#!/usr/bin/env bash

# Author        : Allan Christensen
# First Created : 22052021 (DD-MM-YYYY)
# Description   : Installs WordPress on Ubuntu 24.04
# License       : MIT License (see LICENSE file for details)

#
# Are we root
#
if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit 1 ; fi

#
# Get php-fpm version
#
phpfpm=$(systemctl list-unit-files --type=service | awk '/php[0-9]+\.[0-9]+-fpm/ {sub(".service",""); print; exit}')
if [[ -z "$phpfpm" ]]; then printf "\nUnable to detect php-fpm version. Is PHP-FPM installed?\n\n" ; exit 1 ; fi

#
# Check if required services are running or not
#
for svc in nginx mariadb "$phpfpm"; do systemctl is-active --quiet "$svc" || { printf "\n%s is not running, cannot continue...\n\n" "${svc^}" ; exit 1 ; }; done

#
# Check MariaDB authentication method (socket or not)
#
if mysql -u root -e ";" 2>/dev/null; then
    socket="SOCKET DETECTED — no need for -a or -m"
    socketusage="SOCKET DETECTED — this flag is not needed"
    socketauth="yes"
else
    socket="NO SOCKET DETECTED — you must use -a and -m"
    socketusage="NO SOCKET DETECTED — these flags are required"
    socketauth="no"
fi

#
# Define variables and functions
#

#
# Function usage
#
usage () {
    printf -- "\nwordpressinstall\n\n"
    printf -- "%s\n\n" "$socket"
    printf -- "Installs WordPress on Ubuntu\n\n"
    printf -- "Usage:\n"
    printf -- "sudo ./wordpressinstall -n <domain> -d <dbname> -u <dbuser> -p <dbpass> [options]\n\n"
    printf -- "Options:\n"
    printf -- "  -m <mariadb admin password> Root or admin password $socketusage\n"
    printf -- "  -a <mariadb admin user>     Optional admin username $socketusage\n"
    printf -- "  -h | -help | --help         Show this help screen\n\n"
    printf -- "Examples:\n"
    printf -- "  sudo ./wordpressinstall -n wp.something.xyz -d wpdb -u wpuser -p wpPass123\n"
    printf -- "  sudo ./wordpressinstall -n wp.something.xyz -d wpdb -u wpuser -p wpPass123 -m rootpwd\n"
    printf -- "  sudo ./wordpressinstall -n wp.something.xyz -d wpdb -u wpuser -p wpPass123 -a admin -m adminpwd\n\n"
}

#
# Function inputcheck
#
inputcheck () {
    [[ -z "$hostname" ]]   && { usage; echo ""; echo "Error! Hostname empty."; echo ""; exit 1; }
    [[ "$hostname" =~ [[:space:]/] ]] && { echo "ERROR: DOMAIN INVALID (no spaces or slashes allowed)"; exit 1; }
    [[ -z "$dbname" ]]     && { usage; echo ""; echo "Error! Database name empty."; echo ""; exit 1; }
    [[ -z "$dbuser" ]]     && { usage; echo ""; echo "Error! Database user empty."; echo ""; exit 1; }
    [[ -z "$dbpass" ]]     && { usage; echo ""; echo "Error! Database password empty."; echo ""; exit 1; }
}

#
# Let's go
#
clear

#
# Trap: show usage if user requests help. Recognizes -help and --help as early exits before getopts
#
if [[ "$1" == "-help" || "$1" == "--help" ]]; then usage ; exit 0 ; fi

#
# Trap: malformed or missing input. Catches empty argument or argument not starting with '-'
#
if [[ $# -eq 0 || ! $1 =~ ^- ]]; then usage ; exit 1 ; fi

#
# Configure command line options
#
while getopts ":n:d:u:p:m:a:h" option; do
    case "$option" in
        n) hostname=$(echo "$OPTARG" | tr '[:upper:]' '[:lower:]');;
        d) dbname="$OPTARG";;
        u) dbuser="$OPTARG";;
        p) dbpass="$OPTARG";;
        m) mariadbpwd="$OPTARG";;
        a) mariadbadmin="$OPTARG";;
        h) usage; exit 0;;
        :) usage; echo ""; echo "Error! Option -$OPTARG requires an argument."; echo ""; exit 1;;
        \?) usage; echo ""; echo "Error! Invalid option: -$OPTARG"; echo ""; exit 1;;
    esac
done

#
# Check if input conditions are met
#
inputcheck "$hostname" "$dbname" "$dbuser" "$dbpass"

#
# Download, install, and configure the latest WordPress version
#
printf "\nDownloading latest WordPress package...\n"
mkdir -p /var/www/html
curl -sL https://wordpress.org/latest.tar.gz | tar -xzf - --transform "s,^wordpress,$hostname," -C "/var/www/html" || { echo "WordPress download or extraction failed"; exit 1; }
wptarget="/var/www/html/$hostname"
cp "$wptarget/wp-config-sample.php" "$wptarget/wp-config.php"
sed -i "s/database_name_here/$dbname/" "$wptarget/wp-config.php"
sed -i "s/username_here/$dbuser/"      "$wptarget/wp-config.php"
sed -i "s/password_here/$dbpass/"      "$wptarget/wp-config.php"
chown -R www-data: "$wptarget"

#
# Clone nginx-snippets; if nginx-snippets exists then just pull latest changes
#
nginxsnippets="/etc/nginx/nginx-snippets"
repo="https://git.x-files.dk/webserver/nginx-snippets.git"
if [[ -d "$nginxsnippets/.git" ]]; then git -C "$nginxsnippets" pull --quiet; else git clone --quiet "$repo" "$nginxsnippets"; fi

#
# Create WordPress Nginx configuration
#
cp "$nginxsnippets/hostfiles/wordpress.80.conf" /etc/nginx/conf.d/"$hostname".conf
sed -i -- "s/DOMAIN/$hostname/g" /etc/nginx/conf.d/"$hostname".conf
sed -i "s/VERSION/$phpfpm/" /etc/nginx/conf.d/"$hostname".conf

#
# Wordpress hardeging
#
mkdir -p /etc/nginx/includes
cp "$nginxsnippets/wp-hardening.conf" /etc/nginx/includes/wp-hardening.conf
sed -i "s/PHPVERSION/$phpfpm/" /etc/nginx/includes/wp-hardening.conf
cp --no-clobber "$nginxsnippets/wp-rate-limit.conf" /etc/nginx/conf.d/wp-rate-limit.conf 2>/dev/null

#
# Determine MariaDB login method (uses earlier socket variable)
#
mariadbadmin="${mariadbadmin:-root}"

printf "\nChecking MariaDB access method...\n"

if [[ "$socketauth" == "yes" ]]; then
    dbmethod="socket"
    printf "Socket authentication detected (root)\n"
elif [[ -n "$mariadbpwd" && -n "$mariadbadmin" ]]; then
    dbmethod="admin"
    printf "Using admin user authentication (%s)\n" "$mariadbadmin"
elif [[ -n "$mariadbpwd" ]]; then
    dbmethod="password"
    printf "Using root password authentication\n"
else
    printf "\nERROR: No valid MariaDB authentication method found.\n"
    printf "Tried socket, root password, and admin credentials.\n\n"
    exit 1
fi

#
# Create WordPress database
#
case "$dbmethod" in
    socket)
        mysql -u root <<EOF
CREATE DATABASE IF NOT EXISTS $dbname;
CREATE USER IF NOT EXISTS '$dbuser'@'localhost' IDENTIFIED BY '${dbpass//\'/\'\\\'\'}';
GRANT ALL PRIVILEGES ON $dbname.* TO '$dbuser'@'localhost';
FLUSH PRIVILEGES;
EOF
        ;;
    password)
        mysql -u root -p"${mariadbpwd}" <<EOF
CREATE DATABASE IF NOT EXISTS $dbname;
CREATE USER IF NOT EXISTS '$dbuser'@'localhost' IDENTIFIED BY '${dbpass//\'/\'\\\'\'}';
GRANT ALL PRIVILEGES ON $dbname.* TO '$dbuser'@'localhost';
FLUSH PRIVILEGES;
EOF
        ;;
    admin)
        mysql -u "${mariadbadmin}" -p"${mariadbpwd}" <<EOF
CREATE DATABASE IF NOT EXISTS $dbname;
CREATE USER IF NOT EXISTS '$dbuser'@'localhost' IDENTIFIED BY '${dbpass//\'/\'\\\'\'}';
GRANT ALL PRIVILEGES ON $dbname.* TO '$dbuser'@'localhost';
FLUSH PRIVILEGES;
EOF
        ;;
esac

#
# Restarting Nginx and Phpfpm for changes to take effect
#
printf "\nRestarting services...\n"
systemctl restart "$phpfpm"
systemctl restart nginx

#
# Wordpress notice
#
wpnotice=$(cat <<EOF
-----------------------------------------------------------------------------------
IMPORTANT:

Go to http://$hostname/wp-admin/install.php and complete the setup
-----------------------------------------------------------------------------------
EOF
)

#
# Print notice
#
printf '%s\n' "$wpnotice"

#
# All done
#
printf "\nAll Done — WordPress files located at: %s\n" "$wptarget"

#
# End of script
#