Security & improvement update (#19)

src/main/java/me/totalfreedom/totalfreedommod/LoginProcess.java

@@ -6,6 +6,7 @@ import lombok.Setter;
 import me.totalfreedom.totalfreedommod.config.ConfigEntry;
 import me.totalfreedom.totalfreedommod.util.FSync;
 import me.totalfreedom.totalfreedommod.util.FUtil;
+import me.totalfreedom.totalfreedommod.command.Command_vanish;
 import org.bukkit.ChatColor;
 import org.bukkit.entity.Player;
 import org.bukkit.event.EventHandler;
@@ -110,11 +111,10 @@ public class LoginProcess extends FreedomService
         }
 
         // Check if player is admin
-        // Not safe to use TFM_Util.isSuperAdmin(player) because player.getAddress() will return a null until after player login.
         final boolean isAdmin = plugin.al.getEntryByIp(ip) != null;
 
         // Validation below this point
-        if (isAdmin) // Player is superadmin
+        if (isAdmin) // Player is admin
         {
             // Force-allow log in
             event.allow();
@@ -168,15 +168,15 @@ public class LoginProcess extends FreedomService
             return;
         }
 
-//        // Whitelist
+        // Whitelist
-//        if (plugin.si.isWhitelisted())
+        if (plugin.si.isWhitelisted())
-//        {
+        {
-//            if (!plugin.si.getWhitelisted().contains(username.toLowerCase()))
+            if (!plugin.si.getWhitelisted().contains(username.toLowerCase()))
-//            {
+            {
-//                event.disallow(PlayerLoginEvent.Result.KICK_OTHER, "You are not whitelisted on this server.");
+                event.disallow(PlayerLoginEvent.Result.KICK_OTHER, "You are not whitelisted on this server.");
-//                return;
+                return;
-//            }
+            }
-//        }
+        }
     }
 
     @EventHandler(priority = EventPriority.MONITOR)
@@ -184,6 +184,11 @@ public class LoginProcess extends FreedomService
     {
         final Player player = event.getPlayer();
 
+        for (Player p : Command_vanish.VANISHED)
+        {
+            player.hidePlayer(p);
+        }
+
         new BukkitRunnable()
         {
             @Override

src/main/java/me/totalfreedom/totalfreedommod/Monitors.java

@@ -2,6 +2,7 @@ package me.totalfreedom.totalfreedommod;
 
 import java.text.DecimalFormat;
 import me.totalfreedom.totalfreedommod.util.FUtil;
+import org.bukkit.ChatColor;
 import org.bukkit.Location;
 import org.bukkit.Material;
 import org.bukkit.entity.Player;
@@ -15,6 +16,7 @@ public class Monitors extends FreedomService
 {
 
     private final DecimalFormat decimalFormat = new DecimalFormat("#");
+    private String potionSpyPrefix = ChatColor.DARK_GRAY + "[" + ChatColor.YELLOW + "PotionSpy" + ChatColor.DARK_GRAY + "] ";
 
     public Monitors(TotalFreedomMod plugin)
     {
@@ -33,10 +35,10 @@ public class Monitors extends FreedomService
 
     public String getMaterial(final int id)
     {
-        return String.valueOf(Material.getMaterial(id));
+        return String.valueOf(Material.getMaterial(id)).replace("_", " ").toLowerCase();
     }
 
-    @EventHandler(priority = EventPriority.LOW)
+    @EventHandler(priority = EventPriority.MONITOR)
     public void onLingeringPotionSplash(LingeringPotionSplashEvent event)
     {
         ProjectileSource source = event.getEntity().getShooter();
@@ -58,12 +60,12 @@ public class Monitors extends FreedomService
         {
             if (plugin.al.isAdmin(p) && plugin.pl.getPlayer(p).isPotionMonitorEnabled())
             {
-                FUtil.playerMsg(p, player.getName() + " splashed " + event.getEntity().getItem().getAmount() + " " + getMaterial(droppedItem) + " at [" + decimalFormat.format(location.getX()) + ", " + decimalFormat.format(location.getY()) + ", " + decimalFormat.format(location.getZ()) + "] in the world '" + location.getWorld().getName() + "'.");
+                FUtil.playerMsg(p, potionSpyPrefix + ChatColor.WHITE + player.getName() + " splashed " + event.getEntity().getItem().getAmount() + " " + getMaterial(droppedItem) + " at X: " + decimalFormat.format(location.getX()) + ", Y: " + decimalFormat.format(location.getY()) + ", Z: " + decimalFormat.format(location.getZ()) + ", in the world '" + location.getWorld().getName() + "'.");
             }
         }
     }
 
-    @EventHandler(priority = EventPriority.LOW)
+    @EventHandler(priority = EventPriority.MONITOR)
     public void onPotionSplash(PotionSplashEvent event)
     {
         ProjectileSource source = event.getEntity().getShooter();
@@ -85,7 +87,7 @@ public class Monitors extends FreedomService
         {
             if (plugin.al.isAdmin(p) && plugin.pl.getPlayer(p).isPotionMonitorEnabled())
             {
-                FUtil.playerMsg(p, player.getName() + " splashed " + event.getPotion().getItem().getAmount() + " " + getMaterial(droppedItem) + " at [" + decimalFormat.format(location.getX()) + ", " + decimalFormat.format(location.getY()) + ", " + decimalFormat.format(location.getZ()) + "] in the world '" + location.getWorld().getName() + "'.");
+                FUtil.playerMsg(p, potionSpyPrefix + ChatColor.WHITE + player.getName() + " splashed " + event.getEntity().getItem().getAmount() + " " + getMaterial(droppedItem) + " at X: " + decimalFormat.format(location.getX()) + ", Y: " + decimalFormat.format(location.getY()) + ", Z: " + decimalFormat.format(location.getZ()) + ", in the world '" + location.getWorld().getName() + "'.");
             }
         }
     }

src/main/java/me/totalfreedom/totalfreedommod/blocking/EventBlocker.java

@@ -3,6 +3,7 @@ package me.totalfreedom.totalfreedommod.blocking;
 import me.totalfreedom.totalfreedommod.FreedomService;
 import me.totalfreedom.totalfreedommod.TotalFreedomMod;
 import me.totalfreedom.totalfreedommod.config.ConfigEntry;
+import me.totalfreedom.totalfreedommod.util.FUtil;
 import org.bukkit.entity.Entity;
 import org.bukkit.entity.EntityType;
 import org.bukkit.entity.Projectile;
@@ -22,7 +23,6 @@ import org.bukkit.event.entity.EntityDeathEvent;
 import org.bukkit.event.entity.EntityExplodeEvent;
 import org.bukkit.event.entity.ExplosionPrimeEvent;
 import org.bukkit.event.entity.FireworkExplodeEvent;
-import org.bukkit.event.entity.ProjectileHitEvent;
 import org.bukkit.event.player.PlayerDropItemEvent;
 
 public class EventBlocker extends FreedomService

src/main/java/me/totalfreedom/totalfreedommod/blocking/PotionBlocker.java

@@ -3,11 +3,17 @@ package me.totalfreedom.totalfreedommod.blocking;
 import me.totalfreedom.totalfreedommod.FreedomService;
 import me.totalfreedom.totalfreedommod.TotalFreedomMod;
 import org.bukkit.ChatColor;
+import org.bukkit.entity.LingeringPotion;
+import org.bukkit.entity.ThrownPotion;
 import org.bukkit.entity.Player;
 import org.bukkit.event.EventHandler;
 import org.bukkit.event.EventPriority;
 import org.bukkit.event.entity.PotionSplashEvent;
+import org.bukkit.event.entity.LingeringPotionSplashEvent;
+import org.bukkit.potion.PotionEffect;
+import org.bukkit.potion.PotionEffectType;
 import org.bukkit.projectiles.ProjectileSource;
+import java.util.Collection;
 
 public class PotionBlocker extends FreedomService
 {
@@ -32,31 +38,55 @@ public class PotionBlocker extends FreedomService
     @EventHandler(priority = EventPriority.LOW, ignoreCancelled = true)
     public void onThrowPotion(PotionSplashEvent event)
     {
-        ProjectileSource source = event.getEntity().getShooter();
+        ThrownPotion potion = event.getEntity();
-
+        ProjectileSource projectileSource = potion.getShooter();
-        if (!(source instanceof Player))
+        Player player = null;
+        if (projectileSource instanceof Player)
         {
-            event.setCancelled(true);
+            player = (Player)projectileSource;
-            return;
         }
 
-        Player thrower = (Player) source;
+        if (isDeathPotion(potion.getEffects()))
-
-        if (plugin.al.isAdmin(thrower))
         {
-            return;
+            if (player != null)
-        }
-
-        for (Player player : thrower.getWorld().getPlayers())
-        {
-            if (thrower.getLocation().distanceSquared(player.getLocation()) < POTION_BLOCK_RADIUS_SQUARED)
             {
-                thrower.sendMessage(ChatColor.RED + "You cannot use splash potions close to other players.");
+                player.sendMessage(ChatColor.RED + "You are not allowed to use death potions.");
-                event.setCancelled(true);
+            }
-                return;
+            event.setCancelled(true);
+        }
+    }
+
+    @EventHandler(priority = EventPriority.LOW, ignoreCancelled = true)
+    public void onThrowLingeringPotion(LingeringPotionSplashEvent event)
+    {
+        LingeringPotion potion = event.getEntity();
+        ProjectileSource projectileSource = potion.getShooter();
+        Player player = null;
+        if (projectileSource instanceof Player)
+        {
+            player = (Player)projectileSource;
+        }
+
+        if (isDeathPotion(potion.getEffects()))
+        {
+            if (player != null)
+            {
+                player.sendMessage(ChatColor.RED + "You are not allowed to use death potions.");
+            }
+            event.setCancelled(true);
+        }
+    }
+
+    public boolean isDeathPotion(Collection<PotionEffect> effects)
+    {
+        for (PotionEffect effect : effects)
+        {
+            if (effect.getType().equals(PotionEffectType.HEAL) && effect.getAmplifier() == 125)
+            {
+                return true;
             }
         }
-
+        return false;
     }
 
 }

src/main/java/me/totalfreedom/totalfreedommod/command/Command_adminmode.java

@@ -8,7 +8,7 @@ import org.bukkit.command.CommandSender;
 import org.bukkit.entity.Player;
 
 @CommandPermissions(level = Rank.SUPER_ADMIN, source = SourceType.ONLY_CONSOLE, blockHostConsole = true)
-@CommandParameters(description = "Close server to non-superadmins.", usage = "/<command> [on | off]")
+@CommandParameters(description = "Close server to non-admins.", usage = "/<command> [on | off]")
 public class Command_adminmode extends FreedomCommand
 {
 
@@ -29,12 +29,12 @@ public class Command_adminmode extends FreedomCommand
         else if (args[0].equalsIgnoreCase("on"))
         {
             ConfigEntry.ADMIN_ONLY_MODE.setBoolean(true);
-            FUtil.adminAction(sender.getName(), "Closing the server to non-superadmins.", true);
+            FUtil.adminAction(sender.getName(), "Closing the server to non-admins.", true);
             for (Player player : server.getOnlinePlayers())
             {
                 if (!isAdmin(player))
                 {
-                    player.kickPlayer("Server is now closed to non-superadmins.");
+                    player.kickPlayer("Server is now closed to non-admins.");
                 }
             }
             return true;

src/main/java/me/totalfreedom/totalfreedommod/command/Command_aeclear.java

@@ -0,0 +1,36 @@
+package me.totalfreedom.totalfreedommod.command;
+
+import me.totalfreedom.totalfreedommod.rank.Rank;
+import me.totalfreedom.totalfreedommod.util.FUtil;
+import org.bukkit.World;
+import org.bukkit.command.Command;
+import org.bukkit.command.CommandSender;
+import org.bukkit.entity.Player;
+import org.bukkit.entity.Entity;
+import org.bukkit.entity.AreaEffectCloud;
+
+@CommandPermissions(level = Rank.SUPER_ADMIN, source = SourceType.BOTH)
+@CommandParameters(description = "Clears lingering potion area effect clouds.", usage = "/<command>", aliases="aec")
+public class Command_aeclear extends FreedomCommand
+{
+
+    @Override
+    public boolean run(CommandSender sender, Player playerSender, Command cmd, String commandLabel, String[] args, boolean senderIsConsole)
+    {
+        FUtil.adminAction(sender.getName(), "Removing all area effect clouds.", true);
+        int removed = 0;
+        for (World world : server.getWorlds())
+        {
+            for (Entity entity : world.getEntities())
+            {
+                if (entity instanceof AreaEffectCloud)
+                {
+                    entity.remove();
+                    removed++;
+                }
+            }
+        }
+        msg(removed + " area effect clouds removed.");
+        return true;
+    }
+}

src/main/java/me/totalfreedom/totalfreedommod/command/Command_saconfig.java

@@ -174,6 +174,7 @@ public class Command_saconfig extends FreedomCommand
 
                     FUtil.adminAction(sender.getName(), "Adding " + player.getName() + " to the admin list", true);
                     plugin.al.addAdmin(new Admin(player));
+                    plugin.rm.updateDisplay(player);
                 }
                 else // Existing admin
                 {
@@ -190,6 +191,7 @@ public class Command_saconfig extends FreedomCommand
 
                     plugin.al.save();
                     plugin.al.updateTables();
+                    plugin.rm.updateDisplay(player);
                 }
 
                 if (player != null)
@@ -228,6 +230,7 @@ public class Command_saconfig extends FreedomCommand
                 admin.setActive(false);
                 plugin.al.save();
                 plugin.al.updateTables();
+                plugin.rm.updateDisplay(player);
                 return true;
             }
 

src/main/java/me/totalfreedom/totalfreedommod/command/Command_vanish.java

@@ -1,6 +1,5 @@
 package me.totalfreedom.totalfreedommod.command;
 
-import java.util.Iterator;
 import me.totalfreedom.totalfreedommod.admin.Admin;
 import me.totalfreedom.totalfreedommod.rank.Displayable;
 import org.bukkit.potion.PotionEffect;
@@ -9,7 +8,6 @@ import org.bukkit.potion.PotionEffectType;
 import me.totalfreedom.totalfreedommod.util.FLog;
 import me.totalfreedom.totalfreedommod.util.FUtil;
 import org.bukkit.ChatColor;
-import me.totalfreedom.totalfreedommod.TotalFreedomMod;
 import org.bukkit.command.Command;
 import org.bukkit.command.CommandSender;
 import org.bukkit.entity.Player;
@@ -57,7 +55,7 @@ public class Command_vanish extends FreedomCommand
                 player.hidePlayer(playerSender);
             }
             plugin.esb.setVanished(playerSender.getName(), true);
-            playerSender.addPotionEffect(new PotionEffect(PotionEffectType.INVISIBILITY, 1000000, 1000000, true, false));
+            playerSender.addPotionEffect(new PotionEffect(PotionEffectType.INVISIBILITY, 1000000, 1, false, true));
             VANISHED.add(playerSender);
         }
         return true;

src/main/java/me/totalfreedom/totalfreedommod/command/Command_verify.java

@@ -75,6 +75,7 @@ public class Command_verify extends FreedomCommand
                 admin.setLastLogin(new Date());
                 plugin.al.save();
                 plugin.al.updateTables();
+                plugin.rm.updateDisplay(playerSender);
                 final FPlayer fPlayer = plugin.pl.getPlayer(playerSender);
                 if (fPlayer.getFreezeData().isFrozen())
                 {

src/main/java/me/totalfreedom/totalfreedommod/rank/RankManager.java

@@ -55,21 +55,13 @@ public class RankManager extends FreedomService
             return Title.DEVELOPER;
         }
 
-        final Rank rank = getRank(player);
-
-        // Non-admins don't have titles, display actual rank
-        if (!rank.isAdmin())
-        {
-            return rank;
-        }
-
         // If the player's an owner, display that
         if (ConfigEntry.SERVER_OWNERS.getList().contains(player.getName()))
         {
             return Title.OWNER;
         }
 
-        return rank;
+        return getRank(player);
     }
 
     public Rank getRank(CommandSender sender)
@@ -120,6 +112,26 @@ public class RankManager extends FreedomService
         return player.isOp() ? Rank.OP : Rank.NON_OP;
     }
 
+    public void updateDisplay(Player player)
+    {
+        FPlayer fPlayer = plugin.pl.getPlayer(player);
+        if (plugin.al.isAdmin(player))
+        {
+            Displayable display = getDisplay(player);
+            if (fPlayer.getTag() == null)
+            {
+                fPlayer.setTag(display.getColoredTag());
+            }
+            String displayName = display.getColor() + player.getName();
+            player.setPlayerListName(StringUtils.substring(displayName, 0, 16));
+        }
+        else
+        {
+            fPlayer.setTag(null);
+            player.setPlayerListName(null);
+        }
+    }
+
     @EventHandler(priority = EventPriority.MONITOR)
     public void onPlayerJoin(PlayerJoinEvent event)
     {
@@ -145,10 +157,13 @@ public class RankManager extends FreedomService
         }
 
         // Handle impostors
-        if (plugin.al.isAdminImpostor(player))
+        Boolean isImposter = plugin.al.isAdminImpostor(player);
+        if (isImposter)
         {
             FUtil.bcastMsg(ChatColor.AQUA + player.getName() + " is " + Rank.IMPOSTOR.getColoredLoginMessage());
             FUtil.bcastMsg("Warning: " + player.getName() + " has been flagged as an impostor and has been frozen!", ChatColor.RED);
+            String displayName = Rank.IMPOSTOR.getColor() + player.getName();
+            player.setPlayerListName(StringUtils.substring(displayName, 0, 16));
             player.getInventory().clear();
             player.setOp(false);
             player.setGameMode(GameMode.SURVIVAL);

src/main/java/me/totalfreedom/totalfreedommod/util/FUtil.java

@@ -37,7 +37,7 @@ public class FUtil
     //
     public static final String SAVED_FLAGS_FILENAME = "savedflags.dat";
     // See https://github.com/TotalFreedom/License - None of the listed names may be removed.
-    public static final List<String> DEVELOPERS = Arrays.asList("Madgeek1450", "Prozza", "WickedGamingUK", "aggelosQQ", "OxLemonxO", "Commodore64x", "Wild1145", "marcocorriero");
+    public static final List<String> DEVELOPERS = Arrays.asList("Madgeek1450", "Prozza", "WickedGamingUK", "aggelosQQ", "OxLemonxO", "Commodore64x", "Wild1145");
     public static String DATE_STORAGE_FORMAT = "EEE, d MMM yyyy HH:mm:ss Z";
     public static final Map<String, ChatColor> CHAT_COLOR_NAMES = new HashMap<>();
     public static final List<ChatColor> CHAT_COLOR_POOL = Arrays.asList(