LoginSystem

Advanced & Secure Auth | Multi-DB & API

6,18k

Quick challenge

How far can you run before the mobs catch you?

LoginSystem

Advanced, Secure, and Fully Customizable Authentication

fully translatable structure is a modern, high-performance authentication plugin designed from the ground up to maximize your server's security. Tired of old and clunky plugins? LoginSystem will add a professional touch to your server with its fully translatable structure, fully translatable structure, and fully translatable structure.

All database operations run asynchronously, meaning your server will not experience any lag.

Wide Database Support: SQLite, H2, MySQL, MariaDB, PostgreSQL, and even MongoDB!

Top-Tier Security: SHA256 hashing by default, automatic migration from legacy algorithms (SHA1, MD5, etc.), and unsafe password prevention.

100% Translatable: All messages are managed through language files. New languages can be downloaded automatically from GitHub.

Highly Customizable: Login timeout, registration limit per IP, movement/chat/command restrictions before login, and much more.

Admin Commands: Many useful commands like force-registering players, changing passwords, unregistering accounts, and reloading the plugin.

Developer API: A powerful API that allows other plugins to integrate with LoginSystem.

Automatic Update Checker: Checks for new versions on SpigotMC (Resource ID: 74894) and notifies admins.

GUI Support: The API allows for the creation of modern Anvil GUI login screens instead of using chat.

Commands

Player Commands

/login <password> - Allows you to log in to the server.

/register <password> <confirmPassword> - Allows you to register on the server.

/changepassword <oldPassword> <newPassword> - Changes your password.

/unregister <password> - Deletes your registration from the server.

/logout - Allows you to log out securely.

/email add <email> - Adds or changes the email address for your account.

/email remove - Removes the email address from your account.

Admin Commands (/ls)

/ls help - Lists all admin commands.

/ls reload - Reloads the plugin's configuration and language files.

/ls lang <language> - Changes the plugin's language and reloads it.

/ls register <player> <password> - Forcibly registers a player.

/ls unregister <player> - Deletes a player's registration.

/ls changepass <player> <newPassword> - Changes a player's password.

/ls forcelogin <player> - Forces an online player to log in.

Permissions

loginsystem.admin - Grants access to all admin commands. (Default: OP)

loginsystem.admin.help - Permission for /ls help.

loginsystem.admin.reload - Permission for /ls reload.

loginsystem.admin.lang - Permission for /ls lang.

loginsystem.admin.register - Permission for /ls register.

loginsystem.admin.unregister - Permission for /ls unregister.

loginsystem.admin.changepass - Permission for /ls changepass.

loginsystem.admin.forcelogin - Permission for /ls forcelogin.

loginsystem.admin.update - Receive update notifications upon joining.

Screenshots

Screenshot

Screenshot

Screenshot

Configuration The plugin is almost entirely customizable through the `config.yml` file. ```

LoginSystem Plugin Configuration

Specify which method to use for data storage.

Available options: sqlite, h2, mysql, mariadb, postgresql, mongodb

storage: type: sqlite

H2 settings (used if type is set to h2)

h2:

The name of the database file to be created in the plugin's folder (without extension).

For example: 'loginsystem_data' -> creates plugins/LoginSystem/loginsystem_data.mv.db

filename: "loginsystem_data"

MySQL/MariaDB settings

database: host: "localhost" port: 3306 dbname: "loginsystem" user: "root" password: "password"

PostgreSQL settings

postgresql: host: "localhost" port: 5432 dbname: "loginsystem" user: "postgres" password: "password"

MongoDB settings

mongodb:

Example connection URI. Edit according to your own server information.

Simple structure: "mongodb://host:port"

With authentication: "mongodb://user:password@host:port/?authSource=admin"

connection-uri: "mongodb://localhost:27017" database: "loginsystem"

settings:

Check for new updates on SpigotMC when the server starts.

update_checker: enabled: true

Specifies the language file to be used.

Example: en, tr, az, de

A list of all available languages can be found at: https://github.com/BartuAbiHD/LoginSystem/tree/main/messages

messagesLanguage: "en"

security:

Minimum password length.

minPasswordLength: 6

Maximum password length.

passwordMaxLength: 32

The hashing algorithm to be used.

Options: SHA256, BCRYPT, MD5

WARNING: Avoid using old and insecure algorithms like MD5.

passwordHash: "SHA256"

If a password check fails, LoginSystem will also try to check with the following algorithms.

This setting is useful when migrating from one hashing method to another.

LoginSystem will automatically update the password to the new hash method if it matches a legacy one.

legacyHashes:

- 'SHA1'

- 'MD5'

legacyHashes: []

Prevent unsafe (easily guessable) passwords from being used.

The list is case-insensitive.

unsafePasswords: - '123456' - 'password' - 'qwerty' - '12345' - '54321' - '123456789' - 'help' - 'test' - 'deneme'

restrictions:

Can unauthenticated players chat?

This setting also blocks all commands not listed below.

allowChat: false

Should chat be hidden from unauthenticated players?

hideChat: false

Allowed commands for unauthenticated players.

allowCommands: - /login - /register - /l - /reg - /giris - /girisyap - /oturumac - /kayit - /kayitol - /kaydol

Maximum number of allowed registrations per IP.

A value of 0 means unlimited registrations!

maxRegPerIp: 2

Minimum allowed username length.

minNicknameLength: 3

Maximum allowed username length.

maxNicknameLength: 16

When this setting is enabled, an already online player cannot be kicked due to "Logged in from another location".

This prevents potential security exploits.

ForceSingleSession: true

ForceSpawnLocOnJoin:

If enabled, every player that joins in one of the worlds listed below will be teleported

to the world's spawn point after successful authentication.

The player's quit location will be overwritten.

enabled: false

World names where forcing the spawn location is required (Case-sensitive!)

worlds: - world - world_nether

Should non-registered players be kicked immediately?

kickNonRegistered: false

Should players be kicked on wrong password?

kickOnWrongPassword: true

After how many seconds should players who fail to login or register be kicked?

Set to 0 to disable.

timeout: 30

Regex pattern for allowed characters in player names.

allowedNicknameCharacters: "[a-zA-Z0-9_]*"

Regex pattern for allowed characters in passwords.

allowedPasswordCharacters: "[!-~]*"

Regex pattern for allowed characters in emails.

allowedEmailCharacters: "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z]{2,}$" ```

v2 API LoginSystem provides a powerful v2 API to facilitate integration with other plugins.

API Example

Accessing the API: ```java LoginSystemAPI api = LoginSystem.getApi(); ``` Checking if a player is logged in: ```java if (api.isLoggedIn(player)) { // ... } ``` Listening for a successful login event: ```java import me.bartuabihd.loginsystem.api.v2.event.LoginEvent;

@EventHandler public void onPlayerAuthLogin(LoginEvent event) { Player player = event.getPlayer(); player.sendMessage("Welcome back via API!"); } ```

ADS