#!/bin/bash

#######################################
# WordPress Platform Installation Script
# Allows anonymous users to create WP sites in random subfolders
# For Amazon Linux 2023 / Amazon Linux 2
#######################################

set -e  # Exit on any error

# Color codes for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

# Function to print colored messages
print_message() {
    echo -e "${GREEN}[INFO]${NC} $1"
}

print_error() {
    echo -e "${RED}[ERROR]${NC} $1"
}

print_warning() {
    echo -e "${YELLOW}[WARNING]${NC} $1"
}

# Check if running as root
if [ "$EUID" -ne 0 ]; then 
    print_error "Please run this script as root or with sudo"
    exit 1
fi

# Get server's public IP address
SERVER_IP=$(curl -s http://checkip.amazonaws.com || curl -s http://ifconfig.me || curl -s http://icanhazip.com)

if [ -z "$SERVER_IP" ]; then
    print_error "Could not detect public IP address"
    exit 1
fi

# Configuration variables
DB_ROOT_PASSWORD=$(openssl rand -base64 16)
PLATFORM_DIR="/var/www/html"
SITES_DATA_DIR="/var/wp-sites-data"

print_message "Starting WordPress Platform installation..."
print_message "This script will install Apache, MariaDB, PHP, and create a WordPress platform"
print_message "Detected server public IP: ${SERVER_IP}"

# Update system packages
print_message "Updating system packages..."
yum update -y

# Install Apache
print_message "Installing Apache web server..."
yum install -y httpd

# Start and enable Apache
systemctl start httpd
systemctl enable httpd

# Install MariaDB (MySQL alternative)
print_message "Installing MariaDB server..."
yum install -y mariadb105-server

# Start and enable MariaDB
systemctl start mariadb
systemctl enable mariadb

# Secure MariaDB installation
print_message "Securing MariaDB installation..."
mysql -u root <<MYSQL_SECURE
ALTER USER 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}';
DELETE FROM mysql.global_priv WHERE User='';
DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DROP DATABASE IF EXISTS test;
FLUSH PRIVILEGES;
MYSQL_SECURE

# Install PHP 8.2 and required extensions
print_message "Installing PHP and required extensions..."
yum install -y php8.2 php8.2-mysqlnd php8.2-gd php8.2-mbstring php8.2-xml \
    php8.2-soap php8.2-intl php8.2-zip php8.2-opcache \
    php8.2-bcmath php8.2-cli php8.2-common

# Create directory for site metadata
print_message "Creating platform directories..."
mkdir -p ${SITES_DATA_DIR}
chmod 755 ${SITES_DATA_DIR}

# Save DB root password for PHP script to use later
echo "${DB_ROOT_PASSWORD}" > ${SITES_DATA_DIR}/db-root-password.txt
chmod 640 ${SITES_DATA_DIR}/db-root-password.txt
chown root:apache ${SITES_DATA_DIR}/db-root-password.txt

# Create the main platform landing page
print_message "Creating platform landing page..."
cat > ${PLATFORM_DIR}/index.php <<'PHPEOF'
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>WordPress Platform</title>
    <style>
        * { margin: 0; padding: 0; box-sizing: border-box; }
        body {
            font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
            min-height: 100vh;
            display: flex;
            align-items: center;
            justify-content: center;
            padding: 20px;
        }
        .container {
            background: white;
            border-radius: 12px;
            box-shadow: 0 20px 60px rgba(0,0,0,0.3);
            max-width: 500px;
            width: 100%;
            padding: 40px;
        }
        h1 {
            color: #333;
            margin-bottom: 10px;
            font-size: 28px;
        }
        p {
            color: #666;
            margin-bottom: 30px;
            line-height: 1.6;
        }
        .btn {
            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
            color: white;
            border: none;
            padding: 15px 30px;
            font-size: 16px;
            border-radius: 6px;
            cursor: pointer;
            width: 100%;
            font-weight: 600;
            transition: transform 0.2s, box-shadow 0.2s;
        }
        .btn:hover {
            transform: translateY(-2px);
            box-shadow: 0 10px 20px rgba(0,0,0,0.2);
        }
        .btn:active {
            transform: translateY(0);
        }
        .message {
            margin-top: 20px;
            padding: 15px;
            border-radius: 6px;
            display: none;
        }
        .success {
            background: #d4edda;
            color: #155724;
            border: 1px solid #c3e6cb;
        }
        .error {
            background: #f8d7da;
            color: #721c24;
            border: 1px solid #f5c6cb;
        }
        .loading {
            background: #d1ecf1;
            color: #0c5460;
            border: 1px solid #bee5eb;
        }
        .site-link {
            margin-top: 10px;
            font-weight: 600;
        }
        .site-link a {
            color: #667eea;
            text-decoration: none;
        }
        .site-link a:hover {
            text-decoration: underline;
        }
        .spinner {
            border: 3px solid #f3f3f3;
            border-top: 3px solid #667eea;
            border-radius: 50%;
            width: 20px;
            height: 20px;
            animation: spin 1s linear infinite;
            display: inline-block;
            margin-right: 10px;
        }
        @keyframes spin {
            0% { transform: rotate(0deg); }
            100% { transform: rotate(360deg); }
        }
    </style>
</head>
<body>
    <div class="container">
        <h1>🚀 WordPress Platform</h1>
        <p>Create your own WordPress website instantly. Click the button below to get started!</p>
        <button class="btn" onclick="createSite()">Create My WordPress Site</button>
        <div id="message" class="message"></div>
    </div>

    <script>
        // Check disk space on page load
        function checkDiskSpace() {
            fetch('check-space.php')
                .then(response => response.json())
                .then(data => {
                    if (!data.available) {
                        const btn = document.querySelector('.btn');
                        const message = document.getElementById('message');
                        btn.disabled = true;
                        btn.innerHTML = 'Server Full - Cannot Create Sites';
                        message.className = 'message error';
                        message.innerHTML = `<strong>Server Capacity Reached</strong><br>The server has insufficient disk space (${data.free_space_gb} GB remaining). New sites cannot be created at this time.`;
                        message.style.display = 'block';
                    }
                });
        }
        
        window.addEventListener('DOMContentLoaded', checkDiskSpace);
        
        function createSite() {
            const btn = document.querySelector('.btn');
            const message = document.getElementById('message');
            
            btn.disabled = true;
            btn.innerHTML = '<span class="spinner"></span>Creating your site...';
            message.style.display = 'none';
            
            fetch('create-site.php', {
                method: 'POST',
                headers: {
                    'Content-Type': 'application/x-www-form-urlencoded',
                }
            })
            .then(response => response.json())
            .then(data => {
                if (data.success) {
                    message.className = 'message success';
                    message.innerHTML = `
                        <strong>Success!</strong> Your WordPress site has been created.
                        <div class="site-link">
                            <a href="${data.url}" target="_blank">Open your site: ${data.url}</a>
                        </div>
                        <div style="margin-top: 15px; padding: 10px; background: #fff3cd; border: 1px solid #ffc107; border-radius: 4px; color: #856404;">
                            <strong>⚠️ IMPORTANT:</strong> Save this information NOW! This URL and credentials will not be displayed again.
                        </div>
                        <div style="margin-top: 10px; font-size: 14px;">
                            <strong>Site URL:</strong> ${data.url}<br>
                            <strong>Database:</strong> ${data.db_name}<br>
                            <strong>DB User:</strong> ${data.db_user}<br>
                            <strong>DB Password:</strong> ${data.db_password}
                        </div>
                    `;
                    message.style.display = 'block';
                    btn.innerHTML = 'Create Another Site';
                } else {
                    message.className = 'message error';
                    message.innerHTML = `<strong>Error:</strong> ${data.message}`;
                    message.style.display = 'block';
                    btn.innerHTML = 'Create My WordPress Site';
                }
                btn.disabled = false;
            })
            .catch(error => {
                message.className = 'message error';
                message.innerHTML = `<strong>Error:</strong> Failed to create site. Please try again.`;
                message.style.display = 'block';
                btn.innerHTML = 'Create My WordPress Site';
                btn.disabled = false;
            });
        }
    </script>
</body>
</html>
PHPEOF

# Create the site creation PHP script
print_message "Creating site creation backend..."
cat > ${PLATFORM_DIR}/create-site.php <<'PHPEOF'
<?php
header('Content-Type: application/json');

// Check available disk space (in bytes)
$freeSpace = disk_free_space('/var/www/html');
$freeSpaceGB = $freeSpace / (1024 * 1024 * 1024); // Convert to GB

// Don't allow new sites if less than 5GB available
if ($freeSpaceGB < 5) {
    echo json_encode([
        'success' => false, 
        'message' => 'Server capacity reached. Cannot create new sites at this time. (Available: ' . round($freeSpaceGB, 2) . ' GB)'
    ]);
    exit;
}

// Function to generate random 4-character string
function generateRandomString() {
    $characters = 'abcdefghijklmnopqrstuvwxyz';
    $randomString = '';
    for ($i = 0; $i < 4; $i++) {
        $randomString .= $characters[rand(0, strlen($characters) - 1)];
    }
    return $randomString;
}

// Function to generate random password
function generatePassword($length = 12) {
    return substr(base64_encode(random_bytes($length)), 0, $length);
}

// Generate unique site identifier
$maxAttempts = 100;
$attempt = 0;
do {
    $siteId = generateRandomString();
    $sitePath = "/var/www/html/$siteId";
    $attempt++;
} while (file_exists($sitePath) && $attempt < $maxAttempts);

if ($attempt >= $maxAttempts) {
    echo json_encode(['success' => false, 'message' => 'Could not generate unique site ID']);
    exit;
}

// Database credentials
$dbName = "wp_" . $siteId;
$dbUser = "user_" . $siteId;
$dbPassword = generatePassword(16);
$dbRootPassword = file_get_contents('/var/wp-sites-data/db-root-password.txt');

try {
    // Create database and user
    $conn = new mysqli('localhost', 'root', trim($dbRootPassword));
    
    if ($conn->connect_error) {
        throw new Exception("Database connection failed");
    }
    
    $dbName = $conn->real_escape_string($dbName);
    $dbUser = $conn->real_escape_string($dbUser);
    
    $conn->query("CREATE DATABASE IF NOT EXISTS `$dbName` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci");
    $conn->query("CREATE USER IF NOT EXISTS '$dbUser'@'localhost' IDENTIFIED BY '$dbPassword'");
    $conn->query("GRANT ALL PRIVILEGES ON `$dbName`.* TO '$dbUser'@'localhost'");
    $conn->query("FLUSH PRIVILEGES");
    $conn->close();
    
    // Download and extract WordPress
    $wpZip = "/tmp/wordpress-$siteId.tar.gz";
    file_put_contents($wpZip, file_get_contents('https://wordpress.org/latest.tar.gz'));
    
    // Extract to site directory
    mkdir($sitePath, 0755, true);
    exec("tar -xzf $wpZip -C /tmp/");
    exec("cp -r /tmp/wordpress/* $sitePath/");
    exec("rm -rf /tmp/wordpress $wpZip");
    
    // Create wp-config.php
    $wpConfig = file_get_contents("$sitePath/wp-config-sample.php");
    $wpConfig = str_replace('database_name_here', $dbName, $wpConfig);
    $wpConfig = str_replace('username_here', $dbUser, $wpConfig);
    $wpConfig = str_replace('password_here', $dbPassword, $wpConfig);
    
    // Get security keys
    $salts = file_get_contents('https://api.wordpress.org/secret-key/1.1/salt/');
    $wpConfig = preg_replace(
        '/put your unique phrase here/i',
        '',
        $wpConfig
    );
    $wpConfig = str_replace(
        "define( 'AUTH_KEY',         'put your unique phrase here' );",
        $salts,
        $wpConfig
    );
    
    file_put_contents("$sitePath/wp-config.php", $wpConfig);
    
    // Set proper permissions
    exec("chown -R apache:apache $sitePath");
    exec("find $sitePath -type d -exec chmod 755 {} \;");
    exec("find $sitePath -type f -exec chmod 644 {} \;");
    
    // Save site info
    $siteInfo = [
        'site_id' => $siteId,
        'created' => date('Y-m-d H:i:s'),
        'db_name' => $dbName,
        'db_user' => $dbUser,
        'db_password' => $dbPassword,
        'path' => $sitePath
    ];
    file_put_contents("/var/wp-sites-data/$siteId.json", json_encode($siteInfo, JSON_PRETTY_PRINT));
    
    // Get server IP from the HTTP request (which will be the public IP the user is accessing)
    $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http';
    $serverIp = $_SERVER['HTTP_HOST'] ?? $_SERVER['SERVER_NAME'];
    
    echo json_encode([
        'success' => true,
        'site_id' => $siteId,
        'url' => "$protocol://$serverIp/$siteId",
        'db_name' => $dbName,
        'db_user' => $dbUser,
        'db_password' => $dbPassword
    ]);
    
} catch (Exception $e) {
    // Clean up on error
    if (isset($sitePath) && file_exists($sitePath)) {
        exec("rm -rf $sitePath");
    }
    if (isset($conn)) {
        $conn->query("DROP DATABASE IF EXISTS `$dbName`");
        $conn->query("DROP USER IF EXISTS '$dbUser'@'localhost'");
    }
    
    echo json_encode(['success' => false, 'message' => $e->getMessage()]);
}
?>
PHPEOF

# Create the disk space check script
print_message "Creating disk space check script..."
cat > ${PLATFORM_DIR}/check-space.php <<'PHPEOF'
<?php
header('Content-Type: application/json');

$freeSpace = disk_free_space('/var/www/html');
$freeSpaceGB = $freeSpace / (1024 * 1024 * 1024);

echo json_encode([
    'available' => $freeSpaceGB >= 5,
    'free_space_gb' => round($freeSpaceGB, 2)
]);
?>
PHPEOF

# Set proper permissions
print_message "Setting file permissions..."
chown -R apache:apache ${PLATFORM_DIR}
chmod 755 ${PLATFORM_DIR}/index.php
chmod 755 ${PLATFORM_DIR}/create-site.php
chmod 755 ${PLATFORM_DIR}/check-space.php

# Configure Apache
print_message "Configuring Apache..."
cat > /etc/httpd/conf.d/wordpress-platform.conf <<EOF
<VirtualHost *:80>
    ServerAdmin admin@example.com
    ServerName ${SERVER_IP}
    DocumentRoot ${PLATFORM_DIR}

    <Directory ${PLATFORM_DIR}>
        Options FollowSymLinks
        AllowOverride All
        Require all granted
        DirectoryIndex index.php index.html
    </Directory>

    # Allow access to all subdirectories
    <DirectoryMatch "^${PLATFORM_DIR}/[a-z]{4}">
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </DirectoryMatch>

    ErrorLog /var/log/httpd/platform_error.log
    CustomLog /var/log/httpd/platform_access.log combined
</VirtualHost>
EOF

# Update main Apache config to allow .htaccess overrides
sed -i '/<Directory "\/var\/www\/html">/,/<\/Directory>/ s/AllowOverride None/AllowOverride All/' /etc/httpd/conf/httpd.conf

# Restart Apache
print_message "Restarting Apache..."
systemctl restart httpd

# Save credentials to file
CREDS_FILE="/root/wordpress-platform-credentials.txt"
cat > ${CREDS_FILE} <<EOF
===============================================
WordPress Platform Installation Credentials
===============================================
Installation Date: $(date)

MariaDB Root Password: ${DB_ROOT_PASSWORD}

Platform Access:
  URL: http://${SERVER_IP}
  
Platform Details:
  - Users can create WordPress sites at: http://${SERVER_IP}
  - Each site gets a random 4-letter subdirectory (e.g., /abcd, /efgh)
  - Sites accessible at: http://${SERVER_IP}/XXXX
  - Site data stored in: ${SITES_DATA_DIR}
  - Each site has its own database and credentials

Security Notes:
  - Monitor disk space usage (each site takes ~50MB)
  - Consider implementing rate limiting for site creation
  - Regularly backup databases and site files
  - Keep WordPress core, themes, and plugins updated
  - For production, implement SSL/HTTPS with a domain name

AWS Security Group:
  - Ensure port 80 (HTTP) is open in your security group
  - For HTTPS, open port 443 as well

Management:
  - Site metadata stored in: ${SITES_DATA_DIR}/*.json
  - Each JSON file contains DB credentials for that site
  - To list all sites: ls -la ${PLATFORM_DIR}/ | grep "^d"
  - To remove a site: manually delete the directory and database

===============================================
EOF

chmod 600 ${CREDS_FILE}

# Display completion message
print_message "=========================================="
print_message "WordPress Platform installation completed!"
print_message "=========================================="
echo ""
print_message "Platform URL: http://${SERVER_IP}"
print_message "Credentials saved to: ${CREDS_FILE}"
echo ""
print_message "Platform Details:"
echo "  - Users visit: http://${SERVER_IP}"
echo "  - Click 'Create My WordPress Site' to get a new site"
echo "  - Each site gets a random 4-letter subfolder"
echo "  - Sites are accessible at: http://${SERVER_IP}/XXXX"
echo ""
print_message "MariaDB root password: ${DB_ROOT_PASSWORD}"
echo ""
print_warning "AWS Security Group Check:"
echo "  Make sure port 80 (HTTP) is open in your EC2 security group"
echo "  Go to: EC2 Console > Security Groups > Edit Inbound Rules"
echo "  Add rule: Type: HTTP, Port: 80, Source: 0.0.0.0/0"
echo ""
print_warning "Important Notes:"
echo "  - Each WordPress site is completely independent"
echo "  - Monitor disk space - each site takes ~50MB"
echo "  - Site credentials are shown on creation and saved to ${SITES_DATA_DIR}"
echo "  - Consider implementing rate limiting for production"
echo ""
print_message "Installation log: /var/log/httpd/platform_*.log"
print_message "=========================================="