LoginSystem
Advanced & Secure Auth | Multi-DB & API
Quick challenge
How far can you run before the mobs catch you?
Minecraft check
Confirm your run
Complete the quick check to get your code.
LoginSystem
Advanced, Secure, and Fully Customizable Authentication
fully translatable structure is a modern, high-performance authentication plugin designed from the ground up to maximize your server's security. Tired of old and clunky plugins? LoginSystem will add a professional touch to your server with its fully translatable structure, fully translatable structure, and fully translatable structure.
All database operations run asynchronously, meaning your server will not experience any lag.
Wide Database Support: SQLite, H2, MySQL, MariaDB, PostgreSQL, and even MongoDB!
Top-Tier Security: SHA256 hashing by default, automatic migration from legacy algorithms (SHA1, MD5, etc.), and unsafe password prevention.
100% Translatable: All messages are managed through language files. New languages can be downloaded automatically from GitHub.
Highly Customizable: Login timeout, registration limit per IP, movement/chat/command restrictions before login, and much more.
Admin Commands: Many useful commands like force-registering players, changing passwords, unregistering accounts, and reloading the plugin.
Developer API: A powerful API that allows other plugins to integrate with LoginSystem.
Automatic Update Checker: Checks for new versions on SpigotMC (Resource ID: 74894) and notifies admins.
GUI Support: The API allows for the creation of modern Anvil GUI login screens instead of using chat.

Player Commands
/login <password> - Allows you to log in to the server.
/register <password> <confirmPassword> - Allows you to register on the server.
/changepassword <oldPassword> <newPassword> - Changes your password.
/unregister <password> - Deletes your registration from the server.
/logout - Allows you to log out securely.
/email add <email> - Adds or changes the email address for your account.
/email remove - Removes the email address from your account.
Admin Commands (/ls)
/ls help - Lists all admin commands.
/ls reload - Reloads the plugin's configuration and language files.
/ls lang <language> - Changes the plugin's language and reloads it.
/ls register <player> <password> - Forcibly registers a player.
/ls unregister <player> - Deletes a player's registration.
/ls changepass <player> <newPassword> - Changes a player's password.
/ls forcelogin <player> - Forces an online player to log in.

loginsystem.admin - Grants access to all admin commands. (Default: OP)
loginsystem.admin.help - Permission for /ls help.
loginsystem.admin.reload - Permission for /ls reload.
loginsystem.admin.lang - Permission for /ls lang.
loginsystem.admin.register - Permission for /ls register.
loginsystem.admin.unregister - Permission for /ls unregister.
loginsystem.admin.changepass - Permission for /ls changepass.
loginsystem.admin.forcelogin - Permission for /ls forcelogin.
loginsystem.admin.update - Receive update notifications upon joining.




Configuration The plugin is almost entirely customizable through the `config.yml` file. ```
LoginSystem Plugin Configuration
Specify which method to use for data storage.
Available options: sqlite, h2, mysql, mariadb, postgresql, mongodb
storage: type: sqlite
H2 settings (used if type is set to h2)
h2:
The name of the database file to be created in the plugin's folder (without extension).
For example: 'loginsystem_data' -> creates plugins/LoginSystem/loginsystem_data.mv.db
filename: "loginsystem_data"
MySQL/MariaDB settings
database: host: "localhost" port: 3306 dbname: "loginsystem" user: "root" password: "password"
PostgreSQL settings
postgresql: host: "localhost" port: 5432 dbname: "loginsystem" user: "postgres" password: "password"
MongoDB settings
mongodb:
Example connection URI. Edit according to your own server information.
Simple structure: "mongodb://host:port"
With authentication: "mongodb://user:password@host:port/?authSource=admin"
connection-uri: "mongodb://localhost:27017" database: "loginsystem"
settings:
Check for new updates on SpigotMC when the server starts.
update_checker: enabled: true
Specifies the language file to be used.
Example: en, tr, az, de
A list of all available languages can be found at: https://github.com/BartuAbiHD/LoginSystem/tree/main/messages
messagesLanguage: "en"
security:
Minimum password length.
minPasswordLength: 6
Maximum password length.
passwordMaxLength: 32
The hashing algorithm to be used.
Options: SHA256, BCRYPT, MD5
WARNING: Avoid using old and insecure algorithms like MD5.
passwordHash: "SHA256"
If a password check fails, LoginSystem will also try to check with the following algorithms.
This setting is useful when migrating from one hashing method to another.
LoginSystem will automatically update the password to the new hash method if it matches a legacy one.
legacyHashes:
- 'SHA1'
- 'MD5'
legacyHashes: []
Prevent unsafe (easily guessable) passwords from being used.
The list is case-insensitive.
unsafePasswords: - '123456' - 'password' - 'qwerty' - '12345' - '54321' - '123456789' - 'help' - 'test' - 'deneme'
restrictions:
Can unauthenticated players chat?
This setting also blocks all commands not listed below.
allowChat: false
Should chat be hidden from unauthenticated players?
hideChat: false
Allowed commands for unauthenticated players.
allowCommands: - /login - /register - /l - /reg - /giris - /girisyap - /oturumac - /kayit - /kayitol - /kaydol
Maximum number of allowed registrations per IP.
A value of 0 means unlimited registrations!
maxRegPerIp: 2
Minimum allowed username length.
minNicknameLength: 3
Maximum allowed username length.
maxNicknameLength: 16
When this setting is enabled, an already online player cannot be kicked due to "Logged in from another location".
This prevents potential security exploits.
ForceSingleSession: true
ForceSpawnLocOnJoin:
If enabled, every player that joins in one of the worlds listed below will be teleported
to the world's spawn point after successful authentication.
The player's quit location will be overwritten.
enabled: false
World names where forcing the spawn location is required (Case-sensitive!)
worlds: - world - world_nether
Should non-registered players be kicked immediately?
kickNonRegistered: false
Should players be kicked on wrong password?
kickOnWrongPassword: true
After how many seconds should players who fail to login or register be kicked?
Set to 0 to disable.
timeout: 30
Regex pattern for allowed characters in player names.
allowedNicknameCharacters: "[a-zA-Z0-9_]*"
Regex pattern for allowed characters in passwords.
allowedPasswordCharacters: "[!-~]*"
Regex pattern for allowed characters in emails.
allowedEmailCharacters: "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z]{2,}$" ```
v2 API LoginSystem provides a powerful v2 API to facilitate integration with other plugins.
API Example
Accessing the API: ```java LoginSystemAPI api = LoginSystem.getApi(); ``` Checking if a player is logged in: ```java if (api.isLoggedIn(player)) { // ... } ``` Listening for a successful login event: ```java import me.bartuabihd.loginsystem.api.v2.event.LoginEvent;
@EventHandler public void onPlayerAuthLogin(LoginEvent event) { Player player = event.getPlayer(); player.sendMessage("Welcome back via API!"); } ```