Plan | Player Analytics

Plan | Player Analytics 5.6 build 2883

Login Page - Change log 5.1 build 545

This update changes how login and registration is handled when authentication is enabled (requires https to be set up). In addition, a lot of smaller changes also got into the update.

Special thanks to Catalina (Spanish locale), Creeperface01 (Nukkit PlaceholderAPI support), developStorm (Emphasized online sessions) & qsefthuopq (Chinese locale) for contributions to this update!

Change log

  • Online and offline sessions are now distinguished on the website. Offline sessions have an outline and online sessions are emphasised. Original PR by @developStorm
  • Fixed several issues with page width and plugin tabs not being accessible when (No data) was in the title.
  • Changed session average to median on player page to reduce impact of quick relogs.
Added Login & Register pages

This was one of the most requested features on the feature backlog and discord.
  • Login is now based on Cookies instead of Basic Authentication.
  • You can now logout without closing the browser using a button on the website.
  • Username and in-game name are no longer required to be the same for viewing own player page (permission level 2) - User needs to be linked instead (see below).
  • Registration page allows registering users without showing the password on the console:
Webuser - Player linking
Webusers and players now link together so that the username doesn't need to be same as their IGN. This is in preparation for an upcoming webuser permission overhaul.
  • PageExtension API now has a new method that returns the username. The existing method now returns the player's name or 'console' the account is tied to.
  • The user is linked upon registration, users can be linked to 'console' as well.
  • Existing users are automatically linked by matching playernames. If no match is found the user is linked to 'console'.
  • Note that this means permission level 2 users can no longer be registered via /plan register [pass] [name] 2. Guide the players to self register via the website instead.
More about why:
The new registration form on the page does not know about permissions of the player, and cannot force users to register with their IGN. The permission levels will be replaced with a permission system in the future, so the best effort solution was to link player uuid to the username when the player uses the register command in game. This allows the users to still access their own player page when they have permission level 2.

  • Added /plan unregister command for removing linked user
  • Added Active playtime and AFK time to /plan qinspect [player]
  • Optimized query for playerbase activity grouping that is used for the graphs. This should speed up the loading for that graph.
  • Added online session playtime method to CommonQueries in Query API.
  • Fixed an unhandled deadlock error case
  • Added Spanish (ES) Locale made by Catalina
  • Chinese (CN) Locale updated by qsefthuopq
  • Fixed plugin tabs not being available when some locales were in use
  • Nukkit PlaceholderAPI support added by @Creeperface01
    The Placeholder API code was refactored and improved to support both Nukkit and Bukkit PlaceholderAPI with similar information.
  • Fixed plan_sessions_recent_peak_date placeholder not showing anything
  • Fixed Litebans loading after Plan on Spigot based servers
  • Fixed Litebans /server table headers not matching content
  • Stoped logging any Buycraft API connection exceptions.
5.1 build 505
This update fixes some corner case bugs and a security vulnerability in the password brute-force protection. More details below.

Change log
Data gathering

  • Fixed lag on some operating systems when gathering CPU load during high CPU activity by moving CPU, RAM and Disk Space gathering to a non-server thread.
  • Fixed an issue when Authorization header was used for reverse-proxy (for basic authentication) with Plan authentication disabled. There was a code path that ran anyway due to an attempt to get the Plan user from the header that caused the header to count as a login attempt, leading to an eventual 403. Now that code path is sorted to not run if authentication is disabled.
  • Fixed an issue where failed login attempts were incorrectly counted, leading to a 403 error appearing on the main page after one failed login followed by a successful login.
  • Cleaned up the error page for blocked access 403 when css resources are also blocked (due to 3 failed attempts).
Fixed Security Vulnerability #1402 in password brute-force protection
  • Plan prevents login attempts for two minutes after failed 3 failed logins in order to make brute-forcing passwords more difficult. An oversight in how the failed login attempts were counted reset the counter after a successful response (HTTP 200 OK) was sent by Plan. Because .css files do not require authentication, bad actor could have automated their code to make a request for a .css file every 2 attempts.
    Fixed by properly detecting a successful login instead of using http status codes.
  • Fixed 'Czechia' not being counted on the map due to missing ISO code.
Plan recently reached over 200 stars on Github!
If you have a bug, don't hesitate to report it over here: - Thanks!
More bugfixes to reported issues


  • Fixed Html customized resources being overwritten & not being used
  • Fixed ERR_INVALID_REDIRECT when has empty IP
  • Possibly Fixed ERR_TOO_MANY_REDIRECTS with default server name
  • Fixed Some error pages not having css
  • Fixed /server/Server <bungee id> not redirecting to /network
  • Fixed ${serverName} appearing on some plugins tabs
  • Fixed ConcurrentModificationExceptions related to ResourceSettings
  • Fixed BuyCraft API 403 causing a bunch of errors to spew.
  • Fixed unfinished RedisBungee setup causing an NPE
Bugfixes - 5.1 build 486 Change log

There was a pretty major regression bug in the last update that broke network page for anyone using a locale, so here is a bugfix release.
I decided to bash some other bugs while at it.

Change log

  • Fixed a bug with network page not opening when locale was in use
  • Fixed BuyCraft Extension not registering
  • Set BuyCraft Request header and URL to use Tebex instead of Buycraft
  • Fixed extra plugin tabs not appearing on /server and /network pages if there were no other kinds of data
  • Fixed ${backButton} appearing on extension tabs instead of the button
  • Fixed ViaVersion Extension registering its listeners even when disabled
  • Fixed an SQL exception on join (plan_users Duplicate entry) on networks
  • Fixed an IllegalArgumentException related to network page export and ExportPaths
Page Extension API - Change log 5.1 build 474

Page Extension API

PageExtension API allows adding new pages & script/stylesheet sources to Plan via an API.

The API consists of these services:
  • ResolverService - Allows adding HTTP request resolvers to Plan
  • ResourceService - Allows making web resources (files) customizable by the user
You can find the documentation here:

Change log

  • (Networks) Clean task now takes into account the server the clean task is running for. This is to avoid one server with smaller removal thresholds removing data of other servers.
Data gathering
  • Added a config setting 'Data_gathering.Disk_space' default 'true', to disable disk space gathering - on some OSes the disk returns free disk space very slowly (10 seconds) leading to lag spikes.
  • Made free disk space use Space available to current user on Unix based OSes instead of Free space on disk, as the former is more important for proper functioning of servers.
  • Webserver now uses the new API for request resolution. This refactoring was done to make sure that the new API was flexible enough to use.
Html Customization changes

The resources now need to be set as customized in the config under 'Customized_files' (The section should appear when the pages are viewed after the update). This is because the new API allows non Plan files to be customized. The resource will be placed the file to web/ folder inside the Plan folder when accessed (via the webserver) if the setting is true (false by default). If the file exists already it won't be overwritten.

If you have an existing customization in place you need to set each customized file to true, otherwise the customized file is not used.

  • Fixed Plan enabling before plugins it depended on, like Litebans. (There was a typo in bungee.yml softdepends -> softDepends)
  • Fixed an issue with class loader on Spigot related to Essentials extension. (Some classes were loaded twice)
  • Fixed an error with player html export when two players joined at the same time
If you have any issues please open a ticket
5.0 build 415 - Change log
This is a bugfix release

  • #1332 Fixed error in BentoBox Extension
  • #1333 Fixed common error with 'string_value' String truncation on MySQL.
    This was a regression bug due to my refactoring and affected multiple extensions that stored String values over 50 characters.
  • #1334 Fixed some issues with page loading with French locale
  • #1335 Delayed plugin extension registration to wait for all plugins to start up.
    Bungeecord sometimes ignores dependencies in the bungee.yml so this should fix some errors.
5.0 build 410

This update brings some bugfixes that have been ready for a while, I've just been super busy and haven't had time for releasing them.
In addition to this I've begun work on Page Extension API which will allow adding new pages to Plan by other plugins. This seems to be a pretty hefty refactoring of the whole request-response stuff in use on Plan to have a nice to use API, but it's getting there.
In other news, I'll receive the first Github Sponsors payment next month, thanks for the continued support!
I also paid for the discord-bot/nginx server for next 6 months thanks to the donations made through Paypal.
Would you like to support the development? Here are them links:
Change Log


  • French Locale was updated by @Nogapra, and double checked by Aurelien. Thanks!

  • [New] Added BentoBox Extension.
    Supports AcidIsland, BSkyBlock, CaveBlock and SkyGrid. Gives similar information as ASkyBlock Extension, such as Island names, resets left etc.
  • [New] Added support for Vault permission groups.
    If using another supported permission system you can disable this separately from Vault economy in the Plan config.
  • [Fix] LuckPerms extension registration
  • [Fix] Vault Economy error when player doesn't have an account with Essentials Economy
  • [Fix] Formatted placeholders related to ping using the formatting setting. (23.321532135 -> 23.32 ms)

  • [Fix] Fixed /players page JSON export
    the json was not loaded properly because of wrong address

  • [Fix] Fixed an error when player joined with Xbox Live without logging in. (Player UUID given as null)
  • [Fix] Fixed Nukkit register date gathering. (Nukkit gave seconds, Plan assumed milliseconds.) The incorrect register dates are automatically fixed after updating.
  • [Fix] Fixed Nukkit not recording player deaths and because of that also not recording player kills. (EntityDeathListener did not include Players, added PlayerDeathListener)

  • [Fix] Error case for EOF when reading Certificate now gives info how to fix the issue rather than a stacktrace.
  • [Fix] Error case for missing alias in Certificate now gives error message rather than a stacktrace.
  • [Fix] Fixed newer 1.15.2 Spigot builds warning about undecleared dependencies for AAC, Essentials & other plugins using javax.inject
5.0 build 382- Change log

Added Webserver.Security.Disable_authentication setting
This setting allows disabling Plan authentication when https is set up, and it defaults to false to avoid previously secured servers from being exposed.

Added %plan_player_favorite_server% placeholder
Displays the same server name for the player who sees the placeholder as the one on the player page.


Fixed SpongeForge crashing when using IP2C for geolocation
There Plan was using IP2C (fallback) for geolocation, it called HTTPURLConnection#setDefaultCaches(false), which apparently disables caches by default on all URLConnections, including JarURLConnections, that some mods used. The class loader freaked out which lead to a crash.

Fixed font awesome not being Exported properly
The files were exported as text, which malformed the font files.

Fixed periodic gathering task on Paper 1.8.x
The task assumed getTPS() method was available, but it was added to paper in 1.9
5.0 build 367 - Change Log

This update brings a big bunch of great bugfixes. Thanks for everybody who tested & reported bugs in the dev versions. Please note that you'll need to accept a new GeoLite2 EULA for Plan to download the geolocation database after the update.

If you're using Export I highly recommend this update as it fixes a memory leak in Html Export.

If you would like to support development, please consider becoming a sponsor.


Optimized the periodic gathering task (#1289)
The task is used for gathering Online Players, TPS, CPU, RAM, Chunks & Entities and runs every 20 ticks.
The average run time was heavily optimized from 12ms to 0.15ms (98% reduction) with help of Paper timings. The task was also streamlined so it should have similar speeds on other platforms.

Japanese Locale was updated by yukieiji, thanks!


Fixed GeoLite2 Database downloading (#1273)
On December 30th MaxMind made their GeoLite2 database unavailable without an account due to California law change, breaking the geolocation on Plan. This issue has been fixed in this version.

You need to accept the GeoLite2 EULA to use the database again - See 'Data_gathering.Accept_GeoLite2_EULA' setting
Plan will update the database from time to time
Additionally a fallback option was added that uses ip2c via HTTP. I recommend accepting the geolite2 eula, because ip2c doesn't support IPv6 and uses more resources than geolite2, that doesn't require http connections.

Plugins-tab fixes (#1260, #1276, #1286)
There were a couple of bugs with the "Plugins" tabs.
  • Fixed an issue related to some Extension tables not displaying at all.
  • Fixed plugin tabs that have large tables not filling the whole width of the page.
  • Fixed tab name always being "Plugins Overview" instead of plugin name.
  • Fixed tab names not including server name instead showing a dot.
  • Fixed wrong column names of Buycraft table
Export fixes (#1278, #1269, #1210)
  • Fixed a memory leak when using Export (some replacement lists were never cleared)
    • Fixed some player page export when the players shared parts of the name
  • Fixed names of exported server folders when server name had a space (on networks)
  • Fixed links of session accordion linking to UUID instead of player name (export saves player name pages)
  • Fixed links of "back" buttons not working appropriately with subdirectory URL (eg. /plan/server/)
Other small fixes (#1293, #1287, #1272)
  • Fixed too long weapon item names causing an exception
  • Fixed some words inside Javascript getting translated by Locale
  • Fixed missing hamburger on /players and /debug pages for mobile
  • Updated SQLite to 3.30.1
  • Updated MySQL to 8.0.19 & HikariCP to 3.4.2
  • Updated Font awesome to 5.12.0
  • Updated FullCalendar to 3.10.0
Direct any bugs to, thanks :)
Year in Review - 5.0 build 335

This December marked 3 years of Plan development. It has been an interesting year.
Year in review post below, change log for this bugfix update at the bottom.

I was going to write about what was done this year, but that became a 2 page essay so I scrapped it. Then I tried to write about the amount of work that went into this year, but that turned into another long essay.
Long story short, this year I worked on 5.0 update almost every weekend from April to October. The work didn’t start in April, but February, when the redesign was only on the design table. Soon after 5.0 was released, some cool milestones were reached, such as over 1000 servers running Plan, Top 30 of Spigot plugins by Rating and Plan also appeared in the background of LinusTechTips video for a few seconds. Removing installation roadblocks for minigame networks was also successful. (I know this because someone got a Bungee server with 925 Plan servers in the database soon after the update according to bStats).
This recap is going to be a bit more personal this time, because while doing this review I realized that I've felt burnout creeping in for some months now. It makes sense, considering that Plan development has been almost half-time job on top of university studies. On 14th I started Christmas vacation from Plan Discord support and after a few days off, the symptoms seem to have subsided. - I think changes are needed next year when I'll come back after new years.
You gave some awesome feedback and positive words in the satisfaction survey though! The average for How well did we do this year? was a whopping 9.2/10. Overall satisfaction also increased from 8.2 to 8.7 from last year. I’ll address some of the things that were brought up here:
  • The settings for data removal are not clear - you need to change stuff under Time.Thresholds on all servers to prevent unwanted removal of data. At least /Plan/serverConfiguration helps with this somewhat until better grouping of the settings.
  • High Memory usage - This has been reported only by some users, so I suspect that it is due to Plugin integrations. If you’re having a large memory usage try disabling all Extensions in the Plan config (bonus points if you can figure out which one it is and report it)
  • There was a suggestion to track custom PAPI placeholder values over time - Sounds like a good idea to keep in mind. This would need some additions to the DataExtension API, as currently dynamic data or graphs are not supported.
The survey and I seem to be on the same page on where to focus on next: Extensibility and Extensions. Performance optimizations came in 3rd spot. I'll probably keep January off from development while figuring out sustainable form of support, so that’s what will be on the menu when I get back on the horse.
I hope to see you when I get back. Thank you for amazing 3 years and hopefully many more to come.


Added Access-Control-Allow-Origin option for Webserver (#1251)

CORS (Cross-Origin Resource Sharing) was preventing Plan data to be used on custom websites. To allow Plan data be used on other pages (for online graphs and stuff), config setting Webserver.Security.CORS.Allow_origin added with default value '*'.

Punchcard bugfixes

  • Fixes Punchcard not using the TimeZone specified in config (was using server timezone) (#1250)
  • Punchcard now displays from 12 am to 11 pm. Previously it showed from 1 am to 00 am. (#712)
Relative path to session buttons by @jyhsu2000

  • Fixes the Player page and Server page links inside sessions when Plan is behind a reverse-proxy using a subdirectory (eg.