12 files changed, 299 insertions, 122 deletions

diff --git a/mod/twitter_api/actions/twitter_api/interstitial_settings.php b/mod/twitter_api/actions/twitter_api/interstitial_settings.php
new file mode 100644
index 000000000..5f742efd8
--- /dev/null
+++ b/mod/twitter_api/actions/twitter_api/interstitial_settings.php
@@ -0,0 +1,53 @@
+<?php
+/**
+ * Save settings for first time logins with twitter
+ */
+elgg_make_sticky_form('twitter_api_interstitial');
+
+$display_name = get_input('display_name');
+$email = get_input('email');
+$password_1 = get_input('password_1');
+$password_2 = get_input('password_2');
+
+if (!$display_name) {
+	register_error(elgg_echo('twitter_api:interstitial:no_display_name'));
+	forward(REFERER);
+}
+
+if ($email && !is_email_address($email)) {
+	register_error(elgg_echo('twitter_api:interstitial:invalid_email'));
+	forward(REFERER);
+}
+
+$existing_user = get_user_by_email($email);
+if ($email && $existing_user) {
+	register_error(elgg_echo('twitter_api:interstitial:existing_email'));
+	forward(REFERER);
+}
+
+if ($password_1 && !($password_1 == $password_2)) {
+	register_error(elgg_echo('twitter_api:interstitial:password_mismatch'));
+	forward(REFERER);
+}
+
+$user = elgg_get_logged_in_user_entity();
+$user->name = $display_name;
+
+if ($email) {
+	$user->email = $email;
+}
+
+if ($password_1) {
+	$user->salt = generate_random_cleartext_password();
+	$user->password = generate_user_password($user, $password_1);
+}
+
+if (!$user->save()) {
+	register_error(elgg_echo('twitter_api:interstitial:cannot_save'));
+	forward(REFERER);
+}
+
+elgg_clear_sticky_form('twitter_api_interstitial');
+
+system_message(elgg_echo('twitter_api:interstitial:saved'));
+forward('/');
\ No newline at end of file
diff --git a/mod/twitter_api/graphics/sign-in-with-twitter-d.png b/mod/twitter_api/graphics/sign-in-with-twitter-d.png
new file mode 100644
index 000000000..b49a0ba59
--- /dev/null
+++ b/mod/twitter_api/graphics/sign-in-with-twitter-d.png
diff --git a/mod/twitter_api/graphics/sign-in-with-twitter-l.png b/mod/twitter_api/graphics/sign-in-with-twitter-l.png
new file mode 100644
index 000000000..834d43cfd
--- /dev/null
+++ b/mod/twitter_api/graphics/sign-in-with-twitter-l.png
diff --git a/mod/twitter_api/languages/en.php b/mod/twitter_api/languages/en.php
index 940a49d9b..9d8554a9e 100644
--- a/mod/twitter_api/languages/en.php
+++ b/mod/twitter_api/languages/en.php
@@ -11,10 +11,11 @@ $english = array(
 	'twitter_api:consumer_key' => 'Consumer Key',
 	'twitter_api:consumer_secret' => 'Consumer Secret',
 
-	'twitter_api:settings:instructions' => 'You must obtain a consumer key and secret from <a href="https://twitter.com/oauth_clients" target="_blank">Twitter</a>. Most of the fields are self explanatory, the one piece of data you will need is the callback url which takes the form http://[yoursite]/action/twitterlogin/return - [yoursite] is the url of your Elgg network.',
+	'twitter_api:settings:instructions' => 'You must obtain a consumer key and secret from <a href="https://dev.twitter.com/apps/new" target="_blank">Twitter</a>. Fill out the new app application. Select "Browser" as the application type and "Read & Write" for the access type. The callback url is %stwitter_api/authorize',
 
 	'twitter_api:usersettings:description' => "Link your %s account with Twitter.",
 	'twitter_api:usersettings:request' => "You must first <a href=\"%s\">authorize</a> %s to access your Twitter account.",
+	'twitter_api:usersettings:cannot_revoke' => "You cannot unlink you account with Twitter because you haven't provided an email address or password. <a href=\"%s\">Provide them now</a>.",
 	'twitter_api:authorize:error' => 'Unable to authorize Twitter.',
 	'twitter_api:authorize:success' => 'Twitter access has been authorized.',
 
@@ -28,7 +29,30 @@ $english = array(
 	'twitter_api:login:error' => 'Unable to login with Twitter.',
 	'twitter_api:login:email' => "You must enter a valid email address for your new %s account.",
 
+	'twitter_api:invalid_page' => 'Invalid page',
+
 	'twitter_api:deprecated_callback_url' => 'The callback URL has changed for Twitter API to %s.  Please ask your administrator to change it.',
+
+	'twitter_api:interstitial:settings' => 'Configure your settings',
+	'twitter_api:interstitial:description' => 'You\'re almost ready to use %s! We need a few more details before you can continue. These are optional, but will allow you login if Twitter goes down or you decide to unlink your accounts.',
+
+	'twitter_api:interstitial:username' => 'This is your username. It cannot be changed. If you set a password, you can use the username or your email address to log in.',
+
+	'twitter_api:interstitial:name' => 'This is the name people will see when interacting with you.',
+
+	'twitter_api:interstitial:email' => 'Your email address. Users cannot see this by default.',
+
+	'twitter_api:interstitial:password' => 'A password to login if Twitter is down or you decide to unlink your accounts.',
+	'twitter_api:interstitial:password2' => 'The same password, again.',
+
+	'twitter_api:interstitial:no_thanks' => 'No thanks',
+
+	'twitter_api:interstitial:no_display_name' => 'You must have a display name.',
+	'twitter_api:interstitial:invalid_email' => 'You must enter a valid email address or nothing.',
+	'twitter_api:interstitial:existing_email' => 'This email address is already registered on this site.',
+	'twitter_api:interstitial:password_mismatch' => 'Your passwords do not match.',
+	'twitter_api:interstitial:cannot_save' => 'Cannot save account details.',
+	'twitter_api:interstitial:saved' => 'Account details saved!',
 );
 
 add_translation('en', $english);
diff --git a/mod/twitter_api/lib/twitter_api.php b/mod/twitter_api/lib/twitter_api.php
index 0621c2b13..b14b84f2d 100644
--- a/mod/twitter_api/lib/twitter_api.php
+++ b/mod/twitter_api/lib/twitter_api.php
@@ -24,9 +24,9 @@ function twitter_api_allow_sign_on_with_twitter() {
 }
 
 /**
- * Forwards
+ * Forwards the user to twitter to authenticate
  *
- * @todo what is this?
+ * This includes the login URL as the callback
  */
 function twitter_api_forward() {
 	// sanity check
@@ -41,7 +41,18 @@ function twitter_api_forward() {
 }
 
 /**
- * Log in a user with twitter.
+ * Log in a user referred from Twitter's OAuth API
+ *
+ * If the user has already linked their account with Twitter, it is a seamless
+ * login. If this is a first time login (or a user from deprecated twitter login
+ * plugin), we create a new account (update the account).
+ *
+ * If a plugin wants to be notified when someone logs in with twitter or a new
+ * twitter user signs up, register for the standard login or create user events
+ * and check for 'twitter_api' context.
+ *
+ * The user has to be redirected from Twitter for this to work. It depends on
+ * the Twitter OAuth data.
  */
 function twitter_api_login() {
 
@@ -64,32 +75,26 @@ function twitter_api_login() {
 			'access_key' => $token['oauth_token'],
 			'access_secret' => $token['oauth_token_secret'],
 		),
-		'limit' => 0
+		'limit' => 0,
 	);
 
 	$users = elgg_get_entities_from_plugin_user_settings($options);
 
 	if ($users) {
 		if (count($users) == 1 && login($users[0])) {
-			system_message(elgg_echo('twitter_api:login:success'));
-			
-			// trigger login hook
-			elgg_trigger_plugin_hook('login', 'twitter_api', array('user' => $users[0]));
+			system_message(elgg_echo('twitter_api:login:success'));			
 		} else {
-			system_message(elgg_echo('twitter_api:login:error'));
+			register_error(elgg_echo('twitter_api:login:error'));
 		}
-
-		forward();
-	} else {
-		// need Twitter account credentials
-		elgg_load_library('twitter_oauth');
 		
+		forward(elgg_get_site_url());
+	} else {
 		$consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api');
 		$consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api');
 		$api = new TwitterOAuth($consumer_key, $consumer_secret, $token['oauth_token'], $token['oauth_token_secret']);
 		$twitter = $api->get('account/verify_credentials');
 
-		// backward compatibility for stalled-development Twitter Login plugin
+		// backward compatibility for deprecated Twitter Login plugin
 		$user = FALSE;
 		if ($twitter_user = get_user_by_username($token['screen_name'])) {
 			if (($screen_name = $twitter_user->twitter_screen_name) && ($screen_name == $token['screen_name'])) {
@@ -101,48 +106,10 @@ function twitter_api_login() {
 
 		// create new user
 		if (!$user) {
-			// check new registration allowed
-			if (!twitter_api_allow_new_users_with_twitter()) {
-				register_error(elgg_echo('registerdisabled'));
-				forward();
-			}
-
-			// trigger a hook for plugin authors to intercept
-			if (!elgg_trigger_plugin_hook('new_twitter_user', 'twitter_service', array('account' => $twitter), TRUE)) {
-				// halt execution
-				register_error(elgg_echo('twitter_api:login:error'));
-				forward();
-			}
-
-			// Elgg-ify Twitter credentials
-			$username = $twitter->screen_name;
-			while (get_user_by_username($username)) {
-				$username = $twitter->screen_name . '_' . rand(1000, 9999);
-			}
-
-			$password = generate_random_cleartext_password();
-			$name = $twitter->name;
-
-			$user = new ElggUser();
-			$user->username = $username;
-			$user->name = $name;
-			$user->access_id = ACCESS_PUBLIC;
-			$user->salt = generate_random_cleartext_password();
-			$user->password = generate_user_password($user, $password);
-			$user->owner_guid = 0;
-			$user->container_guid = 0;
-
-			if (!$user->save()) {
-				register_error(elgg_echo('registerbad'));
-				forward();
-			}
-
-			// @todo require email address?
-
+			$user = twitter_api_create_user($twitter);
 			$site_name = elgg_get_site_entity()->name;
 			system_message(elgg_echo('twitter_api:login:email', array($site_name)));
-
-			$forward = "settings/user/{$user->username}";
+			$forward = "twitter_api/intersitial";
 		}
 
 		// set twitter services tokens
@@ -156,9 +123,6 @@ function twitter_api_login() {
 		// login new user
 		if (login($user)) {
 			system_message(elgg_echo('twitter_api:login:success'));
-			
-			// trigger login hook for new user
-			elgg_trigger_plugin_hook('first_login', 'twitter_api', array('user' => $user));
 		} else {
 			system_message(elgg_echo('twitter_api:login:error'));
 		}
@@ -172,10 +136,50 @@ function twitter_api_login() {
 }
 
 /**
+ * Create a new user from Twitter information
+ * 
+ * @param object $twitter Twitter OAuth response
+ * @return ElggUser
+ */
+function twitter_api_create_user($twitter) {
+	// check new registration allowed
+	if (!twitter_api_allow_new_users_with_twitter()) {
+		register_error(elgg_echo('registerdisabled'));
+		forward();
+	}
+
+	// Elgg-ify Twitter credentials
+	$username = $twitter->screen_name;
+	while (get_user_by_username($username)) {
+		// @todo I guess we just hope this is good enough
+		$username = $twitter->screen_name . '_' . rand(1000, 9999);
+	}
+
+	$password = generate_random_cleartext_password();
+	$name = $twitter->name;
+
+	$user = new ElggUser();
+	$user->username = $username;
+	$user->name = $name;
+	$user->access_id = ACCESS_PUBLIC;
+	$user->salt = generate_random_cleartext_password();
+	$user->password = generate_user_password($user, $password);
+	$user->owner_guid = 0;
+	$user->container_guid = 0;
+
+	if (!$user->save()) {
+		register_error(elgg_echo('registerbad'));
+		forward();
+	}
+
+	return $user;
+}
+
+/**
  * Pull in the latest avatar from twitter.
  *
- * @param unknown_type $user
- * @param unknown_type $file_location
+ * @param ElggUser $user
+ * @param string   $file_location
  */
 function twitter_api_update_user_avatar($user, $file_location) {
 	// twitter's images have a few suffixes:
@@ -213,8 +217,6 @@ function twitter_api_update_user_avatar($user, $file_location) {
 	
 	// update user's icontime
 	$user->icontime = time();
-
-	return TRUE;
 }
 
 /**
@@ -243,7 +245,6 @@ function twitter_api_authorize() {
 		),
 		'limit' => 0
 	);
-
 	$users = elgg_get_entities_from_plugin_user_settings($options);
 
 	if ($users) {
@@ -281,13 +282,12 @@ function twitter_api_revoke() {
 }
 
 /**
- * Returns the url to authorize a user.
+ * Gets the url to authorize a user.
  *
  * @param string $callback The callback URL
  */
-function twitter_api_get_authorize_url($callback = NULL) {
+function twitter_api_get_authorize_url($callback = NULL, $login = true) {
 	global $SESSION;
-	elgg_load_library('twitter_oauth');
 
 	$consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api');
 	$consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api');
@@ -302,7 +302,7 @@ function twitter_api_get_authorize_url($callback = NULL) {
 		'oauth_token_secret' => $token['oauth_token_secret'],
 	);
 
-	return $twitter->getAuthorizeURL($token['oauth_token']);
+	return $twitter->getAuthorizeURL($token['oauth_token'], $login);
 }
 
 /**
@@ -312,7 +312,6 @@ function twitter_api_get_authorize_url($callback = NULL) {
  */
 function twitter_api_get_access_token($oauth_verifier = FALSE) {
 	global $SESSION;
-	elgg_load_library('twitter_oauth');
 
 	$consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api');
 	$consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api');
diff --git a/mod/twitter_api/pages/twitter_api/interstitial.php b/mod/twitter_api/pages/twitter_api/interstitial.php
new file mode 100644
index 000000000..d1f1ac20c
--- /dev/null
+++ b/mod/twitter_api/pages/twitter_api/interstitial.php
@@ -0,0 +1,21 @@
+<?php
+/**
+ * An interstitial page for newly created Twitter users.
+ *
+ * This prompts them to enter an email address and set a password in case Twitter goes down or they
+ * want to disassociate their account from twitter.
+ */
+
+$title = elgg_echo('twitter_api:interstitial:settings');
+
+$site = get_config('site');
+$content = elgg_echo('twitter_api:interstitial:description', array($site->name));
+$content .= elgg_view_form('twitter_api/interstitial_settings');
+
+$params = array(
+	'content' => $content,
+	'title' => $title,
+);
+$body = elgg_view_layout('one_sidebar', $params);
+
+echo elgg_view_page($title, $body);
diff --git a/mod/twitter_api/start.php b/mod/twitter_api/start.php
index 8a49db719..b17643c8c 100644
--- a/mod/twitter_api/start.php
+++ b/mod/twitter_api/start.php
@@ -12,14 +12,14 @@ function twitter_api_init() {
 
 	// require libraries
 	$base = elgg_get_plugins_path() . 'twitter_api';
-	elgg_register_library('twitter_oauth', "$base/vendors/twitteroauth/twitterOAuth.php");
+	elgg_register_class('TwitterOAuth', "$base/vendors/twitteroauth/twitterOAuth.php");
 	elgg_register_library('twitter_api', "$base/lib/twitter_api.php");
-
 	elgg_load_library('twitter_api');
 
 	// extend site views
-	elgg_extend_view('metatags', 'twitter_api/metatags');
-	elgg_extend_view('css', 'twitter_api/css');
+	//elgg_extend_view('metatags', 'twitter_api/metatags');
+	elgg_extend_view('css/elgg', 'twitter_api/css');
+	elgg_extend_view('css/admin', 'twitter_api/css');
 
 	// sign on with twitter
 	if (twitter_api_allow_sign_on_with_twitter()) {
@@ -34,14 +34,17 @@ function twitter_api_init() {
 	// register Walled Garden public pages
 	elgg_register_plugin_hook_handler('public_pages', 'walled_garden', 'twitter_api_public_pages');
 
-	// allow plugin authors to hook into this service
-	elgg_register_plugin_hook_handler('tweet', 'twitter_service', 'twitter_api_tweet');
+	// push status messages to twitter
+	elgg_register_plugin_hook_handler('status', 'user', 'twitter_api_tweet');
+
+	$actions = dirname(__FILE__) . '/actions/twitter_api';
+	elgg_register_action('twitter_api/interstitial_settings', "$actions/interstitial_settings.php", 'logged_in');
 }
 
 /**
  * Handles old pg/twitterservice/ handler
  *
- * @param array$page
+ * @param array $page
  */
 function twitter_api_pagehandler_deprecated($page) {
 	$url = elgg_get_site_url() . 'pg/twitter_api/authorize';
@@ -55,7 +58,7 @@ function twitter_api_pagehandler_deprecated($page) {
 /**
  * Serves pages for twitter.
  *
- * @param array$page
+ * @param array $page
  */
 function twitter_api_pagehandler($page) {
 	if (!isset($page[0])) {
@@ -75,6 +78,18 @@ function twitter_api_pagehandler($page) {
 		case 'login':
 			twitter_api_login();
 			break;
+		case 'interstitial':
+			gatekeeper();
+			// only let twitter users do this.
+			$guid = elgg_get_logged_in_user_guid();
+			$twitter_name = elgg_get_plugin_user_setting('twitter_name', $guid, 'twitter_api');
+			if (!$twitter_name) {
+				register_error(elgg_echo('twitter_api:invalid_page'));
+				forward();
+			}
+			$pages = dirname(__FILE__) . '/pages/twitter_api';
+			include "$pages/interstitial.php";
+			break;
 		default:
 			forward();
 			break;
@@ -82,53 +97,48 @@ function twitter_api_pagehandler($page) {
 }
 
 /**
- * Push a tweet to twitter.
+ * Push a status update to twitter.
  *
- * @param unknown_type $hook
- * @param unknown_type $entity_type
- * @param unknown_type $returnvalue
- * @param unknown_type $params
+ * @param string $hook
+ * @param string $type
+ * @param null   $returnvalue
+ * @param array  $params
  */
-function twitter_api_tweet($hook, $entity_type, $returnvalue, $params) {
-	static $plugins;
-	if (!$plugins) {
-		$plugins = elgg_trigger_plugin_hook('plugin_list', 'twitter_service', NULL, array());
-	}
+function twitter_api_tweet($hook, $type, $returnvalue, $params) {
 
-	// ensure valid plugin
-	if (!in_array($params['plugin'], $plugins)) {
-		return NULL;
+	if (!elgg_instanceof($params['user'])) {
+		return;
 	}
 
+	// @todo - allow admin to select origins?
+
 	// check admin settings
 	$consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api');
 	$consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api');
 	if (!($consumer_key && $consumer_secret)) {
-		return NULL;
+		return;
 	}
 
 	// check user settings
-	$user_id = elgg_get_logged_in_user_guid();
+	$user_id = $params['user']->getGUID();
 	$access_key = elgg_get_plugin_user_setting('access_key', $user_id, 'twitter_api');
 	$access_secret = elgg_get_plugin_user_setting('access_secret', $user_id, 'twitter_api');
 	if (!($access_key && $access_secret)) {
-		return NULL;
+		return;
 	}
 
 	// send tweet
 	$api = new TwitterOAuth($consumer_key, $consumer_secret, $access_key, $access_secret);
 	$response = $api->post('statuses/update', array('status' => $params['message']));
-
-	return TRUE;
 }
 
 /**
- * Return tweets for a user.
+ * Get tweets for a user.
  *
- * @param int $user_id The Elgg user GUID
+ * @param int   $user_id The Elgg user GUID
  * @param array $options
  */
-function twitter_api_fetch_tweets($user_guid, $options=array()) {
+function twitter_api_fetch_tweets($user_guid, $options = array()) {
 	// check admin settings
 	$consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api');
 	$consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api');
@@ -151,10 +161,10 @@ function twitter_api_fetch_tweets($user_guid, $options=array()) {
 /**
  * Register as public pages for walled garden.
  *
- * @param unknown_type $hook
- * @param unknown_type $type
- * @param unknown_type $return_value
- * @param unknown_type $params
+ * @param string $hook
+ * @param string $type
+ * @param array  $return_value
+ * @param array  $params
  */
 function twitter_api_public_pages($hook, $type, $return_value, $params) {
 	$return_value[] = 'twitter_api/forward';
diff --git a/mod/twitter_api/views/default/forms/twitter_api/interstitial_settings.php b/mod/twitter_api/views/default/forms/twitter_api/interstitial_settings.php
new file mode 100644
index 000000000..fdeafd46d
--- /dev/null
+++ b/mod/twitter_api/views/default/forms/twitter_api/interstitial_settings.php
@@ -0,0 +1,61 @@
+<?php
+/**
+ * Make the user set up some alternative ways to login.
+ */
+
+$user = elgg_get_logged_in_user_entity();
+
+if (elgg_is_sticky_form('twitter_api_interstitial')) {
+	extract(elgg_get_sticky_values('twitter_api_interstitial'));
+	elgg_clear_sticky_form('twitter_api_interstitial');
+}
+
+if (!isset($display_name)) {
+	$display_name = $user->name;
+}
+
+// username
+$title = elgg_echo('username');
+
+$body = elgg_echo('twitter_api:interstitial:username');
+$body .= elgg_view('input/text', array('value' => $user->username, 'disabled' => 'disabled'));
+
+echo elgg_view_module('info', $title, $body);
+
+// display name
+$title = elgg_echo('name');
+
+$body = elgg_echo('twitter_api:interstitial:name');
+$body .= elgg_view('input/text', array('name' => 'display_name', 'value' => $display_name));
+
+echo elgg_view_module('info', $title, $body);
+
+// email
+$title = elgg_echo('email');
+
+$body = elgg_echo('twitter_api:interstitial:email');
+$body .= elgg_view('input/email', array('name' => 'email', 'value' => $email));
+
+echo elgg_view_module('info', $title, $body);
+
+// password
+$title = elgg_echo('password');
+
+$body = elgg_echo('twitter_api:interstitial:password');
+$body .= elgg_view('input/password', array('name' => 'password_1'));
+$body .= elgg_echo('twitter_api:interstitial:password2');
+$body .= elgg_view('input/password', array('name' => 'password_2'));
+
+echo elgg_view_module('info', $title, $body);
+
+// buttons
+
+echo elgg_view('input/submit', array(
+	'text' => elgg_echo('save')
+));
+
+echo elgg_view('output/url', array(
+	'class' => 'right',
+	'text' => elgg_echo('twitter_api:interstitial:no_thanks'),
+	'href' => '/',
+));
\ No newline at end of file
diff --git a/mod/twitter_api/views/default/settings/twitter_api/edit.php b/mod/twitter_api/views/default/settings/twitter_api/edit.php
index 9deac3989..4e52a5c9d 100644
--- a/mod/twitter_api/views/default/settings/twitter_api/edit.php
+++ b/mod/twitter_api/views/default/settings/twitter_api/edit.php
@@ -1,8 +1,9 @@
 <?php
 /**
- *
+ * Twitter API plugin settings
  */
-$insert_view = elgg_view('twittersettings/extend');
+
+$instructions = elgg_echo('twitter_api:settings:instructions', array(elgg_get_site_url()));
 
 $consumer_key_string = elgg_echo('twitter_api:consumer_key');
 $consumer_key_view = elgg_view('input/text', array(
@@ -15,7 +16,7 @@ $consumer_secret_string = elgg_echo('twitter_api:consumer_secret');
 $consumer_secret_view = elgg_view('input/text', array(
 	'name' => 'params[consumer_secret]',
 	'value' => $vars['entity']->consumer_secret,
-	'class' => 'text_input',
+	'class' => 'text_input twitter-secret',
 ));
 
 $sign_on_with_twitter_string = elgg_echo('twitter_api:login');
@@ -39,9 +40,9 @@ $new_users_with_twitter_view = elgg_view('input/dropdown', array(
 ));
 
 $settings = <<<__HTML
-<div>$insert_view</div>
-<div>$consumer_key_string $consumer_key_view</div>
-<div>$consumer_secret_string $consumer_secret_view</div>
+<div class="elgg-instructs mtm"><p>$instructions</p></div>
+<div><label>$consumer_key_string</label><br /> $consumer_key_view</div>
+<div><label>$consumer_secret_string</label><br /> $consumer_secret_view</div>
 <div>$sign_on_with_twitter_string $sign_on_with_twitter_view</div>
 <div>$new_users_with_twitter $new_users_with_twitter_view</div>
 __HTML;
diff --git a/mod/twitter_api/views/default/twitter_api/css.php b/mod/twitter_api/views/default/twitter_api/css.php
index 140ce6a52..04bbed668 100644
--- a/mod/twitter_api/views/default/twitter_api/css.php
+++ b/mod/twitter_api/views/default/twitter_api/css.php
@@ -4,9 +4,10 @@
  */
 ?>
 
-#twitter_api_site_settings .text_input {
-	width: 350px;
-}
 #login_with_twitter {
 	padding: 10px 0 0 0;
 }
+
+.twitter-secret {
+	width: 400px;
+}
\ No newline at end of file
diff --git a/mod/twitter_api/views/default/twitter_api/login.php b/mod/twitter_api/views/default/twitter_api/login.php
index d0aca87ac..17bd76d56 100644
--- a/mod/twitter_api/views/default/twitter_api/login.php
+++ b/mod/twitter_api/views/default/twitter_api/login.php
@@ -1,10 +1,10 @@
 <?php
 /**
- * 
+ * Extension of login form for Twitter sign in
  */
 
 $url = elgg_get_site_url() . 'twitter_api/forward';
-$img_url = elgg_get_site_url() . 'mod/twitter_api/graphics/sign_in_with_twitter.gif';
+$img_url = elgg_get_site_url() . 'mod/twitter_api/graphics/sign-in-with-twitter-d.png';
 
 $login = <<<__HTML
 <div id="login_with_twitter">
diff --git a/mod/twitter_api/views/default/usersettings/twitter_api/edit.php b/mod/twitter_api/views/default/usersettings/twitter_api/edit.php
index 77dd5cc5d..acb8d9af5 100644
--- a/mod/twitter_api/views/default/usersettings/twitter_api/edit.php
+++ b/mod/twitter_api/views/default/usersettings/twitter_api/edit.php
@@ -1,22 +1,29 @@
 <?php
 /**
- * 
+ * User settings for Twitter API
  */
 
-$user_id = elgg_get_logged_in_user_guid();
-$twitter_name = get_plugin_usersetting('twitter_name', $user_id, 'twitter_api');
-$access_key = get_plugin_usersetting('access_key', $user_id, 'twitter_api');
-$access_secret = get_plugin_usersetting('access_secret', $user_id, 'twitter_api');
+$user = elgg_get_logged_in_user_entity();
+$user_guid = $user->getGUID();
+$twitter_name = get_plugin_usersetting('twitter_name', $user_guid, 'twitter_api');
+$access_key = get_plugin_usersetting('access_key', $user_guid, 'twitter_api');
+$access_secret = get_plugin_usersetting('access_secret', $user_guid, 'twitter_api');
 
 $site_name = elgg_get_site_entity()->name;
 echo '<div>' . elgg_echo('twitter_api:usersettings:description', array($site_name)) . '</div>';
 
 if (!$access_key || !$access_secret) {
 	// send user off to validate account
-	$request_link = twitter_api_get_authorize_url();
+	$request_link = twitter_api_get_authorize_url(null, false);
 	echo '<div>' . elgg_echo('twitter_api:usersettings:request', array($request_link, $site_name)) . '</div>';
 } else {
-	$url = elgg_get_site_url() . "twitter_api/revoke";
-	echo '<div class="twitter_anywhere">' . elgg_echo('twitter_api:usersettings:authorized', array($site_name, $twitter_name)) . '</div>';
-	echo '<div>' . sprintf(elgg_echo('twitter_api:usersettings:revoke'), $url) . '</div>';
+	// if this user logged in through twitter and never set up an email address, don't
+	// let them disassociate their account.
+	if ($user->email) {
+		$url = elgg_get_site_url() . "twitter_api/revoke";
+		echo '<div class="twitter_anywhere">' . elgg_echo('twitter_api:usersettings:authorized', array($site_name, $twitter_name)) . '</div>';
+		echo '<div>' . sprintf(elgg_echo('twitter_api:usersettings:revoke'), $url) . '</div>';
+	} else {
+		echo elgg_echo('twitter_api:usersettings:cannot_revoke', array(elgg_normalize_url('twitter_api/interstitial')));
+	}
 }