LoginSystem » Advanced & Secure Auth [1.8 - 1.21+]

LoginSystem » Advanced & Secure Auth [1.8 - 1.21+] | Multi-DB & API -----

LoginSystem
Advanced, Secure, and Fully Customizable Authentication
[IMG]

LoginSystem is a modern, high-performance authentication plugin designed from the ground up to maximize your server's security. Tired of old and clunky plugins? LoginSystem will add a professional touch to your server with its multi-database support, advanced hashing options, and fully translatable structure.

All database operations run asynchronously, meaning your server will not experience any lag.

Wide Database Support: SQLite, H2, MySQL, MariaDB, PostgreSQL, and even MongoDB!
Top-Tier Security: SHA256 hashing by default, automatic migration from legacy algorithms (SHA1, MD5, etc.), and unsafe password prevention.
100% Translatable: All messages are managed through language files. New languages can be downloaded automatically from GitHub.
Highly Customizable: Login timeout, registration limit per IP, movement/chat/command restrictions before login, and much more.
Admin Commands: Many useful commands like force-registering players, changing passwords, unregistering accounts, and reloading the plugin.
Developer API: A powerful API that allows other plugins to integrate with LoginSystem.
Automatic Update Checker: Checks for new versions on SpigotMC (Resource ID: 74894) and notifies admins.
GUI Support: The API allows for the creation of modern Anvil GUI login screens instead of using chat.

Code (Text):

/login <password> - Allows you to log in to the server.
/register <password> <confirmPassword> - Allows you to register on the server.
/changepassword <oldPassword> <newPassword> - Changes your password.
/unregister <password> - Deletes your registration from the server.
/logout - Allows you to log out securely.
/email add <email> - Adds or changes the email address for your account.
/email remove - Removes the email address from your account.

Code (Text):

/ls help - Lists all admin commands.
/ls reload - Reloads the plugin's configuration and language files.
/ls lang <language> - Changes the plugin's language and reloads it.
/ls register <player> <password> - Forcibly registers a player.
/ls unregister <player> - Deletes a player's registration.
/ls changepass <player> <newPassword> - Changes a player's password.
/ls forcelogin <player> - Forces an online player to log in.

Code (Text):

loginsystem.admin - Grants access to all admin commands. (Default: OP)
loginsystem.admin.help - Permission for /ls help.
loginsystem.admin.reload - Permission for /ls reload.
loginsystem.admin.lang - Permission for /ls lang.
loginsystem.admin.register - Permission for /ls register.
loginsystem.admin.unregister - Permission for /ls unregister.
loginsystem.admin.changepass - Permission for /ls changepass.
loginsystem.admin.forcelogin - Permission for /ls forcelogin.
loginsystem.admin.update - Receive update notifications upon joining.

Configuration
The plugin is almost entirely customizable through the `config.yml` file.

Code (YAML):

# LoginSystem Plugin Configuration

# Specify which method to use for data storage.
# Available options: sqlite, h2, mysql, mariadb, postgresql, mongodb
storage:
type : sqlite

# H2 settings (used if type is set to h2)
h2 :
# The name of the database file to be created in the plugin's folder (without extension).
# For example: 'loginsystem_data' -> creates plugins/LoginSystem/loginsystem_data.mv.db
filename : "loginsystem_data"

# MySQL/MariaDB settings
database:
host : "localhost"
port : 3306
dbname : "loginsystem"
user : "root"
password : "password"

# PostgreSQL settings
postgresql:
host : "localhost"
port : 5432
dbname : "loginsystem"
user : "postgres"
password : "password"

# MongoDB settings
mongodb :
# Example connection URI. Edit according to your own server information.
# Simple structure: "mongodb://host:port"
# With authentication: "mongodb://user:password@host:port/?authSource=admin"
connection-uri : "mongodb://localhost:27017"
database : "loginsystem"

settings :

# Check for new updates on SpigotMC when the server starts.
update_checker:
enabled : true

# Specifies the language file to be used.
# Example: en, tr, az, de
# A list of all available languages can be found at: https://github.com/BartuAbiHD/LoginSystem/tree/main/messages
messagesLanguage : "en"

security :
# Minimum password length.
minPasswordLength : 6
# Maximum password length.
passwordMaxLength : 32
# The hashing algorithm to be used.
# Options: SHA256, BCRYPT, MD5
# WARNING: Avoid using old and insecure algorithms like MD5.
passwordHash : "SHA256"
# If a password check fails, LoginSystem will also try to check with the following algorithms.
# This setting is useful when migrating from one hashing method to another.
# LoginSystem will automatically update the password to the new hash method if it matches a legacy one.
# legacyHashes:
# - 'SHA1'
# - 'MD5'
legacyHashes : [ ]

# Prevent unsafe (easily guessable) passwords from being used.
# The list is case-insensitive.
unsafePasswords :
- '123456'
- 'password'
- 'qwerty'
- '12345'
- '54321'
- '123456789'
- 'help'
- 'test'
- 'deneme'

restrictions :
# Can unauthenticated players chat?
# This setting also blocks all commands not listed below.
allowChat : false
# Should chat be hidden from unauthenticated players?
hideChat : false

# Allowed commands for unauthenticated players.
allowCommands :
- /login
- /register
- /l
- /reg
- /giris
- /girisyap
- /oturumac
- /kayit
- /kayitol
- /kaydol

# Maximum number of allowed registrations per IP.
# A value of 0 means unlimited registrations!
maxRegPerIp : 2

# Minimum allowed username length.
minNicknameLength : 3
# Maximum allowed username length.
maxNicknameLength : 16

# When this setting is enabled, an already online player cannot be kicked due to "Logged in from another location".
# This prevents potential security exploits.
ForceSingleSession : true

ForceSpawnLocOnJoin :
# If enabled, every player that joins in one of the worlds listed below will be teleported
# to the world's spawn point after successful authentication.
# The player's quit location will be overwritten.
enabled : false
# World names where forcing the spawn location is required (Case-sensitive!)
worlds :
- world
- world_nether

# Should non-registered players be kicked immediately?
kickNonRegistered : false
# Should players be kicked on wrong password?
kickOnWrongPassword : true

# After how many seconds should players who fail to login or register be kicked?
# Set to 0 to disable.
timeout : 30

# Regex pattern for allowed characters in player names.
allowedNicknameCharacters : "[a-zA-Z0-9_]*"
# Regex pattern for allowed characters in passwords.
allowedPasswordCharacters : "[!-~]*"
# Regex pattern for allowed characters in emails.
allowedEmailCharacters : "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z]{2,}$"

For Developers
LoginSystem provides a powerful v2 API to facilitate integration with other plugins.

Accessing the API:

Code (Java):

LoginSystemAPI api = LoginSystem. getApi ( ) ;

Checking if a player is logged in:

Code (Java):

if (api. isLoggedIn (player ) ) {
// ...
}

Listening for a successful login event:

Code (Java):

import me.bartuabihd.loginsystem.api.v2.event.LoginEvent ;

@EventHandler
public void onPlayerAuthLogin (LoginEvent event ) {
Player player = event. getPlayer ( ) ;
player. sendMessage ( "Welcome back via API!" ) ;
}

View on SpigotMC

Resource Information

Author:

----------

Total Downloads: 2,308

First Release: Feb 3, 2020

Last Update: Oct 15, 2025

Category: ---------------

All-Time Rating:

1 ratings

Version -----

Released: --------------------

Downloads: ------

Version Rating:

----------------------

-- ratings