- Minecraft Versions
- 1.7, 1.8, 1.9, 1.10, 1.11, 1.12, 1.13, 1.14, 1.15, 1.16, 1.17, 1.18, 1.19, 1.20
- Documentation
- https://en.docs.nickuc.com/
Description of the nLogin Premium plagin:
nLogin is an authentication system focused on practicality, security, and convenience for players.
nLogin Premium provides exclusive benefits in the paid version.
What is available in the premium version of the nLogin plugin?
Linking accounts
Your players will be able to link their email, Discord, and Twitter accounts.Once linked, you'll be able to...
- Enable a second factor for the user, adding an extra layer of security for authentication.
- Use an integrated account as a password recovery method.
- integrate the provided accounts into other server applications (forums, stores, Discord group, etc.).
You can force the player to register an email when authenticating, which will prevent bots from accessing or duplicate accounts.
The player will not be able to perform any actions until they log in. Email verification is required unless you have the "nlogin.bypass.email" permission.
You can also limit the number of times you use your account!
By default, the limit is one account per user.
Easier authentication
Are you a YouTuber or streamer and need to hide your password every time you authenticate? Or are you just tired of logging in every time?Take it easy! With the premium version of nLogin, you'll be able to automatically authenticate regardless of whether your account is hacked or a premium account. Check it out below:
Login sessions
If a player is hacked, they don't have to enter their password all the time.By default, sign-in sessions last 5 minutes, but you can change this in config.yml.
Premium Login
If the player is a premium player, they do not need to enter a password (even when they log in to the game for the first time).Just log in and play. It's as simple as that.
Logging in with Bedrock
If a player logs in via Bedrock, they will not need to be authenticated.Features of the nLogin Premium plugin:
- Full support for proxy servers.
- BungeeGuard system.
- Support for all plugins that use the AuthMe api.
- Custom conversion of various plugins.
- A protection system to disable the plugin from hacker attacks.
- Simple one-click update system.
- Multi-language support.
- Automatic language selection based on Minecraft language.
- Password hiding and encryption system.
nLogin Premium plugin commands:
/nlogin <command> [arguments] — The main command of the plugin. It is usually used for administration./nlogin support is a list of contacts for support./nlogin version - Shows information about the version of the plugin./nlogin changepass <Player Nickname> <New Password> - Changes the player's password./nlogin delete <player> - deletes the player's account (WARNING, UUID data may be lost) - not to be confused with /nlogin unregister./nlogin dupeip <Player's nickname/ip> - Lists accounts with the same IP address./nlogin forcelogin <Player's nickname> - Forces you to log in to your account./nlogin unregister <Player Nickname> - Removes the password from the account./nlogin verify <Player's nickname> - Displays a list of information from the account./nlogin reload – Reloads the plugin settings./nlogin update - Manage update settings./nlogin spawn <operation> <type> - Controls the teleportation mechanism./2fa <2fa> [arguments] - used to set up the second factor./changepassword <current password> <new password> - Changes the registered password.[B]/cracked[/B] – Marks the account as hacked./login <password> — authentication of the registered player./premium – Marks the account as premium./register - Registers the password./unregister - unregister your account. (command disabled by default)nLogin Premium Permissions:
nlogin.admin - distinguishes the player from the administrator. Used to send notifications, provide access to administrative commands, etc.nlogin.dupeip - Provides access to the /nlogin dupeip command.nlogin.verify - Provides access to the /nlogin verify command.nlogin.discord – Provides access to 2fa via Discord.nlogin.email – Provides access to 2fa via email.[B]nlogin.twitter[/B] - Accesses 2fa via Twitter.nlogin.bypass.email — eliminates the need to register an email if the require-email option is enabled.nLogin Premium Configurations:
YAML:
####################################################################################################
# +----------------------------------------------------------------------------------------------+ #
# | __ _ | #
# | _ __ / / ___ __ [I]([/I])_ __ | #
# | | '_ \ / / / _ \ / [I]` | | '[/I] \ | #
# | | | | / /__| ([I]) | ([/I]| | | | | | | #
# | |[I]| |[/I]\[B][B]/\[I][/B]/ \[/B], |[I]|[/I]| |[/I]| | #
# | |___/ | #
# | | #
# | A practical, secure and friendly authentication plugin | #
# | | #
# | © 2022 - Powered by nickuc.com | #
# | | #
# | | #
# | For a better understanding of this file see our documentation: | #
# | ==> https://docs.nickuc.com/nlogin | #
# | | #
# | New options are not automatically added in this file. Default values are used | #
# | if an option is not found. | #
# +----------------------------------------------------------------------------------------------+ #
####################################################################################################
# Set the version of the file.
file-version: 2
# Sets the debugging mode.
# - This option is used to find problems in the plugin.
debug: false
# Set the language of the plugin
#
# - Available translations:
#
# |=> Chinese: messages_cn.yml
# |=> Chinese: messages_cn.yml
# |=> Czech: messages_cz.yml
# |=> German: messages_de.yml
# |=> English: messages_en.yml
# |=> Spanish: messages_es.yml
# |=> French: messages_fr.yml
# |=> Hungarian: messages_hu.yml
# |=> Lithuanian: messages_lt.yml
# |=> Polish: messages_pl.yml
# |=> Portuguese: messages_br.yml
# |=> Romanian: messages_ro.yml
# |=> Russian: messages_ru.yml
# |=> Turkish: messages_tr.yml
# |=> Other languages: https://github.com/nickuc/OpeNLogin/blob/master/docs/lang.md
#
# - When changing the language, the current file can be reset.
languageFile: "messages_en.yml"
# ___ _ _
# / \__ [I]| |[/I] __ [I]| |[I][/I] [I][/I] _ [B][/I] _[/B]
# / /\ / [I][ICODE] | _[/I]/ [I][/ICODE] | '[/I] \ / [I]` / _[/I]|/ _ \
# / /[I]// ([/I]| | || ([I]| | |[/I]) | ([I]| \[I][/I] \ _[/I]/
# /[B][I],' \[/B],[I]|\[/I][/I]\[B],[I]|[/I].[/B]/ \[B],[I]|[/I][/B]/\___|
# Database settings.
database:
# Sets the type of database used.
#
# - Options available:
# |=> MySQL
# |=> SQLite
type: SQLite
remote:
# Defines MySQL information.
# - Tutorial for installation: https://docs.nickuc.com/nlogin-mysql
address: "localhost:3306"
database: "nLogin"
user: "root"
password: ""
# Set the connection properties.
# - Don't change this information if you don't know what you are doing!
properties:
#useSSL: false
#verifyServerCertificate: false
useUnicode: true
characterEncoding: "utf8"
# Defines the connection pool settings.
# - Don't change this information if you don't know what you are doing!
pool-settings:
maximum-pool-size: 10
minimum-idle: 10
maximum-lifetime: 1800000 # 30 minutes
connection-timeout: 5000 # 5 seconds
table:
account:
# Sets the name of the nLogin accounts table.
# - Don't change this information if you don't know what you are doing!
table-name: "nlogin"
# Sets the name of the nLogin columns.
# - Don't change this information if you don't know what you are doing!
columns:
id: "id"
name: "name"
real_name: "realname"
unique_id: "uniqueId"
premium_id: "premiumId"
password: "password"
premium: "premium"
address: "address"
reg_date: "regdate"
last_login: "lastlogin"
email: "email"
twitter: "twitter"
discord: "discord"
settings: "settings"
data:
# Sets the name of the nLogin data table.
# - Don't change this information if you don't know what you are doing!
table-name: "nlogin_data"
# Sets the name of the nLogin columns.
# - Don't change this information if you don't know what you are doing!
columns:
id: "id"
key: "key"
value: "value"
# _____ _ __
# /\ /\ [B]_ [I][/B] _ [I][/I] \[/I] \_ __ | |_ [B]_ _ __ / [I]| [I][/I] _ [I][/B] _[/I][/I]
# / / \ \/ [B]|/ _ \ '[/B]| / /\/ '_ \| [B]/ _ \ '[/B]| |_ / [I]` |/ _[/I]/ _ \
# \ \[I]/ /\[I][/I] \ [I][/I]/ | /\/ /[/I] | | | | || __/ | | [I]| ([/I]| | ([I]| _[/I]/
# \[B][I]/ |[/I][/B]/\[B][I]|[/I]| \[B][/B]/ |[I]| |[/I]|\[B]\[I][/B]|[I]| |[/I]| \[B],[I]|\[/I][/B]\[/I][/B]|
# User Interface settings.
ui:
# Sets whether on-screen messages will be sent.
use-title-bar: true
# Sets whether messages in actionbars will be sent.
use-action-bar: true
# Sets whether the time remaining message will be sent.
actionbar-counter: true
# Sets whether sound effects will be sent.
use-sounds: true
# Sets whether interactive messages will be sent.
use-chat-component: true
# __ _
# \ \ ___ ([I])[/I] __
# \ \/ _ \| | '_ \
# /\[I]/ / ([/I]) | | | | |
# \[B][I]/ \[/I][/B]/|[I]|[/I]| |_|
# Join configuration.
join:
# Sets whether the chat should be cleaned upon joining the server.
clean-chat-on-join: true
# Sets whether the input message will be removed.
remove-join-message: true
# _____ _ _
# /__ \[B][I]| | [I][/B] _ [I][/I] _[/I][/I] _ __| |_
# / /\/ _ \ |/ _ \ '_ \ / _ \| '__| __|
# / / | __/ | __/ |[I]) | ([/I]) | | | |_
# \/ \[B][I]|[/I]|\[I][/B]| .[B]/ \[/I][/B]/|[I]| \_[/I]|
# |_|
# Teleport settings.
teleport:
# Sets whether the player will be teleported to a safe position upon entering.
# - It is recommended to activate the option if no spawn has been set.
safe-location: false
# Defines if the player will be teleported to the last location upon exit.
last-location: true
# Defines if the player will be teleported to the spawn upon death.
teleport-on-death: true
# __ _ _
# / /([I])[/I] __ [B]_ | |[/B] ___
# / / | | '_ ` _ \| '_ \ / _ \
# / /__| | | | | | | |[I]) | ([/I]) |
# \[B][B]/[I]|[/I]| |[I]| |[/I]|[I].[/B]/ \[/I][/B]/
# Limbo settings.
# - Limbo is the player information protection system.
# - In case of an abrupt shutdown (e.g. power failure), the
# limbo files will go into action.
limbo:
# Defines whether the limbo should hide the players' information.
#
# => Player info list:
# - speed and flight mode;
# - speed when walking;
# - life;
# - satiety;
# - [...]
#
# - It is recommended to disable this option in case of conflicts with other
# plugins that handle these options (e.g. lobby plugins).
hide-player-stats: true
# Sets the time to wait for player information to be hidden.
#
# => The value provided must be in ticks. To calculate the required ticks,
# multiply the value (in seconds) by 20.
#
# - Example:
# 2 seconds X 20 ticks = 40 ticks
#
hide-player-stats-delay: 0
inventory:
# Sets whether items should be hidden before logging in.
hide-inventory: true
# Defines whether acceleration should be used.
# - This option hides items more optimally, but requires
# the installation of ProtocolLib and may cause problems with plugins
# that require the inventory to be empty before login (e.g. nAntiBot)
fast-hide-inventory: true
# Sets whether other players should be hidden before logging in.
# - This option can prevent spamming of bots in the server's player list.
hide-players-before-login: true
# Defines whether the movement should be locked before authenticating.
block-player-walk: true
# ___ _
# / _ \_ __ [B]_ _ __ [I][/B] ([I])[/I] _ _ [I][/I] [B][/I] __/\[/B]
# / /[I])/ '[I][/I]/ _ \ '[/I] [ICODE] _ \| | | | | '_ [/ICODE] _ \ \ /
# / ___/| | | __/ | | | | | | |[I]| | | | | | | /[/I] _\
# \/ |[I]| \[B][/I]|[I]| |[/I]| |[I]|[/I]|\[/B],[I]|[/I]| |[I]| |[/I]| \/
# Paid features of the plugin (premium version).
premium:
# Defines the type of unique id for users.
#
# - Options available:
# |=> REAL [recommended]
# |=> RANDOM
# |=> OFFLINE
#
# - You can change this option freely: already registered users
# will NOT be affected by this change. Consequently, your users will
# continue to have the items and achievements after the change.
#
# - For more information, access the documentation:
# * https://docs.nickuc.com/nlogin-uuid
unique-id-type: REAL
autologin:
bedrock:
# Defines whether Bedrock players should authenticate automatically.
# - You can change this setting freely: already registered users
# will NOT be vulnerable by this change
enable: true
# Sets whether Bedrock players should skip registration.
# - It is recommended to disable this option if you use player passwords
# in a web integration (e.g. server site).
skip-register: true
premium:
# Defines whether premium players should authenticate automatically.
# - You can change this setting freely: already registered users
# will NOT be vulnerable by this change
enable: true
# Defines whether premium players should skip registration.
# - It is recommended to disable this option if you use player passwords
# in a web integration (e.g. server site).
skip-register: true
# Defines whether premium nicknames will receive a notification to mark their account as premium or not.
# - Changing this option will only be done if you use the UUID "RANDOM" or "OFFLINE".
# Otherwise premium players will be automatically marked as premium
# in order to keep the real UUID from Mojang.
ask-via-notification: true
# Sets whether cracked players can use premium player nicknames.
# - The option will only change if you use the "REAL" UUID.
# Otherwise, cracked players will be allowed by default.
allow-cracked-users: true
session:
# Defines whether login sessions will be used.
# - Authentication will be ignored if the player logs in at the timeout
# and continues using the same ip address.
enable: true
# Sets the length of login sessions.
# => Very long session times may open vulnerabilities if the player's IP
# is public (proxies, public VPNs, shared networks)
# or if it switches too quickly (on ISPs with dynamic ip).
# - To make a session permanent use the value 0. However, this is inadvisable.
duration: 5
# _ _ _
# /[I]\ [I][/I]| |[/I] [B]__ _ _ __ [I][/B] __[/I] __| |
# //[I]\\ / [I][ICODE] \ \ / / _[/ICODE] | '[/I] \ / _[/I]/ _ \/ _` |
# / _ \ ([I]| |\ V / ([/I]| | | | | ([I]| [I][/I]/ ([/I]| |
# \[I]/ \[/I]/\[B],[I]| \[/I]/ \[/B],[I]|[/I]| |[I]|\__[/I]\[B][I]|\[/B],[/I]|
# Advanced features of the plugin.
advanced:
unrestricted:
# Defines the nicknames that will skip the authentication process.
#
# - This option can be useful for MODS or plugins that spoof
# the behavior of a player.
#
# - Examples:
# - '[ThaumcraftTablet]'
# - '[BuildCraft]'
# - 'ComputerCraft'
#
# => Use this feature at your own risk.
unrestricted-names: []
# Sets the name of the inventories that will not be locked before login.
# - If you are a developer, it is best to use a higher priority for
# your inventory event (e.g. HIGH or HIGHEST), and then remove
# the nLogin cancel - "Event#setCancelled(false)"
unrestricted-inventories: []
# Client (player) related resources.
client:
# Define whether the nLogin language should be adapted to the Minecraft language.
language-by-client: false
# Defines whether advertisements should be sent in-game.
# - Advertisements are only sent to administrators.
# - Advertisements are sent out rarely and include
# new plugins or features from NickUC projects
advertising: true
# Defines the list of commands to be executed after registering.
#
# - Options available:
# |=> @console: executes the command on the console.
# |=> @delay <time in seconds>: adds a delay to the command.
# |=> @proxy: runs the command on the proxy server (only if you are using one).
# |=> @server <servers divided by ",">: executes the command only if the player is connected to a
# list of specific servers (only if using a proxy server).
#
# Example: @server lobby1,lobby2
#
commands-after-register:
#- "@console tell @player Welcome to the server!" # run in console
#- "@delay 40 /kit starter" # wait for 40 ticks (2s)
# Defines the list of commands to be executed after authenticating.
#
# - Options available:
# |=> @console: executes the command on the console.
# |=> @delay <time in seconds>: adds a delay to the command.
# |=> @proxy: runs the command on the proxy server (only if you are using one).
# |=> @server <servers divided by ",">: executes the command only if the player is connected to a
# list of specific servers (only if using a proxy server).
#
# Example: @server lobby1,lobby2
#
commands-after-login:
#- "@console @proxy send @player lobby" # run in proxy console (bungee, velocity, etc.)
# Define a lista de comandos permitidos antes de autenticar-se.
allowed-commands:
- "/loginstaff"
# ___ _
# / _ \__ _ [B]_ [B][I][/B] __[/I][/B] _ __ [B]| |_[/B]
# / /[I])/ _` / _[/I]/ [B]\ \ /\ / / _ \| '[/B]/ [I]` / _[/I]|
# / [B][I]/ ([/I]| \[/B] \__ \\ V V / ([I]) | | | ([/I]| \__ \
# \/ \[B],[I]|[/I][/B]/[B][I]/ \[/I]/\[I]/ \[/I][/B]/|[I]| \[I][/I],[I]|_[/I][/I]/
# Password settings.
passwords:
# Sets the minimum password size.
small: 5
# Sets maximum password size.
large: 15
bruteforce:
# Sets the maximum number of incorrect attempts a player can make.
# - When using the value "1" the player will be disconnected immediately when he makes a mistake.
max-login-tries: 1
# Defines whether brute-force attacks will be punished automatically.
# - After too many incorrect attempts, the suspect IP address will be blocked.
auto-punish: true
# Sets the punishment time for a suspected brute force attack (in minutes).
punishment-duration: 15
insecure-passwords:
# Defines whether the player will be warned when using an insecure password.
warn: true
# Sets the weak password detection level:
#
# - Available levels:
# |=> 1: checks if it contains letters [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ]
# |=> 2: checks if it contains numbers [0123456789]
# |=> 3: checks if it contains symbols [!@#$%&*()-_]
#
# - Using the value "123" will perform all three checks.
level: "123"
hashing:
# Defines the hashing algorithm used.
#
# - Options available:
#
# | The computational cost of hashings should increase (but not necessarily) from the bottom up.
# |=> MD5
# |=> SHA256
# |=> SHA512
# |=> BCRYPT2Y
# |=> BCRYPT2A
# |=> PBKDF2
# |=> ARGON2ID
# |=> ARGON2I
# |=> ARGON2D
#
algorithm: "SHA512"
bcrypt:
rounds: 10
argon2:
iterations: 10
memory: 64
parallelism: 1
# __ _ _
# / [I]\ [B][/I] [I][/B] _ _ _ _[/I]([I]) |[/I] _ _
# \ \ / _ \/ [B]| | | | '[/B]| | __| | | |
# [I]\ \ [I][/I]/ ([I][/I]| |[I]| | | | | |[/I]| |[/I]| |
# \[B]/\[I][/B]|\[B][/I]|\[/B],[I]|[/I]| |[I]|\[I][/I]|\_[/I], |
# |___/
# General security settings.
security:
address-limiter:
# Sets whether the per-IP account limiter should be used.
# - This option can prevent fake accounts.
enable: true
# Sets the maximum number of records per ip address.
limit: 1
# Defines the list of IPs that ignore the limitation.
bypass:
- '127.0.0.1'
- 'localhost'
# Sets the time for a player to authenticate (in seconds).
time-to-login: 45
# Sets whether high-risk nLogin commands will be disabled in-game.
# - This option can prevent hacking attacks that remove admin registration.
disable-high-risk-commands: true
# Set the regex for nickname validation.
nickname-regex: '([a-zA-Z0-9_]{3,16})'
# ___ _
# / [B]\[I][/B] _ [I][/I] [B][/I] _ __ [I][/B] [I][/I] _ _ _[/I] [B]| |_[/B]
# / / / _ \| '_ [ICODE] _ \| '_ [/ICODE] _ \ / [I][ICODE] | '[/I] \ / [I][/ICODE] / _[/I]|
# / /[B]| ([I]) | | | | | | | | | | | ([/I]| | | | | (_| \[/B] \
# \[B][B]/\[I][/B]/|[I]| |[/I]| |[I]|[/I]| |[I]| |[/I]|\[B],[I]|[/I]| |[/I]|\[/B],[I]|[/B][/I]/
# Command settings.
commands:
2fa:
enabled: true
commands: [2fa]
description: Command to configure 2fa.
changepassword:
enabled: true
commands: [changepassword, changepass]
description: Command to change the password.
cracked:
enabled: true
commands: [cracked]
description: Command to mark your account as cracked.
login:
enabled: true
commands: [login, l, log]
description: Command to login on the server.
premium:
enabled: true
commands: [premium]
description: Command to mark your account as premium.
register:
enabled: true
commands: [register, reg]
description: Command to register an account.
unregister:
enabled: false
commands: [unregister]
description: Command to unregister.Installing the nLogin Premium plugin:
- Download the plugin.
- Shut down the server
- Move the .jar file to the /plugins/ folder of your server.
- Start the server.
- Ready.
Configuring the nLogin Premium plugin with BungeeGuard+
In this guide, you'll learn how to set up BungeeGuard+ on your server.
Introduction
BungeeCord installations are insecure by default and require additional firewall rules to be configured (via iptables or otherwise) to prevent attackers from bypassing the proxy server and connecting using any uuid/username.This problem is well known, and over the years, many (even large) servers have been successfully subjected to similar attacks.
Traditional Solution
The traditional solution recommended by the author of BungeeCord is to configure a firewall rule using iptables or ufw to prevent external connections to internal servers.However, there are two main problems here:
- Configuring these firewall rules is tricky, especially for inexperienced users.
- Even experienced users sometimes make mistakes or overlook something. If the configuration is not perfect, the rules may be broken by subsequent changes or reset by a system reboot.
- "Shared hosting" users do not have access to the underlying system and most likely will not be able to configure their own firewall rules.
BungeeGuard Solution
Server administrators install BungeeGuard+ (a regular plugin!) on their proxies and back-end servers.- On the proxy server, BungeeGuard+ adds a secret "authentication token" to the handshake at login.
- On a back-end server (Spigot, etc.) BungeeGuard+ checks receipts for an authorized authentication token.
Installation
If you have access to the underlying system and can configure firewall rules using iptables (or otherwise), it is highly recommended that you do so. Then, install BungeeGuard as well.On your proxy server...
If you're using BungeeCord- In the BungeeCord config.yml file, make sure that the parameter is set to .ip_forwardtrue
- Add the BungeeGuard.jar file to the plugins folder. Then, restart the proxy server. If you have multiple proxies on your network, follow these steps for each one.
- Go to the /plugins/BungeeGuard/token.yml folder and make a note of the token.
If you're using Velocity
- Make sure you're using Velocity 1.1.0 or later. (No need to install BungeeGuard.jar – it's already built into Velocity!)
- Set velocity.toml to "bungeeguard" and note the forwarding-secret. This value is used for the BungeeGuard token. If you have more than one proxy server installed on your network, follow these steps for each proxy server.player-info-forwarding-mode
- Restart the proxy server.
- Make sure you're using Paper 1.9.4+ or have ProtocolLib installed.
- Make sure the bungeecord parameter is set to true in the spigot.yml file.
- Add the BungeeGuard.jar file to the plugins folder. Then restart the server.
- Navigate to the /plugins/BungeeGuard/config.yml folder. Add the token(s) generated by the proxy(s) to the list of allowed tokens.
Code:allowed-tokens: - "AUSXEwebkOGVnbihJM8gBS0QUutDzvIG009xoAfo1Huba9pGvhfjrA21r8dWVsa8"
- Run bungeeguard reload from the console.
![[Official] mcMMO - Original Author Returns!](/data/resource_icons/0/31.jpg?1691066689){kind=icon}
