MyLogin
MyLogin is a lightweight authentication plugin for Minecraft servers. It provides secure password-based login, strong pre-login protection, IP-based auto login.
Quick challenge
How far can you run before the mobs catch you?
Minecraft check
Confirm your run
Complete the quick check to get your code.
MyLogin
🔐 MyLogin
MyLogin is a lightweight authentication plugin for Minecraft servers. It provides secure password-based login, strong pre-login protection, IP-based auto login, and migration support from the Passky plugin.
---
📖 Project Background
This plugin was created because the Passky authentication plugin had not received updates for several months. MyLogin was developed as a simple alternative that allows servers to continue using their existing player data while maintaining compatibility with newer Paper versions.
MyLogin supports migration of Passky SHA-256 password data, allowing servers to transition without forcing players to register again.
---
✨ Features
* 🔑 Password-based player authentication * 🔄 Migration support from Passky (SHA-256 password hashes) * ⏱ Configurable login timeout * 🚫 Maximum login attempt protection * 🌐 Optional IP-based auto login * 🚪 Logout command support * 🛠 Admin password management tools * 👁 Blindness effect before login * 🎆 Firework effect after successful login * 📄 YAML-based player data storage
---
📦 Requirements
* Java: Paper * Java: 1.21.4 – 1.21.11 * Java: 21+
---
📜 Commands
| Command | Description | Usage | | ----------------- | ------------------------------- | --------------------------------- | | `/login` | Log in to your account | `/login <password>` | | `/register` | Register a new account | `/register <password> <password>` | | `/changepassword` | Change your password | `/changepassword <old> <new>` | | `/logout` | Log out of your current session | `/logout` |
Administrative Commands
| Command | Description | Permission | | ----------------- | ------------------------------------------ | --------------- | | `/migrate` | Import legacy user data (Passky migration) | `mylogin.admin` | | `/resetpassword` | Reset a player's password | `mylogin.admin` | | `/deleteplayer` | Delete a player's login data | `mylogin.admin` | | `/mylogin reload` | Reload plugin configuration | `mylogin.admin` |
---
🔑 Permissions
| Permission | Description | Default | | --------------- | ---------------------------------------- | ------- | | `mylogin.admin` | Allows access to administrative commands | OP |
Administrators with this permission can:
* migrate legacy accounts * reset player passwords * delete player authentication data * reload plugin configuration
---
Example Usage
Register a new account:
```text /register mypassword mypassword ```
Log in:
```text /login mypassword ```
Admin resets a password:
```text /resetpassword Steve newpassword ```
Admin deletes a player's login data:
```text /deleteplayer Steve ```
---
⚙️ Configuration
The plugin configuration file is located at:
```text plugins/MyLogin/config.yml ```
Example Configuration
```yaml login-timeout-seconds: 300 max-login-attempts: 5
min-password-length: 4 max-password-length: 32
max-attempts: 5
ip-remember: true ip-remember-timeout: 86400
messages: auto-login-success: "&aWelcome back! You were logged in automatically."
effects: blind: true firework: true ```
---
Setting Explanation
Login Timeout
```yaml login-timeout-seconds: 300 ```
How long a player can stay on the server without logging in before being kicked.
Example:
```text 300 seconds = 5 minutes ```
If the player does not run `/login` or `/register` within this time, they will be kicked.
---
Failed Login Attempts
```yaml max-login-attempts: 5 max-attempts: 5 ```
Maximum number of incorrect password attempts before the player is kicked.
This protects against:
* brute force attacks * password guessing
---
Password Length
```yaml min-password-length: 4 max-password-length: 32 ```
Controls the allowed password length when players register.
Example:
```text /register mypassword mypassword ```
Passwords shorter than the minimum or longer than the maximum will be rejected.
---
IP Auto Login
```yaml ip-remember: true ip-remember-timeout: 86400 ```
If enabled, players who logged in previously from the same IP will automatically log in.
Timeout value is in seconds.
Example:
```text 86400 seconds = 24 hours ```
After this time expires, the player must log in again.
---
Auto Login Message
```yaml messages: auto-login-success: "&aWelcome back! You were logged in automatically." ```
Message sent to players when they are automatically logged in using the IP remember system.
Supports Minecraft color codes using `&`.
---
🎇 Login Effects
```yaml effects: blind: true firework: true ```
Controls visual effects used by the plugin.
`blind`
* Applies blindness to players who are not logged in.
`firework`
* Plays a firework effect when the player successfully logs in.
---
Notes
* Configuration changes require a server restart or plugin reload. * All values are safe to modify. * Color codes use the standard Minecraft format (`&a`, `&c`, etc).
---
🔄 Migration from Passky
MyLogin supports migrating existing user accounts from the Passky authentication plugin.
This allows servers previously using Passky to switch to MyLogin without forcing players to reset their passwords.
Supported Format
MyLogin reads the legacy Passky user file:
``` plugins/MyLogin/Migration/old-users.yml ```
Each user entry must contain:
``` username: hash: <password-hash> algo: SHA-256 salt: <salt> ```
Only SHA-256 hashes are supported.
Migration Process
1. Copy your Passky user file into:
``` plugins/MyLogin/Migration/old-users.yml ```
2. Start the server.
3. MyLogin will automatically import the accounts.
Example File
``` Steve: hash: a6c9e0c3e9b5... algo: SHA-256 salt: 9f12ab ```
Migration Logs
After migration, a report will be generated:
``` plugins/MyLogin/Migration/migration-log.yml ```
This file contains:
``` migrated: - Steve - Alex
skipped: Notch: unsupported algorithm ```
Notes
* Existing MyLogin users will not be overwritten. * Only valid SHA-256 hashes will be migrated. * Invalid or unsupported entries will be logged and skipped.
---
📂 User Data Storage
MyLogin stores player authentication data in a YAML file.
Location:
``` plugins/MyLogin/data/users.yml ```
Each player is stored using their Minecraft username.
Example
``` Steve: hash: 7f3c9e4c9b2d... salt: 2c4a9f81 algo: SHA-256 ip: 192.168.1.10 registered: true logged-in: false attempts: 0 last-login: 1715002000 ```
Field Explanation
| Field | Description | | ------------ | ---------------------------------- | | `hash` | Password hash | | `salt` | Random salt used for hashing | | `algo` | Hash algorithm used | | `ip` | Last known player IP | | `registered` | Whether the player has registered | | `logged-in` | Current login state | | `attempts` | Failed login attempts | | `last-login` | Timestamp of last successful login |
Password Security
MyLogin uses salted SHA-256 hashing.
Process:
``` hash = SHA256(password + salt) ```
Each player receives a unique random salt generated during registration.
This prevents:
* rainbow table attacks * identical password hashes between users
Login Tracking
The plugin stores:
``` last-login ```
as a UNIX timestamp (seconds).
This is used for features such as:
* IP-based auto login * login timeout systems
Failed Login Attempts
The field:
``` attempts ```
tracks how many failed login attempts a player has made.
This can be used for:
* login throttling * temporary lock systems * security monitoring
Important Notes
* User data is stored using player names, not UUIDs. * The file is automatically created on first startup. * Changes are saved immediately after registration or login state changes.
---
📄 License
MIT License