Plan | Player Analytics

Plan | Player Analytics 5.6 build 2614

5.1 build 768 - Command Rework

This update contains reworked command system and permissions.
Special thanks to Shadowhackercz and Vankka for their contributions to this update.

If you would like to affect Plan development priorities, fulfill this survey. It might take around 5-10 minutes.

Major changes
Command system rewrite

  • All platforms now use same permissions for same commands
  • All platforms now have all of the commands that have been available
  • When using commands as a player the help menu now has more information on hover
  • Actions that remove data now ask for confirmation instead of -a argument
  • Some commands that previously did not have a specific permission now have a permission (such as /plan register)
  • /planbungee and /planvelocity now called /planproxy (They still work as aliases though). Another alias /planp
See for updated permission & command information

  • Login page now logs in when Enter is pressed
  • Login page now uses a <button> instead of <a> (might help password managers)
  • Vankka contributed a FactionsUUID Extension that should support FactionsUUID and forks eg. SaberFactions (and the now dead SavageFactions)
  • EssentialsX Extension no longer stores economy information due to large amount of "Economy lag" messages.
  • Shadowhackercz contributed a Czech locale, use it by setting locale to CS
  • Lots of the command related messages had to be updated so some messages might be in English because they have not been translated yet.
If you run into any issues, please open a ticket at
5.1 build 657
This update has taken a while to get together, as I've been busy at work.
None the less, this update contains lots of bugfixes, quite many related to database related exceptions.

Special thanks to Saph1s for their contribution to this update.

Change log

  • New tables are now created with utf8mb4 as the default charset to avoid character encoding errors.
  • Increased deadlock retry attempts to 5, and added the attempt count to the error context.
  • If the database fails to do tasks related to opening (Such as creating tables or patching schema) the plugin now disables.
  • If the database is under heavy load (Visible as "Lock wait timeout exceeded" errors) Plan now attempts to reduce the load for 10 minutes each time. If the reduction is not enough, a pause between transactions is increased.
  • Fixed JSON serialization of /v1/players endpoint when a datapoint had \ character in it that broke the players table.
  • Fixed IllegalArgumentException fromKey > toKey when adding ping to sessions on /player page (56bb3b3a6a)
  • Fixed incompatibility with AAC due to use of Reflection during class loading (Moved reflection use to enable)
  • Possibly fixed logo appearing stretched on the login page when using Safari
  • Webserver is now enabled by default when installing on Sponge servers
  • Russian Locale was updated by Saph1s
Error instructions ('What to do')
  • If character encoding is wrong in the database the user is instructed how to convert the charset of their MySQL.
  • If MySQL user is missing privileges, the user is instructed to give privileges to the user (Usually REFERENCES privilege is missing).
  • If SQLite has corrupted, the user is given instructions to restore the database, and a link to repair article.
5.1 build 624 - Hotfix

Fixed an infinite loop in the error handling code when an Exception had a cause (most exceptions)

There was an infinite loop in the error handling code that has been causing high CPU usage and OutOfMemory crashes.
The loop prevented the actual exception from being logged, and was a very dumb mistake in the code, that is easy to miss.
I should have originally written some unit tests, but at least they are here now, and the error handling code is confirmed to work properly.
5.1 build 615
This build contains one new feature (IP whitelist) and bugfixes.
Special thanks to Elguerrero & MastoryMd5 for their contributions to this update

Change log

  • Fixed permission check issue with /plan unregister that allowed anyone to unregister any user by if they knew their username.
  • Fixed these commands from executing database queries on server thread:
    • /plan players
    • /plan network
    • /plan register
    • /plan manage raw
  • Fixed /plan inspect throwing an NPE when a player tried to view someone elses profile without 'plan.inspect.other' permisison
Error Handling
  • Crash due to OutOfMemoryException should now be resolved (The error handling should no longer consume so much memory)
Added IP Whitelist

Config now contains Webserver.Security.IP_Whitelist and Webserver.Security.IP_Whitelist.Whitelist settings for whitelisting IP addresses that can access the webserver.

  • The whitelist is disabled by default
  • Default whitelist has IP addresses for local machine
  • When enabled all requests from non-whitelisted IPs will be forbidden (403)
  • Denied attempts are logged.
  • MySQL Launch Options setting now has &serverTimezone=UTC by default (not added to existing settings automatically)
  • Spanish locale updated by Elguerrero
  • Italian locale updated by MastoryMd5
  • Fixed an NPE when a plugin gave PlaceholderAPI a null Player that was passed to Plan.
5.1 build 600
This update has some bugfixes in it, and adds a deprecation warning for H2.
Special thanks to enterih & hallo1142 for their contributions to this update.
  • Added a warning for h2 users: h2 will be deprecated in 5.2 See issue #1472
    • Added user and password settings for H2 that are separate from MySQL's. Because the old versions use same user and password as MySQL, you might need to copy the user and pass field over if using h2.
    • Fixed Moving data from H2 to MySQL.
  • MySQL connection improvements
    • Possibly fixed 'unknown timezone' error when connecting
    • Possibly fixed Plan not using the MySQL driver included inside Plan.jar
  • Made logout links relative (Fixes logout for some subdirectory reverse-proxy setups)
  • Made /login?from=<link> link relative (Fixes login redirect for some subdirectory reverse-proxy setups)
  • Added %plan_sessions_unique_players_today% placeholder: Shows unique players for current day (based on timezone) while plan_sessions_unique_players_day shows last 24h
  • Fixed high CPU usage when an Extension ran into an exception
    • Extensions service no longer attempts again when an extension method fails.
    • Stacktrace logger duplicate line finding optimized to not use HashSet
  • Deutsch locale updated by enterih and hallo1142
  • Like
Reactions: revpixel
Change log 5.1 build 586

Here is an update with some improvements.

Special thanks to all contributors to this update; Fur_xia (Updates to Chinese locale), hallo1142 (Updates to Deutsch locale), itaquito (Updates to Spanish locale) Karlatemp (Bugfixes related to locale + async update check)

Change log

  • Added a 'Hour by Hour' graph similar to 'Day by Day' graph to server and network pages. It displays hourly new players and unique players for the last 7 days.
Error handling
  • Error handling was rewritten to address the issue of large error log files. Now each exception is assigned an unique hash to avoid duplicates of same exception being logged.
    • Error context was added so that it is easier to solve issues
    • The context can also include "What to do" instructions to the user in case they can fix the issue themselves, in cases like File permission errors.
    • Up to 5 contexts are logged in order to avoid these log files from growing endlessly.
    • Error stacktraces are no longer logged to console to avoid console logs becoming large.
    • Default log deletion setting was reverted back to 7 days
  • Extension method disabling (if a method throws an exception) should now work properly
  • Chinese locale was updated by Fur_xia and Karlatemp
  • Deutsch locale was updated by hallo1142
  • Spanish locale was updated by itaquito
  • Some pages erroring when using a locale were fixed by Karlatemp
  • Some links getting translated was fixed by Karlatemp
  • Update check is now performed asynchronously on enable (by Karlatemp)
  • A typo in a comment in ServerInfoFile.yml was fixed by aimorris
  • Registration information now expires after 15 minutes (Fixes a memory leak)
Change log 5.1 build 563

This update contains bugfixes.
Special thanks to yukieiji, Saph1s & shaokeyibb for their contributions to this update.

Activity Index

  • Fixed activity index inconsistencies between player and server/network/players pages. The inconsistencies were due to the SQL ignoring weeks with no playtime, leading to higher activity index than supposed to. The issue was not caught earlier due to improper unit testing, but now the consistency is guaranteed with randomized data in the tests.
  • Passwords that include characters &, = or ? can be used again
  • Login cookies now expire appropriately in the backend (Fixes a small memory leak)
  • HEAD http requests now return no request body
  • Network page serverlist scrollbar height increased from 60% to 85%
  • Fixed Ping graph colors not being applied
  • Added Russian (RU) locale by Saph1s
  • Japanese locale was updated by yukieiji
  • Chinese locale was updated by shaokeyibb
  • A couple users have been reporting large error logs due to "MySQL Connection Pool is closed". As a remedy default log deletion threshold in config was reduced to 2 days. In addition some more timeouts were added to HTTP connections in IP2C geolocator in case the pool close is caused by a socket leak. Issue #1246 to improve error file logging was bumped to high priority.
Login Page - Change log 5.1 build 545

This update changes how login and registration is handled when authentication is enabled (requires https to be set up). In addition, a lot of smaller changes also got into the update.

Special thanks to Catalina (Spanish locale), Creeperface01 (Nukkit PlaceholderAPI support), developStorm (Emphasized online sessions) & qsefthuopq (Chinese locale) for contributions to this update!

Change log

  • Online and offline sessions are now distinguished on the website. Offline sessions have an outline and online sessions are emphasised. Original PR by @developStorm
  • Fixed several issues with page width and plugin tabs not being accessible when (No data) was in the title.
  • Changed session average to median on player page to reduce impact of quick relogs.
Added Login & Register pages

This was one of the most requested features on the feature backlog and discord.
  • Login is now based on Cookies instead of Basic Authentication.
  • You can now logout without closing the browser using a button on the website.
  • Username and in-game name are no longer required to be the same for viewing own player page (permission level 2) - User needs to be linked instead (see below).
  • Registration page allows registering users without showing the password on the console:
Webuser - Player linking
Webusers and players now link together so that the username doesn't need to be same as their IGN. This is in preparation for an upcoming webuser permission overhaul.
  • PageExtension API now has a new method that returns the username. The existing method now returns the player's name or 'console' the account is tied to.
  • The user is linked upon registration, users can be linked to 'console' as well.
  • Existing users are automatically linked by matching playernames. If no match is found the user is linked to 'console'.
  • Note that this means permission level 2 users can no longer be registered via /plan register [pass] [name] 2. Guide the players to self register via the website instead.
More about why:
The new registration form on the page does not know about permissions of the player, and cannot force users to register with their IGN. The permission levels will be replaced with a permission system in the future, so the best effort solution was to link player uuid to the username when the player uses the register command in game. This allows the users to still access their own player page when they have permission level 2.

  • Added /plan unregister command for removing linked user
  • Added Active playtime and AFK time to /plan qinspect [player]
  • Optimized query for playerbase activity grouping that is used for the graphs. This should speed up the loading for that graph.
  • Added online session playtime method to CommonQueries in Query API.
  • Fixed an unhandled deadlock error case
  • Added Spanish (ES) Locale made by Catalina
  • Chinese (CN) Locale updated by qsefthuopq
  • Fixed plugin tabs not being available when some locales were in use
  • Nukkit PlaceholderAPI support added by @Creeperface01
    The Placeholder API code was refactored and improved to support both Nukkit and Bukkit PlaceholderAPI with similar information.
  • Fixed plan_sessions_recent_peak_date placeholder not showing anything
  • Fixed Litebans loading after Plan on Spigot based servers
  • Fixed Litebans /server table headers not matching content
  • Stoped logging any Buycraft API connection exceptions.
5.1 build 505
This update fixes some corner case bugs and a security vulnerability in the password brute-force protection. More details below.

Change log
Data gathering

  • Fixed lag on some operating systems when gathering CPU load during high CPU activity by moving CPU, RAM and Disk Space gathering to a non-server thread.
  • Fixed an issue when Authorization header was used for reverse-proxy (for basic authentication) with Plan authentication disabled. There was a code path that ran anyway due to an attempt to get the Plan user from the header that caused the header to count as a login attempt, leading to an eventual 403. Now that code path is sorted to not run if authentication is disabled.
  • Fixed an issue where failed login attempts were incorrectly counted, leading to a 403 error appearing on the main page after one failed login followed by a successful login.
  • Cleaned up the error page for blocked access 403 when css resources are also blocked (due to 3 failed attempts).
Fixed Security Vulnerability #1402 in password brute-force protection
  • Plan prevents login attempts for two minutes after failed 3 failed logins in order to make brute-forcing passwords more difficult. An oversight in how the failed login attempts were counted reset the counter after a successful response (HTTP 200 OK) was sent by Plan. Because .css files do not require authentication, bad actor could have automated their code to make a request for a .css file every 2 attempts.
    Fixed by properly detecting a successful login instead of using http status codes.
  • Fixed 'Czechia' not being counted on the map due to missing ISO code.
Plan recently reached over 200 stars on Github!
If you have a bug, don't hesitate to report it over here: - Thanks!
More bugfixes to reported issues


  • Fixed Html customized resources being overwritten & not being used
  • Fixed ERR_INVALID_REDIRECT when has empty IP
  • Possibly Fixed ERR_TOO_MANY_REDIRECTS with default server name
  • Fixed Some error pages not having css
  • Fixed /server/Server <bungee id> not redirecting to /network
  • Fixed ${serverName} appearing on some plugins tabs
  • Fixed ConcurrentModificationExceptions related to ResourceSettings
  • Fixed BuyCraft API 403 causing a bunch of errors to spew.
  • Fixed unfinished RedisBungee setup causing an NPE