Official Documentation
CraftersLogin
CraftersLogin protects accounts and sessions with a clear, fast, and secure authentication flow for premium, offline, or hybrid networks that demand top-tier security without unnecessary friction for players.
Getting Started
Installation & Setup
CraftersLogin can be installed on standalone servers or proxy networks to handle player authentication.
Standard Installation
- Download
CraftersLogin.jarfrom an official source. - Place the plugin in your server's
plugins/folder. - Restart the server to generate the configuration files.
- Configure your preferred storage method (SQLite or MySQL) and review the default security settings.
plugins/
CraftersLogin.jar
CraftersLogin/
config.yml
messages.yml
database.db
Protection
Lightweight Authentication for Modern Communities
The plugin is designed to block unauthorized access without making the player feel like they are fighting the server. Registration, login, and sessions work seamlessly together to reduce account theft and suspicious logins.
Unauthenticated players are strictly isolated: they cannot move, chat, use items, drop items, take damage, or see other players until they successfully log in.
Smart Sessions: If a player disconnects and reconnects from the same IP within a configurable timeframe (e.g., 30 minutes), they bypass the login screen entirely.
Player & Admin
Commands List
| Command | Alias | Description |
|---|---|---|
/register <pass> <pass> |
/reg |
Creates a new account for the player. |
/login <pass> |
/l |
Authenticates the player into the server. |
/changepassword <old> <new> |
/cp |
Allows a player to change their current password. |
/logout |
- |
Closes the active session and requires login again. |
/authadmin unregister <player> |
- |
Admin command to delete a player's account. |
/authadmin reload |
- |
Reloads the plugin configuration and messages. |
Control
Permission Nodes
| Permission | Granted Access |
|---|---|
crafterslogin.admin |
Grants access to all /authadmin commands. |
crafterslogin.bypass |
Allows a player to bypass authentication entirely (use with caution). |
crafterslogin.session.bypass |
Forces the player to login every time, ignoring session saving. |
crafterslogin.security.notify |
Receives alerts when players fail multiple login attempts. |
Server
Base Configuration
The configuration should prioritize security and comfort. A timeout that is too short can be annoying; one that is too long can leave accounts vulnerable.
# CraftersLogin Configuration
storage:
type: "sqlite" # Can be sqlite or mysql
password:
min-length: 6
max-length: 32
# Encryption algorithm (bcrypt or argon2)
hash-algorithm: "bcrypt"
login:
max-attempts: 3
timeout-seconds: 60
teleport-to-spawn: true
hide-unauthenticated-players: true
sessions:
enabled: true
# How long an IP is remembered before requiring login again
duration-minutes: 30
For Developers
Developer API
CraftersLogin offers a powerful API to interact with the authentication flow, check player status, or hook into login events for your own plugins.
Maven Repository
<repository>
<id>crafters-repo</id>
<url>https://repo.craftersdevelopment.net/releases</url>
</repository>
<dependency>
<groupId>net.craftersdevelopment</groupId>
<artifactId>CraftersLogin-API</artifactId>
<version>4.1.2</version>
<scope>provided</scope>
</dependency>
API Examples
Here are some examples of how to query the authentication state of a player.
import net.craftersdevelopment.login.api.CraftersLoginAPI;
import org.bukkit.entity.Player;
public class AuthHook {
// Check if a player is registered in the database
public boolean isRegistered(Player player) {
return CraftersLoginAPI.isRegistered(player.getName());
}
// Check if a player has successfully logged in during this session
public boolean isAuthenticated(Player player) {
return CraftersLoginAPI.isAuthenticated(player);
}
}
Events
Use events to execute custom logic immediately after a player registers or logs in.
@EventHandler
public void onPlayerLogin(PlayerLoginSuccessEvent event) {
Player player = event.getPlayer();
// Give them a welcome reward
player.sendMessage("Welcome back securely!");
// Was this a session resume or a manual password typing?
if (event.isSessionResume()) {
player.sendMessage("Auto-login via Session!");
}
}
⚡ Required Companion Plugin
CraftersFastAuth
⚠️ Premium login requires CraftersFastAuth
The /premium command and automatic Mojang authentication will not work without this companion plugin installed.
CraftersFastAuth acts as the bridge between ProtocolLib's packet layer and CraftersLogin's authentication system.
What is CraftersFastAuth?
CraftersFastAuth is a lightweight companion plugin that adds premium (Mojang) auto-authentication to CraftersLogin. It works by intercepting the Minecraft login handshake at the protocol level using ProtocolLib, silently verifying the player's identity with Mojang's session servers, and automatically marking them as authenticated — all before the player even sees the login screen.
Players with a registered premium account simply connect and are logged in instantly. No password prompt, no extra steps.
Non-premium (cracked) players are unaffected and continue using the normal /login and /register flow.
Requirements
depend: [ProtocolLib]
softdepend: [CraftersLogin]
How It Works
ProtocolLib captures the player's login packet before Minecraft processes it.
CraftersFastAuth checks if the player's account is marked as premium in CraftersLogin, then initiates the Mojang session verification handshake (encryption).
If Mojang confirms the session, CraftersFastAuth calls setAuthenticated(uuid, true) and createSession(uuid, ip) in CraftersLogin. The player is auto-logged in.
The player joins the server and is immediately authenticated. If Mojang rejects the session, the player is kicked with an "Invalid session" message.
Installation
- Make sure CraftersLogin is already installed and configured.
- Install ProtocolLib on the same server.
- Download and place
CraftersFastAuth-1.0.jarin yourplugins/folder. - Restart the server — no configuration needed.
- Players can now run
/premiumin CraftersLogin to link their Mojang account and enable auto-login.