[wp-hackers] XML-RPC anonymous comments wordpress.com
senica at gmail.com
Sat Feb 6 05:08:36 UTC 2010
I posted the following on the wordpress.com forums and tbol3 sent me over to
you guys for help.
The pretty version of this question is located here:
I have done tons of research today, but apparently I'm just not getting the
right answer. Today is my first day using XML-RPC. Piece of cake.
I was able to do a Trackback, a PingBack, and various XML-RPC calls with
different APIs to my blog. The one thing that I cannot seem to be able to do
is add an anonymous comment to my blog remotely.
I have seen where other people have asked this question, and Jonathan has
said that it was covered in the XML-RPC API. Basically, mentioning that if
you leave the username and password blank, it will work.....It doesn't. At
least not in my case. I always get:
faultCode 403 faultString Bad login/pass combination.
Here is the request I'm sending:
$request = ' <?xml version="1.0" encoding="utf-8"?> <methodCall>
<methodName>wp.newComment</methodName> <params> <param>
<value> <struct> <member> <name>comment_parent</name>
<value><int></int></value> </member> <member> <name>content</name>
<value><string>Test1</string></value> </member> <member> <name>author</name>
<value><string>Ogglabas</string></value> </member> <member>
<name>author_url</name> <value><string></string></value> </member> <member>
<name>author_email</name> <value><string>senica at gmail.com</string></value>
</member> </struct> </value> </param> </params> </methodCall>
If I have a username and password in there...it works perfect. The only
problem is, it shows "me" as the poster, whereas I want to allow people to
post comments to my blog from my other website as well and have "their" name
show up as the poster.
As already mentioned, if I take the username and password out....no dice.
Also, I wanted to mention before someone posts on here....Apparently, there
is a way to enable_anonymous_xml_rpc...or something to that affect, if I was
running Word Press on my own server.
This is not the case, and not an option for me.
And if someone says that it is a security issue....well, seems like
trackbacks wouldn't be allowed either. At least with this, you can make the
user put in their email address and a name.
This is an important feature to have if it is not already enabled.
Thanks for the help ahead of time!
More information about the wp-hackers