The greeting messages don't work; when I join the server, I am stuck and cannot do anything, and there are no messages that tell me how to log in or register. Since i know the commands, I can login or register with those commands, but this would not be good for other players because they'd join and have no idea how to get un-stuck.
Also players can be damaged while not logged-in. This should be fixed.
Players can still be damaged when not logged in... also, recently, a player joined, and spawned underground somehow. I wonder if a glitch in the plugin caused the player to spawn underground. But anyway at least players should be invincible when not logged in.
Nope, only other plugin just colors chat. I don't know why the player was underground; it could've been another reason; maybe the player dug himself into the ground and another player filled the hole. It probably won't happen again so I wouldn't worry about it
i need status player online offline in db after /login or get out and i need config use /register Because i need player register on webpage only and delay time kick if player afk before /login can you help me ?
I know that it is mainly focussed for cracked servers. But I would like to give my admins a bit of extra protection on my premium server, that if in any case their account gets hacked the hacker can't damage my server using that account. Could you add a permission and a configuration option that if it is true accepts the permissions and requires only the ones with the permission to register and requires them to login every time they join.
PS: and a function to have the players teleport on join to a certain location.
It's not mainly focussed for cracked servers. The thought was really to add an second-auth system like Github has. So I added TOTP (Time-based One-time Password), which is my opinion not a good user experience for normal users, because you'll need to open the APP on your phone every time. FlexibleLogin also has in the last version a command only protection for important commands like /op or /pex.
If I understand it correctly, you mean a protection for users who only have this permission. Is that correct?
I think that TOTP in combination with email is a better way to use TOTP. It is not as secure as using an app or SMS. But players would not have to install an external app that could be malicious, server owners don't have to pay for an Apple developer account just to host one app and server owners don't have to pay for SMS costs. TOTP with email is easier to use. Especially because every owner of an premium account and almost every user of the internet already has an email address. And for server owners it's easier to maintain.
Yes, exactly that, that only the group/user with that permission is forced to register and to login every time they join since.
I didn't knew that it was possible to protect commands :D. That's a really cool feature and is certainly useful. I'm going to use it in combination with PEX and CommandKits. It's main function is to allow normal players to see when a staff-member is able to use their special permissions (using a slightly different prefix and a broadcast.) It is a great improvement in security and fairness.
I've just a question about this plugin. If I want to allow unpaid Minecraft account to join my server, everybody will must login to join the server. But, permissions are made on uuid. So is this still possible to let them join the server, even with this security login plugin ? Because, when I add a player to a group, I add it with his name, not with his uuid. Even if permission-ex link the username with the uuid.
On offline mode servers the uuid is generated based on the player name. So you'll have the same permissions if you don't change your name (including same case). I don't know how PEX works exactly, but I'm assuming that it will access the uuid cache from the server. This means that the player have to be online at least once.