Lunnara login
A secure authentication plugin for Minecraft 1.21.x. Players must register and login with BCrypt-hashed passwords. Full lockdown until authenticated. Admin tools included. Works on Spigot, Paper, Purpur, and all forks.
Quick challenge
How far can you run before the mobs catch you?
Minecraft check
Confirm your run
Complete the quick check to get your code.
Lunnara login
✦ LunnaraLogin ✦
Authentication plugin for Lunnara Network
Spigot · Paper · Purpur · All Forks · 1.21.x · Secure BCrypt · MiniMessage Styled
---
Supported Platforms
| Platform | Status | |---|---| | Any Spigot/Paper fork 1.21.x | ✔ Fully supported (native Adventure) | | Any Spigot/Paper fork 1.21.x | ✔ Fully supported (shaded Adventure) | | Any Spigot/Paper fork 1.21.x | ✔ Fully supported | | Any Spigot/Paper fork 1.21.x | ✔ Fully supported | | Any Spigot/Paper fork | ✔ Should work out of the box |
> Requires Java 21 or higher.
Features
- Async Operations — Passwords are securely salted & hashed, never stored in plain text - Async Operations — All messages fully customizable with gradients, colors & formatting - Async Operations — Players can't move, chat, interact, build, or take damage until authenticated - Async Operations — Optional blindness + slowness applied before login - Async Operations — Players who don't authenticate within the timeout get kicked - Async Operations — Periodic messages reminding players to `/login` or `/register` - Async Operations — Per-player data files, no database needed - Async Operations — Password hashing runs off the main thread, zero lag
---
Commands
Player Commands
| Command | Aliases | Description | |---|---|---| | `/register <password> <password>` | `/reg` | Register a new account (first join) | | `/login <password>` | `/l` | Log in to your account | | `/changepass <old> <new>` | `/changepassword` | Change your own password |
Admin Commands
All admin commands use `/lunaralogin` (aliases: `/ll`, `/llogin`)
| Command | Permission | Description | |---|---|---| | `/ll changepass <player> <newpass>` | `lunaralogin.admin.changepass` | Force-change a player's password | | `/ll delacc <player>` | `lunaralogin.admin.delacc` | Delete a player's account (kicks if online) | | `/ll forcelogin <player>` | `lunaralogin.admin.forcelogin` | Force-login an online player without a password | | `/ll status <player>` | `lunaralogin.admin.status` | Check if a player is registered / logged in | | `/ll reload` | `lunaralogin.admin.reload` | Reload config & messages |
---
Permissions
| Permission | Default | Description | |---|---|---| | `lunaralogin.admin` | OP | Access to admin help | | `lunaralogin.admin.changepass` | OP | Change another player's password | | `lunaralogin.admin.delacc` | OP | Delete a player's account | | `lunaralogin.admin.forcelogin` | OP | Force-login a player | | `lunaralogin.admin.status` | OP | View player auth status | | `lunaralogin.admin.reload` | OP | Reload configuration |
---
Configuration
config.yml
| Option | Default | Description | |---|---|---| | `session-timeout` | `60` | Session duration in minutes | | `login-timeout` | `120` | Seconds before unauthenticated players are kicked | | `max-login-attempts` | `5` | Failed login attempts before kick | | `min-password-length` | `6` | Minimum password length | | `max-password-length` | `32` | Maximum password length | | `allow-movement-before-auth` | `false` | Allow movement before logging in | | `blind-before-auth` | `true` | Apply blindness + slowness before auth | | `reminder-interval` | `5` | Seconds between login/register reminders | | `allowed-commands` | `/login, /register, /l, /reg` | Commands usable before authenticating |
messages.yml
All messages use MiniMessage formatting. Supports gradients, hex colors, bold, etc.
Example from the default config: ``` login-success: "<color:#ff7ae6>✔ <color:#ffffff>Logged in successfully! <color:#aaaaaa>Welcome back." ```
---
Installation
1. Build the plugin: ```bash cd LunnaraLogin && ./gradlew build ``` 2. Copy `build/libs/LunnaraLogin-1.0.0.jar` to your server's `plugins/` folder 3. Start the server — config files will be generated 4. Edit `config.yml` and `messages.yml` to your liking 5. Run `/ll reload` to apply changes
---
How It Works
1. Wrong password? — Player is frozen & blinded, prompted to `/register <password> <password>` 2. Wrong password? — Player is frozen & blinded, prompted to `/login <password>` 3. Wrong password? — Effects removed, full server access granted 4. Wrong password? — Kicked after `login-timeout` seconds 5. Wrong password? — Kicked after `max-login-attempts` failed tries
Player data is stored in `plugins/LunnaraLogin/playerdata/<uuid>.json`.
---
Lunnara Network · Spigot / Paper / Purpur · 1.21.x · Java 21