tags:

views:

429

answers:

2
+1  Q: 

Create ejabberd user from PHP

I need to create an ejabberd user from a PHP script. I also need to be able to add the new user to a predefined shared roster.

Should I just call ejabberdctl using exec() or is there a better way?

+1  A: 

ejabberdctl is by far the easiest in this specific case. The other options are:

  • Implement a full client XMPP in PHP (!)

  • Implement a module in Erlang that proxies the requests: the PHP<-->Erlang communication would need to be through a socket and lots of marshaling would be involved (!)

jldupont  2009-10-26 19:42:32
Hmmmm... I seem to be having trouble with limited privileges (or something). Whenever I try to run the `ejabberdctl` command using `exec()` I get this back: `erlexec: HOME must be set`
Andrew  2009-10-27 03:11:15
Ok - got it figured out. I'll post my solution soon. Thanks for the advice.
Andrew  2009-10-27 05:19:36
A: 

Here's my final solution:

Thanks to jldupont's advice that ejabberdctl would be the easiest solution, I pressed on through the obstacles I ran into and have a working solution.

By default, apache's user doesn't have the right privileges to successfully run ejabberdctl (and for good reason). So in order for it to work, you have to call it with sudo. But... sudo requires a password, which presents 2 problems:

  1. The apache user doesn't have a password.
  2. Even if it did, there's no way to enter it from PHP.

Solution (for Ubuntu) - add this line at the end of /etc/sudoers:

www-data ALL= NOPASSWD: /usr/sbin/ejabberdctl

The path to the sudoers file and ejabberdctl may vary for other Linux distros. This allows apache's user (www-data) to run only ejabberdctl with elevated privileges and without requiring a password.

All that's left is the PHP code:

<?php
    $username = 'tester';
    $password = 'testerspassword';
    $node = 'myserver.com';
    exec('sudo /usr/sbin/ejabberdctl register '.$username.' '.$node.' '.$password.' 2>&1',$output,$status);
    if($output == 0)
    {
        // Success!
    }
    else
    {
        // Failure, $output has the details
        echo '<pre>';
        foreach($output as $o)
        {
            echo $o."\n";
        }
        echo '</pre>';
    }
?>

Security

It's important to note that this does present a significant security risk even though you're only allowing one command to be run by www-data. If you use this approach, you need to make sure you protect the PHP code behind some sort of authentication so that not just anybody can make it execute. Beyond the obvious security risks, it could open your server up to a Denial of Service attack.

Andrew  2009-10-27 20:52:47

related questions

XMPP Client incompabilities.
One listener for all packets vs separate listeners to handle specific types
daemon threads in an app container
Please confirm that this XMPP code is not threadsafe
Saving & Restoring Connections with XIFF
Silverlight 3.0 "Push" Capability information
Is there a way to manually register a user with a py-transport server-side?
What's the proper XMPP client response to a <presence type=unsubscribed...> stanza?
What uses have you found for XMPP that help you as a web developer/manager?
Which group messaging technology to use?
How to create an SSL connection using the Smack XMPP library?
Caching with multiple server
LINQ: Get attribute with any namespace but specific name
XMPP Server-to-Server for Gmail.com/Jabber.org
What XMPP clients currently support PubSub (XEP-0060)?
Message delivery when user is offline
How do you create a simple Google Talk Client using the Twisted Words Python library?
Good examples or documentation of XIFF implementation?
Good XMPP Java Libraries for server side?
IIS performance problem trying to implement an XMPP-like protocol
Potential other uses of a jabber server
What are good sources to study the threading implementation of a XMPP application?
What is the best option for running a Jabber/XMPP on Windows 2003?
Messaging solution for a serial hardware device
What is the best architecture to bridge to XMPP?