Skip to main content

ZonelyCore

ZonelyCore is a comprehensive plugin designed to integrate your Minecraft server with your website. You can synchronize the categories and products added to your website into the game, allow players to make in-game purchases using site credits, and display purchase activity in-game. With SecureSocket support, you can securely send commands from your website to your game server. The plugin brings together many modules under one structure, including store, support tickets, punishments, credits, auctions, reports, tournament systems, and more.

Requirements

Before installation, it is recommended to have the following plugins installed on your server:
PluginLink
ProtocolLibSpigotMC
PlaceholderAPISpigotMC

Features

Web Store

Players can view and purchase products from your website through an in-game GUI. You can manage products and categories from your admin panel.

Auctions

Players can list their items in the Auctions section on both your website and in-game by setting a credit amount, without paying any listing fee. Players with enough credits can purchase or claim auctioned items.

NPCs

You can create NPCs that open 6 different menus. Hologram and PlaceholderAPI support is included.

Support Tickets

Website support tickets can be managed live from in-game. Staff members can reply to tickets, close them, or ban users. Players can also create new tickets from inside the server by selecting a support category.

Punishments

Staff members can mute, ban, warn players, and view their punishment history. Punished users can be managed through your website, and players can view punishments publicly.

Last Credits

The latest credit top-ups are displayed in a GUI and can be filtered by category.

Leaderboards

Recent credit top-ups can be displayed as a hologram. The hologram can be clickable and can be viewed by category.

Login & Register

Players can log in using the same account they created on the web panel.

Credits

You can manage your players’ credits.

Credit Vouchers

Players can convert their site credits into a paper voucher item. They can share credits with each other using this paper item. When right-clicked, the credit is added to the player’s account.

Reports + Replay

Players can report users they believe are violating the rules. Staff members can view reported players through a GUI and take action. The system is integrated with the punishment module. Reported players can be reviewed as if watching a video, and punishments can be applied afterward.

WebSockets

Used for product sales on the website. It securely runs website commands in-game using encrypted data. It ensures that only commands verified by the website are executed by the console.

Deliveries

Players can claim time-based rewards through a GUI.

Web Profiles

A player’s website profile can be viewed in-game through a GUI.

Chat Colors

Users with permission can change their chat message colors through a GUI. Messages appear in the selected color.

E-Sports Tournament System

Provides a complete competitive tournament flow with club registration, waiting lobby, bracket progression, live match stages, spectator mode, winner management, and automatic cleanup/reset.

E-Sports Match Events

Includes timed tier chest drops, special helper item drops, dynamic holograms, meteor/train arena events, match summaries, and winner celebration effects.

Disguises

Opens a book GUI that allows players to appear with a different identity in-game.

Chat Filters

Blocks advertisements and offensive messages sent by players. It can automatically apply punishments when needed.

PlaceholderAPI & MySQL Support

The plugin can connect to a database and use various variables through PlaceholderAPI.

Auto Login

After the first login or registration, trusted IP addresses are remembered. Players can be taken directly into the server without being asked to log in again.

Bossbar Guidance

Custom bossbars guide players through login, registration, and email verification steps in-game.

Fallback Server

After a successful login or registration, players can automatically be transferred to a predefined BungeeCord server.

Email Verification

When enabled, players are asked to set an email address. A verification code is sent to their inbox, and they can continue playing after entering this code in-game.

2FA (TOTP)

TOTP-based two-factor authentication verifies players with a one-time code before they enter the game.

Email Change

To change an email address, a one-time code is sent to the player’s inbox. When the code is entered in-game, the email address is securely updated.

Password Reset

Players can request a token in-game using the /passwordreset command and securely set a new password through the website under time and security restrictions.

ChatBridge

Synchronizes website chat with the game server. Players can select a server on the website, send commands or messages, and view them live together with the online player list.

Inventory Snapshots

A player’s inventory is captured every time they join or leave and is displayed as a GUI on their web profile. Optionally, it can also be made visible to other players.

Launcher Auth

Requires your private ZonelyLauncher to access the server. Players who join without the launcher are kicked with a download link and can only play through the launcher.

Groups

You can grant additional privileges to users by assigning permissions through another plugin. This can be used in the profile menu.

Disguise System

Provides a fully GUI-based role/skin disguise flow with language-supported menu texts.

Multi-Language

Offers languages.yml based localization, fallback strategy, and wide module coverage.

Commands

/webprofile
/zc
/webprofile
/store
/credit
/support
/lastcredits
/auctions
/reports
/disguise
/credit [player]
/credit set [player] [amount]
/credit add [player] [amount]
/credit remove [player] [amount]
/creditvoucher [player] [amount]
/report [player]
/auction [amount]
/punish
/punish ban/ipban/mute/warning [player] [duration] [reason]
/punish unban/unmute/unwarning [player]
/zc npc spawn/remove web-profile/auctions/last-credits/reports/deliveries/web-store/supports/tournamnets [id]
/zc hologram lastcredits [id]
/club
/club help
/esports
/email <set|resend|status>
/passwordreset
/2fa <setup|confirm|cancel|disable|code|recovery>

E-Sports Overview

The E-Sports module includes full tournament management, including club registration, waiting lobby orchestration, bracket generation, live match state tracking, spectator tools, timed loot progression, special drop mechanics, dynamic arena events, and automatic post-match reset/cleanup.

Permissions

zonely.auction
zonely.auction.manage
zonely.reports.view
zonely.punish
zonely.punish.ban
zonely.punish.mute
zonely.punish.warning
zonely.punish.history
zonely.punish.notify
zonely.punish.ipban
zonely.support.staff
zonely.support.ban
zcore.cmd.disguise
zcore.cmd.disguiselist
zcore.admin
esports.manage

Placeholders

%ZonelyCore_cash%
%ZonelyCore_perm%
%ZonelyCore_playername%
%ZonelyCore_status_delivery%
%ZonelyCore_lastcredit_<number>_display%
%ZonelyCore_lastcredit_<number>%
%ZonelyCore_lastcredit_<number>_name%
%ZonelyCore_lastcredit_<number>_amount%
%ZonelyCore_lastcredit_<number>_date%
%ZonelyCore_lastcredit_<number>_time%
%zonely_tournament_name%
%zonely_tournament_state%
%zonely_tournament_event%
%zonely_tournament_start%
%zonely_tournament_end%
%zonely_tournament_club_count%
%zonely_tournament_countdown%
%zonely_tournament_countdown_seconds%
%zonely_tournament_register_open%
%zonely_tournament_repeatable%
%zonely_tournament_repeat_days%
%zonely_tournament_repeat_mode%
%zonely_club_name%
%zonely_club_tag%
%zonely_club_seed%
%zonely_club_status%
%zonely_next_match_round%
%zonely_next_match_slot%
%zonely_next_match_a%
%zonely_next_match_b%
%zonely_active_match_id%
%zonely_match_time%
%zonely_match_id%
%zonely_match_players%
%zonely_match_kills%
%zonely_match_deaths%
%zonely_match_blocks%
%zonely_match_clubkills%
%zonely_match_clubkills_<TAG>%

Images

ZonelyCore ZonelyCore bStats

ZonelyCore API Quick Reference

All examples assume ZonelyCore is enabled and your plugin depends on it.

Accessing the API

import dev.zonely.whiteeffect.api.ZonelyCoreAPI;

public final class MyAddon {

    private ZonelyCoreAPI api;

    public void onEnable() {
        api = ZonelyCoreAPI.get(); // safe once ZonelyCore is enabled
    }
}

Checking Module Toggles

if (!api.areVouchersEnabled()) {
    getLogger().warning("Vouchers module disabled, skipping custom voucher logic.");
}

if (api.areLastCreditsEnabled()) {
    getLogger().info("Last Credits module active — holograms and GUI calls are safe.");
}

Cash API

getBalance(name|player) returns the current credit total and is offline-safe. addBalance, withdraw, and setBalance return the updated balance. They throw CreditOperationException on insufficient funds, database issues, or validation errors. isCached and invalidateCache can be used to manage the in-memory cache after manual database edits. Async helpers (addBalanceAsync, withdrawAsync, setBalanceAsync) return CompletableFuture<Long>, allowing operations to stay off the main thread. 
import dev.zonely.whiteeffect.api.cash.CashAPI;
import dev.zonely.whiteeffect.api.cash.CreditOperationException;
import org.bukkit.Bukkit;
import org.bukkit.entity.Player;
// 'plugin' below should be your JavaPlugin instance

CashAPI cash = api.cash();

try {
    long updated = cash.addBalance("PlayerOne", 500);
    long remaining = cash.withdraw("PlayerTwo", 250);
    cash.setBalance("PlayerVIP", 10_000);
    getLogger().info("Balances updated: " + updated + " / " + remaining);
} catch (CreditOperationException ex) {
    getLogger().warning("Credit operation failed: " + ex.getMessage());
}

cash.addBalanceAsync("AsyncGuy", 1000).thenAccept(newBalance ->
        Bukkit.getScheduler().runTask(plugin, () -> {
            Player player = Bukkit.getPlayerExact("AsyncGuy");
            if (player != null) {
                player.sendMessage("Your new balance: " + newBalance);
            }
        })
);

Voucher API

issueVoucher(issuer, target, amount) deducts credits and returns a VoucherIssueResult. The result includes the item and metadata. parseVoucher(item) safely inspects items. redeemVoucher(details|item) adds the credit to the target player. It throws CreditOperationException for validation problems such as insufficient funds. 
import dev.zonely.whiteeffect.api.voucher.VoucherAPI;
import dev.zonely.whiteeffect.api.voucher.VoucherIssueResult;
import dev.zonely.whiteeffect.api.cash.CreditOperationException;
// assumes 'player' is available

VoucherAPI vouchers = api.vouchers();

try {
    VoucherIssueResult voucher = vouchers.issueVoucher("Staff", "PlayerTwo", 250);
    player.getInventory().addItem(voucher.getVoucherItem());
    vouchers.redeemVoucher(voucher.getDetails());
} catch (CreditOperationException ex) {
    getLogger().warning("Voucher error: " + ex.getMessage());
}

Deliveries API

listDeliveries() exposes configured reward entries. getStatus(player, delivery) describes permission and cooldown status. claim(player, delivery) grants the reward. It may throw CreditOperationException on profile loading failures. 
import dev.zonely.whiteeffect.api.cash.CreditOperationException;
// assumes 'player' is available

api.deliveries().listDeliveries().forEach(delivery -> {
    api.deliveries().getStatus(player, delivery).ifPresent(status -> {
        if (status.canClaimNow()) {
            try {
                api.deliveries().claim(player, delivery);
            } catch (CreditOperationException ex) {
                player.sendMessage("Delivery failed: " + ex.getMessage());
            }
        }
    });
});

Last Credits API

getLeaderboard(category) returns cached entries. Supported categories: 
RECENT
ALL_TIME
YEARLY
MONTHLY
DAILY
getLastLeaderboardRefresh(category) exposes snapshot freshness. getRecentTopups() mirrors the PlaceholderAPI cache. getViewerCategory(player) and setViewerCategory(player, category) keep holograms and GUI views synchronized per player. openMenu(player, category) opens the menu according to the player’s active category. 
import dev.zonely.whiteeffect.menu.lastcredits.LastCreditsMenuManager;
// assumes 'player' is available

var recent = api.lastCredits().getLeaderboard(LastCreditsMenuManager.Category.RECENT);
recent.forEach(entry ->
        Bukkit.getLogger().info(entry.getPosition() + ". " + entry.getUsername() + " -> " + entry.getFormattedAmount())
);

LastCreditsMenuManager.Category active = api.lastCredits().getViewerCategory(player);
api.lastCredits().openMenu(player, active);

Secure Socket API

The Secure Socket module is managed through config.yml. Related settings: 
web-token
socket-port
The module must be enabled. start(), stop(), and restart() manage the listener. isActive() and getPort() expose runtime status. 
if (api.isSocketEnabled()) {
    if (!api.socket().isActive()) {
        if (!api.socket().start()) {
            getLogger().warning("Secure socket could not start. Check config.yml.");
        }
    } else {
        api.socket().restart();
    }
}

Auction API

openMainMenu, openSoldMenu, openPurchasedMenu, and openPurchaseMenu are safe to call from async threads. The manager switches back to the Bukkit thread when needed. getMenuManager() exposes the GUI controller. getDao() grants direct database access for custom workflows. Before exposing custom commands, check api.areAuctionsEnabled(). 
import dev.zonely.whiteeffect.api.auction.AuctionDao;
// assumes 'player' is available

if (api.areAuctionsEnabled()) {
    api.auctions().openMainMenu(player);

    AuctionDao dao = api.auctions().getDao();
    if (dao != null) {
        dao.listByCreator(dao.fetchUserId(player.getName()))
                .forEach(item -> getLogger().info(item.getCustomTitle()));
    }
} else {
    player.sendMessage("Auctions are disabled on this server.");
}

VirusTotal

Some warnings may appear on VirusTotal. By reviewing the source code, you can see that this is related to the SecureSocket usage. VirusTotal report

Source Code

GitHub source code Download from SpigotMC