A PocketMine-MP plugin that protects your server from bots by requiring players to solve a captcha shown on a map image during the login process. This plugin integrates with XAuth's authentication flow.
- Image-Based Captcha: Displays a captcha on a map in the player's hand, requiring them to enter the code in chat.
- Customizable: Control the captcha's length, character set, and appearance.
- Flexible Display Modes: Configure when the captcha should be shown:
always: For every player.unregistered_only: Only for players who have not registered with XAuth yet.on_ip_change: When a player's IP address changes.permission_based: For everyone except players with a specific permission.on_failed_login: After a configurable number of failed login attempts.
- Intelligent Failed Login Handling: When using the
on_failed_loginmode, the plugin can be configured to immediately force a captcha check, seamlessly integrating with the XAuth login process.
This plugin requires the following plugins to be installed on your server:
- ImageOnMap: Used to display the captcha image on a map.
- XAuth: Integrates with the authentication flow.
The main configuration is located in plugin_data/CaptchaLogin/config.yml.
# Whether to use FreeType for rendering fonts. Requires FreeType support in your GD extension.
use-freetype: true
# Scale factor for the captcha image. 1.0 is default.
captcha-scale: 1.0
# Length of the captcha code.
captcha-length: 5
# Character set to use for captcha generation.
character-set: "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
# Whether the captcha input is case-sensitive.
case-sensitive-captcha: true
# Timeout in seconds for solving the captcha. If 0, no timeout.
captcha-timeout-seconds: 60
# Maximum number of incorrect captcha attempts before an action is taken.
captcha-max-attempts: 3
# Action to take when captcha times out or max attempts are reached.
# Possible values: "kick", "regenerate_captcha"
captcha-failure-action: "kick"
# Determines when the captcha is shown to a player.
# Possible values: "always", "unregistered_only", "on_failed_login", "on_ip_change", "permission_based"
captcha-display-mode: "always"
# Number of failed login attempts before the captcha is displayed.
failed-login-attempts-threshold: 3
# If true, the captcha will be forced immediately after reaching the threshold.
# This provides a seamless experience by pausing the XAuth kick timer and re-opening the login form after success.
# If false, the player will be prompted on their next login attempt.
force-captcha-on-failure: true
# If true, the XAuth kick timer will be restarted after a successful manual captcha.
# This is only active when force-captcha-on-failure is true.
restart-xauth-kick-timer: true- When a captcha is required (based on your
config.yml), the player will see a map in their hand with a randomly generated code. - The player must type this code into the chat.
- If the code is correct, the authentication process continues.
- If the code is incorrect, they can try again until they reach the maximum number of attempts.
Contributions are welcome and appreciated! Here's how you can contribute:
- Fork the project
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Please make sure to update tests as appropriate and adhere to the existing coding style.
This project is licensed under the CSSM Unlimited License v2.0 (CSSM-ULv2). Please note that this is a custom license. See the LICENSE file for details.
