Add 'mod/openid_client/' from commit '11ea6ae4734a0e722c6ecaaee90e9ab772e8d2cc'

git-subtree-dir: mod/openid_client
git-subtree-mainline: a9ac4c861335e60373c1e99b61372e6e0d6ac9f4
git-subtree-split: 11ea6ae4734a0e722c6ecaaee90e9ab772e8d2cc

19 files changed, 909 insertions, 0 deletions

diff --git a/mod/openid_client/actions/openid_client/login.php b/mod/openid_client/actions/openid_client/login.php
new file mode 100644
index 000000000..2a6896a61
--- /dev/null
+++ b/mod/openid_client/actions/openid_client/login.php
@@ -0,0 +1,32 @@
+<?php
+/**
+ * OpenID client login action
+ */
+
+elgg_load_library('openid_consumer');
+
+$provider = get_input('openid_provider');
+$persistent = get_input('persistent', false);
+
+if ($provider == 'others') {
+	$provider = get_input('openid_url');
+}
+
+$consumer = new ElggOpenIDConsumer($store);
+$consumer->setURL($provider);
+$consumer->setReturnURL(elgg_get_site_url() . "mod/openid_client/return.php?persistent=$persistent");
+
+$html = $consumer->requestAuthentication();
+if ($html) {
+	echo $html;
+	exit;
+} else {
+	$flipped_providers = array_flip(elgg_get_config('openid_providers'));
+	if (isset($flipped_providers[$provider])) {
+		$provider_name = $flipped_providers[$provider];
+	} else {
+		$provider_name = $provider;
+	}
+	register_error(elgg_echo('openid_client:error:no_html', array($provider_name)));
+	forward();
+}
diff --git a/mod/openid_client/actions/openid_client/register.php b/mod/openid_client/actions/openid_client/register.php
new file mode 100644
index 000000000..f0ad2a5fd
--- /dev/null
+++ b/mod/openid_client/actions/openid_client/register.php
@@ -0,0 +1,35 @@
+<?php
+/**
+ * Register OpenID user action
+ */
+
+elgg_set_context('openid_client');
+
+$username = get_input('username');
+$name = get_input('name');
+$email = get_input('email');
+$openid_identifier = get_input('openid_identifier');
+
+$password = generate_random_cleartext_password();
+
+try {
+	$guid = register_user($username, $password, $name, $email, false);
+} catch (RegistrationException $e) {
+	register_error($e->getMessage());
+	forward(REFERER);
+}
+$user = get_entity($guid);
+openid_client_set_subtype($user);
+
+$user->annotate('openid_identifier', $openid_identifier, ACCESS_PUBLIC);
+elgg_set_user_validation_status($guid, true, 'openid');
+
+if (!elgg_trigger_plugin_hook('register', 'user', array('user' => $user), true)) {
+	$user->delete();
+	register_error(elgg_echo('registerbad'));
+	forward(REFERER);
+}
+
+login($user);
+system_message(elgg_echo('openid_client:success:register'));
+forward();
diff --git a/mod/openid_client/classes/ElggOpenIDConsumer.php b/mod/openid_client/classes/ElggOpenIDConsumer.php
new file mode 100644
index 000000000..098201343
--- /dev/null
+++ b/mod/openid_client/classes/ElggOpenIDConsumer.php
@@ -0,0 +1,238 @@
+<?php
+/**
+ * Consumer for OpenID
+ */
+
+class ElggOpenIDConsumer {
+
+	protected $openIdUrl;
+	protected $returnURL;
+
+	protected $store;
+	protected $consumer;
+	protected $request;
+
+	/**
+	 * Constructor
+	 *
+	 * @param Auth_OpenID_OpenIDStore $store Optional persistence store
+	 */
+	public function __construct(Auth_OpenID_OpenIDStore $store = null) {
+		if ($store) {
+			$this->store = $store;
+		} else {
+			// use the default store
+			$this->store = new OpenID_ElggStore();
+		}
+	}
+
+	/**
+	 * Set the OpenID username
+	 *
+	 * @param string $username
+	 */
+	public function setURL($url) {
+		$this->openIdUrl = $url;
+	}
+
+	/**
+	 * Set the return URL
+	 *
+	 * @param string $url The URL the OpenID provider returns the user to
+	 */
+	public function setReturnURL($url) {
+		$this->returnURL = $url;
+	}
+
+	/**
+	 * Send a request to the provider for authentication
+	 *
+	 * @return mixed HTMl form on success and false for failure
+	 */
+	public function requestAuthentication() {
+
+		if (!$this->store) {
+			return false;
+		}
+
+		$this->consumer = new Auth_OpenID_Consumer($this->store);
+		if (!$this->consumer) {
+			return false;
+		}
+
+		$url = $this->openIdUrl;
+		if (!$url) {
+			return false;
+		}
+
+		// discovers the identity server
+		$this->request = $this->consumer->begin($url);
+		if (!$this->request) {
+			return false;
+		}
+
+		// request user information
+		if (!$this->addAttributeRequests()) {
+			return false;
+		}
+
+		// send browser for authentication
+		return $this->getForm();
+	}
+
+	/**
+	 * Complete the OpenID authentication by parsing the response
+	 *
+	 * This returns an array of key value pairs about the user.
+	 * 
+	 * @return array
+	 */
+	public function completeAuthentication() {
+
+		if (!$this->store) {
+			return false;
+		}
+
+		$this->consumer = new Auth_OpenID_Consumer($this->store);
+		if (!$this->consumer) {
+			return false;
+		}
+
+		$response = $this->consumer->complete($this->returnURL);
+		switch ($response->status) {
+			case Auth_OpenID_SUCCESS:
+				$data = $this->getUserData($response);
+				break;
+			case Auth_OpenID_FAILURE:
+			case Auth_OpenID_CANCEL:
+				$data = array();
+				break;
+		}
+
+		return $data;
+	}
+
+	/**
+	 * Add attribute requests to the OpenID authentication request
+	 * 
+	 * @return bool
+	 */
+	protected function addAttributeRequests() {
+
+		// Simple Registration
+		$required = array();
+		$optional = array('email', 'nickname', 'fullname', 'language');
+		$sregRequest = Auth_OpenID_SRegRequest::build($required, $optional);
+		if (!$sregRequest) {
+			return false;
+		}
+		$this->request->addExtension($sregRequest);
+
+		// Attribute Exchange
+		$axRequest = new Auth_OpenID_AX_FetchRequest();
+		$attributes[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true, 'email');
+		$attributes[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, true, 'firstname');
+		$attributes[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, true, 'lastname');
+		foreach ($attributes as $attribute) {
+			$axRequest->add($attribute);
+		}
+		$this->request->addExtension($axRequest);
+
+		return true;
+	}
+
+	/**
+	 * Gets the form to send the user to the provider to authenticate
+	 *
+	 * This implements OpenID 2.0 by submitting a form through JavaScript against
+	 * the provider. If JavaScript is not enabled, a plain html form with a
+	 * continue button is displayed.
+	 *
+	 * This also supports OpenID 1.x but has not been tested as thoroughly.
+	 *
+	 * @return mixed
+	 */
+	protected function getForm() {
+		if (!$this->request->shouldSendRedirect()) {
+			// OpenID 2.0
+			$html = $this->request->htmlMarkup(elgg_get_site_url(), $this->returnURL, false);
+			return $html;
+		} else {
+			// OpenID 1.x
+			$redirect_url = $this->request->redirectURL(elgg_get_site_url(), $this->returnURL);
+
+			if (Auth_OpenID::isFailure($redirect_url)) {
+				return false;
+			} else {
+				forward($redirect_url);
+			}
+		}
+	}
+
+	/**
+	 * Get user data from the OpenID response
+	 * 
+	 * @param Auth_OpenID_ConsumerResponse $response
+	 * @return array
+	 */
+	protected function getUserData($response) {
+		if (!$response) {
+			return array();
+		}
+
+		$sregResponse = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
+		$sreg = $sregResponse->contents();
+
+		$axResponse = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response);
+		$ax = $axResponse->data;
+
+		$data = $this->extractUserData($sreg, $ax);
+		$data['openid_identifier'] = $response->getDisplayIdentifier();
+
+		return $data;
+	}
+
+	/**
+	 * Extract user data from the extensions in the response
+	 *
+	 * @param array $sreg Simple Registration data
+	 * @param array $ax   Attribute Exchange data
+	 * @return array
+	 */
+	protected function extractUserData($sreg, $ax) {
+		$data = array();
+
+		// email
+		if (isset($sreg['email'])) {
+			$data['email'] = $sreg['email'];
+		}
+		if (isset($ax['http://axschema.org/contact/email'])) {
+			$data['email'] = $ax['http://axschema.org/contact/email'][0];
+		}
+
+		// display name
+		if (isset($sreg['fullname'])) {
+			$data['name'] = $sreg['fullname'];
+		}
+		if (isset($ax['http://axschema.org/namePerson/first'])) {
+			$data['name'] = $ax['http://axschema.org/namePerson/first'][0];
+		}
+		if (isset($ax['http://axschema.org/namePerson/last'])) {
+			$data['name'] .= ' ' . $ax['http://axschema.org/namePerson/last'][0];
+			$data['name'] = trim($data['name']);
+		}
+
+		// username
+		if (isset($sreg['nickname'])) {
+			$data['username'] = $sreg['nickname'];
+		}
+
+		// language
+		if (isset($sreg['language'])) {
+			$languages = get_installed_translations();
+			// @todo - find out format
+		}
+
+		return $data;
+	}
+}
diff --git a/mod/openid_client/graphics/openid_icon.png b/mod/openid_client/graphics/openid_icon.png
new file mode 100644
index 000000000..97d4714c5
--- /dev/null
+++ b/mod/openid_client/graphics/openid_icon.png
diff --git a/mod/openid_client/languages/en.php b/mod/openid_client/languages/en.php
new file mode 100644
index 000000000..4af3bf06a
--- /dev/null
+++ b/mod/openid_client/languages/en.php
@@ -0,0 +1,28 @@
+<?php

+/**

+ * OpenID client English language file

+ */

+

+$english = array(

+

+	'openid_client' => 'OpenID',

+	'openid_client:login:header' => 'Log in with',

+	'openid_client:login' => 'Login in with OpenID',

+	'openid_client:others' => 'Others...',

+	'openid_client:url' => 'OpenID URL',

+

+	'openid_client:create' => 'Create an account',

+	'openid_client:create:instructs' => 'Your account has been approved. We just need you to confirm or set the below information.',

+

+	'openid_client:success:register' => 'Your account has been created.',

+	'openid_client:error:bad_register' => 'Unable to create an account. Please contact a site administrator.',

+	'openid_client:error:bad_response' => 'Bad response from the OpenID server',

+	'openid_client:error:no_html' => 'An error occurred trying to contact %s',

+	'openid_client:warning:username_not_available' => 'The username %s is not available. Please pick another.',

+	'openid_client:warning:username_valid' => 'The username %s is not valid as this site. Please pick another.',

+	'openid_client:warning:email_not_available' => 'The email address %s is not available. Please pick another.',

+

+	'river:friend:user:openid' => "%s is now a friend with %s",

+);

+

+add_translation('en', $english);

diff --git a/mod/openid_client/lib/helpers.php b/mod/openid_client/lib/helpers.php
new file mode 100644
index 000000000..3fc101c42
--- /dev/null
+++ b/mod/openid_client/lib/helpers.php
@@ -0,0 +1,114 @@
+<?php
+/**
+ * Helper functions for the OpenID client plugin
+ */
+
+/**
+ * Serves a page to the new user to determine account values
+ *
+ * This should only be called after validating the OpenID response.
+ *
+ * @param array $data Key value pairs extracted from the response
+ * @return bool
+ */
+function openid_client_registration_page_handler(array $data) {
+
+	if (!is_array($data)) {
+		return false;
+	}
+
+	$title = elgg_echo('openid_client:create');
+
+	$vars = openid_client_prepare_registration_vars($data);
+	$content = elgg_view('openid_client/register', $vars);
+
+	$params = array(
+		'title' => $title,
+		'content' => $content,
+	);
+	$body = elgg_view_layout('one_column', $params);
+	echo elgg_view_page($title, $body);
+
+	return true;
+}
+
+/**
+ * Create the form vars for registration
+ *
+ * @param array $data
+ * @return array
+ */
+function openid_client_prepare_registration_vars(array $data) {
+	$vars = array();
+
+	$vars['openid_identifier'] = $data['openid_identifier'];
+
+	// username
+	if (isset($data['username'])) {
+		$vars['username'] = $data['username'];
+	} else if (isset($data['email'])) {
+		$vars['username'] = array_shift(explode('@', $data['email']));
+	} else {
+		$vars['username'] = null;
+	}
+
+	// is the username available
+	if ($vars['username']) {
+		$vars['is_username_available'] = openid_client_is_username_available($vars['username']);
+	}
+
+	// is the username valid
+	try {
+		$vars['is_username_valid'] = validate_username($vars['username']);
+	} catch (RegistrationException $e) {
+		$vars['is_username_valid'] = false;
+	}
+
+	// the rest
+	$vars['email'] = elgg_extract('email', $data);
+	$vars['name'] = elgg_extract('name', $data);
+
+	if ($vars['email']) {
+		$vars['is_email_available'] = openid_client_is_email_available($vars['email']);
+	}
+
+	return $vars;
+}
+
+/**
+ * Is this username available?
+ *
+ * @param string $username The username
+ * @return bool 
+ */
+function openid_client_is_username_available($username) {
+	$db_prefix = elgg_get_config('dbprefix');
+	$username = sanitize_string($username);
+
+	$query = "SELECT count(*) AS total FROM {$db_prefix}users_entity WHERE username = '$username'";
+	$result = get_data_row($query);
+	if ($result->total == 0) {
+		return true;
+	} else {
+		return false;
+	}
+}
+
+/**
+ * Is this email address available?
+ *
+ * @param string $email Email address
+ * @return bool
+ */
+function openid_client_is_email_available($email) {
+	$db_prefix = elgg_get_config('dbprefix');
+	$email = sanitize_string($email);
+
+	$query = "SELECT count(*) AS total FROM {$db_prefix}users_entity WHERE email = '$email'";
+	$result = get_data_row($query);
+	if ($result->total == 0) {
+		return true;
+	} else {
+		return false;
+	}
+}
diff --git a/mod/openid_client/manifest.xml b/mod/openid_client/manifest.xml
new file mode 100644
index 000000000..eba4674c7
--- /dev/null
+++ b/mod/openid_client/manifest.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<plugin_manifest xmlns="http://www.elgg.org/plugin_manifest/1.8">
+	<name>OpenID Client</name>
+	<author>Core developers</author>
+	<version>1.8.0</version>
+	<description>OpenID consumer for Elgg. Enabled users log in using their credentials from sites like Google and Yahoo.</description>
+	<category>user</category>
+	<website>http://www.elgg.org/</website>
+	<copyright>Cash Costello 2011</copyright>
+	<license>GNU General Public License version 2</license>
+	<requires>
+		<type>elgg_release</type>
+		<version>1.8</version>
+	</requires>
+	<requires>
+		<type>plugin</type>
+		<name>openid_api</name>
+	</requires>
+</plugin_manifest>
diff --git a/mod/openid_client/return.php b/mod/openid_client/return.php
new file mode 100644
index 000000000..3aa728ea6
--- /dev/null
+++ b/mod/openid_client/return.php
@@ -0,0 +1,69 @@
+<?php

+/**

+ * Callback for return_to url redirection.

+ * 

+ * The identity server will redirect back to this handler with the results of

+ * the authentication attempt.

+ * 

+ * Note: the Janrain OpenID library is incompatible with Elgg's routing so

+ * this script needs to be directly accessed.

+ */

+

+require_once dirname(dirname(dirname(__FILE__))).'/engine/start.php';

+

+elgg_load_library('openid_consumer');

+elgg_load_library('openid_client');

+

+$persistent = get_input('persistent', false);

+

+// get user data from the response

+$consumer = new ElggOpenIDConsumer($store);

+$url = elgg_get_site_url() . "mod/openid_client/return.php?persistent=$persistent";

+$consumer->setReturnURL($url);

+$data = $consumer->completeAuthentication();

+if (!$data || !$data['openid_identifier']) {

+	register_error(elgg_echo('openid_client:error:bad_response'));

+	forward();

+}

+

+// is there an account already associated with this openid

+$user = null;

+$users = elgg_get_entities_from_annotations(array(

+	'type' => 'user',

+	'annotation_name' => 'openid_identifier',

+	'annotation_value' => $data['openid_identifier'],

+));

+if ($users) {

+	// there should only be one account

+	$user = $users[0];

+} else {

+	$email = elgg_extract('email', $data);

+	if ($email) {

+		$users = get_user_by_email($email);

+		if (count($users)) {

+                       register_error(elgg_echo('openid_client:email_register'));

+                       forward();

+

+		}

+	}

+}

+

+if ($user) {

+	// log in user and maybe update account (admin setting, user prompt?)

+	try {

+		login($user, $persistent);

+	} catch (LoginException $e) {

+		register_error($e->getMessage());

+		forward();

+	}

+

+	system_message(elgg_echo('loginok'));

+	forward();

+} else {

+	// register the new user

+	$result = openid_client_registration_page_handler($data);

+	if (!$result) {

+		register_error(elgg_echo('openid_client:error:bad_register'));

+		forward();

+	}

+}

diff --git a/mod/openid_client/start.php b/mod/openid_client/start.php
new file mode 100644
index 000000000..9da701b6b
--- /dev/null
+++ b/mod/openid_client/start.php
@@ -0,0 +1,82 @@
+<?php

+/**

+ * Elgg OpenID client

+ *

+ * This is a rewrite of the OpenID client written by Kevin Jardine for

+ * Curverider Ltd for Elgg 1.0-1.7.

+ */

+

+elgg_register_event_handler('init', 'system', 'openid_client_init');

+

+/**

+ * OpenID client initialization

+ */

+function openid_client_init() {

+	elgg_extend_view('css/elgg', 'openid_client/css');

+	elgg_extend_view('js/elgg', 'openid_client/js');

+

+	elgg_register_plugin_hook_handler('register', 'menu:openid_login', 'openid_client_setup_menu');

+	

+	$base = elgg_get_plugins_path() . 'openid_client/actions/openid_client';

+	elgg_register_action('openid_client/login', "$base/login.php", 'public');

+	elgg_register_action('openid_client/register', "$base/register.php", 'public');

+

+	$base = elgg_get_plugins_path() . 'openid_client/lib';

+	elgg_register_library('openid_client', "$base/helpers.php");

+	

+	elgg_set_config('openid_providers', array(

+		'N-1'			=> 'https://n-1.cc/mod/openid_server/server.php',

+		'Ecoxarxes'		=> 'https://cooperativa.ecoxarxes.cat/mod/openid_server/server.php',

+                'Anillosur'             => 'https://anillosur.net/mod/openid_server/server.php',

+                'Saravea'               => 'https://saravea.net/mod/openid_server/server.php',

+                'Enekenbat'             => 'https://enekenbat.cc/mod/openid_server/server.php',

+<<<<<<< HEAD
+=======
+

+>>>>>>> 84be7867eac3e0b69cca4d84c184f6e8e4d2e43b
+		// ...

+	));

+

+	// the return to page needs to be public

+	elgg_register_plugin_hook_handler('public_pages', 'walled_garden', 'openid_client_public');

+	elgg_register_event_handler('upgrade', 'system', 'openid_client_run_upgrades');

+

+}

+

+function openid_client_run_upgrades() {

+        if (include_once(elgg_get_plugins_path() . 'upgrade-tools/lib/upgrade_tools.php')) {

+                upgrade_module_run('openid_client');

+        }

+

+}

+

+/**

+ * Set the correct subtype for OpenID users

+ *

+ * @param ElggUser $user New user

+ * @return void

+ */

+function openid_client_set_subtype($user) {

+	$db_prefix = elgg_get_config('dbprefix');

+	$guid = (int)$user->getGUID();

+	$subtype_id = (int)add_subtype('user', 'openid');

+

+	$query = "UPDATE {$db_prefix}entities SET subtype = $subtype_id WHERE guid = $guid";

+	update_data($query);

+}

+

+/**

+ * Add pages to the list of public pages for walled garden needed for OpenID

+ * transaction

+ *

+ * @param string $hook  Hook name

+ * @param string $type  Hook type

+ * @param array  $pages Array of public pages

+ * @return array

+ */

+function openid_client_public($hook, $type, $pages) {

+	$pages[] = 'action/openid_client/login';

+	$pages[] = 'mod/openid_client/return.php';

+	$pages[] = 'action/openid_client/register';

+	return $pages;

+}

diff --git a/mod/openid_client/upgrade.php b/mod/openid_client/upgrade.php
new file mode 100644
index 000000000..37248d484
--- /dev/null
+++ b/mod/openid_client/upgrade.php
@@ -0,0 +1,12 @@
+<?php
+require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
+
+admin_gatekeeper();
+set_time_limit(0);
+
+echo "upgrade microthemes";
+$previous_access = elgg_set_ignore_access(true);
+openid_client_run_upgrades();
+elgg_set_ignore_access($previous_access);
+
+echo "DONE";
diff --git a/mod/openid_client/upgrades/2012100501.php b/mod/openid_client/upgrades/2012100501.php
new file mode 100644
index 000000000..789a73e0a
--- /dev/null
+++ b/mod/openid_client/upgrades/2012100501.php
@@ -0,0 +1,53 @@
+<?php
+
+global $MIGRATED;
+
+$local_version = (int)elgg_get_plugin_setting('version', 'openid_client');
+if (2012022501 <= $local_version) {
+        error_log("Openid client requires no upgrade");
+        // no upgrade required
+        return;
+}
+
+/**
+ * Save previous author id
+ */
+function openid_client_user_2012100501($user) {
+	$MIGRATED += 1;
+	if ($MIGRATED % 100 == 0) {
+		error_log(" * openid user $user->guid");
+	}
+
+	if ($user->alias) {
+		$alias = $user->alias;
+		if (strpos($alias, 'pg/profile') !== FALSE) {
+			$alias = str_replace('pg/profile', 'profile', $alias);
+		}
+		error_log($alias);
+		$user->annotate('openid_identifier', $alias, ACCESS_PUBLIC);
+	}
+	return true;
+}
+
+
+
+/*
+ * Run upgrade. First users, then pads
+ */
+// users
+$options = array('type' => 'user', 'limit' => 0);
+
+$MIGRATED = 0;
+
+$previous_access = elgg_set_ignore_access(true);
+$batch = new ElggBatch('elgg_get_entities', $options, "openid_client_user_2012100501", 100);
+elgg_set_ignore_access($previous_access);
+
+if ($batch->callbackResult) {
+	error_log("Elgg openid users upgrade (201210050) succeeded");
+	elgg_set_plugin_setting('version', 2012022501, 'openid_client');
+} else {
+	error_log("Elgg openid users upgrade (201210050) failed");
+}
+
+
diff --git a/mod/openid_client/views/default/core/account/login_box.php b/mod/openid_client/views/default/core/account/login_box.php
new file mode 100644
index 000000000..51b13398b
--- /dev/null
+++ b/mod/openid_client/views/default/core/account/login_box.php
@@ -0,0 +1,24 @@
+<?php
+/**
+ * Elgg login box
+ *
+ * @package Elgg
+ * @subpackage Core
+ *
+ * @uses $vars['module'] The module name. Default: aside
+ * @override views/default/core/account/login_box.php
+ */
+
+$module = elgg_extract('module', $vars, 'aside');
+
+$login_url = elgg_get_site_url();
+if (elgg_get_config('https_login')) {
+	$login_url = str_replace("http:", "https:", $login_url);
+}
+
+$title = elgg_echo('login');
+$body = elgg_view_form('login', array('action' => "{$login_url}action/login"));
+$body .= elgg_view_form('openid_client/login', array('class' => 'elgg-form-login hidden'), array());
+$body .= elgg_view('openid_client/icon');
+
+echo elgg_view_module($module, $title, $body);
diff --git a/mod/openid_client/views/default/core/account/login_dropdown.php b/mod/openid_client/views/default/core/account/login_dropdown.php
new file mode 100644
index 000000000..c3add2924
--- /dev/null
+++ b/mod/openid_client/views/default/core/account/login_dropdown.php
@@ -0,0 +1,31 @@
+<?php
+/**
+ * Elgg drop-down login form
+ * 
+ * @override views/default/core/account/login_dropdown.php
+ */
+
+if (elgg_is_logged_in()) {
+	return true;
+}
+
+$login_url = elgg_get_site_url();
+if (elgg_get_config('https_login')) {
+	$login_url = str_replace("http:", "https:", elgg_get_site_url());
+}
+
+$body = elgg_view_form('login', array('action' => "{$login_url}action/login"), array('returntoreferer' => TRUE));
+$body .= elgg_view_form('openid_client/login', array('class' => 'elgg-form-login hidden'), array());
+$body .= elgg_view('openid_client/icon');
+?>
+<div id="login-dropdown">
+	<?php 
+		echo elgg_view('output/url', array(
+			'href' => 'login#login-dropdown-box',
+			'rel' => 'popup',
+			'class' => 'elgg-button elgg-button-dropdown',
+			'text' => elgg_echo('login'),
+		)); 
+		echo elgg_view_module('dropdown', '', $body, array('id' => 'login-dropdown-box')); 
+	?>
+</div>
diff --git a/mod/openid_client/views/default/forms/openid_client/login.php b/mod/openid_client/views/default/forms/openid_client/login.php
new file mode 100644
index 000000000..1f440dc49
--- /dev/null
+++ b/mod/openid_client/views/default/forms/openid_client/login.php
@@ -0,0 +1,43 @@
+<?php
+/**
+ * OpenID login if username or full url required
+ */
+
+$options_values = array_flip(elgg_get_config('openid_providers'));
+$options_values['others'] = elgg_echo('openid_client:others');
+
+?>
+<div>
+<label><?php echo elgg_echo('openid_client:login:header'); ?></label>
+<br />
+<?php
+echo elgg_view('input/dropdown', array(
+	'name' => 'openid_provider',
+	'options_values' => $options_values,
+));
+?>
+</div>
+
+<div class="openid-client-url hidden">
+<label><?php echo elgg_echo('openid_client:url'); ?> </label>
+
+<?php
+echo elgg_view('input/text', array('name' => 'openid_url', 'class' => 'mbs'));
+?>
+
+</div>
+
+<div class="elgg-foot">
+	<label class="mtm float-alt">
+		<input type="checkbox" name="persistent" value="true" />
+		<?php echo elgg_echo('user:persistent'); ?>
+	</label>
+	
+	<?php echo elgg_view('input/submit', array('value' => elgg_echo('login'))); ?>
+	
+	<?php 
+	if (isset($vars['returntoreferer'])) {
+		echo elgg_view('input/hidden', array('name' => 'returntoreferer', 'value' => 'true'));
+	}
+	?>
+</div>
\ No newline at end of file
diff --git a/mod/openid_client/views/default/forms/openid_client/register.php b/mod/openid_client/views/default/forms/openid_client/register.php
new file mode 100644
index 000000000..6044f0f0b
--- /dev/null
+++ b/mod/openid_client/views/default/forms/openid_client/register.php
@@ -0,0 +1,71 @@
+<?php
+/**
+ * OpenID register form body
+ *
+ * @uses $vars['openid_identifier']
+ * @uses $vars['username']
+ * @uses $vars['is_username_available']
+ * @uses $vars['is_username_valid']
+ * @uses $vars['email']
+ * @uses $vars['is_email_available']
+ * @uses $vars['name']
+ */
+
+$username_label = elgg_echo('username');
+$username_warning = '';
+if (!elgg_extract('is_username_available', $vars, true)) {
+	$username_warning = elgg_echo('openid_client:warning:username_not_available', array($vars['username']));
+	$username_warning = "($username_warning)";
+} else if (!elgg_extract('is_username_valid', $vars, true)) {
+	$username_warning = elgg_echo('openid_client:warning:username_valid', array($vars['username']));
+	$username_warning = "($username_warning)";
+}
+$username_input = elgg_view('input/text', array(
+	'name' => 'username',
+	'value' => $vars['username'],
+));
+
+$name_label = elgg_echo('name');
+$name_input = elgg_view('input/text', array(
+	'name' => 'name',
+	'value' => $vars['name'],
+));
+
+$email_label = elgg_echo('email');
+$email_available = elgg_extract('is_email_available', $vars, true);
+$email_warning = '';
+if (!$email_available) {
+	$email_warning = elgg_echo('openid_client:warning:email_not_available', array($vars['email']));
+	$email_warning = "($email_warning)";
+}
+$email_input = elgg_view('input/email', array(
+	'name' => 'email',
+	'value' => $vars['email'],
+	'readonly' => $email_available,
+));
+
+$openid_input = elgg_view('input/hidden', array(
+	'name' => 'openid_identifier',
+	'value' => $vars['openid_identifier'],
+));
+$button = elgg_view('input/submit', array('value' => elgg_echo('save')));
+
+echo <<<HTML
+<div>
+	<label>$username_label</label> $username_warning
+	$username_input
+</div>
+<div>
+	<label>$name_label</label>
+	$name_input
+</div>
+<div>
+	<label>$email_label</label> $email_warning
+	$email_input
+</div>
+<div class="elgg-foot">
+	$openid_input
+	$button
+</div>
+
+HTML;
diff --git a/mod/openid_client/views/default/openid_client/css.php b/mod/openid_client/views/default/openid_client/css.php
new file mode 100644
index 000000000..d01fc6b5a
--- /dev/null
+++ b/mod/openid_client/views/default/openid_client/css.php
@@ -0,0 +1,13 @@
+<?php

+/**

+ * OpenID client CSS

+ */

+?>

+

+.elgg-icon-openid {

+	background-image: url(<?php echo elgg_get_site_url(); ?>mod/openid_client/graphics/openid_icon.png);

+}

+

+.elgg-form-login {

+	margin-bottom: 10px;

+}
\ No newline at end of file
diff --git a/mod/openid_client/views/default/openid_client/icon.php b/mod/openid_client/views/default/openid_client/icon.php
new file mode 100644
index 000000000..3a9a9d981
--- /dev/null
+++ b/mod/openid_client/views/default/openid_client/icon.php
@@ -0,0 +1,8 @@
+<?php
+
+echo elgg_view('output/url', array(
+	'text' => elgg_view_icon('openid') . elgg_echo('openid_client:login'),
+	'href' => '',
+	'title' => elgg_echo('openid_client'),
+	'class' => "openid-login-icon",
+));
\ No newline at end of file
diff --git a/mod/openid_client/views/default/openid_client/js.php b/mod/openid_client/views/default/openid_client/js.php
new file mode 100644
index 000000000..171215593
--- /dev/null
+++ b/mod/openid_client/views/default/openid_client/js.php
@@ -0,0 +1,26 @@
+<?php
+/**
+ * OpenID JavaScript
+ */
+
+?>
+
+// OpenID toggle
+elgg.register_hook_handler('init', 'system', function() {
+	$('.openid-login-icon').click(function(e) {
+		var openid_box = $(this).prev('.elgg-form-openid-client-login');
+		var shown = openid_box.is(':visible') ? openid_box : openid_box.prev(); 
+		var hidden = !openid_box.is(':visible') ? openid_box : openid_box.prev();
+		shown.fadeOut(function() {
+			hidden.fadeIn();
+		});
+		e.preventDefault();
+	});
+	$(".elgg-form-openid-client-login [name='openid_provider']").change(function(event) {
+		if (this.value == 'others') {
+			$(".openid-client-url").slideDown().find('input').focus();
+		} else {
+			$(".openid-client-url").slideUp();
+		}
+	});
+});
diff --git a/mod/openid_client/views/default/openid_client/register.php b/mod/openid_client/views/default/openid_client/register.php
new file mode 100644
index 000000000..be448ef54
--- /dev/null
+++ b/mod/openid_client/views/default/openid_client/register.php
@@ -0,0 +1,11 @@
+<?php
+/**
+ * Registration content view for OpenID client
+ *
+ */
+
+echo '<p>';
+echo elgg_echo('openid_client:create:instructs');
+echo '<p>';
+
+echo elgg_view_form('openid_client/register', array(), $vars);