diff -ruN PHP-server-1.0.orig/src/auth.php PHP-server-1.0.xmpp/src/auth.php
--- PHP-server-1.0.orig/src/auth.php	2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/src/auth.php	2006-11-15 15:01:39.000000000 +0200
@@ -102,4 +102,21 @@
     }
 }
 
+class AuthBackend_XMPP extends Backend_XMPP {
+    function newAccount($username, $password, $query)
+    {
+        return false;
+    }
+    
+    function authenticate($username, $password)
+    {
+        return false;
+    }
+
+    function search($str = null)
+    {
+        return array();
+    }
+}
+
 ?>
\ No newline at end of file
diff -ruN PHP-server-1.0.orig/src/backends.php PHP-server-1.0.xmpp/src/backends.php
--- PHP-server-1.0.orig/src/backends.php	2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/src/backends.php	2006-11-13 21:44:21.000000000 +0200
@@ -38,4 +38,11 @@
     }
 }
 
+class Backend_XMPP {
+    function connect($parameters)
+    {
+        return true;
+    }
+}
+
 ?>
\ No newline at end of file
diff -ruN PHP-server-1.0.orig/src/common.php PHP-server-1.0.xmpp/src/common.php
--- PHP-server-1.0.orig/src/common.php	2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/src/common.php	2006-11-15 16:13:38.000000000 +0200
@@ -96,13 +96,8 @@
 /**
  * Get the URL of the current script
  */
-function getServerURL()
+function getRootURL()
 {
-    $path = dirname($_SERVER['SCRIPT_NAME']);
-    if ($path[strlen($path) - 1] != '/') {
-        $path .= '/';
-    }
-
     $host = $_SERVER['HTTP_HOST'];
     $port = $_SERVER['SERVER_PORT'];
     $s = $_SERVER['HTTPS'] ? 's' : '';
@@ -112,12 +107,32 @@
         $p = ':' . $port;
     }
     
-    return "http$s://$host$p$path";
+    return "http$s://$host$p";
+}
+
+function getServerURL()
+{
+    $path = dirname($_SERVER['SCRIPT_NAME']);
+    if ($path[strlen($path) - 1] != '/') {
+        $path .= '/';
+    }
+
+    return getRootURL().$path;
+}
+
+function getServeURL()
+{
+    return getRootURL()."/server"; #getServerURL()."server.php";
 }
 
 function Server_getAccountIdentifier($account)
 {
-    return sprintf("%s?user=%s", getServerURL(), $account);
+    return sprintf("%s/%s", getRootURL(), $account); #sprintf("%s?user=%s", getServerURL(), $account);
+}
+
+function Server_getXRDSLocation($account)
+{
+    return getRootURL()."/xrds/".$account; #getServerURL()."?xrds=".$account;
 }
 
 function Server_addMessage($str)
@@ -328,6 +343,7 @@
         $this->assign('errors', $this->errors);
         $this->assign('messages', $this->messages);
         $this->assign('SERVER_URL', getServerURL());
+        $this->assign('SERVE_URL', getServeURL());
         $this->assign('SITE_TITLE', SITE_TITLE);
         $this->assign('ADMIN', isset($_SESSION['admin']));
         $this->assign('SITE_ADMIN_EMAIL', SITE_ADMIN_EMAIL);
diff -ruN PHP-server-1.0.orig/src/config.php PHP-server-1.0.xmpp/src/config.php
--- PHP-server-1.0.orig/src/config.php	2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/src/config.php	2006-12-02 12:19:23.000000000 +0200
@@ -39,7 +39,21 @@
  * In either case, the ADMIN_USERNAME account specified below will be
  * able to log in to create and remove accounts.
  */
-define('ALLOW_PUBLIC_REGISTRATION', true);
+define('ALLOW_PUBLIC_REGISTRATION', false);
+
+/**
+ * Set this to true if you want to allow users to login.
+ * It might be useful to disable this functionality during
+ * maintenace, etc.
+ */
+define('ALLOW_USER_LOGIN', false);
+
+/**
+ * Set this to true if you want to allow users to add and remove trust urls.
+ * In either case, the ADMIN_USERNAME account specified below will be
+ * able to log in to change the list of trusted urls.
+ */
+define('ALLOW_USER_TRUST', false);
 
 /**
  * Set these values for administrative access.  This account will be
@@ -60,7 +74,7 @@
  * connecting to the storage backend.  See storage.php if you want to
  * create your own backend.
  */
-define('STORAGE_BACKEND', 'MYSQL');
+define('STORAGE_BACKEND', 'XMPP');
 global $storage_parameters;
 $storage_parameters = array('username' => 'openid',
                             'password' => '',
@@ -74,8 +88,15 @@
  * authentication data in the same database with the storage data
  * (above), so you probably don't need to adjust this.
  */
-define('AUTH_BACKEND', 'MYSQL');
+define('AUTH_BACKEND', 'XMPP');
 global $auth_parameters;
 $auth_parameters = $storage_parameters;
 
+global $xmpp_parameters;
+$xmpp_parameters = array('server'   => 'localhost',
+                         'port'     => '5222',
+                         'username' => 'openid',
+                         'password' => 'password',
+                         'resourcesalt' => 'supersecret');
+
 ?>
\ No newline at end of file
diff -ruN PHP-server-1.0.orig/src/render.php PHP-server-1.0.xmpp/src/render.php
--- PHP-server-1.0.orig/src/render.php	2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/src/render.php	2006-11-15 16:12:30.000000000 +0200
@@ -275,8 +275,9 @@
         $request['xrds'] = $request['user'];
         render_XRDS($method, $request, $template);
     } else {
-        header("X-XRDS-Location: ".getServerURL()."?xrds=".$request['user']);
+        header("X-XRDS-Location: ".Server_getXRDSLocation($request['user']));
         $template->assign('openid_url', Server_getAccountIdentifier($request['user']));
+        $template->assign('xrds_url', Server_getXRDSLocation($request['user']));
         $template->assign('user', $request['user']);
         $template->display('idpage.tpl', true);
     }
@@ -397,7 +398,11 @@
             $urls = $storage->getUrlsForAccount($account);
         }
 
-        if ($request->immediate && !$account) {
+        if (!ALLOW_USER_TRUST) {
+            $account = $storage->getAccountForUrl($request->identity);
+            $trust = $storage->isTrusted($account, $request->trust_root);
+            $response =& $request->answer($trust, getServerURL());
+        } else if ($request->immediate && !$account) {
             $response =& $request->answer(false, getServerURL());
         } else if ($account &&
                    $storage->isTrusted($account, $request->trust_root) &&
@@ -431,6 +436,7 @@
     $username = $request['xrds'];
     $template->assign('account', $username);
     $template->assign('openid_url', Server_getAccountIdentifier($username));
+    $template->assign('xrds_url', Server_getXRDSLocation($username));
 
     header("Content-type: application/xrds+xml");
     $template->display('xrds.tpl', true);
diff -ruN PHP-server-1.0.orig/src/server.php PHP-server-1.0.xmpp/src/server.php
--- PHP-server-1.0.orig/src/server.php	1970-01-01 02:00:00.000000000 +0200
+++ PHP-server-1.0.xmpp/src/server.php	2006-11-13 22:39:44.000000000 +0200
@@ -0,0 +1,33 @@
+<?php
+
+/**
+ * The user-facing portion of the PHP OpenID Server.
+ */
+
+session_start();
+
+require_once "config.php";
+require_once "common.php";
+
+// Create a page template.
+$template =& new Template();
+
+// First, get the request data.
+list($method, $request) = Server_getRequest();
+
+// Initialize backends.
+$auth =& Server_getAuthBackend();
+$storage =& Server_getStorageBackend();
+
+if ($auth === null) {
+    $template->addError("Could not connect to authentication server.");
+}
+
+if ($storage === null) {
+    $template->addError("Could not connect to OpenID storage server.");
+}
+
+require_once "render.php";
+render_serve($method, $request, $template);
+
+?>
diff -ruN PHP-server-1.0.orig/src/storage.php PHP-server-1.0.xmpp/src/storage.php
--- PHP-server-1.0.orig/src/storage.php	2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/src/storage.php	2006-11-15 15:16:24.000000000 +0200
@@ -3,6 +3,7 @@
 require_once "DB.php";
 require_once "backends.php";
 require_once "constants.php";
+require_once "xep-0070.php";
 
 class Storage_MYSQL extends Backend_MYSQL {
     function _init()
@@ -184,4 +185,49 @@
     }
 }
 
+class Storage_XMPP extends Backend_XMPP {
+    function trustLog($account, $trust_root, $trusted)
+    {
+    }
+
+    function isTrusted($account, $trust_root)
+    {
+        $xep_0070 = new XEP_0070;
+
+        return $xep_0070->ConfirmRequest($account, $trust_root);
+    }
+
+    function getSites($account)
+    {
+        return array();
+    }
+
+    function getAccountForUrl($identifier)
+    {
+        $result = substr($identifier, strlen(Server_getAccountIdentifier("")));
+
+        if (PEAR::isError($result)) {
+            return null;
+        } else {
+            return $result;
+        }
+    }
+
+    function getUrlsForAccount($account)
+    {
+        $result = array(Server_getAccountIdentifier($account));
+
+        if (PEAR::isError($result)) {
+            return null;
+        } else {
+            return $result;
+        }
+    }
+    
+    function getPersona($account)
+    {
+        return array();
+    }
+}
+
 ?>
\ No newline at end of file
diff -ruN PHP-server-1.0.orig/src/xep-0070.php PHP-server-1.0.xmpp/src/xep-0070.php
--- PHP-server-1.0.orig/src/xep-0070.php	1970-01-01 02:00:00.000000000 +0200
+++ PHP-server-1.0.xmpp/src/xep-0070.php	2006-11-15 18:49:09.000000000 +0200
@@ -0,0 +1,89 @@
+<?php
+
+require_once "class.jabber.php";
+require_once "config.php";
+
+class XEP_0070 extends JABBER {
+    function Handler_message_chat($packet) {
+        // Maybe the user's client only allows a reply of type "chat".
+        $this->Handler_message_normal($packet);
+    }
+
+    function Handler_message_normal($packet) {
+        $from = Jabber::GetInfoFromMessageFrom($packet);
+        // XXX: check sender and id
+        $body = Jabber::GetInfoFromMessageBody($packet);
+        $confirm = isset($packet['message']['#']['confirm']);
+
+        $this->AddToLog("body: ".$body);
+
+        $this->gotanswer = true;
+        if ($confirm || strtoupper(substr($body, 0, 2)) == "OK") {
+            $this->confirmed = true;
+        }
+        $this->Disconnect();
+        $this->connected = false;
+    }
+
+    function Handler_message_error($packet) {
+        $this->gotanswer = true;
+        $this->confirmed = false;
+        $this->disconnect();
+        $this->connected = false;
+    }
+
+    function ConfirmRequest($user, $uri)
+    {
+        global $xmpp_parameters;
+
+        $this->server = $xmpp_parameters['server'];
+        $this->port = $xmpp_parameters['port'];
+        $this->username = $xmpp_parameters['username'];
+        $this->password = $xmpp_parameters['password'];
+        $this->resource = md5($xmpp_parameters['resourcesalt'].$user); //date('U');
+        //$this->enable_logging = true;
+
+        $this->Connect() or die("Couldn't connect!");
+        $this->SendAuth() or die ("Couldn't authenticate!");
+
+        // The XEP says that we should send an IQ if the user specified a full
+        // JID.  For now we don't.
+        $text = "Someone (maybe you) requested an OpenID login at ".
+          $uri.". If you wish to confirm the request, ".
+          "please reply to this message by typing 'OK'.  If not, please ".
+          "reply with 'No'.";
+        $payload = "<confirm xmlns='http://jabber.org/protocol/http-auth' ".
+          "id='".$password."' method='OpenID' ".
+          "url='".$uri."'/>";
+        $this->SendMessage($user, "chat", NULL, array("body" => $text), $payload);
+
+        $this->gotanswer = false;
+        $this->confirmed = false;
+
+        // CruiseControl won't do here, since we want to interrupt it when we
+        // get an answer.
+        $seconds = 30;
+        while ($this->connected && $seconds > 0 && !$this->gotanswer) {
+            $this->Listen();
+            do {
+                $packet = $this->GetFirstFromQueue();
+
+                if ($packet) {
+                    $this->CallHandler($packet);
+                }
+
+            } while (count($this->packet_queue) > 1);
+
+            sleep(1);
+            $seconds--;
+        }
+
+        if ($this->connected) {
+            $this->Disconnect();
+        }
+
+        return $this->confirmed;
+    }    
+}
+
+?>
\ No newline at end of file
diff -ruN PHP-server-1.0.orig/templates/idpage.tpl PHP-server-1.0.xmpp/templates/idpage.tpl
--- PHP-server-1.0.orig/templates/idpage.tpl	2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/templates/idpage.tpl	2006-11-15 16:12:41.000000000 +0200
@@ -1,13 +1,14 @@
 <html>
   <head>
-    <link rel="openid.server" href="{$SERVER_URL}index.php/serve">
+    <meta http-equiv="x-xrds-location" content="{$xrds_url}" />
+    <link rel="openid.server" href="{$SERVE_URL}">
     <link rel="openid.delegate" href="{$openid_url}">
   </head>
   <body>
     <h3>OpenID Identity Page</h3>
 
     <p>
-    This is the identity page for the user <strong>{$user}</strong>.
+    This is the identity page for the XMPP JID <strong><a href="xmpp:{$user}">{$user}</a></strong>.
     </p>
   </body>
 </html>
diff -ruN PHP-server-1.0.orig/templates/main.tpl PHP-server-1.0.xmpp/templates/main.tpl
--- PHP-server-1.0.orig/templates/main.tpl	2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/templates/main.tpl	2006-11-15 14:59:51.000000000 +0200
@@ -1,14 +1,41 @@
-<!-- BEGIN CUSTOMIZATIONS HERE -->
+{* BEGIN CUSTOMIZATIONS HERE *}
   <h3>Welcome!</h3>
 
   <p>
-  You are now running an OpenID server.  You should edit this page and
-  put some site-specific content here; see
-  <code>templates/main.tpl</code>.  Enjoy!
+  This is an OpenID server that uses XMPP's 
+  <a href="http://www.xmpp.org/extensions/xep-0070.html">XEP-0070</a>
+  to authenticate OpenID urls.
+  <br/>
+  Enjoy!
   </p>
-<!-- END CUSTOMIZATIONS HERE -->
+{* END CUSTOMIZATIONS HERE *}
 
-{if $account && !$ADMIN}
+{if !$ADMIN}
+{if !$account}
+<h3>Using Your XMPP OpenID URL</h3>
+
+<p>
+Your XMPP OpenID is in the form:
+</p>
+
+<pre>
+{$account_openid_url}juliet@capulet.com
+</pre>
+
+<p>
+You can use your own URL as your OpenID.  Just edit the
+<code>&lt;HEAD&gt;</code> section of your URL's web page and add
+content like this:
+
+<pre>
+&lt;link rel="openid.server" href="{$SERVE_URL}"&gt;
+&lt;link rel="openid.delegate" href="{$account_openid_url}juliet@capulet.com"&gt;
+</pre>
+
+Then you can use your URL to authenticate to your XMPP account via this server.
+
+</p>
+{else}
 <h3>Using Your Own OpenID URL</h3>
 
 <p>
@@ -25,7 +52,7 @@
 content:
 
 <pre>
-&lt;link rel="openid.server" href="{$SERVER_URL}index.php/serve"&gt;
+&lt;link rel="openid.server" href="{$SERVE_URL}"&gt;
 &lt;link rel="openid.delegate" href="{$account_openid_url}"&gt;
 </pre>
 
@@ -33,3 +60,4 @@
 
 </p>
 {/if}
+{/if}
diff -ruN PHP-server-1.0.orig/templates/nav.tpl PHP-server-1.0.xmpp/templates/nav.tpl
--- PHP-server-1.0.orig/templates/nav.tpl	2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/templates/nav.tpl	2006-11-15 14:57:53.000000000 +0200
@@ -1,3 +1,4 @@
+{if $account or $ALLOW_USER_LOGIN}
 <div class="nav">
   <ul>
     {if $account}
@@ -13,10 +14,13 @@
       {/if}
       <li><a href="{$SERVER_URL}?action=logout">Log out</a></li>
     {else}
+      {if $ALLOW_USER_LOGIN}
       <li><a href="{$SERVER_URL}?action=login">Log in</a></li>
       {if $ALLOW_PUBLIC_REGISTRATION}
       <li><a href="{$SERVER_URL}?action=register">Register</a></li>
       {/if}
+      {/if}
     {/if}
   </ul>
 </div>
+{/if}
diff -ruN PHP-server-1.0.orig/templates/xrds.tpl PHP-server-1.0.xmpp/templates/xrds.tpl
--- PHP-server-1.0.orig/templates/xrds.tpl	2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/templates/xrds.tpl	2006-11-13 22:44:35.000000000 +0200
@@ -7,7 +7,7 @@
     <Service>
       <Type>http://openid.net/signon/1.1</Type>
       <Type>http://openid.net/sreg/1.0</Type>
-      <URI>{$SERVER_URL}index.php/serve</URI>
+      <URI>{$SERVE_URL}</URI>
       <openid:Delegate>{$openid_url}</openid:Delegate>
     </Service>
   </XRD>
--- PHP-server-1.0.orig/.htaccess  1970-01-01 02:00:00.000000000 +0200
+++ PHP-server-1.0.xmpp/.htaccess  2006-11-13 22:39:44.000000000 +0200
@@ -0,0 +1,13 @@
+RewriteEngine On
+RewriteRule ^openid/ - [L]
+RewriteCond  %{HTTP_HOST}  ^openid.example.com$
+RewriteRule ^$ /OpenID-PHP-server-1.0/src/ [L]
+RewriteCond  %{HTTP_HOST}  ^openid.example.com$
+RewriteRule ^server$ /OpenID-PHP-server-1.0/src/server.php [L]
+RewriteCond  %{HTTP_HOST}  ^openid.example.com$
+RewriteRule ^xrds/([^"&'/:<>@]+@([a-zA-Z0-9_\-\.]+)\.[a-zA-Z]{2,5}(\/.+)?)$ /OpenID-PHP-server-1.0/src/?xrds=$1 [L,QSA]
+RewriteCond  %{HTTP_HOST}  ^openid.example.com$
+RewriteRule ^([^"&'/:<>@]+@([a-zA-Z0-9_\-\.]+)\.[a-zA-Z]{2,5}(\/.+)?)$ /OpenID-PHP-server-1.0/src/?user=$1 [L,QSA]
+
+php_value include_path ".:/usr/share/php/openid"
+php_flag register_globals 0
