from piggyauth.

Added to to-do list.

from piggyauth.

Allow option to disable pin for certain players. For example, if owner's pin is found out, there goes your whole server. Don't got a backup? Your dead.

from piggyauth.

SimpleAuthTransfer to PiggyAuth? Would be possible?

from piggyauth.

I think converting isnt needed as password_verify also does SHA256 and thats what simpleauth uses.

from piggyauth.

@aerico Added.

from piggyauth.

Will work on this later.

from piggyauth.

Update to the latest version to stop the errors!

from piggyauth.

Update to the latest version. Fixes a very bad issue & also fixes incompatibility issues for Genisys users.

from piggyauth.

Hi, I expect MD5 support.

from piggyauth.

@Harviy MD5 is bad.

from piggyauth.

Check if the user's password is the same as the username.

from piggyauth.

bug

when I died the food not from

from piggyauth.

When you die, your food doesn't go back?

from piggyauth.

@Aericio
Yes
Another bug What I noticed and that if the player enters, does not find anything in the inventory

from piggyauth.

That's not a bug, it's an option which hides inventory til logged in. You can turn it off in config.

from piggyauth.

Fixed the problem with hunger.

from piggyauth.

@aerico Done.

from piggyauth.

Make an option to force certain people to login with Xbox. Extra security for server owners or OPs

from piggyauth.

proposal: regex blocking for name and password
proposal: more then steve bypass, allows owner to configure accounts to be bypassed
proposal: a more hierarchy config like https://github.com/PEMapModder/HereAuth/blob/master/resources/config.yml allows user to easily navigate

from piggyauth.

1 & 2 I will do, 3 I might add in the next update.

from piggyauth.

after looking through source code i suggest

https://github.com/MCPEPIG/PiggyAuth/blob/master/src/PiggyAuth/Databases/MySQL.php#L42
changing return to PlayerDataObject instate of using arrays, it helps other developers reading the source code

https://github.com/MCPEPIG/PiggyAuth/blob/master/src/PiggyAuth/Main.php#L407
adding a hashing cost config (there a hash cost option http://php.net/manual/en/function.password-hash.php)

I have seen the whole email failing thing i suggest a mailer support, like using MailGun, local mail(), or a relay mail web sever (like how it is currently)
for now at least add a config for mailserver URL allowing owner to host their own if they wish so
adding a optional &key=secretpassword allows owner to keep that for their own use if they desire so

also i think you should make use of the projects feature

from piggyauth.

I never understand the concept of a owner key what is it for?
to allow owner to forcelogin to any players without password?

from piggyauth.

Planned release for 2.0.1 will be mid-April
Moved importing databases to next update.

from piggyauth.

ay, heres ye boi with the latest bugs that i found. good luck, oink! 🐷🐷🐷

• If wrong password is given for /changepassword, it says Incorrect password. {tries} left.
  

• If wrong password is given for /unregister, it says Incorrect password. {tries} left.
  

• /changepassword (and other aliases) does not change your password.
  Proven by using /changepassword pass1 pass2, then /changepassword pass2 pass1 and shows Incorrect password. {tries} left.
  Also tried re-logging and using pass2 as password, showed Incorrect password. 3 left.

• /sendpin says Email could not send, when in fact it did send. Mailgun log below.
  

• /changeemail doesn't change your email. Checked mysql table, and it didn't change to what I set it to.
  Error:

Notice: Undefined index: ip in phar:///home/gmplus/Server/plugins/PiggyAuth.phar/src/PiggyAuth/Databases/MySQL.php on line 98

• /forgotpassword (pin) (newpass) does not change your password. During testing, my pin was set to 1234 and password was pass1. When I tried the new password (which would be pass1), it says Incorrect password. 3 left. Also, it said it changed my pin and gave me a new one, but the pin 1234 still worked and the new pin it gave me did not work.

Error:

Notice: Undefined variable: password in phar:///home/gmplus/Server/plugins/PiggyAuth.phar/src/PiggyAuth/Main.php on line 571

Notice: Undefined variable: password in phar:///home/gmplus/Server/plugins/PiggyAuth.phar/src/PiggyAuth/Main.php on line 576

Notice: Undefined variable: password in phar:///home/gmplus/Server/plugins/PiggyAuth.phar/src/PiggyAuth/Main.php on line 576

Notice: Undefined index: ip in phar:///home/gmplus/Server/plugins/PiggyAuth.phar/src/PiggyAuth/Databases/MySQL.php on line 98

from piggyauth.

Should be all fixed.

from piggyauth.

/changemail doesn't get errors now, but it still doesn't change.

from piggyauth.

Run this: "ALTER TABLE players ADD COLUMN ip VARCHAR(32)"

from piggyauth.

Save data in player.dat

What does that means? i dont think injecting hashing data into player.dat is a good idea, at least a toggle option would be prefered

also you should create a usage wiki this plugin is getting quite big with a lot of features and so on

from piggyauth.

Save hashed passwords & stuff

from piggyauth.

I've added a MailGun & database page. What else? Also, you can contribute to it.

from piggyauth.

I made the wiki sexier :3

from piggyauth.

FEATURE REQUEST: If someone LOGS IN to someone's account from a new ip address, send an email to tell them that someone has logged in, not ATTEMPTED (unless you want it like that too, but this is kinda like what most people do, ex: twitter)

from piggyauth.

as for saving hashes into player.dat, i still fail to see why that would been better?

maybe we are getting too ahead of our self but, option to toggle email and toggle per notification settings

from piggyauth.

I'll add a toggle for email later. And notifications as in emails?

from piggyauth.

i also tried to implement regex support which ended up with a flop on unexpected logic error(which i intended it to be regex white list 🤦)
main question is accidentally reformatted the whole code to my own code style (derp)
https://github.com/Thunder33345/PiggyAuth/commit/f0c35ec288f1771677c14ca2afee55d71946662c
do i need to redone or your ide is capable to reformatting it back into your code style when we merge, or github will sort it for us?

from piggyauth.

Reformat

from piggyauth.

Add something like if player is not registered or logged in, it gets random username, for example Player1, Player2, etc. and it can do everything like normal player but it will not can execute commands? I hope I was clear enough. (Like on LBSG.)

from piggyauth.

Thanks Aericio.

from piggyauth.

On pmmp (PocketMine-MP) too.

from piggyauth.

Temporarily fixed. Need a way to add back password checking for messages without lag.

from piggyauth.

:/

from piggyauth.

Because pmmp has no core feature for banning CIDs (and Genisys is discontinued) maybe this could be a new feature of PiggyAuth. By the way I don't know whether somebody already did a request for that at pmmp.

from piggyauth.

what feature?

from piggyauth.

Banning ClientIDs

from piggyauth.

Why exactly would an auth plugin need a banning system though..?

from piggyauth.

Other plugins have been made to ban CIDs, you could use those instead.

from piggyauth.

Well I don't like too many plugins with dozens of listeners and thought an auth plugin would be a good place for this little feature.
But never mind, I also understand your opinion. I guess most advanced server owners do already have an extra plugin for banning.

from piggyauth.

mostly we need separations to keep our plugin doing only what we are doing
also dozens of plugins dosent impact anything if these dozens of plugin does nothing
it depends on what kind of plugin and what it does that's the factor that how much performance it impacts

from piggyauth.

if the plugin cannot connect to mysql server, turn on whitelist.

from piggyauth.

It has been decided that we should move on to 3.0.0. The current features that haven't been done will be moved to 3.0.0 todo. 3.0.0 will be a big rewrite.

from piggyauth.