Login with Roaming Profiles

From ComputerCraft Wiki
Revision as of 03:59, 28 August 2013 by AfterLifeLochie (Talk | contribs) (Reverted edits by Latias1290 (talk) to last revision by Bwhodle)

Jump to: navigation, search

This tutorial covers how to make a password server and a password client. The server will host a Lua table of usernames and passwords and the client will remotely connect each start up, ask the user for their username and password and compare it to that on the password server.

Setting Up

As I'm sure you're aware, writing code directly into the computer terminal can be difficult, slow, and therefore annoying. I highly recommend writing/copying the following code into a Lua editor and then using FTP to transfer the documents across to the computer or disk. Please ensure you do not add the .lua extension. Programs are saved in your minecraft world under the "computer" directory, with one folder for each computer plus the folder "disk" which contains a directory for each disk.

First craft two or more computers. One will act as your password server, any others will be connecting to that computer. Find the computer ID of your password server. This is important as we don't want to broadcast password requests and replies. In the following code I have also locked the requests to certain computers to ensure security but it is not a needed component of the code. If you decide to take the security as well, make a note of all of the ID's of the client computers. I found it useful to give each computer a label and then search for labels.txt on the server to map it out easily.

Each computer you craft needs a rednet modem.


os.pullEvent = os.pullEventRaw
print("This is a password server. There is no user interaction here.")
print("Please find a computer and login there.") 
local firstCycle = true
local validSender = false
local modemSide = "left" -- change to the side of the computer your modem is on
local valid = false
users = {"username1", "username2" } --make sure users and passwords line up
passwords = {"password1", "password2" }
senders = { 1, 2, 3, 4 } -- computer ID's of the computers you want to accept requests from
function bootUp()
while true do 
 validSender = false
 if firstCycle then
  firstCycle = false
 senderId, message, distance = rednet.receive()
 for i,v in ipairs(senders) do
  if v == senderId then
   validSender = true
 if validSender then
  for i,v in ipairs(users) do
   if message == v then
    valid = true
    password = passwords[i]
    valid = false
  if valid then
   rednet.send(senderId, password, true)
   rednet.send(senderId, "Not Valid", true)


os.pullEvent = os.pullEventRaw
local locker = true
local failed = true
local attempted_login = true
local password_server = 0 -- change to the ID of your password server computer
rednet.open("left") -- change to the side your rednet modem is on
while locker do
 attempted_login = false
 print("Welcome to a USERS PC : Roaming Profile Enabled")
 print("What would you like to do?")
 print("[1] Login (*)")
 print("[2] Shutdown")
 write("> ")
 local input = read()
 if input == "2" then
 elseif input == "1" then
  attempted_login = true
  print("Please login...")
  write("Username: ")
  local username = read()
  write("Password: ")
  local password = read("*")
  rednet.send(password_server, username, true)
  senderId, message, distance = rednet.receive(5)
  if password == message then
   failed = false
   locker = false
   print("Welcome ", username)
   print("Invalid Username or Password.")
  print("Command not recognised...")

Thoughts and Notes

Although this may work very well as a login system, it is insecure by the flaw that a malicious sniffer can unnoticeably obtain a copy of the password while it is being sent as described on the Rednet API page, and use the password to login.

If you change the client code, to "startup" and put it in the root directory, it works very well as a login system. You may also want to put in the line

os.pullEvent = os.pullEventRaw -- disables Ctrl+T

as if it doesn't work first time it can be difficult to get out of the program.

If you have either Railcraft or Additional Pipes, find the 'World Anchor' or 'Teleport Tether' block. If your server can afford the resources, place the block within a 3x3 grid of your password server. It will ensure that even if you leave the chunk, the password server still is operational. Otherwise you may find that you cannot login because you've left the chunk and the password server is no longer dealing with requests.

This is a minor security flaw but it is only if someone has access to a computer that is 'whitelisted' to access the password server. The security flaw is that if they use the password Not Valid on that computer they are allowed access;

if valid then
 --send client password
 --send client Not Valid

to fix remove the else statement