# Main settings
main-settings:
 # Text formatting.
  # LEGACY - color using &, MINIMESSAGE - color using <color>
  # MINIMESSAGE was added in new versions (1.17+)
  serializer: LEGACY
  # If set to true - messages will be broadcasted to all servers on the proxy network.
  proxy: false
  # Plugin prefix
  prefix: '&f&l[&c&lProtection&f&l]'
  # If set to false, players need to type the password in the chat
  use-command: true
  # Password input command. (specified without / at the beginning) (default - pas) (command is not going to be registered on Spigot)
  pas-command: 'pas'
  # Enable commands for adding new players to the config
  enable-admin-commands: false
  # Send anonymous statistics (advised not to disable)
  enable-metrics: true
  # Check for updates (advised not to disable)
  update-checker: true
  # Main check interval in ticks (do not touch if you don't know how it works)
  check-interval: 40

# Encryption settings
encryption-settings:
 # Whether to enable encryption
  # When encryption is enabled, the password in data.yml must be specified in an already encrypted format and in a separate field encrypted-pass:
  # To see what the password will look like in encrypted form, you can use the command /usp encrypt <password>
  # However, if the auto-encrypt-passwords option is enabled, you can specify a regular password in the old pass: format in data.yml, and the plugin will automatically convert it.
  enable-encryption: false
  # Password encryption method (Supported types: BASE64, MD5, SHA224, SHA256, SHA384, SHA512, SHA3-224, SHA3-256, SHA3-384, SHA3-512)
  # BASE64 - This "encryption" does not provide data protection; it is simply a method of converting data to another format for network transmission or storage.
  # Use BASE64 only if you're afraid of "accidentally showing the file with passwords on the demo" and you don't need to specifically hide the data or to make encryption more complicated
  # MD5 - An old encryption method prone to collisions (case when 2 different values in encrypted form give the same values)
  # Use MD5 if you want to hide data and at the same do not want to use something hard-weight
  # SHA256 and other SHA - variations of the SHA algorithm.
  # Use SHA256 if you want to securely hide passwords without the possibility of decryption, and SHA512 for even more effective encryption
  # SHA3-256 and other SHA3 - an analogue of the usual SHA with a modified encryption algorithm.
  # Use SHA3 if you want to make non-standard and at the same time strong encryption
  # You can use 2 or more encryption methods simultaneously for greater security of your passwords, so they cannot be easily brute-forced
  # Encryption will be performed in order 1;2;3 and so on. It's important - deep encryption can take a lot of time, so don't use too many of them
  # SALT is used to apply salt (random string to an existing password). You can only apply it once.
  encrypt-method: 'BASE64;SALT;MD5'
  # If you used any encryption method and for some reason decide to change it - you can specify it here so that you don't lose data
  old-encrypt-methods: []
  # The length of the dynamically generated salt. The longer it is, the more effectively passwords are protected.
  salt-length: 24
  # Enable automatic encryption of all existing passwords from the data.yml file when the plugin starts and restarts
  # This function will automatically convert all passwords from the pass: format to the encrypted-pass: format, encrypting the existing passwords
  # If there is a lot of data in the file, automatic encryption can take a long time! Disable it in case of problems.
  auto-encrypt-passwords: true

# File settings
file-settings:
 # Players data file name. (default - data.yml)
  data-file: 'data.yml'
  # Log file name. (default - log.yml)
  log-file: 'log.yml'
  # If this setting is enabled, you need to specify the full path to the file
  # Example: root/server/plugins/UltimateServerProtector/data.yml
  use-full-path: false
  # Path to the data.yml file
  data-file-path: '/root/server/plugins/UltimateServerProtector/'
  # Path to the log.yml file
  log-file-path: '/root/server/plugins/UltimateServerProtector/'

# Additional blocking settings
blocking-settings:
 # Block item dropping
  block-item-drop: true
  # Block item pickup
  block-item-pickup: true
  # Block tab-complete (works against /ver + tab)
  block-tab-complete: true
  # Make the player invulnerable during password input
  block-damage: true
  # Block the ability to cause damage to mobs and players during password input
  block-damaging-entity: true
  # Block the ability to open inventories during password input (menus, etc.)
  block-inventory-open: false
  # Whether to hide the player from the tab list when entering a password
  hide-on-entering: true
  # Whether to hide other players from the person entering the password
  hide-other-on-entering: true

# Session settings
session-settings:
 # Save player data so they don't have to enter the admin password again
  session: true
  # Delete player data after some time
  session-time-enabled: false
  # Time after which data about a registered player will be deleted in seconds (countdown starts from the password input moment)
  session-time: 21600 #(6 hours)

# Punishment settings
punish-settings:
 # Enable punishments for incorrectly entered admin password
  enable-attempts: true
  # Maximum number of admin password entry attempts
  max-attempts: 3
  # Enable time for entering admin password
  enable-time: true
  # Time in seconds within which the player must enter the admin password
  time: 60
  # Enable punishments for rejoin to the server if a player exits without entering the admin password
  enable-rejoin: true
  # Maximum number of rejoins to the server if a player exits without entering correct admin password
  max-rejoins: 3

# Bossbar settings (only works if login time is enabled)
bossbar-settings:
 # Enable bossbar
  enable-bossbar: true
  # Bossbar color (PINK, BLUE, RED, GREEN, YELLOW, PURPLE, WHITE)
  bar-color: RED
  # Bossbar type (SOLID, SEGMENTED_6, SEGMENTED_10, SEGMENTED_12, SEGMENTED_20)
  bar-style: SEGMENTED_12

# Enhanced security settings
secure-settings:
 # Apply punishments to operators not listed in the whitelist
  enable-op-whitelist: false
  # Apply punishments to those who have admin rights but are not in the config
  enable-notadmin-punish: false
  # Apply punishments to people with forbidden permissions
  enable-permission-blacklist: false
  # Enable IPWhitelist for administrators
  enable-ip-whitelist: false
  # Allow using the /usp command only from the console
  only-console-usp: false
  # Shutdown the server if the plugin is disabled
  shutdown-on-disable: true
  # Whether to shut down the server only if plugman-like plugins are enabled
  shutdown-on-disable-only-if-plugman: true
  # Allow certain players to enter the game without an admin password (disabled by default and unsafe)
  enable-excluded-players: false
  # Should the plugin call ServerProtectorPasswordEnterEvent on password entering? (Disabled by default for security reasons)
  call-event-on-password-enter: false

# Message display settings
message-settings:
 # Delay between auto-messages and titles in seconds
  delay: 2
  # Enable full-screen messages
  send-titles: true
  # Enable notifications for administrators
  enable-broadcasts: true
  # Enable notifications for the console
  enable-console-broadcasts: true

# Sound settings for commands/actions
sound-settings:
 # Enable sounds for commands
  enable-sounds: true
  # Sound when capturing an admin with permissions (SOUND:VOLUME:PITCH)
  on-capture: ENTITY_ITEM_BREAK;1.0;1.0
  # Sound when incorrect password is entered
  on-pas-fail: ENTITY_VILLAGER_NO;1.0;1.0
  # Sound when correct password is entered
  on-pas-correct: ENTITY_PLAYER_LEVELUP;1.0;1.0

# Effects settings applied before entering the password
effect-settings:
 # Enable the effect that will be applied to the admin before entering the password
  enable-effects: true
  # Effects to apply to the player (EFFECT;LEVEL)
  effects:
   - 'BLINDNESS;3'

# Logging settings
logging-settings:
 # Log successful/unsuccessful password entry attempts to file
  logging-pas: true
  # Log player joins with admin rights to file
  logging-join: true
  # Log plugin enabling and disabling to file
  logging-enable-disable: true

# Commands applied to offenders
commands:

  # Commands applied to those with admin rights but not in the config
  not-in-config:
   - 'kick %player% You are not in the list of administrators!'
    - 'deop %player%'

  # Commands applied to those with admin rights but not listed in op-whitelist
  not-in-opwhitelist:
   - 'deop %player%'
  #- 'ban %player% You are not allowed to have operator rights!'

  # Commands applied to those with forbidden permissions (disabled by default)
  have-blacklisted-perm:
   - 'lp user %player% permission clear'
  #- 'ban %player% You are not allowed to have such permissions!'

  # Commands applied to those who entered with admin rights but have a non-admin IP (disabled by default)
  not-admin-ip:
   - 'kick %player% Your IP is not on the whitelist'
  #- 'deop %player%'

  # Commands applied to those who entered the wrong password within the allotted attempts
  failed-pass:
   - 'ban %player% You entered the admin password incorrectly, your account is frozen'
    - 'deop %player%'

  # Commands applied to those who failed to enter the password within the allotted time
  failed-time:
   - 'kick %player% You did not manage to enter the admin password within the given time'
    - 'deop %player%'

  # Commands that will be applied to those who have rejoined the server without entering the correct password too many times
  failed-rejoin:
   - 'ban %player% You have been rejoining the server too many times without entering the password'
    - 'deop %player%'

# Permissions for which the player will need to enter the admin password (feel free to add your own!)
permissions:
 - '*'
  - 'bukkit.*'
  - 'minecraft.*'
  - 'essentials.*'
  - 'cmi.*'
  - 'worldguard.*'
  - 'worldedit.*'
  - 'fawe.*'
  - 'permissions.*'
  - 'luckperms.*'
  - 'luckperms.editor'
  - 'luckperms.applyedits'
  - 'citizens.*'
  - 'citizenscmd.*'
  - 'znpcs.*'
  - 'holograms.*'
  - 'multiverse.*'
  - 'coreprotect.*'
  - 'mycommand.*'
  - 'towny.*'
  - 'matrix.*'
  - 'vulcan.*'
  - 'dh.admin'
  - 'ls.admin'
  - 'fawe.admin'
  - 'authme.admin'
  - 'protocol.admin'
  - 'placeholderapi.admin'
  - 'plugman.admin'
  - 'plugman.download'
  - 'serverprotector.admin'

# Permissions that no one except players from the excluded-players section can have (disabled by default.)
blacklisted-perms:
 - '*'

# Commands that can be entered before entering the admin password (specify with /)
allowed-commands:
 - '/l'
  - '/login'
  - '/reg'
  - '/register'
  - '/captcha'

# Which players are allowed to have OP rights
op-whitelist:
 - Overwrite
  - test99999

# From which IPs and which players are allowed to enter with admin rights
# You can specify only part of the IP address to allow entry to people with dynamic IPs. For example, 1.2.3.4 -> 1.2.3.*
ip-whitelist:
 # Player 1
  test99999:
   - 127.0.0.1
    - 0.0.0.0
  # Player 2
  test123123:
   - 228.13.37.*

# Which players will be excluded from checks (each check has its own type)
excluded-players:
 # Players who do not need to enter the admin password
  admin-pass:
   - test99999
    - test123123
  # Players who will not be checked for inclusion in op-whitelist
  op-whitelist:
   - test99999
    - test123123
  # Players who will not be checked for inclusion in ip-whitelist
  ip-whitelist:
   - test99999
    - test123123
  # Players who will be allowed to have blocked permissions
  blacklisted-perms:
   - test99999
    - test123123

# Messages that will be displayed to people when entering a command
msg:
  message: "%prefix% &fAdmin permissiond detected! You should enter admin-password!"
  incorrect: "%prefix% &cWrong password!"
  correct: "%prefix% &aCorrect password. Have a nice day ;)"
  noneed: "%prefix% &fYou do not need to enter the admin password or it has already been entered."
  cantbenull: "%prefix% &fPassword cannot be empty."
  playeronly: "%prefix% &fOnly for players"

# Admin broadcasts (%player% = player"s nick / %ip% = player"s IP)
broadcasts:
  failed: "%prefix% &fAdmin &3%player% &fentered the password &cwrongly! &fIP: &c%ip%"
  passed: "%prefix% &fAdmin &3%player% &fentered the password &acorrectly! &fIP: &c%ip%"
  joined: "%prefix% &fAdmin &3%player% &fjoined the game! &fIP: &c%ip%"
  captured: "%prefix% &fPlayer &3%player% &fwas detected with admin-permissions! &fIP: &c%ip%"
  disabled: "%prefix% &6&lWARNING! &fPlugin has been disabled!"
 
# Log format
log-format:
  enabled: "%date% [UltimateServerProtector - plugin enabled]"
  disabled: "%date% [UltimateServerProtector - plugin disabled]"
  failed: "%date% Admin %player% entered admin password incorrectly! IP: %ip%"
  passed: "%date% Admin %player% sucsessfully logged in! IP: %ip%"
  joined: "%date% Admin %player% joined the game. IP: %ip%"
  captured: "%date% Player %player% was detected with admin-permissions! IP: %ip%"

# Titles (format - title;subtitle;fadein;stay;fadeout)
titles:
  message: '&e&l⚠ &c&lProtection &e&l⚠;&fAdmin permissiond detected! Enter admin-password!;10;60;15'
  incorrect: '&e&l⚠ &c&lProtection &e&l⚠;&cWrong password!;10;60;15'
  correct: '&e&l⚠ &c&lProtection &e&l⚠;&aCorrect password. Have a nice day;10;60;15'

# Message in boss bar
bossbar:
  message: "&fRemained: &c%time% seconds"

# Message when using the /usp command (admin commands)
uspmsg:
  consoleonly: '&cThis command can only be executed from the console!'
  playeronly: '&cThis command can only be executed by a player!'
  logout: '&aYour session has been reset.'
  reloaded: '&aPlugin reloaded.'
  rebooted: '&aPlugin rebooted.'
  playernotfound: '&cAccount %nick% not found in the system!'
  alreadyinconfig: '&aThis account is already in the config.'
  notinconfig: '&cThis account is not in the config.'
  playeradded: '&aPlayer %nick% successfully added.'
  playerremoved: '&aPlayer successfully removed.'
  ipadded: '&aIP %ip% successfully added.'
  setpassusage: '&f/%cmd% setpass (nick) (password)'
  addopusage: '&f/%cmd% addop (nick)'
  addipusage: '&f/%cmd% addip (ip)'
  rempassusage: '&f/%cmd% rempass (nick)'
  remopusage: '&f/%cmd% remop (nick)'
  remipusage: '&f/%cmd% rempip (ip)'
  usage: '&7&l> &7Usage:'
  usage-logout: '&6/%cmd% logout&7 - end your session'
  usage-reload: '&6/%cmd% reload&7 - reload the config'
  usage-reboot: '&6/%cmd% reboot&7 - reboot the plugin'
  usage-encrypt: '&6/%cmd% encrypt (password)&7 - show encrypted version of the password'
  usage-setpass: '&6/%cmd% setpass (nick) (password) &7- set player password'
  usage-rempass: '&6/%cmd% rempass (nick) &7- remove player password'
  usage-addop: '&6/%cmd% addop (nick) &7- add player to op whitelist'
  usage-remop: '&6/%cmd% remop (nick) &7- remove player from op whitelist'
  usage-addip: '&6/%cmd% addip (nick) (ip) &7- add player and their ip to ip whitelist'
  usage-remip: '&6/%cmd% remip (nick) (ip) &7- remove player and their ip from ip whitelist'
  otherdisabled: |-
    &7Other commands are disabled.
    &7To enable them, set &6enable-admin-commands: &atrue

# System messages
system:
  baseline-warn: "§6============= §c! WARNING ! §c============="
  baseline-default: "§6========================================"
  paper-1: "§eYou are using an unstable core for your MC server! It's recommended to use §aPaper"
  paper-2: "§eDownload Paper: §ahttps://papermc.io/downloads/all"
  bungeecord-1: "§eYou have the §6bungeecord setting §aenabled§e, but the §6BungeeGuard §eplugin is not installed!"
  bungeecord-2: "§eWithout this plugin, you are exposed to §csecurity risks! §eInstall it for further safe operation."
  bungeecord-3: "§eDownload BungeeGuard: §ahttps://www.spigotmc.org/resources/bungeeguard.79601/"
  update-latest: "§aYou are using latest version of the plugin!"
  update-outdated-1: "§aYou are using outdated version of the plugin!"
  update-outdated-2: "§aYou can download new version here:"
  update-outdated-3: "§bgithub.com/Overwrite987/UltimateServerProtector/releases/"

# Unique passwords for admins
data:
  Overwrite: # player 1
    pass: '123123' # player's 1 password
  test99999: # player 2
    pass: '321321' # player's 2 password