Перейти к содержимому
Mineforgian

CraftersLogin

Complete authentication solution with premium auto-login, proxy support, brute-force protection, persistent sessions, and flexible database options for Minecraft servers.

Загрузки
47
Подписчики
0
Обновлён
23 июня 2026 г.
Лицензия
All-Rights-Reserved

Опубликован 19 апреля 2026 г.

CraftersLogin — The Ultimate Authentication System for Minecraft Networks

CraftersLogin is a professional, robust, and highly configurable authentication system designed for Minecraft servers that require full control over player access. Whether you manage a single server or a complex proxy network, CraftersLogin delivers a complete, secure, and easy-to-deploy solution.


✨ Why CraftersLogin?

In an environment where player security and server integrity are top priorities, having a reliable authentication system makes all the difference. CraftersLogin was built around three core pillars:

  • 🔐 Security — Modern hashing algorithms, brute-force protection, and advanced session control.
  • Performance — Efficient connections via HikariCP and optional Redis support.
  • 🎯 User Experience — Intuitive interface, fully customizable messages, and seamless authentication across servers.

🔐 Authentication System

CraftersLogin provides a complete and secure authentication flow for all types of environments:

  • Account registration with double password confirmation
  • Login protected with encrypted passwords
  • Password change directly in-game at any time
  • Auto-login for premium playersMojang/Microsoft accounts verified automatically without any player action
  • Offline mode support — Full compatibility with servers running in non-premium or offline mode

🌐 Multi-Server Proxy Support

CraftersLogin is fully prepared for networks running Velocity or BungeeCord as a proxy:

  • Persistent sessions across servers — Players do not need to log in again when switching servers
  • Proxy ↔ backend communication — The proxy automatically notifies backend servers about each player's authentication status
  • Differentiated spawn points — Automatic teleport to the authentication area and to the lobby after a successful login

💾 Flexible Database Support

The plugin offers three storage options adapted to the size and needs of your network:

Engine Description Best For
H2 Embedded database, no additional setup required Single servers
MySQL External connection with HikariCP pooling Multi-server networks
Redis (optional) Real-time synchronization between servers Large high-traffic networks

🔒 Advanced Security

CraftersLogin implements modern security standards to protect both your players and your infrastructure:

  • BCrypt with configurable rounds (recommended — industry standard)
  • SHA-256 and Argon2 available as alternatives
  • Anti-brute-force protection — Temporary ban after multiple failed login attempts
  • Accounts per IP limit — Configurable, defaults to 2 accounts per IP
  • Session hijacking protection — IP verification enforced on every session
  • Case spoofing prevention — Blocks identity impersonation through username capitalization tricks

🎨 Fully Customizable User Experience

Every visual and interactive aspect of the system is completely customizable:

  • Titles and subtitles displayed on screen during authentication
  • ActionBar countdown timer while the player is waiting to authenticate
  • Sound effects for actions such as login, registration, and errors
  • Chat clearing on server join for better visibility
  • Optional blindness effect while the player has not yet authenticated

📋 Player Commands

Command Description
/register <password> <confirm> Create a new account
/login <password> Log in to the server
/changepassword <old> <new> <confirm> Change your password
/unregister <password> Delete your account from the server
/premium Enable automatic verification with your Mojang/Microsoft account
/offline Switch to offline authentication mode

⚡ Admin Commands (/crafterslogin or /cl)

Subcommand Description Required Permission
/cl reload Reload the plugin configuration crafterslogin.admin.reload
/cl version Display the current plugin version crafterslogin.admin.version
/cl info <player> View account information for a player crafterslogin.admin.info
/cl accounts Show the total number of registered accounts crafterslogin.admin.accounts
/cl forcelogin <player> Force a player to be logged in crafterslogin.admin.forcelogin
/cl forcelogout <player> Force a player to be logged out crafterslogin.admin.forcelogout
/cl changepass <player> <newpass> Change another player's password crafterslogin.admin.changepass
/cl unregister <player> Unregister a player's account crafterslogin.admin.unregister
/cl delete <player> Permanently delete a player's account crafterslogin.admin.delete
/cl dupeip <ip> View all accounts registered under an IP crafterslogin.admin.dupeip
/cl purge <days> Remove accounts inactive for X days crafterslogin.admin.purge
/cl convert <plugin> Migrate data from another auth plugin crafterslogin.admin.convert
/cl spawns setspawnregistred Set the authentication spawn point crafterslogin.admin.spawns
/cl spawns setspawn Set the lobby spawn point crafterslogin.admin.spawns

🔑 Permissions

Administrator Permissions

crafterslogin.admin             — Full access to all /cl commands
  ├── crafterslogin.admin.reload
  ├── crafterslogin.admin.version
  ├── crafterslogin.admin.info
  ├── crafterslogin.admin.accounts
  ├── crafterslogin.admin.forcelogin
  ├── crafterslogin.admin.forcelogout
  ├── crafterslogin.admin.changepass
  ├── crafterslogin.admin.unregister
  ├── crafterslogin.admin.delete
  ├── crafterslogin.admin.dupeip
  ├── crafterslogin.admin.purge
  ├── crafterslogin.admin.spawns
  └── crafterslogin.admin.convert

User Permissions

crafterslogin.bypass            — Bypasses all authentication (for bots or trusted mods)
crafterslogin.bypass.ip-limit   — Ignores the accounts-per-IP limit
crafterslogin.notify            — Receives plugin update notifications

⚙️ Configuration Overview (config.yml)

Database

database:
  type: "h2"  # Options: h2, mysql
  mysql:
    host: "localhost"
    port: 3306
    name: "crafterslogin"
    username: "root"
    password: ""
    useSSL: false
    pool:
      maximum-pool-size: 10
      minimum-idle: 5

Passwords

password:
  algorithm: "BCRYPT"        # BCRYPT, SHA256, ARGON2
  bcrypt-rounds: 10          # Higher = more secure but slower
  min-length: 6
  max-length: 32
  block-username-as-password: true

Sessions

session:
  duration: 10               # Duration in minutes
  same-ip-only: true         # Requires same IP to reuse a session

Security

security:
  max-accounts-per-ip: 2
  max-failed-attempts: 5
  temp-ban-duration: 10      # Minutes
  kick-after-seconds: 60
  block-ip-change-on-session: true
  prevent-case-spoofing: true

🚀 Installation

Standalone Server (No Proxy)

  1. Download CraftersLogin-1.0.jar
  2. Place it in your plugins/ folder
  3. Restart the server
  4. Configure config.yml as needed
  5. Use /cl spawns to set your spawn points

Velocity Proxy Network

  1. On the Velocity proxy: Place CraftersLogin-1.0.jar in plugins/
  2. On each backend server: Place the same JAR in plugins/ and configure a shared MySQL database (recommended)
  3. Set spawn points:
    • Run /cl spawns setspawnregistred on your authentication server
    • Run /cl spawns setspawn on your lobby server

📦 Compatibility

Category Supported
Minecraft versions 1.13 — 1.21.x
Server software Paper, Spigot, Bukkit
Proxy software Velocity, BungeeCord, Waterfall
Java 17 or higher

💬 Support & Links

If you encounter any issues or have suggestions, feel free to reach out through the Issues tab or join our community.

Developed by xUnknown | Crafters Development Compatible with Minecraft 1.13 – 1.21.x

License & Intellectual Property

© 2026 Crafters Development. All rights reserved.

Redistribution, copying, or modification of this software is prohibited without the express permission of Crafters Development. This code is intellectual property protected by Chilean Intellectual Property Law 17.336.

[!IMPORTANT] Redistribution Clarification: The prohibition on redistribution applies strictly to hosting or uploading the software to external download websites or unauthorized third-party platforms.

This restriction DOES NOT apply to sharing information, screenshots, or official links through:

  • Messaging Apps: Discord, WhatsApp, Telegram, etc.
  • Social Media: Twitter (X), Facebook, etc.
  • Community Groups: Private server chats or staff groups.

Ченджлог

2.1Релиз1.21.3, 1.21.4, 1.21.5 · 23 июня 2026 г.

CraftersLogin v2.1

This major release brings production-grade quality, security, and independent infrastructure to your server's authentication system. Version 2.1 eliminates third-party premium authentication dependencies, integrates advanced security APIs, and introduces a native 2FA system for staff members.


Key Features

🛠️ Independent Premium Authentication

We have completely removed reliance on external premium authentication libraries. Premium verification is now handled securely at the protocol level via our new specialized hook: CraftersFastAuth.

  • Seamless Entry: Verifies players directly against Mojang session services, bypassing password prompts for premium accounts while maintaining the standard flow for non-premium users.
  • Note: Requires ProtocolLib and CraftersFastAuth to function on standalone servers.
  • 📢 Where to find CraftersFastAuth: You can get the required CraftersFastAuth dependency exclusively through our official Discord server. Join here: https://discord.gg/k6KNKPXsUb

🔑 Two-Factor Authentication (TOTP)

Protect high-privilege staff accounts from credential theft with a native Time-Based One-Time Password system.

  • Compatibility: Works with Google Authenticator, Authy, and any standard TOTP app.
  • Workflow: Setup via /2fa start, confirmation via /2fa confirm <code>, and verification on login via /2fa verify <code>. Restricted to accounts with the crafterslogin.2fa permission.

🌐 Threat Detection & API Integrations

  • Anti-VPN & Proxy (ProxyCheck.io): Detects and rejects connections from anonymizing networks during the pre-login event before they enter the server.
  • Geographic Filtering (IP-API): Restrict or block connections from high-risk regions using standard ISO country codes.
  • Compromised Passwords (HIBP): Blocks registrations using leaked credentials using the secure k-Anonymity model (raw passwords/hashes are never sent over the network).

📊 Monitoring & Performance

  • Asynchronous Discord Webhooks: Sends real-time embedded notifications for registrations, successful logins, and failed attempts directly to your Discord staff channels without affecting server ticks.
  • PlaceholderAPI Support: Register statistics using %crafterslogin_total_accounts% and %crafterslogin_premium_accounts%.
  • Automated Config Updater: Automatically injects missing configuration keys into config.yml on startup without overwriting your custom values.

⚙️ Database & Stability Optimizations

  • Automated Data Migration: A new administrator-only command allows full account and session data migration between H2 and MySQL backends in any direction.
  • H2 Connection Pool Refactor: Rewritten connection management to guarantee absolute stability and prevent failures under heavy concurrent login pressure.
  • Core Fixes: Resolved SHA-256 password verification failures and fixed session expiration desynchronization on rejoin.

Upgrade Notes

  1. Dependencies: Ensure ProtocolLib is installed and download CraftersFastAuth from our Discord Server if you plan to use independent premium authentication.
  2. Configuration: New security keys will automatically inject into your config.yml. Review them to toggle features like Anti-VPN, Geo-IP, or HIBP protections.
  3. Localization: Every player-facing string can now be fully customized inside the new messages.yml file.
1.8Релиз1.21.3, 1.21.4, 1.21.5 · 1 мая 2026 г.

CraftersLogin v1.8 — Critical Fixes

April 22, 2026

⚠️ This version is intended for proxy-based setups only (Velocity). Standalone server usage is no longer supported.


🔧 Fixed

  • H2 Driver Registration on Velocity — The shaded H2 driver is now properly registered on startup.
  • Plugin Message Subchannel Mismatch — Premium enable and disable commands now send the correct subchannel identifiers to the proxy.
  • Empty Method Implementations — Database initialization and session cleanup task were not executing; both are now fully implemented.
  • Duplicate Channel Registration — A duplicate messaging channel registration on listener setup has been removed.
  • Premium Command on Standalone Servers — The premium command was not functioning correctly on standalone servers; the behavior has been corrected and the plugin now requires a proxy to operate.
  • Tab Completion Not Working — The /cl command now correctly shows tab completion suggestions.
  • Help Messages Showing Plugin Prefix — All /cl help lines now display clean text without the plugin prefix.

✨ Added & Improved

  • Proxy-Only Mode — The plugin now requires a proxy to be configured in order to function. Running it on a standalone server without a proxy is not supported. This is strongly recommended for better security.
  • Expanded Tab Completion — All subcommands, spawn subcommands, purge day values, player names, and the convert subcommand are now included in tab completion.
  • Database Connection on Enable — The database connection is now properly established when the plugin loads.
  • Session Cleanup Task — Expired sessions are now automatically removed every 5 minutes.
  • Proxy Premium Sync — Enabling or disabling premium mode now correctly notifies the Velocity proxy.
1.6Релиз1.21.3, 1.21.4, 1.21.5 · 21 апреля 2026 г.

CraftersLogin v1.6 — Critical Premium Auto-Login System - Fully Functional

🔧 Fixed

  • Premium auto-login was not working correctly when switching servers or reconnecting because the premium status was not being validated early enough in the connection process
  • Already registered premium players were incorrectly rejected because the system was not recognizing their existing registration during the UUID validation process
  • The auto-login system was generating false positives because it was not properly distinguishing between new and existing registered players during UUID mismatch checks
  • Database error when updating accounts because SQL queries were still referencing columns that had been removed when the ban system was deleted
  • The premium player cache was throwing internal errors because the implementation was using a view of the key set that became invalid when the underlying map was modified
  • Premium players were not being correctly forced into online mode because the authentication listener was not running at the right priority level in the event chain
  • Internal message communication between the proxy and backend servers was failing because the listener was expecting messages from the wrong source type
  • A player's premium status was not being saved to the correct database table because the enable and disable methods were using different tables inconsistently
  • The console was generating excessive spam because informational messages were being logged at the wrong level
  • Expired premium accounts or players who used /premium before their subscription ended were not being handled because there was no way to disable premium mode once enabled

➕ Added

  • Early premium validation system at the moment the player attempts to connect, before entering the server
  • In-memory cache manager for premium players, improving verification performance
  • Database support on the proxy side for storing premium player data (H2 and MySQL)
  • Configurable message for when a premium player fails automatic authentication
  • Using /premium now kicks the player so they can reconnect and apply auto-login correctly
  • Changing another player's password as an admin now automatically kicks that player for security

🔄 Changed

  • H2 is now the default database, MySQL is now optional
  • All system messages were moved to configuration files, none are hardcoded anymore
  • /cl ban and /cl unban subcommands were completely removed
  • The spawn command was restructured with new subcommands: setspawnregister, setspawnlogin and setspawn
  • The ban system was fully removed from the database for better compatibility and a lighter JAR size
1.5Релиз1.21.3, 1.21.4, 1.21.5 · 19 апреля 2026 г.

CraftersLogin v1.5 — Velocity Support Fix

🔧 Fixed

  • ClassNotFoundException for Velocity plugin (CraftersLoginVelocity)
  • minimizeJar task incorrectly removing Velocity classes from the JAR
  • Proxy config files not being generated on startup

➕ Added

  • ProxyInitializeEvent to properly initialize the Velocity plugin

🔄 Updated

  • config.yml, messages.yml and proxy-config.yml bumped to version 2
  • Velocity plugin now correctly loads and creates proxy-config.yml and messages-proxy.yml

Комментарии

Загружаем…