Official Documentation

CraftersLogin

CraftersLogin protects accounts and sessions with a clear, fast, and secure authentication flow for premium, offline, or hybrid networks that demand top-tier security without unnecessary friction for players.

Registration Login Flow Smart Sessions BCrypt Hashing Hybrid Support

Getting Started

Installation & Setup

CraftersLogin can be installed on standalone servers or proxy networks to handle player authentication.

Standard Installation

  1. Download CraftersLogin.jar from an official source.
  2. Place the plugin in your server's plugins/ folder.
  3. Restart the server to generate the configuration files.
  4. Configure your preferred storage method (SQLite or MySQL) and review the default security settings.
Folder Structure
plugins/
  CraftersLogin.jar
  CraftersLogin/
    config.yml
    messages.yml
    database.db

Protection

Lightweight Authentication for Modern Communities

The plugin is designed to block unauthorized access without making the player feel like they are fighting the server. Registration, login, and sessions work seamlessly together to reduce account theft and suspicious logins.

Unauthenticated players are strictly isolated: they cannot move, chat, use items, drop items, take damage, or see other players until they successfully log in.

Smart Sessions: If a player disconnects and reconnects from the same IP within a configurable timeframe (e.g., 30 minutes), they bypass the login screen entirely.

Player & Admin

Commands List

Command Alias Description
/register <pass> <pass> /reg Creates a new account for the player.
/login <pass> /l Authenticates the player into the server.
/changepassword <old> <new> /cp Allows a player to change their current password.
/logout - Closes the active session and requires login again.
/authadmin unregister <player> - Admin command to delete a player's account.
/authadmin reload - Reloads the plugin configuration and messages.

Control

Permission Nodes

Permission Granted Access
crafterslogin.admin Grants access to all /authadmin commands.
crafterslogin.bypass Allows a player to bypass authentication entirely (use with caution).
crafterslogin.session.bypass Forces the player to login every time, ignoring session saving.
crafterslogin.security.notify Receives alerts when players fail multiple login attempts.

Server

Base Configuration

The configuration should prioritize security and comfort. A timeout that is too short can be annoying; one that is too long can leave accounts vulnerable.

# CraftersLogin Configuration
storage:
  type: "sqlite" # Can be sqlite or mysql

password:
  min-length: 6
  max-length: 32
  # Encryption algorithm (bcrypt or argon2)
  hash-algorithm: "bcrypt"

login:
  max-attempts: 3
  timeout-seconds: 60
  teleport-to-spawn: true
  hide-unauthenticated-players: true

sessions:
  enabled: true
  # How long an IP is remembered before requiring login again
  duration-minutes: 30

For Developers

Developer API

CraftersLogin offers a powerful API to interact with the authentication flow, check player status, or hook into login events for your own plugins.

Maven Repository

<repository>
    <id>crafters-repo</id>
    <url>https://repo.craftersdevelopment.net/releases</url>
</repository>

<dependency>
    <groupId>net.craftersdevelopment</groupId>
    <artifactId>CraftersLogin-API</artifactId>
    <version>4.1.2</version>
    <scope>provided</scope>
</dependency>

API Examples

Here are some examples of how to query the authentication state of a player.

import net.craftersdevelopment.login.api.CraftersLoginAPI;
import org.bukkit.entity.Player;

public class AuthHook {

    // Check if a player is registered in the database
    public boolean isRegistered(Player player) {
        return CraftersLoginAPI.isRegistered(player.getName());
    }

    // Check if a player has successfully logged in during this session
    public boolean isAuthenticated(Player player) {
        return CraftersLoginAPI.isAuthenticated(player);
    }
}

Events

Use events to execute custom logic immediately after a player registers or logs in.

@EventHandler
public void onPlayerLogin(PlayerLoginSuccessEvent event) {
    Player player = event.getPlayer();
    
    // Give them a welcome reward
    player.sendMessage("Welcome back securely!");
    
    // Was this a session resume or a manual password typing?
    if (event.isSessionResume()) {
        player.sendMessage("Auto-login via Session!");
    }
}

⚡ Required Companion Plugin

CraftersFastAuth

⚠️ Premium login requires CraftersFastAuth

The /premium command and automatic Mojang authentication will not work without this companion plugin installed. CraftersFastAuth acts as the bridge between ProtocolLib's packet layer and CraftersLogin's authentication system.

What is CraftersFastAuth?

CraftersFastAuth is a lightweight companion plugin that adds premium (Mojang) auto-authentication to CraftersLogin. It works by intercepting the Minecraft login handshake at the protocol level using ProtocolLib, silently verifying the player's identity with Mojang's session servers, and automatically marking them as authenticated — all before the player even sees the login screen.

Players with a registered premium account simply connect and are logged in instantly. No password prompt, no extra steps. Non-premium (cracked) players are unaffected and continue using the normal /login and /register flow.

Requirements

depend: [ProtocolLib]
softdepend: [CraftersLogin]

How It Works

1
LOGIN_START Intercepted

ProtocolLib captures the player's login packet before Minecraft processes it.

2
Mojang Verification (async)

CraftersFastAuth checks if the player's account is marked as premium in CraftersLogin, then initiates the Mojang session verification handshake (encryption).

3
Session Created

If Mojang confirms the session, CraftersFastAuth calls setAuthenticated(uuid, true) and createSession(uuid, ip) in CraftersLogin. The player is auto-logged in.

Instant Login — No Password Needed

The player joins the server and is immediately authenticated. If Mojang rejects the session, the player is kicked with an "Invalid session" message.

Installation

  1. Make sure CraftersLogin is already installed and configured.
  2. Install ProtocolLib on the same server.
  3. Download and place CraftersFastAuth-1.0.jar in your plugins/ folder.
  4. Restart the server — no configuration needed.
  5. Players can now run /premium in CraftersLogin to link their Mojang account and enable auto-login.
Download CraftersFastAuth v1.0 Get it on Discord