I was recently installing Ejabberd and wanted to integrate it with a Wordpress installation. I’m pretty nifty at hacking about with Wordpress, so thought I’d challenge myself to do it as neatly as possible.

To do this, we need:

  • An authentication script for Ejabberd to communicate with Wordpress
  • Configure Ejabberd to use the authentication script
  • Add a new XML-RPC method to Wordpress to allow user-login checking

Writing the Authentication Script

This is simply a PHP file that resides somewhere on your webserver (may as well place it in an Ejabberd install directory). It actually has 2 purposes. It tests for user logins (authenticating by username+password) and also checking for user existence on the system (check if a given username exists).

To build this cleanly, we’re going to be authenticating via XML-RPC with Wordpress. I’ll cover more about that later.

Note, this part is heavily borrowed from http://www.ejabberd.im/check_mysql_php - however, I’ve essentially stripped out the MySQL code and added support for Wordpress’s in-built XML-RPC libraries (this doesn’t use the in-built PHP function calls as you need to recompile PHP to enable them, which isn’t a general solution).

Download auth.php on GitHub

If you’re having problems, try changing lines 167 and 176 to remove the https (replace with http). Otherwise, it should work out of the box with relatively little configuration (once you’ve installed the WordPress plugin).

Configuring Ejabberd

Configuring Ejabberd is a piece of cake.

Goto your Ejabberd configuration folder (mine is /opt/ejabberd-2.1.4/conf) - open “ejabberd.cfg”.

Find the line:

{auth_method, internal}.

Change to (comment out using “%%”):

%%{auth_method, internal}.

A few lines down, find the line:

%%{auth_method, external}.

Uncomment this line and the line beneath it.

Modify the line beneath to read something like (or wherever you put the auth script):

{extauth_program, “/opt/auth.php”}.

Restart your server to apply the configuration settings (after re-uploading your settings file).

Adding authentication via XML-RPC to Wordpress

First, before continuing, ensure that you have XML-RPC turned on in your Wordpress Dashboard.

Goto Settings -> Writing and check that the XML-RPC option is on (it is off by default).

What does this mean? XML-RPC allows you to use external software to interact with your Wordpress blogs (like use an iPhone app to write blog posts). It has many other handy functions, however, we’re going to add a new function to the default list that allows us to simply authenticate users.

To do this, we’re going to install a quick plugin I wrote. This adds two extra functions to the Wordpress XML-RPC list without having to hack into the Wordpress files, this means it will work with future Wordpress versions (assuming they don’t change the plugin API for XML-RPC calls).

Save this file in your WordPress plugins (and then activate).

<?php
/**
 * @package Jabber/XMPP XML-RPC Authentication
 * @author James Holding
 * @version 1.0
 **/
/*
Plugin Name: Jabber/XMPP XML-RPC Authentication
Plugin URI: http://www.cubehouse.org
Description: Adds additional XML-RPC functions to Wordpress to allow external authentication with Jabber servers
Author: James Holding
Version: 1.0
Author URI: http://www.cubehouse.org
*/
add_filter('xmlrpc_methods', 'jabberauth_xmlrpc_methods');
function jabberauth_xmlrpc_methods($methods){
    $methods['xmpp.user_login'] = 'jabberauth_login';
    $methods['xmpp.user_check'] = 'jabberauth_check';
    return $methods;
}
function jabberauth_login($args){
    $username   = $args[0];
    $password   = $args[1];
    global $wp_xmlrpc_server;
    if (!$user = $wp_xmlrpc_server->login($username, $password)){
        return $wp_xmlrpc_server->error;
    }else{
        return $user->ID;
    }
}
function jabberauth_check($args){
    $userdata = get_user_by('login', $args[0]);
    if (!$userdata) return $wp_xmlrpc_server->error;
    return $userdata->ID;
}
?>

Drop this file into your wp-content/plugins folder and activate it in the Dashboard.

You’re done! Your Ejabberd server should now be authenticating with your Wordpress installation through XML-RPC requests.