
NewLogin
A simple register plugin for Paper
- Загрузки
- 3K
- Подписчики
- 2
- Обновлён
- 10 мая 2026 г.
- Лицензия
- MIT
Опубликован 28 августа 2025 г.
🌟 NewLogin
NewLogin is a powerful yet easy-to-use authentication plugin for Minecraft servers. Originally designed for simplicity, version 4.0 brings advanced security features while maintaining its lightweight and user-friendly approach.
🔧 Commands
Player Commands
| Command | Description |
|---|---|
/register <password> <confirm> |
Create a new account |
/login <password> |
Log in to your account |
/logout |
Log out from your account |
/changepassword <old> <new> |
Change your password |
/email |
Manage email for password recovery |
Admin Commands
| Command | Description |
|---|---|
/resetpassword <player> <new> |
Reset a player's password |
/unregister <player> |
Remove a player's registration |
/newlogin reload |
Reload plugin configuration |
/newlogin info <player> |
View player information |
/newlogin list |
List all registered players |
/newlogin stats |
View plugin statistics |
/newlogin forcelogin <player> |
Force a player to login |
/newlogin forcelogout <player> |
Force a player to logout |
/newlogin setspawn |
Set the login spawn location |
✨ Features
- 🔐 Secure Authentication — SHA-256 password hashing with salt
- 🕐 Session System — Auto-login for returning players
- 🛡️ Full Protection — Block movement, damage, interactions before login
- 👻 Invisibility Mode — Hide unlogged players from others
- 📍 Login Spawn — Teleport players to a safe location until login
- 📧 Email Recovery — Password recovery via email (optional)
- 🔒 Brute-Force Protection — Account lockout after failed attempts
- 📊 Statistics — Track logins, registrations, and player data
- ⚡ Lightweight — Minimal server impact (~57KB)
- 🎨 Customizable — All messages and settings configurable
🎯 Best suited for:
- ✅ Small to medium-sized servers
- ✅ Users who prefer simplicity with powerful features
- ✅ Offline/cracked servers needing authentication
- ✅ Servers wanting lightweight security without complex setup
📋 Requirements
- Minecraft: 1.21+
- Server: Paper, Spigot, or compatible forks
- Java: 21 or higher
Ченджлог
4.0.1Релиз1.21.9, 1.21.10, 1.21.11 · 10 мая 2026 г.
Changelog
Highlights
This release focuses on making the project reproducible, improving account security, fixing email recovery, and cleaning up legacy configuration behavior.
Added
- Added a fully reproducible project structure, including
pom.xml,src/main/java, resources,README,LICENSE,CHANGELOG, and CI setup. - Added versioned password hashing using PBKDF2-HMAC-SHA256.
- Added unique salts, safe password comparison, and automatic migration from legacy SHA-256 password hashes.
- Added real SMTP email delivery with TLS/STARTTLS, authentication, UTF-8 HTML support, timeouts, a dedicated executor, and reload support.
- Added recovery-code expiration, maximum attempt limits, and cooldowns per player/IP.
- Added
schema-versionsupport to persisted data. - Added automatic backups before destructive data operations.
- Added UUID/IP-based lockout protection.
- Added blindness effect support for pre-login protection.
Changed
- Updated
/email confirmto correctly useargs[1]. - Email recovery is now allowed before login.
- Recovery codes now use
SecureRandom. - Password recovery no longer sends or stores temporary plain-text passwords.
- Players now set a new password directly using:
/email confirm <code> <new-password> <confirm-password>
or:
/resetpassword own ...
- Pre-login command protection now uses exact command matching.
- Player visibility and effects are now properly cleaned up on quit and plugin disable.
DataManager.javanow properly removesplayers.<uuid>entries and saves a clean data snapshot.
Removed
- Removed the plain-text temporary password recovery flow.
- Removed MySQL and captcha settings from the default configuration.
- Legacy captcha settings are now automatically disabled if found in old configuration files.
Fixed
- Fixed destructive persistence operations not fully removing player data.
- Fixed stale or unsafe recovery behavior from the old password reset flow.
- Fixed legacy configuration compatibility issues by enforcing valid YAML handling.
4.0Релиз1.21.9, 1.21.10, 1.21.11 · 5 января 2026 г.
🎉 Major Release - Complete Security Update
Release Date: January 2026
Minecraft Version: 1.21+
Java Version: 21
✨ New Commands
| Command | Description | Permission |
|---|---|---|
/logout |
Manual logout for players | - |
/unregister <player> [--confirm] |
Remove a player's registration (admin) | newlogin.unregister |
/newlogin |
Administrative commands | newlogin.admin |
/email |
Email management for password recovery | - |
🛠️ Admin Commands (/newlogin)
reload- Reload plugin configurationinfo <player>- Show detailed player informationlist [page]- List all registered players (paginated)stats- Show plugin statisticsforcelogin <player>- Force login a playerforcelogout <player>- Force logout a playersetspawn- Set the login spawn locationhelp- Display help menu
📧 Email System (/email)
set <email>- Set your email addressremove- Remove your emailshow- Display your current emailrecover <email>- Request password recoveryconfirm <code>- Confirm email or recovery code
🔒 New Security Features
- Damage Protection - Players cannot receive damage before login
- Hunger Protection - Hunger bar doesn't decrease before login
- Inventory Protection - Cannot open inventories before login
- Item Pickup Protection - Cannot pick up items before login
- Block Protection - Cannot break/place blocks before login
- Entity Interaction Protection - Cannot interact with entities before login
- Item Swap Protection - Cannot swap hand items before login
🎯 Login Spawn System
- Teleport unlogged players to a specific location
- Automatically restore original location after login
- Configurable via
/newlogin setspawnorconfig.yml
login-spawn:
enabled: false
world: "world"
x: 0.0
y: 64.0
z: 0.0
yaw: 0.0
pitch: 0.0
👻 Invisibility System
- Players become invisible until they login
- Hidden from other players completely
- Invisibility potion effect applied automatically
- Configurable in
config.yml
🏷️ New Aliases
| Command | Aliases |
|---|---|
/login |
/l |
/register |
/reg |
/changepassword |
/changepass, /mudarsenha |
/resetpassword |
/resetpass |
/logout |
/sair |
/newlogin |
/nl, /nlogin |
/email |
/mail |
🎨 Tab Completion
- Full tab completion support for all commands
- Smart suggestions for player names
- Permission-aware completions
📊 New Player Data Tracking
- Login Count - Track total logins per player
- Last IP - Store last known IP address
- Registration Date - When player registered
- Last Login - Last successful login timestamp
🔐 New Permissions
newlogin.* - Access to all commands
newlogin.admin - Admin commands access
newlogin.admin.reload - Reload configuration
newlogin.admin.info - View player info
newlogin.admin.list - List registered players
newlogin.admin.stats - View statistics
newlogin.admin.forcelogin - Force player login
newlogin.admin.forcelogout - Force player logout
newlogin.admin.setspawn - Set login spawn
newlogin.resetpassword - Reset player passwords
newlogin.unregister - Unregister players
newlogin.bypass.timeout - Bypass login timeout
newlogin.bypass.lockout - Bypass attempt lockout
📝 New Configuration Options
Login Protection
login-protection:
invisibility: false
blindness: false
no-damage: true
no-hunger: true
Email System (SMTP)
email:
enabled: false
smtp:
host: "smtp.gmail.com"
port: 587
username: ""
password: ""
tls: true
from: "[email protected]"
Logging
logging:
successful-logins: true
failed-logins: true
password-changes: true
registrations: true
Allowed Commands Before Login
security:
allowed-commands:
- "help"
- "rules"
💬 New Messages
auto-login-success: "&aSession restored! You were logged in automatically."
not-logged-in: "&cYou are not logged in!"
logout-success: "&aYou have been logged out successfully!"
login-timeout-kick: "&cLogin timeout! Please reconnect and login."
unregister-success: "&aPlayer {player} has been unregistered!"
unregistered-by-admin: "&cYour registration was removed by an administrator."
invalid-email: "&cInvalid email format!"
email-already-used: "&cThis email is already in use!"
email-confirmation-sent: "&aConfirmation email sent to {email}!"
email-set-success: "&aEmail set successfully: {email}"
recovery-email-sent: "&aRecovery email sent to {email}!"
invalid-code: "&cInvalid or expired code!"
🐛 Bug Fixes & Improvements
- Improved password hashing with SHA-256 + salt
- Better session management
- Fixed movement detection (allows camera rotation)
- Improved lockout system with remaining time display
- Better error handling and logging
- Async data saving to prevent lag
- Memory leak fixes in session cleanup
3.0Релиз1.21.8, 1.21.9, 1.21.10 · 9 октября 2025 г.
🔒 Security
SHA-256 Hash with Salt: Implemented secure hashing system with a unique salt per player
Brute Force Protection: Temporary lockout system after multiple failed attempts
- Configurable: max attempts and lockout duration
- Informative messages for blocked players
Password Validation: Configurable minimum requirements
- Minimum password length
- Uppercase letter requirement
- Number requirement
- Special character requirement
✨ New Features
Advanced Session System
- IP-based auto-login (configurable)
- Configurable session timeout
- Last activity tracking
- Automatic cleanup of expired sessions
Configuration Manager
- Complete and organized
config.ymlfile - All messages customizable
- Adjustable security settings
- Flexible session configurations
- Complete and organized
Full Pre-Login Protection
- Movement blocking
- Chat blocking
- Command blocking (except login/register)
- Interaction blocking with blocks and entities
- Damage blocking
- Item drop blocking
🔄 Improvements
LoginManager
- Automatic migration of old passwords to the new hashing system
- Password strength check
- Improved login attempt system
PlayerManager
- Integrated session management
- Player activity tracking
- Automatic data cleanup
DataManager
- Support for new fields (salt, IP, timestamps)
- Optimized asynchronous operations
- Better error handling
PlayerListener
- Comprehensive event protection
- Configurable reminder messages
- Improved user experience
📝 Updated Commands
- /register: Enhanced password validation with detailed feedback
- /login: Attempt system with temporary lockout
- /changepassword: New password validation
- /resetpassword: Still available for administrators
⚙️ Configuration
config.yml: New comprehensive configuration file
- Security section (hashing, attempts, validation)
- Session section (auto-login, timeout)
- Protection section (blocked events)
- Messages section (all customizable)
🐛 Bug Fixes
- Fixed insecure plain text password storage
- Fixed missing protection against command spam
- Fixed players being able to interact before logging in
- Fixed missing session timeout
2.0Релиз1.21.6, 1.21.7, 1.21.8 · 13 сентября 2025 г.
- /changepassword
- /resetpassword (admin only)
- bug fixes
1.0-SNAPSHOTАльфа1.13.1, 1.13.2, 1.20.1 · 28 августа 2025 г.
- First version
Комментарии
Загружаем…