
CraftersLogin
Complete authentication solution with premium auto-login, proxy support, brute-force protection, persistent sessions, and flexible database options for Minecraft servers.
- Загрузки
- 47
- Подписчики
- 0
- Обновлён
- 23 июня 2026 г.
- Лицензия
- All-Rights-Reserved
Опубликован 19 апреля 2026 г.
CraftersLogin — The Ultimate Authentication System for Minecraft Networks
CraftersLogin is a professional, robust, and highly configurable authentication system designed for Minecraft servers that require full control over player access. Whether you manage a single server or a complex proxy network, CraftersLogin delivers a complete, secure, and easy-to-deploy solution.
✨ Why CraftersLogin?
In an environment where player security and server integrity are top priorities, having a reliable authentication system makes all the difference. CraftersLogin was built around three core pillars:
- 🔐 Security — Modern hashing algorithms, brute-force protection, and advanced session control.
- ⚡ Performance — Efficient connections via HikariCP and optional Redis support.
- 🎯 User Experience — Intuitive interface, fully customizable messages, and seamless authentication across servers.
🔐 Authentication System
CraftersLogin provides a complete and secure authentication flow for all types of environments:
- Account registration with double password confirmation
- Login protected with encrypted passwords
- Password change directly in-game at any time
- Auto-login for premium players — Mojang/Microsoft accounts verified automatically without any player action
- Offline mode support — Full compatibility with servers running in non-premium or offline mode
🌐 Multi-Server Proxy Support
CraftersLogin is fully prepared for networks running Velocity or BungeeCord as a proxy:
- Persistent sessions across servers — Players do not need to log in again when switching servers
- Proxy ↔ backend communication — The proxy automatically notifies backend servers about each player's authentication status
- Differentiated spawn points — Automatic teleport to the authentication area and to the lobby after a successful login
💾 Flexible Database Support
The plugin offers three storage options adapted to the size and needs of your network:
| Engine | Description | Best For |
|---|---|---|
| H2 | Embedded database, no additional setup required | Single servers |
| MySQL | External connection with HikariCP pooling | Multi-server networks |
| Redis (optional) | Real-time synchronization between servers | Large high-traffic networks |
🔒 Advanced Security
CraftersLogin implements modern security standards to protect both your players and your infrastructure:
- BCrypt with configurable rounds (recommended — industry standard)
- SHA-256 and Argon2 available as alternatives
- Anti-brute-force protection — Temporary ban after multiple failed login attempts
- Accounts per IP limit — Configurable, defaults to 2 accounts per IP
- Session hijacking protection — IP verification enforced on every session
- Case spoofing prevention — Blocks identity impersonation through username capitalization tricks
🎨 Fully Customizable User Experience
Every visual and interactive aspect of the system is completely customizable:
- Titles and subtitles displayed on screen during authentication
- ActionBar countdown timer while the player is waiting to authenticate
- Sound effects for actions such as login, registration, and errors
- Chat clearing on server join for better visibility
- Optional blindness effect while the player has not yet authenticated
📋 Player Commands
| Command | Description |
|---|---|
/register <password> <confirm> |
Create a new account |
/login <password> |
Log in to the server |
/changepassword <old> <new> <confirm> |
Change your password |
/unregister <password> |
Delete your account from the server |
/premium |
Enable automatic verification with your Mojang/Microsoft account |
/offline |
Switch to offline authentication mode |
⚡ Admin Commands (/crafterslogin or /cl)
| Subcommand | Description | Required Permission |
|---|---|---|
/cl reload |
Reload the plugin configuration | crafterslogin.admin.reload |
/cl version |
Display the current plugin version | crafterslogin.admin.version |
/cl info <player> |
View account information for a player | crafterslogin.admin.info |
/cl accounts |
Show the total number of registered accounts | crafterslogin.admin.accounts |
/cl forcelogin <player> |
Force a player to be logged in | crafterslogin.admin.forcelogin |
/cl forcelogout <player> |
Force a player to be logged out | crafterslogin.admin.forcelogout |
/cl changepass <player> <newpass> |
Change another player's password | crafterslogin.admin.changepass |
/cl unregister <player> |
Unregister a player's account | crafterslogin.admin.unregister |
/cl delete <player> |
Permanently delete a player's account | crafterslogin.admin.delete |
/cl dupeip <ip> |
View all accounts registered under an IP | crafterslogin.admin.dupeip |
/cl purge <days> |
Remove accounts inactive for X days | crafterslogin.admin.purge |
/cl convert <plugin> |
Migrate data from another auth plugin | crafterslogin.admin.convert |
/cl spawns setspawnregistred |
Set the authentication spawn point | crafterslogin.admin.spawns |
/cl spawns setspawn |
Set the lobby spawn point | crafterslogin.admin.spawns |
🔑 Permissions
Administrator Permissions
crafterslogin.admin — Full access to all /cl commands
├── crafterslogin.admin.reload
├── crafterslogin.admin.version
├── crafterslogin.admin.info
├── crafterslogin.admin.accounts
├── crafterslogin.admin.forcelogin
├── crafterslogin.admin.forcelogout
├── crafterslogin.admin.changepass
├── crafterslogin.admin.unregister
├── crafterslogin.admin.delete
├── crafterslogin.admin.dupeip
├── crafterslogin.admin.purge
├── crafterslogin.admin.spawns
└── crafterslogin.admin.convert
User Permissions
crafterslogin.bypass — Bypasses all authentication (for bots or trusted mods)
crafterslogin.bypass.ip-limit — Ignores the accounts-per-IP limit
crafterslogin.notify — Receives plugin update notifications
⚙️ Configuration Overview (config.yml)
Database
database:
type: "h2" # Options: h2, mysql
mysql:
host: "localhost"
port: 3306
name: "crafterslogin"
username: "root"
password: ""
useSSL: false
pool:
maximum-pool-size: 10
minimum-idle: 5
Passwords
password:
algorithm: "BCRYPT" # BCRYPT, SHA256, ARGON2
bcrypt-rounds: 10 # Higher = more secure but slower
min-length: 6
max-length: 32
block-username-as-password: true
Sessions
session:
duration: 10 # Duration in minutes
same-ip-only: true # Requires same IP to reuse a session
Security
security:
max-accounts-per-ip: 2
max-failed-attempts: 5
temp-ban-duration: 10 # Minutes
kick-after-seconds: 60
block-ip-change-on-session: true
prevent-case-spoofing: true
🚀 Installation
Standalone Server (No Proxy)
- Download
CraftersLogin-1.0.jar - Place it in your
plugins/folder - Restart the server
- Configure
config.ymlas needed - Use
/cl spawnsto set your spawn points
Velocity Proxy Network
- On the Velocity proxy: Place
CraftersLogin-1.0.jarinplugins/ - On each backend server: Place the same JAR in
plugins/and configure a shared MySQL database (recommended) - Set spawn points:
- Run
/cl spawns setspawnregistredon your authentication server - Run
/cl spawns setspawnon your lobby server
- Run
📦 Compatibility
| Category | Supported |
|---|---|
| Minecraft versions | 1.13 — 1.21.x |
| Server software | Paper, Spigot, Bukkit |
| Proxy software | Velocity, BungeeCord, Waterfall |
| Java | 17 or higher |
💬 Support & Links
If you encounter any issues or have suggestions, feel free to reach out through the Issues tab or join our community.
Developed by xUnknown | Crafters Development Compatible with Minecraft 1.13 – 1.21.x
License & Intellectual Property
© 2026 Crafters Development. All rights reserved.
Redistribution, copying, or modification of this software is prohibited without the express permission of Crafters Development. This code is intellectual property protected by Chilean Intellectual Property Law 17.336.
[!IMPORTANT] Redistribution Clarification: The prohibition on redistribution applies strictly to hosting or uploading the software to external download websites or unauthorized third-party platforms.
This restriction DOES NOT apply to sharing information, screenshots, or official links through:
- Messaging Apps: Discord, WhatsApp, Telegram, etc.
- Social Media: Twitter (X), Facebook, etc.
- Community Groups: Private server chats or staff groups.
Ченджлог
2.1Релиз1.21.3, 1.21.4, 1.21.5 · 23 июня 2026 г.
CraftersLogin v2.1
This major release brings production-grade quality, security, and independent infrastructure to your server's authentication system. Version 2.1 eliminates third-party premium authentication dependencies, integrates advanced security APIs, and introduces a native 2FA system for staff members.
Key Features
🛠️ Independent Premium Authentication
We have completely removed reliance on external premium authentication libraries. Premium verification is now handled securely at the protocol level via our new specialized hook: CraftersFastAuth.
- Seamless Entry: Verifies players directly against Mojang session services, bypassing password prompts for premium accounts while maintaining the standard flow for non-premium users.
- Note: Requires ProtocolLib and CraftersFastAuth to function on standalone servers.
- 📢 Where to find CraftersFastAuth: You can get the required CraftersFastAuth dependency exclusively through our official Discord server. Join here: https://discord.gg/k6KNKPXsUb
🔑 Two-Factor Authentication (TOTP)
Protect high-privilege staff accounts from credential theft with a native Time-Based One-Time Password system.
- Compatibility: Works with Google Authenticator, Authy, and any standard TOTP app.
- Workflow: Setup via
/2fa start, confirmation via/2fa confirm <code>, and verification on login via/2fa verify <code>. Restricted to accounts with thecrafterslogin.2fapermission.
🌐 Threat Detection & API Integrations
- Anti-VPN & Proxy (ProxyCheck.io): Detects and rejects connections from anonymizing networks during the pre-login event before they enter the server.
- Geographic Filtering (IP-API): Restrict or block connections from high-risk regions using standard ISO country codes.
- Compromised Passwords (HIBP): Blocks registrations using leaked credentials using the secure k-Anonymity model (raw passwords/hashes are never sent over the network).
📊 Monitoring & Performance
- Asynchronous Discord Webhooks: Sends real-time embedded notifications for registrations, successful logins, and failed attempts directly to your Discord staff channels without affecting server ticks.
- PlaceholderAPI Support: Register statistics using
%crafterslogin_total_accounts%and%crafterslogin_premium_accounts%. - Automated Config Updater: Automatically injects missing configuration keys into
config.ymlon startup without overwriting your custom values.
⚙️ Database & Stability Optimizations
- Automated Data Migration: A new administrator-only command allows full account and session data migration between H2 and MySQL backends in any direction.
- H2 Connection Pool Refactor: Rewritten connection management to guarantee absolute stability and prevent failures under heavy concurrent login pressure.
- Core Fixes: Resolved SHA-256 password verification failures and fixed session expiration desynchronization on rejoin.
Upgrade Notes
- Dependencies: Ensure ProtocolLib is installed and download CraftersFastAuth from our Discord Server if you plan to use independent premium authentication.
- Configuration: New security keys will automatically inject into your
config.yml. Review them to toggle features like Anti-VPN, Geo-IP, or HIBP protections. - Localization: Every player-facing string can now be fully customized inside the new
messages.ymlfile.
1.8Релиз1.21.3, 1.21.4, 1.21.5 · 1 мая 2026 г.
CraftersLogin v1.8 — Critical Fixes
April 22, 2026
⚠️ This version is intended for proxy-based setups only (Velocity). Standalone server usage is no longer supported.
🔧 Fixed
- H2 Driver Registration on Velocity — The shaded H2 driver is now properly registered on startup.
- Plugin Message Subchannel Mismatch — Premium enable and disable commands now send the correct subchannel identifiers to the proxy.
- Empty Method Implementations — Database initialization and session cleanup task were not executing; both are now fully implemented.
- Duplicate Channel Registration — A duplicate messaging channel registration on listener setup has been removed.
- Premium Command on Standalone Servers — The premium command was not functioning correctly on standalone servers; the behavior has been corrected and the plugin now requires a proxy to operate.
- Tab Completion Not Working — The
/clcommand now correctly shows tab completion suggestions. - Help Messages Showing Plugin Prefix — All
/clhelp lines now display clean text without the plugin prefix.
✨ Added & Improved
- Proxy-Only Mode — The plugin now requires a proxy to be configured in order to function. Running it on a standalone server without a proxy is not supported. This is strongly recommended for better security.
- Expanded Tab Completion — All subcommands, spawn subcommands, purge day values, player names, and the
convertsubcommand are now included in tab completion. - Database Connection on Enable — The database connection is now properly established when the plugin loads.
- Session Cleanup Task — Expired sessions are now automatically removed every 5 minutes.
- Proxy Premium Sync — Enabling or disabling premium mode now correctly notifies the Velocity proxy.
1.6Релиз1.21.3, 1.21.4, 1.21.5 · 21 апреля 2026 г.
CraftersLogin v1.6 — Critical Premium Auto-Login System - Fully Functional
🔧 Fixed
- Premium auto-login was not working correctly when switching servers or reconnecting because the premium status was not being validated early enough in the connection process
- Already registered premium players were incorrectly rejected because the system was not recognizing their existing registration during the UUID validation process
- The auto-login system was generating false positives because it was not properly distinguishing between new and existing registered players during UUID mismatch checks
- Database error when updating accounts because SQL queries were still referencing columns that had been removed when the ban system was deleted
- The premium player cache was throwing internal errors because the implementation was using a view of the key set that became invalid when the underlying map was modified
- Premium players were not being correctly forced into online mode because the authentication listener was not running at the right priority level in the event chain
- Internal message communication between the proxy and backend servers was failing because the listener was expecting messages from the wrong source type
- A player's premium status was not being saved to the correct database table because the enable and disable methods were using different tables inconsistently
- The console was generating excessive spam because informational messages were being logged at the wrong level
- Expired premium accounts or players who used
/premiumbefore their subscription ended were not being handled because there was no way to disable premium mode once enabled
➕ Added
- Early premium validation system at the moment the player attempts to connect, before entering the server
- In-memory cache manager for premium players, improving verification performance
- Database support on the proxy side for storing premium player data (H2 and MySQL)
- Configurable message for when a premium player fails automatic authentication
- Using
/premiumnow kicks the player so they can reconnect and apply auto-login correctly - Changing another player's password as an admin now automatically kicks that player for security
🔄 Changed
- H2 is now the default database, MySQL is now optional
- All system messages were moved to configuration files, none are hardcoded anymore
/cl banand/cl unbansubcommands were completely removed- The spawn command was restructured with new subcommands:
setspawnregister,setspawnloginandsetspawn - The ban system was fully removed from the database for better compatibility and a lighter JAR size
1.5Релиз1.21.3, 1.21.4, 1.21.5 · 19 апреля 2026 г.
CraftersLogin v1.5 — Velocity Support Fix
🔧 Fixed
- ClassNotFoundException for Velocity plugin (
CraftersLoginVelocity) - minimizeJar task incorrectly removing Velocity classes from the JAR
- Proxy config files not being generated on startup
➕ Added
- ProxyInitializeEvent to properly initialize the Velocity plugin
🔄 Updated
- config.yml, messages.yml and proxy-config.yml bumped to version 2
- Velocity plugin now correctly loads and creates
proxy-config.ymlandmessages-proxy.yml
Комментарии
Загружаем…