FlexibleLogin [v0.17] for Sponge 7+ - Auth plugin - 2FA

I can't use any commands, i can't move, can't change items in hotbar, can't write on chat.
When i'm trying to register/login i just can't and when i do something wrong it says that but when i'm doing everything properly it isn't doing anything
That is what i'm getting after writing command from FlexibleLogin properly:
[12:18:22] [Server thread/ERROR] [Sponge/]: Could not pass ClientConnectionEvent$Disconnect$Impl to Plugin{id=flexiblelogin, name=FlexibleLogin, version=0.8, description=A Sponge minecraft server plugin for second authentication., url=https://github.com/games647/FlexibleLogin, source=/home/minecraft/mods/FlexibleLogin.jar}
java.lang.NullPointerException
at com.github.games647.flexiblelogin.listener.ConnectionListener.onPlayerQuit(ConnectionListener.java:50) ~[ConnectionListener.class:?]
at org.spongepowered.common.event.listener.DisconnectListener_ConnectionListener_onPlayerQuit84.handle(Unknown Source) ~[?:?]
at org.spongepowered.common.event.RegisteredListener.handle(RegisteredListener.java:95) ~[RegisteredListener.class:1.10.2-2254-5.2.0-BETA-2254]
at org.spongepowered.mod.event.SpongeModEventManager.post(SpongeModEventManager.java:313) [SpongeModEventManager.class:1.10.2-2254-5.2.0-BETA-2254]
at org.spongepowered.mod.event.SpongeModEventManager.post(SpongeModEventManager.java:297) [SpongeModEventManager.class:1.10.2-2254-5.2.0-BETA-2254]
at org.spongepowered.mod.event.SpongeModEventManager.post(SpongeModEventManager.java:338) [SpongeModEventManager.class:1.10.2-2254-5.2.0-BETA-2254]
at org.spongepowered.mod.event.SpongeModEventManager.post(SpongeModEventManager.java:326) [SpongeModEventManager.class:1.10.2-2254-5.2.0-BETA-2254]
at org.spongepowered.common.SpongeImpl.postEvent(SpongeImpl.java:143) [SpongeImpl.class:1.10.2-2254-5.2.0-BETA-2254]
at net.minecraft.network.NetHandlerPlayServer.redirect$onDisconnectHandler$zhd000(NetHandlerPlayServer.java:2258) [me.class:?]
at net.minecraft.network.NetHandlerPlayServer.func_147231_a(NetHandlerPlayServer.java:802) [me.class:?]
at net.minecraft.network.NetworkManager.func_179293_l(NetworkManager.java:455) [eo.class:?]
at net.minecraft.network.NetworkSystem.func_151269_c(NetworkSystem.java:213) [md.class:?]
at net.minecraft.server.MinecraftServer.func_71190_q(MinecraftServer.java:732) [MinecraftServer.class:?]
at net.minecraft.server.dedicated.DedicatedServer.func_71190_q(DedicatedServer.java:387) [ld.class:?]
at net.minecraft.server.MinecraftServer.func_71217_p(MinecraftServer.java:613) [MinecraftServer.class:?]
at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:471) [MinecraftServer.class:?]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]


Now maybe forge 2254 not fully support. Please use forge 2202 sure fully support or forge 2221 may be support.

Forge or sponge?

Use Forge 2202 fully support

But is there any reason why this isn't working?

And do i need to change forge from client side too?

Oh and i can't downgrade forge beacause some mods from my pack are crashing ...

could you pls update it to 1.11.2, I really need a login plugin on my new 1.11.2 sponge server. Otherwise, I will have to use bungeecord to creat a login spigot server, that is totally a waste!

I'm using it with 1.11.2, no problems except that the permissions for /register and /login aren't checked - you can't prevent players from registering/logging in, but I don't think thats a huge problem.

When register from console, it just shows account does not exist.

when trying to compare passwords hashed in php I found that the prefixes are different. afaik $2a prefix means it’s an older version of bcrypt?

**Edit
the passwords stored by the plugin and the password generated by php bcrypt are completely different.
From what I’ve been reading, if you’re going to use bcrypt in java it’s recommended to use this http://www.mindrot.org/projects/jBCrypt/

I already use that project and exactly this project creates a different prefix than the PHP implementation. You could just replace the prefix $2a to $2y and it’s fine (according to this, it’s equivalent) I already did that for the Java implementation in case you created the password with PHP.

I published a new release that depends on a fork that generates $2y bcrypt hashes while still supporting the old ones.

I’m sorry, I should not say that

This is err。
I’m sorry, I should not say that…

So why don’t you post this just in private (responsible-disclosure), so I actually have time to fix it.

Security Notice: If you use a version 0.16.X version, update immediately to 0.16.5+ or disable the change password command. 0.16.X fixed this security occurred since this commit. Older versions of 0.16.X are not affected.

Hey! I have a problem … This plugin worked like a charm on 1.11.2 but on 1.12.2 it says error occured while executing command:null when I try to log in… Does anyone know how to fix it?

Please post the stacktrace (the complete error message), then I can see where the error is coming from.

https://pastebin.com/pgcJMaSX

Could you check for startup errors?

Ok, no problem.

EDIT: I’m sorry but I am quite bussy and holidays are here, so that’s the reason I haven’t posted it yet.