Account registered per IP can be bypassed
joagar21 opened this issue · 7 comments
Before reporting an issue make sure you are running the latest build of the plugin and checked for duplicate issues!
What behaviour is observed:
What happened?
Account registered per IP can be bypassed
What behaviour is expected:
What did you expect?
only 1 account should be registered per IP
account limit per IP is set to 1 in the config
Steps/models to reproduce:
The actions that cause the issue
register a crack account first then use a premium account or
the other way around
Plugin list:
This can be found by running /pl
Environment description
Standalone server/Bungeecord network, SQLite/MySql, ...
bungeecord network and mysql
AuthMe build number:
This can be found by running /authme version
AuthMeReloaded v5.6.0-SNAPSHOT (build: 2337) in the hub server
AuthMeBungee-2.2.0-SNAPSHOT in the bungeecord network
Error Log:
Pastebin/Hastebin/Gist link of the error log or stacktrace (if any)
No errors
Configuration:
Pastebin/Hastebin/Gist link of your config.yml file (remember to delete any sensitive data)
Both of theyre registration IP is NOT 127.0.0.1 in the database, but they
re IP is the same
nupe, tbh they don't have any authme permission and none of my players has any authme perm
I don't use any other login plugin
If the registration IP is 127.0.0.1 in the database the check won't be performed (you can view player data with /authme debug), or if you register an account with a user that has many permissions it might be that the permission node to turn off this check was unintentionally also given to the user. https://github.com/AuthMe/AuthMeReloaded/blob/master/docs/permission_nodes.md
Failing that, is it important that one is cracked and one isn't? Because if so I'm wondering if you're using FastLogin or something?
Might be that you configured the check to be skipped or something. You didn‘t provide your config so it‘s a shot in the dark
its working fine with the others it blocked them from registering so its working fine..
heres the config https://pastebin.com/8FXazrLU
I don't understand, if it's working fine for everyone else can't it be that temporarily there was some config issue / that user had the permission node / it was a weird migration of a database / there was admin intervention in registering the second account?