Authenticating XMPP Ejabberd with WordPress through XML-RPC

Posted on June 21, 2010 by cubehouse

I was recently installing Ejabberd and wanted to integrate it with a WordPress installation. I’m pretty nifty at hacking about with WordPress, so thought I’d challenge myself to do it as neatly as possible.

To do this, we need:

  • An authentication script for Ejabberd to communicate with WordPress
  • Configure Ejabberd to use the authentication script
  • Add a new XML-RPC method to WordPress to allow user-login checking

Writing the Authentication Script

This is simply a PHP file that resides somewhere on your webserver (may as well place it in an Ejabberd install directory). It actually has 2 purposes. It tests for user logins (authenticating by username+password) and also checking for user existence on the system (check if a given username exists).

To build this cleanly, we’re going to be authenticating via XML-RPC with WordPress. I’ll cover more about that later.

Note, this part is heavily borrowed from http://www.ejabberd.im/check_mysql_php – however, I’ve essentially stripped out the MySQL code and added support for WordPress’s in-built XML-RPC libraries (this doesn’t use the in-built PHP function calls as you need to recompile PHP to enable them, which isn’t a general solution).

Download the Jabber/XMPP Authentication Script for Ejabberd here - auth.php

Change the 2 configuration lines at the top of the file to match your server/domain settings.

Place the file after editing into a folder on your server. Recommended somewhere near your Ejabberd server files and not on a publicly accessible location.

Configuring Ejabberd

Configuring Ejabberd is a piece of cake.

Goto your Ejabberd configuration folder (mine is /opt/ejabberd-2.1.4/conf) – open “ejabberd.cfg”.

Find the line:

{auth_method, internal}.

Change to (comment out using “%%”):

%%{auth_method, internal}.

A few lines down, find the line:

%%{auth_method, external}.

Uncomment this line and the line beneath it.

Modify the line beneath to read something like (or wherever you put the auth script):

{extauth_program, “/opt/auth.php”}.

Restart your server to apply the configuration settings (after re-uploading your settings file).

Adding authentication via XMP-RPC to WordPress

First, before continuing, ensure that you have XMP-RPC turned on in your WordPress Dashboard.

Goto Settings -> Writing and check that the XMP-RPC option is on (it is off by default).

What does this mean? XMP-RPC allows you to use external software to interact with your WordPress blogs (like use an iPhone app to write blog posts). It has many other handy functions, however, we’re going to add a new function to the default list that allows us to simply authenticate users.

To do this, we’re going to install a quick plugin I wrote. This adds two extra functions to the WordPress XML-RPC list without having to hack into the WordPress files, this means it will work with future WordPress versions (assuming they don’t change the plugin API for XML-RPC calls).

Download the XML-RPC Jabber/XMPP Authentication Plugin here – jabber_auth.php

Drop this file into your wp-content/plugins folder and activate it in the Dashboard.

You’re done! Your Ejabberd server should now be authenticating with your WordPress installation through XML-RPC requests.

About cubehouse

I'm a computer science student at the University of Bristol.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>