#!/bin/bash
# bash <(curl -s https://git.technozone.com.au/vijay/Scripts/raw/branch/main/install_wordpress_vestacp_v2) && rm -f install_wordpress_vestacp

# Function to prompt for input with default value
prompt() {
  local prompt_message=$1
  local default_value=$2
  local input

  read -p "$prompt_message [$default_value]: " input
  echo "${input:-$default_value}"
}

# Prompt user to enter a username, domain name, and email address
USERNAME=$(prompt "Enter username" "default_user")
DOMAIN_NAME=$(prompt "Enter domain name" "example.com")
EMAIL=$(prompt "Enter admin email address" "admin@example.com")

# Extract the domain name without the TLD
DOMAIN_NO_TLD=$(echo "$DOMAIN_NAME" | cut -d '.' -f 1)

# Generate random admin username and password
ADMIN_USERNAME="admin_$(openssl rand -hex 4)"
ADMIN_PASSWORD=$(openssl rand -base64 12)

# Construct database name and user without username prefix
DB_NAME="${DOMAIN_NO_TLD}_d"  # Construct database name
DB_USER="${DOMAIN_NO_TLD}_u"  # Construct database user

# Ensure the database name and user do not exceed 16 characters
MAX_USERNAME_LENGTH=16
if [ ${#DB_NAME} -gt $MAX_USERNAME_LENGTH ]; then
    DB_NAME=$(echo "$DB_NAME" | cut -c1-$MAX_USERNAME_LENGTH)
fi

if [ ${#DB_USER} -gt $MAX_USERNAME_LENGTH ]; then
    DB_USER=$(echo "$DB_USER" | cut -c1-$MAX_USERNAME_LENGTH)
fi

DB_PASS=$(openssl rand -base64 6 | tr -d "=+/")

# Check if domain already exists
if v-list-web-domains $USERNAME | grep -q $DOMAIN_NAME; then
  echo "Domain $DOMAIN_NAME already exists."
else
  # Create domain if it does not exist
  echo "Creating domain $DOMAIN_NAME for user $USERNAME..."
  v-add-domain $USERNAME $DOMAIN_NAME
fi

# Create MySQL database and user
echo "Creating database and user..."
v-add-database $USERNAME $DB_NAME $DB_USER $DB_PASS

# Download and extract WordPress
echo "Downloading and installing WordPress..."
WP_DIR="/home/$USERNAME/web/$DOMAIN_NAME/public_html"
wget -q -O latest.tar.gz https://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
rm latest.tar.gz
cp -r wordpress/* $WP_DIR
rm -rf wordpress

# Generate .htaccess file for security
echo "Setting up .htaccess for security..."
cat <<EOL > $WP_DIR/.htaccess
# Limit access to wp-login.php to predefined IP address
<Files wp-login.php>
    Order Deny,Allow
    Deny from all
    Allow from 123.456.789.0  # Replace with your allowed IP
</Files>

# BEGIN WordPress

RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

# Deny access to sensitive files
<FilesMatch "^wp-config.php|^\.htaccess">
    Order allow,deny
    Deny from all
</FilesMatch>
EOL

# Create WordPress configuration file
echo "Configuring WordPress..."
cp $WP_DIR/wp-config-sample.php $WP_DIR/wp-config.php
sed -i "s/database_name_here/${TRUNCATED_USERNAME}_${DB_NAME}/" $WP_DIR/wp-config.php
sed -i "s/username_here/${TRUNCATED_USERNAME}_${DB_USER}/" $WP_DIR/wp-config.php
sed -i "s/password_here/$DB_PASS/" $WP_DIR/wp-config.php
sed -i "s/localhost/localhost/" $WP_DIR/wp-config.php

# Secure wp-config.php
chmod 600 $WP_DIR/wp-config.php

# Set file permissions for security
echo "Setting up file permissions for security..."
chown -R $USERNAME:$USERNAME $WP_DIR
find $WP_DIR -type d -exec chmod 755 {} \;
find $WP_DIR -type f -exec chmod 644 {} \;

# Install Sucuri and Wordfence plugins
echo "Installing Sucuri and Wordfence plugins..."
wp plugin install sucuri-scanner --activate --path=$WP_DIR
wp plugin install wordfence --activate --path=$WP_DIR

# Set up WordPress with the generated admin username and password
echo "Setting up WordPress admin user..."
wp user create "$ADMIN_USERNAME" "$EMAIL" --role=administrator --user_pass="$ADMIN_PASSWORD" --path=$WP_DIR

# Display installation details
echo "Installation complete. Here are your credentials:"
echo "Domain Name: $DOMAIN_NAME"
echo "Database Name: $DB_NAME"
echo "Database User: $DB_USER"
echo "Database Password: $DB_PASS"
echo "WordPress Admin Username: $ADMIN_USERNAME"
echo "WordPress Admin Password: $ADMIN_PASSWORD"
echo "WordPress Directory: $WP_DIR"