Перейти к содержимому
Mineforgian

NewLogin

A simple register plugin for Paper

Загрузки
3K
Подписчики
2
Обновлён
10 мая 2026 г.
Лицензия
MIT

Опубликован 28 августа 2025 г.

🌟 NewLogin

NewLogin is a powerful yet easy-to-use authentication plugin for Minecraft servers. Originally designed for simplicity, version 4.0 brings advanced security features while maintaining its lightweight and user-friendly approach.


🔧 Commands

Player Commands

Command Description
/register <password> <confirm> Create a new account
/login <password> Log in to your account
/logout Log out from your account
/changepassword <old> <new> Change your password
/email Manage email for password recovery

Admin Commands

Command Description
/resetpassword <player> <new> Reset a player's password
/unregister <player> Remove a player's registration
/newlogin reload Reload plugin configuration
/newlogin info <player> View player information
/newlogin list List all registered players
/newlogin stats View plugin statistics
/newlogin forcelogin <player> Force a player to login
/newlogin forcelogout <player> Force a player to logout
/newlogin setspawn Set the login spawn location

✨ Features

  • 🔐 Secure Authentication — SHA-256 password hashing with salt
  • 🕐 Session System — Auto-login for returning players
  • 🛡️ Full Protection — Block movement, damage, interactions before login
  • 👻 Invisibility Mode — Hide unlogged players from others
  • 📍 Login Spawn — Teleport players to a safe location until login
  • 📧 Email Recovery — Password recovery via email (optional)
  • 🔒 Brute-Force Protection — Account lockout after failed attempts
  • 📊 Statistics — Track logins, registrations, and player data
  • Lightweight — Minimal server impact (~57KB)
  • 🎨 Customizable — All messages and settings configurable

🎯 Best suited for:

  • ✅ Small to medium-sized servers
  • ✅ Users who prefer simplicity with powerful features
  • ✅ Offline/cracked servers needing authentication
  • ✅ Servers wanting lightweight security without complex setup

📋 Requirements

  • Minecraft: 1.21+
  • Server: Paper, Spigot, or compatible forks
  • Java: 21 or higher

Ченджлог

4.0.1Релиз1.21.9, 1.21.10, 1.21.11 · 10 мая 2026 г.

Changelog

Highlights

This release focuses on making the project reproducible, improving account security, fixing email recovery, and cleaning up legacy configuration behavior.

Added

  • Added a fully reproducible project structure, including pom.xml, src/main/java, resources, README, LICENSE, CHANGELOG, and CI setup.
  • Added versioned password hashing using PBKDF2-HMAC-SHA256.
  • Added unique salts, safe password comparison, and automatic migration from legacy SHA-256 password hashes.
  • Added real SMTP email delivery with TLS/STARTTLS, authentication, UTF-8 HTML support, timeouts, a dedicated executor, and reload support.
  • Added recovery-code expiration, maximum attempt limits, and cooldowns per player/IP.
  • Added schema-version support to persisted data.
  • Added automatic backups before destructive data operations.
  • Added UUID/IP-based lockout protection.
  • Added blindness effect support for pre-login protection.

Changed

  • Updated /email confirm to correctly use args[1].
  • Email recovery is now allowed before login.
  • Recovery codes now use SecureRandom.
  • Password recovery no longer sends or stores temporary plain-text passwords.
  • Players now set a new password directly using:
/email confirm <code> <new-password> <confirm-password>

or:

/resetpassword own ...
  • Pre-login command protection now uses exact command matching.
  • Player visibility and effects are now properly cleaned up on quit and plugin disable.
  • DataManager.java now properly removes players.<uuid> entries and saves a clean data snapshot.

Removed

  • Removed the plain-text temporary password recovery flow.
  • Removed MySQL and captcha settings from the default configuration.
  • Legacy captcha settings are now automatically disabled if found in old configuration files.

Fixed

  • Fixed destructive persistence operations not fully removing player data.
  • Fixed stale or unsafe recovery behavior from the old password reset flow.
  • Fixed legacy configuration compatibility issues by enforcing valid YAML handling.
4.0Релиз1.21.9, 1.21.10, 1.21.11 · 5 января 2026 г.

🎉 Major Release - Complete Security Update

Release Date: January 2026
Minecraft Version: 1.21+
Java Version: 21


✨ New Commands

Command Description Permission
/logout Manual logout for players -
/unregister <player> [--confirm] Remove a player's registration (admin) newlogin.unregister
/newlogin Administrative commands newlogin.admin
/email Email management for password recovery -

🛠️ Admin Commands (/newlogin)

  • reload - Reload plugin configuration
  • info <player> - Show detailed player information
  • list [page] - List all registered players (paginated)
  • stats - Show plugin statistics
  • forcelogin <player> - Force login a player
  • forcelogout <player> - Force logout a player
  • setspawn - Set the login spawn location
  • help - Display help menu

📧 Email System (/email)

  • set <email> - Set your email address
  • remove - Remove your email
  • show - Display your current email
  • recover <email> - Request password recovery
  • confirm <code> - Confirm email or recovery code

🔒 New Security Features

  • Damage Protection - Players cannot receive damage before login
  • Hunger Protection - Hunger bar doesn't decrease before login
  • Inventory Protection - Cannot open inventories before login
  • Item Pickup Protection - Cannot pick up items before login
  • Block Protection - Cannot break/place blocks before login
  • Entity Interaction Protection - Cannot interact with entities before login
  • Item Swap Protection - Cannot swap hand items before login

🎯 Login Spawn System

  • Teleport unlogged players to a specific location
  • Automatically restore original location after login
  • Configurable via /newlogin setspawn or config.yml
login-spawn:
  enabled: false
  world: "world"
  x: 0.0
  y: 64.0
  z: 0.0
  yaw: 0.0
  pitch: 0.0

👻 Invisibility System

  • Players become invisible until they login
  • Hidden from other players completely
  • Invisibility potion effect applied automatically
  • Configurable in config.yml

🏷️ New Aliases

Command Aliases
/login /l
/register /reg
/changepassword /changepass, /mudarsenha
/resetpassword /resetpass
/logout /sair
/newlogin /nl, /nlogin
/email /mail

🎨 Tab Completion

  • Full tab completion support for all commands
  • Smart suggestions for player names
  • Permission-aware completions

📊 New Player Data Tracking

  • Login Count - Track total logins per player
  • Last IP - Store last known IP address
  • Registration Date - When player registered
  • Last Login - Last successful login timestamp

🔐 New Permissions

newlogin.*                    - Access to all commands
newlogin.admin                - Admin commands access
newlogin.admin.reload         - Reload configuration
newlogin.admin.info           - View player info
newlogin.admin.list           - List registered players
newlogin.admin.stats          - View statistics
newlogin.admin.forcelogin     - Force player login
newlogin.admin.forcelogout    - Force player logout
newlogin.admin.setspawn       - Set login spawn
newlogin.resetpassword        - Reset player passwords
newlogin.unregister           - Unregister players
newlogin.bypass.timeout       - Bypass login timeout
newlogin.bypass.lockout       - Bypass attempt lockout

📝 New Configuration Options

Login Protection

login-protection:
  invisibility: false
  blindness: false
  no-damage: true
  no-hunger: true

Email System (SMTP)

email:
  enabled: false
  smtp:
    host: "smtp.gmail.com"
    port: 587
    username: ""
    password: ""
    tls: true
  from: "[email protected]"

Logging

logging:
  successful-logins: true
  failed-logins: true
  password-changes: true
  registrations: true

Allowed Commands Before Login

security:
  allowed-commands:
    - "help"
    - "rules"

💬 New Messages

auto-login-success: "&aSession restored! You were logged in automatically."
not-logged-in: "&cYou are not logged in!"
logout-success: "&aYou have been logged out successfully!"
login-timeout-kick: "&cLogin timeout! Please reconnect and login."
unregister-success: "&aPlayer {player} has been unregistered!"
unregistered-by-admin: "&cYour registration was removed by an administrator."
invalid-email: "&cInvalid email format!"
email-already-used: "&cThis email is already in use!"
email-confirmation-sent: "&aConfirmation email sent to {email}!"
email-set-success: "&aEmail set successfully: {email}"
recovery-email-sent: "&aRecovery email sent to {email}!"
invalid-code: "&cInvalid or expired code!"

🐛 Bug Fixes & Improvements

  • Improved password hashing with SHA-256 + salt
  • Better session management
  • Fixed movement detection (allows camera rotation)
  • Improved lockout system with remaining time display
  • Better error handling and logging
  • Async data saving to prevent lag
  • Memory leak fixes in session cleanup
3.0Релиз1.21.8, 1.21.9, 1.21.10 · 9 октября 2025 г.

🔒 Security

  • SHA-256 Hash with Salt: Implemented secure hashing system with a unique salt per player

  • Brute Force Protection: Temporary lockout system after multiple failed attempts

    • Configurable: max attempts and lockout duration
    • Informative messages for blocked players
  • Password Validation: Configurable minimum requirements

    • Minimum password length
    • Uppercase letter requirement
    • Number requirement
    • Special character requirement

✨ New Features

  • Advanced Session System

    • IP-based auto-login (configurable)
    • Configurable session timeout
    • Last activity tracking
    • Automatic cleanup of expired sessions
  • Configuration Manager

    • Complete and organized config.yml file
    • All messages customizable
    • Adjustable security settings
    • Flexible session configurations
  • Full Pre-Login Protection

    • Movement blocking
    • Chat blocking
    • Command blocking (except login/register)
    • Interaction blocking with blocks and entities
    • Damage blocking
    • Item drop blocking

🔄 Improvements

  • LoginManager

    • Automatic migration of old passwords to the new hashing system
    • Password strength check
    • Improved login attempt system
  • PlayerManager

    • Integrated session management
    • Player activity tracking
    • Automatic data cleanup
  • DataManager

    • Support for new fields (salt, IP, timestamps)
    • Optimized asynchronous operations
    • Better error handling
  • PlayerListener

    • Comprehensive event protection
    • Configurable reminder messages
    • Improved user experience

📝 Updated Commands

  • /register: Enhanced password validation with detailed feedback
  • /login: Attempt system with temporary lockout
  • /changepassword: New password validation
  • /resetpassword: Still available for administrators

⚙️ Configuration

  • config.yml: New comprehensive configuration file

    • Security section (hashing, attempts, validation)
    • Session section (auto-login, timeout)
    • Protection section (blocked events)
    • Messages section (all customizable)

🐛 Bug Fixes

  • Fixed insecure plain text password storage
  • Fixed missing protection against command spam
  • Fixed players being able to interact before logging in
  • Fixed missing session timeout
2.0Релиз1.21.6, 1.21.7, 1.21.8 · 13 сентября 2025 г.
  • /changepassword
  • /resetpassword (admin only)
  • bug fixes
1.0-SNAPSHOTАльфа1.13.1, 1.13.2, 1.20.1 · 28 августа 2025 г.
  • First version

Комментарии

Загружаем…