#!/bin/bash

# Function to prompt for input with default value
prompt() {
  local prompt_message=$1
  local default_value=$2
  local input

  read -p "$prompt_message [$default_value]: " input
  echo "${input:-$default_value}"
}

# Prompt user to enter a username and domain name
USERNAME=$(prompt "Enter username" "default_user")
DOMAIN_NAME=$(prompt "Enter domain name" "example.com")

# Check if domain already exists
if v-list-web-domains $USERNAME | grep -q $DOMAIN_NAME; then
  echo "Domain $DOMAIN_NAME already exists."
else
  # Create domain if it does not exist
  echo "Creating domain $DOMAIN_NAME for user $USERNAME..."
  v-add-domain $USERNAME $DOMAIN_NAME
fi

# Define 3-character database and user prefix based on domain name
DB_PREFIX=$(echo $DOMAIN_NAME | cut -c1-3)
DB_NAME="${USERNAME}_${DB_PREFIX}_db"  # Prefix with username
DB_USER="${USERNAME}_${DB_PREFIX}_usr"  # Prefix with username
DB_PASS=$(openssl rand -base64 6 | tr -d "=+/")

# Create MySQL database and user
echo "Creating database and user..."
v-add-database $USERNAME $DB_NAME $DB_USER $DB_PASS

# Download and extract WordPress
echo "Downloading and installing WordPress..."
WP_DIR="/home/$USERNAME/web/$DOMAIN_NAME/public_html"
wget -q -O latest.tar.gz https://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
rm latest.tar.gz
cp -r wordpress/* $WP_DIR
rm -rf wordpress

# Set file permissions for security
echo "Setting up file permissions for security..."
chown -R $USERNAME:$USERNAME $WP_DIR
find $WP_DIR -type d -exec chmod 755 {} \;
find $WP_DIR -type f -exec chmod 644 {} \;

# Generate .htaccess file for security
echo "Setting up .htaccess for security..."
cat <<EOL > $WP_DIR/.htaccess
# Limit access to wp-login.php to predefined IP address
<Files wp-login.php>
    Order Deny,Allow
    Deny from all
    Allow from 123.456.789.0  # Replace with your allowed IP
</Files>

# BEGIN WordPress

RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

# Deny access to sensitive files
<FilesMatch "^wp-config.php|^\.htaccess">
    Order allow,deny
    Deny from all
</FilesMatch>
EOL

# Create WordPress configuration file
echo "Configuring WordPress..."
cp $WP_DIR/wp-config-sample.php $WP_DIR/wp-config.php
sed -i "s/database_name_here/$DB_NAME/" $WP_DIR/wp-config.php
sed -i "s/username_here/$DB_USER/" $WP_DIR/wp-config.php
sed -i "s/password_here/$DB_PASS/" $WP_DIR/wp-config.php
sed -i "s/localhost/localhost/" $WP_DIR/wp-config.php

# Secure wp-config.php
chmod 600 $WP_DIR/wp-config.php

# Display credentials
echo "Installation complete. Here are your credentials:"
echo "Domain Name: $DOMAIN_NAME"
echo "Database Name: $DB_NAME"
echo "Database User: $DB_USER"
echo "Database Password: $DB_PASS"
echo "WordPress Directory: $WP_DIR"