I was recently installing Ejabberd and wanted to integrate it with a WordPress installation. I’m pretty nifty at hacking about with WordPress, so thought I’d challenge myself to do it as neatly as possible.
To do this, we need:
- An authentication script for Ejabberd to communicate with WordPress
- Configure Ejabberd to use the authentication script
- Add a new XML-RPC method to WordPress to allow user-login checking
Writing the Authentication Script
This is simply a PHP file that resides somewhere on your webserver (may as well place it in an Ejabberd install directory). It actually has 2 purposes. It tests for user logins (authenticating by username+password) and also checking for user existence on the system (check if a given username exists).
To build this cleanly, we’re going to be authenticating via XML-RPC with WordPress. I’ll cover more about that later.
Note, this part is heavily borrowed from http://www.ejabberd.im/check_mysql_php – however, I’ve essentially stripped out the MySQL code and added support for WordPress’s in-built XML-RPC libraries (this doesn’t use the in-built PHP function calls as you need to recompile PHP to enable them, which isn’t a general solution).
UPDATE – I have written a new version of this plugin that uses it’s own xmlrpc class. It is available as a zip file and appears more compatible with newer Ejabberd installations.
Download version 2.0 the Jabber/XMPP Authentication Script for Ejabberd here - auth.zip
Download version 1.0 the Jabber/XMPP Authentication Script for Ejabberd here - auth.php
Version 2 auth.php instructions
If you’re having problems, try changing lines 167 and 176 to remove the https (replace with http). Otherwise, it should work out of the box with relatively little configuration (once you’ve installed the WordPress plugin).
Version 1 auth.php instructions
Change the 2 configuration lines at the top of the file to match your server/domain settings.
Place the file after editing into a folder on your server. Recommended somewhere near your Ejabberd server files and not on a publicly accessible location.
Configuring Ejabberd
Configuring Ejabberd is a piece of cake.
Goto your Ejabberd configuration folder (mine is /opt/ejabberd-2.1.4/conf) – open “ejabberd.cfg”.
Find the line:
{auth_method, internal}.
Change to (comment out using “%%”):
%%{auth_method, internal}.
A few lines down, find the line:
%%{auth_method, external}.
Uncomment this line and the line beneath it.
Modify the line beneath to read something like (or wherever you put the auth script):
{extauth_program, “/opt/auth.php”}.
Restart your server to apply the configuration settings (after re-uploading your settings file).
Adding authentication via XML-RPC to WordPress
First, before continuing, ensure that you have XML-RPC turned on in your WordPress Dashboard.
Goto Settings -> Writing and check that the XML-RPC option is on (it is off by default).
What does this mean? XML-RPC allows you to use external software to interact with your WordPress blogs (like use an iPhone app to write blog posts). It has many other handy functions, however, we’re going to add a new function to the default list that allows us to simply authenticate users.
To do this, we’re going to install a quick plugin I wrote. This adds two extra functions to the WordPress XML-RPC list without having to hack into the WordPress files, this means it will work with future WordPress versions (assuming they don’t change the plugin API for XML-RPC calls).
Download the XML-RPC Jabber/XMPP Authentication Plugin here – jabber_auth.php
Drop this file into your wp-content/plugins folder and activate it in the Dashboard.
You’re done! Your Ejabberd server should now be authenticating with your WordPress installation through XML-RPC requests.
Nice.
Pingback: Tweets that mention Authenticating XMPP Ejabberd with Wordpress through XML-RPC | Cubehouse's Blog -- Topsy.com
I like this, thanks.
I have two questions:
It’s possible to use remote WordPress,
and
It’s possibleg to use directly to database without rpc?
First question: If you can get it to install the RPC plugin to add the extra command, then yes. I tried to find a “login check” RPC command in the core WordPress, but was unable to locate anything. If it does exist already, you could use that to theoretically login using a remote WordPress site.
Second question: You could do this without RPC if you wanted. Should be reasonably easy to extract my code for adding the RPC request and using it stand-alone. I gave it as an RPC request just to make it more user-friendly and future-proof with WordPress, as a plugin is much tidier.
Yes, I can install plugin in the WordPress.
I have three servers, one for the web frontend and the file storage, one for the mysql, and one for the other application (mail, binhost, etc).
I would like to install ejabberd with this external authentication on the third vps, but i would like to use the wordpress in the webhost.
An other things: I saw the password is send unencrypted format to the wordpress, this is normal?
I suggest making sure that your WordPress server has https set up if you are authenticating between servers.
The server running eJabberd makes the authentication with the server running WordPress through an http request, so as long as you can ensure that is secure, everything should be fine. Usually, these would both be the same server, so the data wouldn’t be going anywhere anyway.
It’s possible to send password for wordpress in encrypted (eq. md5 hash) format?
I will search and read the WP XML-RPC api documentation.
Perfectly possible to send it as MD5. I suggest seeding it and adding a random number too (which you send along with the MD5 for additional security).
You shouldn’t send the SHA hash from WordPress, as this could also lead to vulnerabilities. If you make the http request over https using a decent SSL certificate, the data will be encrypted.
The best solution (I think) for dealing with multiple servers would be to re-produce the WordPress login system and remotely connect to your database.
So I did it: i install stunnel in the servers, and create a secure tunnelling beetween the web and XMPP servers.
But i create a ticket in wordpress trac, to implement secure auth to xml-rpc api.
Cool, to be fair doing it without SSL is probably just as secure as somebody normally logging into a site, as the password is sent clean then usually without SSL.
But it’s always good to add security, just in case
Do you want to send this feature request and your code to the WordPress Developers, to merge into the WordPress trunk? (http://core.trac.wordpress.org/)
I think, this is a very useful options (to check the user and password is valid), for other purposes.
Possible idea, I think it could be useful for doing basic integration with the WordPress user management system for third-party tools.
Hi,
thx for your script.
I’ve got one question.
I want to auth to WordPress xml-rpc, i changes the configuration line 2 “wp_server” to my domain.name (with trailing slash), must i change the second line with the absolute path, too? Ore can i delete all between “” ?
I run prosody as jabber server, but prosody has a ext auth script option, too. With “ejabber” mode, i also use for a another domain an external working ejabber script (to mysql) on prosody.
I thing your script is working on prosody, too.
Philipp
You need to fill in the wp_dir variable as well as the auth.php file looks here to find the XML-RPC library WordPress uses so that it can conveniently call XML-RPC requests without you having to download a library manually. This is your actual server path to the wordpress directory so the library can be included (simple scan of the code should hopefully reveal what is happening).
Also, minor note, I realise the code is a little wrong. Make sure you change:
$methods['az4.user_login'] = ‘jabberauth_login’;
$methods['az4.user_check'] = ‘jabberauth_check’;
to:
$methods['xmpp.user_login'] = ‘jabberauth_login’;
$methods['xmpp.user_check'] = ‘jabberauth_check’;
in the WordPress plugin file. Just noticed, shall try and update.
Hi
and thx for your fast reply.
I changed in WordPress plugin file to “xmpp..”. and i use a local copy of class-IXR.php on my Jabber server, now it works fine with Prosody.
Wordpress and Jabber working on different servers and i wont open wp lib, so i think a local copy is the best option.
Philipp
Your script worked great before, but I had to uninstall ejabberd. Now that I installed it again I get this error: “extauth script has exitted abruptly with reason ‘normal’”
Although I don’t know why that error message would occur, I’ll be back at my computer in about 9 hours time and will update this blog with my latest code, which might work (I’m using it very effectively on an updated WordPress + Ejabberd right now).
I rewrote it for myself a while ago as I needed multiple domains on a single server and some other bizarre requirements (and there was an ejabberd bug that caused my server to self-destruct, so I did some other changes).
Anyway, will post later to say I’ve updated it. I don’t recall fixing any bugs, but it was a rewrite so it may prove to fix whatever problem you’re having.
Thanks cubehouse for posting this code, we were looking for the exact same thing: Jabber authentication via WordPress.
I’m getting the same error message as Xan:
=ERROR REPORT==== 2011-09-08 14:06:52 ===
C(:extauth:146) : extauth script has exitted abruptly with reason ‘normal’
This is for a fresh ejabberd installation (v 2.1.8).
Any thoughts on how to address this issue?
Found the cause of the error. The auth.php script was not executable.
I made it executable, and the error went away. You might want to add that to your documentation above.
Cheers,
Ed
Did you update the script yet? I’m still getting that error. Thanks!
Bloody hell, I’ve been so awful at this recently. Life has been ARARARAGH. Forgive me. http://cubehouse.org/blog/wp-content/uploads/2010/06/auth.zip
No problem! Unfortunately I’m still getting an error: “C(:extauth:146) : extauth script has exitted abruptly with reason ‘normal’”
I don’t suppose you have any idea why this would be happening?
Comment in moderation queue solving this problem actually! Make it executable (chmod +x auth.php)
I just figured it out, you have to add php before the auth script (from {extauth_program, “/opt/auth.php”} to {extauth_program, “php /opt/auth.php”}.
However now I’m getting a password failed error. I’ll have a look and see if I can figure it out, if you have any ideas of what to check let me know.
Set up the plugin? Make sure the xmlrpc functions have the same name in auth.php and the WordPress plugin (also, enable xml-rpc in wordpress)
That and sometimes you need to reset ejabberd as it caches password attempts/fails
Was just setting this up on a new server for somebody I know and ran into similar issues. Have you made sure that XML RPC is working correctly? You can find XML RPC testers online where you can verify it’s working correctly for your WordPress installation.
This script assumes a few things:
- you’re running a server with https enabled
- your blog is in the root of the server
Change the functions checkuser and checkpass to compensate for these things if they are different.
Also, you might have issues with including the class-IXR file in your auth.php script. If this isn’t working correctly, you can try commenting out the two includes (checkuser and checkpass again) and then copy/paste the code from the class to the bottom of the auth.php script.
All working!
The problem was I had not used chmod +x on the auth.php. You should add that to the instructions, I missed your comment on it before!
Argh! A new error! The system was working fine but I just retested and now I get this when I try to connect:
I(:ejabberd_c2s:649) : ({socket_state,tls,{tlssock,#Port,#Port},}) Failed authentication for username@mysite.com
Does that mean anything to you? It connects, and seems to recognize the account name, but it won’t accept my password. I’ve tried with a new test account and my old account, and I know I typed it right.
Sorry to be a bother, but I need to get this working
There were also a few numbers in there with brackets that the bbcode hid, (0.413, 0.425, etc. I don’t know if they mean anything)
Hello,
I have the same issue of authentication:
I(:ejabberd_c2s:598) : ({socket_state,tls,{tlssock,#Port,#Port},}) Failed authentication for user1@localhost
I have try with version 1 and version 2 of scripts. I have no log in debug and logging files. Even if I create the two files and gives them the user and group ejabberd.
ejabberd version : 2.1.5-3
Wordpress version 3.2.1 with buddypress 1.5
Is it still working with the last version of wordpress ?
Thanks in advance
Same error for me, too. This no longer works as of ejabberd 2.1.9, and WP 3.2.1/BP 1.5 =[