#!/bin/bash
#################################################
# phpmyadmin installer for Centmin Mod centminmod.com
# written by George Liu (eva2000)
#################################################
# If you have a fairly static IP address that doesn't change often
# set STATICIP='y'. Otherwise leave as STATICIP='n'
STATICIP='n'
#################################################
VER='0.4'
DT=$(date +"%d%m%y-%H%M%S")

UPDATEDIR='/root/tools'
BASEDIR='/usr/local/nginx/html'
DIRNAME="${RANDOM}_mysqladmin${RANDOM}"

SALT=$(openssl rand -base64 13)
USERPREFIX='myadmin'
USER=$(echo "${USERPREFIX}${SALT}" | sed -e 's|\/||g' -e 's|\+||g')
PASS=$(openssl rand -base64 22)
PASS=$(echo "$PASS" | sed -e 's|\/||g' -e 's|\+||g')
BLOWFISH=$(openssl rand -base64 32 | cut -c1-32)
# BLOWFISH=$(pwgen -syn1 46)
USERNAME='nginx'

SSLHNAME=$(uname -n)
OS_PRETTY_NAME=$(awk -F '=' '/PRETTY_NAME/ {print $2}' /etc/os-release | sed -e 's| (| |g' -e 's|)| |g' -e 's| Core ||g' -e 's|"||g')
CURL_AGENT_VERSION=$(curl -V 2>&1 | head -n 1 |  awk '{print $1"/"$2}')
CURL_AGENT="${CURL_AGENT_VERSION} ${OS_PRETTY_NAME}"
CURL_CPUMODEL=$(awk -F: '/model name/{print $2}' /proc/cpuinfo | sort | uniq -c | xargs | sed -e 's|(R)||g' -e 's|(TM)||g' -e 's|Intel Core|Intel|g' -e 's|CPU ||g' -e 's|-Core|C|g' -e 's|@ |@|g');
CURL_CPUSPEED=$(awk -F: '/cpu MHz/{print $2}' /proc/cpuinfo | sort | uniq| sed -e s'|      ||g' | xargs | awk '{sum = 0; for (i = 1; i <= NF; i++) sum += $i; sum /= NF; printf("%.0f\n",sum)}')
# Try IPv4 first, fallback to IPv6 for IPv6-only servers
CNIP=$(curl -4 -s --connect-timeout 5 -A "$CURL_AGENT phpmyadmin.sh ${VER} IP CHECK $CURL_CPUMODEL $CURL_CPUSPEED $VPS_VIRTWHAT" https://geoip.centminmod.com/v4 | jq -r '.ip')
if [[ -z "$CNIP" || "$CNIP" == "null" ]]; then
    CNIP=$(curl -6 -s --connect-timeout 5 -A "$CURL_AGENT phpmyadmin.sh ${VER} IP CHECK $CURL_CPUMODEL $CURL_CPUSPEED $VPS_VIRTWHAT" https://geoip.centminmod.com/v4 | jq -r '.ip')
fi
# Get current IP from SSH_CLIENT, fallback to CNIP if empty
CURRENTIP=$(echo "$SSH_CLIENT" | awk '{print $1}')
if [[ -z "$CURRENTIP" ]]; then
    CURRENTIP="$CNIP"
fi

VERSIONMINOR='04' # last 2 digits in Centmin Mod version i.e. 1.2.3-eva2000.04
VERSIONALLOW="1.2.3-eva2000.${VERSIONMINOR}"
YARN_TMPDIR='/home/yarntmp-phpmyadmin'
#################################################
# set locale temporarily to english
# due to some non-english locale issues
export LC_ALL=en_US.UTF-8
export LANG=en_US.UTF-8
export LANGUAGE=en_US.UTF-8
export LC_CTYPE=en_US.UTF-8
export COMPOSER_ALLOW_SUPERUSER=1

shopt -s expand_aliases
for g in "" e f; do
    alias "${g}grep=LC_ALL=C ${g}grep"  # speed-up grep, egrep, fgrep
done

# Memory calculations for dynamic memory limit determination
TOTALMEM=$(grep MemTotal /proc/meminfo | awk '{print $2}')
TOTALMEMMB=$(echo "scale=0;$TOTALMEM/1024" | bc)

CHECKFREEMEM=$(grep MemFree /proc/meminfo)
if [[ "$CHECKFREEMEM" ]]; then
FREEMEM=$(grep MemFree /proc/meminfo | awk '{print $2}')
FREEMEMMB=$(echo "scale=0;$FREEMEM/1024" | bc)
else
FREEMEMMB='0'
fi

CHECKBUFFER=$(grep Buffers /proc/meminfo)
if [[ "$CHECKBUFFER" ]]; then
BUFFERSMEM=$(grep Buffers /proc/meminfo | awk '{print $2}')
BUFFERSMB=$(echo "scale=0;$BUFFERSMEM/1024" | bc)
else
BUFFERSMB='0'
fi

CHECKCACHED=$(grep ^Cached /proc/meminfo)
if [[ "$CHECKCACHED" ]]; then
CACHEDMEM=$(grep ^Cached /proc/meminfo | awk '{print $2}')
CACHEDMB=$(echo "scale=0;$CACHEDMEM/1024" | bc)
else
CACHEDMB='0'
fi

REALFREEMB=$(echo "$FREEMEMMB"+"$BUFFERSMB"+"$CACHEDMB" | bc)
REALUSEDMEM=$(echo "$TOTALMEMMB"-"$REALFREEMB" | bc)

# set php-fpm memory_limit to 4/9 th of available free memory
MEMLIMIT=$(echo "$REALFREEMB" / 2.25 | bc)

# echo "Total Mem: $TOTALMEMMB MB"
# echo "Real Free Mem: $REALFREEMB MB"
# echo "Mem Limit: $MEMLIMIT MB"
#################################################
CENTMINLOGDIR='/root/centminlogs'
FPMPOOLDIR='/usr/local/nginx/conf/phpfpmd'

HTTPTWO=y
LISTENOPT='ssl'
HTTP2_DIRECTIVE='http2 on;'
COMP_HEADER='#spdy_headers_comp 5'

if [ ! -d "$CENTMINLOGDIR" ]; then
mkdir -p "$CENTMINLOGDIR"
fi

if [ ! -d "$FPMPOOLDIR" ]; then
mkdir -p "$FPMPOOLDIR"
fi

if [ ! -f /usr/bin/pwgen ]; then
	yum -y -q install pwgen
fi

# Setup Colours
black='\E[30;40m'
red='\E[31;40m'
green='\E[32;40m'
yellow='\E[33;40m'
blue='\E[34;40m'
magenta='\E[35;40m'
cyan='\E[36;40m'
white='\E[37;40m'

boldblack='\E[1;30;40m'
boldred='\E[1;31;40m'
boldgreen='\E[1;32;40m'
boldyellow='\E[1;33;40m'
boldblue='\E[1;34;40m'
boldmagenta='\E[1;35;40m'
boldcyan='\E[1;36;40m'
boldwhite='\E[1;37;40m'

Reset="tput sgr0"      #  Reset text attributes to normal
                       #+ without clearing screen.

cecho ()                     # Coloured-echo.
                             # Argument $1 = message
                             # Argument $2 = color
{
message=$1
color=$2
echo -e "$color$message" ; $Reset
return
}
#################################################
# VERCHECK=$(cat /etc/centminmod-release)
# MINORVER=$(cat /etc/centminmod-release | awk -F "." '{print $3}')
# COMPARE=$(expr $MINORVER \< $VERSIONMINOR)

# if [[ "$VERCHECK" != "$VERSIONALLOW" && "$COMPARE" = '1' ]]; then
# 	cecho "------------------------------------------------------------------------------" "$boldgreen"
# 	cecho "  $0 script requires centmin.sh from Centmin Mod" "$boldyellow"
# 	cecho "  version: $VERSIONALLOW + recompile PHP (menu option #5)" "$boldyellow"
# 	echo ""
# 	cecho "  The following steps are required:" "$boldyellow"
# 	echo ""
# 	cecho "  1. Download and extract centmin-${VERSIONALLOW}.zip" "$boldgreen"
# 	cecho "     As per instructions at http://centminmod.com/download.html" "$boldgreen"
# 	cecho "  2. Run the updated centmin.sh script version"  "$boldgreen"
# 	echo ""
# 	cecho "      ./centmin.sh"  "$boldwhite"
# 	echo ""
# 	cecho "  3. Run menu option #5 to recompile PHP entering either the"  "$boldgreen"
# 	cecho "     same PHP version or newer PHP  5.3.x or 5.4.x version"  "$boldgreen"
# 	cecho "  4. Download latest version phpmyadmin.sh Addon script from"  "$boldgreen"
# 	cecho "     http://centminmod.com/centminmodparts/addons/phpmyadmin.sh"  "$boldgreen"
# 	cecho "     Give script appropriate permissions via command:"  "$boldgreen"
# 	echo ""
# 	cecho "     chmod 0700 /full/path/to/where/you/downloaded/phpmyadmin.sh"  "$boldwhite"
# 	echo ""
# 	cecho "  5. Add port 9418 to CSF Firewall /etc/csf/csf.conf append 9418 to existing"  "$boldgreen"
# 	cecho "     TCP_IN / TCP_OUT list of ports. Then restart CSF Firewall via command:"  "$boldgreen"
# 	echo ""
# 	cecho "     csf -r"  "$boldwhite"
# 	echo ""
# 	cecho "  6. Run phpmyadmin.sh script via commands:"  "$boldgreen"
# 	echo ""
# 	cecho "     cd /full/path/to/where/you/downloaded/"  "$boldwhite"
# 	cecho "     ./phpmyadmin.sh install"  "$boldwhite"
# 	#echo ""
# 	#cecho "  Aborting script..." "$boldyellow"
# 	cecho "------------------------------------------------------------------------------" "$boldgreen"
# 	exit
# fi

#################################################
checkphpmyadmin() {
	if [[ "$(grep -rw server_name /usr/local/nginx/conf/conf.d/ | grep -cw "$SSLHNAME")" -gt '1' ]]; then
		cecho "---------------------------------------------------------------" "$boldyellow"
		cecho "Warning: detected possible duplicate server_name entry" "$boldgreen"
		cecho "main hostname vhost server_name value has to be unique" "$boldgreen"
		cecho "and separate from any other nginx vhost site you addded" "$boldgreen"
		cecho "Check your server_name in /usr/local/nginx/conf/conf.d/virtual.conf" "$boldgreen"
		cecho "read Step 1 of Getting Started Guide for main hostname" "$boldgreen"
		cecho "proper setup https://centminmod.com/getstarted.html" "$boldgreen"
		cecho "---------------------------------------------------------------" "$boldyellow"
		exit
	fi
if [[ -f /usr/local/nginx/conf/phpmyadmin_check ]]; then
	cecho "---------------------------------------------------------------" "$boldyellow"
	cecho "detected phpmyadmin install that already exists" "$boldgreen"
	cecho "aborting..." "$boldgreen"
	cecho "---------------------------------------------------------------" "$boldyellow"
	exit
fi
}
#################################################
memlimitmsg() {
echo ""
cecho "Dynamically set PHP memory_limit based on available system memory..." "$boldyellow"
echo ""
cecho "Total Mem: $TOTALMEMMB MB" "$boldyellow"
cecho "Real Free Mem: $REALFREEMB MB" "$boldyellow"
cecho "Mem Limit: $MEMLIMIT MB" "$boldyellow"
echo ""
}
#################################################
usercreate() {

  if [[ "$USERNAME" != 'nginx' ]]; then
	 /usr/sbin/useradd -s /sbin/nologin -d "/home/${USERNAME}/" -G nginx "${USERNAME}"
	 USERID=$(id "${USERNAME}")
	 cecho "---------------------------------------------------------------" "$boldgreen"
	 cecho "Create User: $USERNAME" "$boldyellow"
	 cecho "$USERID" "$boldyellow"
	 cecho "---------------------------------------------------------------" "$boldgreen"
	 echo ""
	elif [[ "$USERNAME" = 'nginx' ]]; then
		cecho "---------------------------------------------------------------" "$boldgreen"
		cecho "User $USERNAME already exists" "$boldyellow"
		cecho "---------------------------------------------------------------" "$boldgreen"
  fi

}

#################################################
createpassword() {
cecho "---------------------------------------------------------------" "$boldyellow"
cecho "Create phpmyadmin htaccess user/pass..." "$boldyellow"
cecho "python3 /usr/local/nginx/conf/htpasswd.py -c -b /usr/local/nginx/conf/htpassphpmyadmin $USER $PASS" "$boldgreen"
cecho "---------------------------------------------------------------" "$boldyellow"
python3 /usr/local/nginx/conf/htpasswd.py -c -b /usr/local/nginx/conf/htpassphpmyadmin "$USER" "$PASS"
}

#################################################
htpassdetails() {
echo ""
cecho "phpmyadmin htaccess login details:" "$boldgreen"
cecho "Username: $USER" "$boldgreen"
cecho "Password: $PASS" "$boldgreen"
cecho "Allowed IP address: ${CURRENTIP}" "$boldgreen"
echo ""
cecho "---------------------------------------------------------------" "$boldyellow"
}
#################################################
myadmininstall() {

if [[ ! -f /usr/bin/git ]]; then
	cecho "---------------------------------------------------------------" "$boldyellow"
	cecho "Installing git..." "$boldgreen"
	cecho "---------------------------------------------------------------" "$boldyellow"
	cecho "yum -q -y install git --disablerepo=CentALT" "$boldgreen"
	yum -q -y install git --disablerepo=CentALT
	echo ""
fi

	cecho "---------------------------------------------------------------" "$boldyellow"
	cecho "Installing phpmyadmin from official downloads..." "$boldgreen"
	cecho "---------------------------------------------------------------" "$boldyellow"

	cecho "This process can take some time depending on" "$boldyellow"
	cecho "speed of the download and your server..." "$boldyellow"
	echo ""

cd "$BASEDIR" || exit 1

wget -O phpMyAdmin-latest.zip https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.zip
unzip phpMyAdmin-latest.zip
mkdir -p "$DIRNAME"
rsync -a phpMyAdmin-*-all-languages/ "${DIRNAME}/" --exclude=config.inc.php
rm -rf phpMyAdmin-*-all-languages
rm -f phpMyAdmin-latest.zip

cd "$DIRNAME" || exit 1
cp config.sample.inc.php config.inc.php
chmod o-rw config.inc.php

sed -i "s|\['blowfish_secret'\] = ''|\['blowfish_secret'\] = '${BLOWFISH}'|g" config.inc.php

{
echo "\$cfg['ExecTimeLimit'] = '28800';"
echo "\$cfg['MemoryLimit'] = '0';"
echo "\$cfg['ShowDbStructureCreation'] = 'true';"
echo "\$cfg['ShowDbStructureLastUpdate'] = 'true';"
echo "\$cfg['ShowDbStructureLastCheck'] = 'true';"
echo "\$cfg['ShowPhpInfo'] = true;"
echo "\$cfg['Export']['compression'] = 'gzip';"
echo "\$cfg['LoginCookieValidity'] = 1440;"
echo "\$cfg['VersionCheck'] = false;"
} >> config.inc.php

chown "${USERNAME}:nginx" "${BASEDIR}/${DIRNAME}"
chown -R "${USERNAME}:nginx" "${BASEDIR}/${DIRNAME}"
chmod g+rx "${BASEDIR}/${DIRNAME}"

if [[ ! -f "/usr/local/nginx/conf/phpmyadmin.conf" ]]; then

	cecho "---------------------------------------------------------------" "$boldyellow"
	cecho "Setup /usr/local/nginx/conf/phpmyadmin.conf ..." "$boldgreen"
	cecho "---------------------------------------------------------------" "$boldyellow"

createpassword

#history -d $((HISTCMD-2))

echo ""
echo "\cp -af /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/php_${DIRNAME}.conf"
\cp -af /usr/local/nginx/conf/php.conf "/usr/local/nginx/conf/php_${DIRNAME}.conf"

sed -i 's/fastcgi_pass   127.0.0.1:9000/fastcgi_pass   127.0.0.1:9991/g' "/usr/local/nginx/conf/php_${DIRNAME}.conf"
sed -i 's/#fastcgi_pass   127.0.0.1:9991/fastcgi_pass   127.0.0.1:9991/g' "/usr/local/nginx/conf/php_${DIRNAME}.conf"
sed -i 's|fastcgi_pass phpbackend|#fastcgi_pass phpbackend|g' "/usr/local/nginx/conf/php_${DIRNAME}.conf"
sed -i 's|fastcgi_pass dft_php|#fastcgi_pass dft_php|g' "/usr/local/nginx/conf/php_${DIRNAME}.conf"
sed -i 's|fastcgi_keep_conn on|#fastcgi_keep_conn on|' "/usr/local/nginx/conf/php_${DIRNAME}.conf"

if ! grep -q 'fastcgi_param HTTPS $server_https;' /usr/local/nginx/conf/php.conf; then
replace '#fastcgi_param HTTPS on;' 'fastcgi_param HTTPS on;' -- "/usr/local/nginx/conf/php_${DIRNAME}.conf"
fi

# sed -i 's/#fastcgi_pass   unix:\/tmp\/php5-fpm.sock/fastcgi_pass   unix:\/tmp\/phpfpm_myadmin.sock/g' "/usr/local/nginx/conf/php_${DIRNAME}.conf"

# increase php-fpm timeouts

sed -i 's/fastcgi_connect_timeout 60;/fastcgi_connect_timeout 3000;/g' "/usr/local/nginx/conf/php_${DIRNAME}.conf"

sed -i 's/fastcgi_send_timeout 180;/fastcgi_send_timeout 3000;/g' "/usr/local/nginx/conf/php_${DIRNAME}.conf"

sed -i 's/fastcgi_read_timeout 180;/fastcgi_read_timeout 3000;/g' "/usr/local/nginx/conf/php_${DIRNAME}.conf"

cat > "/usr/local/nginx/conf/phpmyadmin.conf" <<EOF
location ^~ /${DIRNAME}/ {
	rewrite ^/(.*) https://${SSLHNAME}/\$1 permanent;
}
EOF

sed -i "s/include \/usr\/local\/nginx\/conf\/staticfiles.conf;/include \/usr\/local\/nginx\/conf\/phpmyadmin.conf;\ninclude \/usr\/local\/nginx\/conf\/staticfiles.conf;/g" /usr/local/nginx/conf/conf.d/virtual.conf

cecho "---------------------------------------------------------------" "$boldyellow"

cat /usr/local/nginx/conf/conf.d/virtual.conf

cecho "---------------------------------------------------------------" "$boldyellow"

if [[ "$STATICIP" = 'y' && -n "$CURRENTIP" ]]; then

cecho "STATIC IP configuration" "$boldyellow"

cat > "/usr/local/nginx/conf/phpmyadmin_https.conf" <<END
# Exact match for directory - redirect to index.php
location = /${DIRNAME}/ {
	auth_basic      "Private Access";
	auth_basic_user_file  /usr/local/nginx/conf/htpassphpmyadmin;
	allow 127.0.0.1;
	allow ${CURRENTIP};
	deny all;
	return 302 /${DIRNAME}/index.php;
}

# Handle all phpmyadmin files
location ^~ /${DIRNAME}/ {
	auth_basic      "Private Access";
	auth_basic_user_file  /usr/local/nginx/conf/htpassphpmyadmin;
	allow 127.0.0.1;
	allow ${CURRENTIP};
	deny all;
	include /usr/local/nginx/conf/php_${DIRNAME}.conf;
}
END

else

cecho "NON-STATIC IP configuration" "$boldyellow"

cat > "/usr/local/nginx/conf/phpmyadmin_https.conf" <<END
# Exact match for directory - redirect to index.php
location = /${DIRNAME}/ {
	auth_basic      "Private Access";
	auth_basic_user_file  /usr/local/nginx/conf/htpassphpmyadmin;
	allow 127.0.0.1;
	#allow ${CURRENTIP};
	#deny all;
	return 302 /${DIRNAME}/index.php;
}

# Handle all phpmyadmin files
location ^~ /${DIRNAME}/ {
	auth_basic      "Private Access";
	auth_basic_user_file  /usr/local/nginx/conf/htpassphpmyadmin;
	allow 127.0.0.1;
	#allow ${CURRENTIP};
	#deny all;
	include /usr/local/nginx/conf/php_${DIRNAME}.conf;
}
END

fi # STATICIP

	cecho "---------------------------------------------------------------" "$boldyellow"
	cecho "cat /usr/local/nginx/conf/phpmyadmin.conf" "$boldgreen"
	cecho "---------------------------------------------------------------" "$boldyellow"

cat /usr/local/nginx/conf/phpmyadmin.conf

	cecho "---------------------------------------------------------------" "$boldyellow"
	cecho "cat /usr/local/nginx/conf/phpmyadmin_https.conf" "$boldgreen"
	cecho "---------------------------------------------------------------" "$boldyellow"

cat /usr/local/nginx/conf/phpmyadmin_https.conf

	cecho "---------------------------------------------------------------" "$boldyellow"

# php-fpm pool setup

if [[ ! -f /usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf ]]; then
	echo ""
	cecho "touch /usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf" "$boldgreen"
	touch /usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf
	touch /usr/local/nginx/conf/phpfpmd/empty.conf
	echo ""

CHECKPOOLDIR=$(grep ';include=\/usr\/local\/nginx\/conf\/phpfpmd\/\*.conf' /usr/local/etc/php-fpm.conf)

CHECKPOOLDIRB=$(grep 'include=\/usr\/local\/nginx\/conf\/phpfpmd\/\*.conf' /usr/local/etc/php-fpm.conf)

if [[ -n "$CHECKPOOLDIR" ]]; then
sed -i 's/;include=\/usr\/local\/nginx\/conf\/phpfpmd\/\*.conf/include=\/usr\/local\/nginx\/conf\/phpfpmd\/\*.conf/g' /usr/local/etc/php-fpm.conf
fi

#if [[ -n "$CHECKPOOLDIR" && -z "$CHECKPOOLDIRB" ]]; then
#sed -i 's/;include=\/usr\/local\/nginx\/conf\/phpfpmd\/\*.conf/include=\/usr\/local\/nginx\/conf\/phpfpmd\/\*.conf/g' /usr/local/etc/php-fpm.conf
#fi

if [[ -z "$CHECKPOOLDIRB" && -z "$CHECKPOOLDIR" ]]; then
sed -i 's/process_control_timeout = 10s/process_control_timeout = 10s\ninclude=\/usr\/local\/nginx\/conf\/phpfpmd\/\*.conf/g' /usr/local/etc/php-fpm.conf
fi

CHECKPOOL=$(grep '\[phpmyadmin\]' /usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf)

if [[ -z "$CHECKPOOL" ]]; then

memlimitmsg

cat >> "/usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf" <<EOF
[phpmyadmin]
user = ${USERNAME}
group = nginx

listen = 127.0.0.1:9991
;listen = /tmp/phpfpm_myadmin.sock
listen.allowed_clients = 127.0.0.1
listen.owner=${USERNAME}
listen.group=nginx

pm = ondemand
pm.max_children = 5
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 5000

pm.process_idle_timeout = 7200s;

rlimit_files = 65536
rlimit_core = 0

; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
;request_slowlog_timeout = 0
slowlog = /var/log/php-fpm/www-slowmyadmin.log

security.limit_extensions = .php .php3 .php4 .php5

php_admin_value[open_basedir] = ${BASEDIR}/${DIRNAME}:/tmp
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/php_myadmin_error.log
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = ${MEMLIMIT}M
php_admin_value[max_execution_time] = 7200
php_admin_value[post_max_size] = 1280M
php_admin_value[upload_max_filesize] = 1280M
EOF

if [[ ! -f /var/log/php_myadmin_error.log ]]; then
	touch /var/log/php_myadmin_error.log
	chown "${USERNAME}:nginx" /var/log/php_myadmin_error.log
	chmod 0666 /var/log/php_myadmin_error.log
	ls -lah /var/log/php_myadmin_error.log
fi

if [[ ! -f /var/log/php-fpm/www-slowmyadmin.log ]]; then
	touch /var/log/php-fpm/www-slowmyadmin.log
	chown "${USERNAME}:nginx" /var/log/php-fpm/www-slowmyadmin.log
	chmod 0666 /var/log/php-fpm/www-slowmyadmin.log
	ls -lah /var/log/php-fpm/www-slowmyadmin.log
fi

fi # CHECKPOOL

fi # /usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf

systemctl restart nginx
systemctl restart php-fpm

fi

}

sslvhost() {

cecho "---------------------------------------------------------------" "$boldyellow"
cecho "SSL Vhost Setup..." "$boldgreen"
cecho "---------------------------------------------------------------" "$boldyellow"
echo ""

mkdir -p /usr/local/nginx/conf/ssl
cd /usr/local/nginx/conf/ssl || exit 1

cecho "---------------------------------------------------------------" "$boldyellow"
cecho "Generating self signed SSL certificate..." "$boldgreen"
sleep 10
cecho "Just hit enter at each of the prompts" "$boldgreen"
cecho "---------------------------------------------------------------" "$boldyellow"
echo ""
sleep 10

cat > /tmp/req.cnf <<EOF
[req]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = California
L = Los Angeles
O = ${SSLHNAME}
OU = ${SSLHNAME}
CN = ${SSLHNAME}
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${SSLHNAME}
DNS.2 = *.${SSLHNAME}
DNS.3 = ${CNIP}
EOF

cat > /tmp/v3ext.cnf <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = ${SSLHNAME}
DNS.2 = *.${SSLHNAME}
DNS.3 = ${CNIP}
EOF

# Create the certificate signing request
echo "openssl req -new -newkey rsa:2048 -sha256 -nodes -out ${SSLHNAME}.csr -keyout ${SSLHNAME}.key -config /tmp/req.cnf"
openssl req -new -newkey rsa:2048 -sha256 -nodes -out "${SSLHNAME}.csr" -keyout "${SSLHNAME}.key" -config /tmp/req.cnf
echo "openssl req -noout -text -in ${SSLHNAME}.csr | grep DNS"
openssl req -noout -text -in "${SSLHNAME}.csr" | grep DNS
echo "openssl x509 -req -days 36500 -sha256 -in ${SSLHNAME}.csr -signkey ${SSLHNAME}.key -out ${SSLHNAME}.crt -extfile /tmp/v3ext.cnf"
openssl x509 -req -days 36500 -sha256 -in "${SSLHNAME}.csr" -signkey "${SSLHNAME}.key" -out "${SSLHNAME}.crt" -extfile /tmp/v3ext.cnf
openssl x509 -noout -text < "${SSLHNAME}.crt"

rm -f /tmp/req.cnf
rm -f /tmp/v3ext.cnf

if [[ "$(nginx -V 2>&1 | grep LibreSSL | head -n1)" ]]; then
	CHACHACIPHERS='EECDH+CHACHA20:EECDH+CHACHA20-draft:'
elif [[ "$(nginx -V 2>&1 | grep OpenSSL | head -n1)" ]]; then
	if [[ -f "${DIR_TMP}/openssl-${OPENSSL_VERSION}/crypto/chacha20poly1305/chacha20.c" ]]; then
		CHACHACIPHERS='EECDH+CHACHA20:EECDH+CHACHA20-draft:'
	elif [[ -f "${DIR_TMP}/openssl-${OPENSSL_VERSION}/crypto/chacha/chacha_enc.c" ]]; then
		CHACHACIPHERS='EECDH+CHACHA20:EECDH+CHACHA20-draft:'
	else
		CHACHACIPHERS=""
  fi
else
  CHACHACIPHERS=""
fi

cat > "/usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf"<<SSLEOF
# https SSL HTTP/2 phpmyadmin
server {
        listen 443 $LISTENOPT;
        $HTTP2_DIRECTIVE
        server_name ${SSLHNAME} ${CNIP};
        root   html;

keepalive_timeout  14400;

 client_body_buffer_size 256k;
 client_body_timeout 7200s;
 client_header_buffer_size 256k;
## how long a connection has to complete sending
## it's headers for request to be processed
 client_header_timeout  60s;
 client_max_body_size 512m;
 connection_pool_size  512;
 directio  512m;
 ignore_invalid_headers on;
 large_client_header_buffers 8 256k;

        ssl_certificate      /usr/local/nginx/conf/ssl/${SSLHNAME}.crt;
        ssl_certificate_key  /usr/local/nginx/conf/ssl/${SSLHNAME}.key;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_session_timeout  15m;
        # mozilla recommended
        ssl_ciphers ${CHACHACIPHERS}EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
        ssl_prefer_server_ciphers   on;
        #add_header Strict-Transport-Security "max-age=0; includeSubdomains;";
        add_header X-Frame-Options SAMEORIGIN;
        $COMP_HEADER;
        ssl_buffer_size 1400;
        ssl_session_tickets on;

  # limit_conn limit_per_ip 16;
  # ssi  on;

        access_log              /var/log/nginx/localhost_ssl.access.log     main;
        error_log               /var/log/nginx/localhost_ssl.error.log      error;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

    location / {
        return 302 http://\$server_name\$request_uri;
    }

  include /usr/local/nginx/conf/phpmyadmin_https.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  #include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  include /usr/local/nginx/conf/errorpage.conf;
}
SSLEOF

systemctl restart nginx
systemctl restart php-fpm

chmod 0666 /var/log/nginx/localhost_ssl.access.log
chmod 0666 /var/log/nginx/localhost_ssl.error.log

}

#################################################
myadminupdater() {

if [[ ! -d "$UPDATEDIR" ]]; then
	mkdir -p "$UPDATEDIR"
fi

if [[ ! -f "/root/tools/phpmyadmin_update.sh" ]]; then
cecho "---------------------------------------------------------------" "$boldyellow"
cecho "Create update script:" "$boldgreen"
cecho "/root/tools/phpmyadmin_update.sh" "$boldgreen"
cecho "---------------------------------------------------------------" "$boldyellow"

cat > "/root/tools/phpmyadmin_update.sh" <<EOF
#!/bin/bash
export PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin"
DT=\$(date +"%d%m%y-%H%M%S")
YARN_TMPDIR='/home/yarntmp-phpmyadmin'
##############################################
CENTMINLOGDIR='/root/centminlogs'

if [ ! -d "\$CENTMINLOGDIR" ]; then
  mkdir -p "\$CENTMINLOGDIR"
fi
##############################################
version_gt() {
    test "\$(printf '%s\n' "\$@" | sort -V | head -n 1)" != "\$1";
}

starttime=\$(date +%s.%N)
{

# Try IPv4 first, fallback to IPv6 for IPv6-only servers
LATEST_VERSION=\$(curl -4 -s --connect-timeout 5 "https://api.github.com/repos/phpmyadmin/phpmyadmin/releases/latest" | jq -r .tag_name | sed 's/RELEASE_//' | tr '_' '.')
if [[ -z "\$LATEST_VERSION" || "\$LATEST_VERSION" == "null" ]]; then
    LATEST_VERSION=\$(curl -6 -s --connect-timeout 5 "https://api.github.com/repos/phpmyadmin/phpmyadmin/releases/latest" | jq -r .tag_name | sed 's/RELEASE_//' | tr '_' '.')
fi

INSTALLED_VERSION=\$(ls "${BASEDIR}/${DIRNAME}" | grep RELEASE-DATE | cut -d'-' -f3)

if version_gt "\$LATEST_VERSION" "\$INSTALLED_VERSION"; then
	echo "Updating from \$INSTALLED_VERSION to \$LATEST_VERSION"
	echo "cd ${BASEDIR}"
	cd "${BASEDIR}" || exit 1

	wget -O phpMyAdmin-latest.zip https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.zip
	unzip phpMyAdmin-latest.zip
	rsync -a phpMyAdmin-*-all-languages/ "${DIRNAME}/" --exclude=config.inc.php
	rm -rf phpMyAdmin-*-all-languages
	rm -f phpMyAdmin-latest.zip

	chown "${USERNAME}:nginx" "${BASEDIR}/${DIRNAME}"
	chown -R "${USERNAME}:nginx" "${BASEDIR}/${DIRNAME}"
	chmod g+rx "${BASEDIR}/${DIRNAME}"
else
  echo "\$INSTALLED_VERSION is up to date"
fi

} 2>&1 | tee "\${CENTMINLOGDIR}/centminmod_phpmyadmin_update-\${DT}.log"

endtime=\$(date +%s.%N)

INSTALLTIME=\$(echo "scale=2;\$endtime - \$starttime"|bc )
echo "" >> "\${CENTMINLOGDIR}/centminmod_phpmyadmin_update-\${DT}.log"
echo "Total phpmyadmin Update Time: \$INSTALLTIME seconds" >> "\${CENTMINLOGDIR}/centminmod_phpmyadmin_update-\${DT}.log"
EOF

chmod 0700 /root/tools/phpmyadmin_update.sh

cecho "---------------------------------------------------------------" "$boldyellow"
cecho "Create cronjob for auto updating phpmyadmin:" "$boldgreen"
cecho "/root/tools/phpmyadmin_update.sh" "$boldgreen"
cecho "---------------------------------------------------------------" "$boldyellow"


if ! crontab -l 2>&1 | grep -q phpmyadmin_update.sh; then
    crontab -l > cronjoblist
    mkdir -p /etc/centminmod/cronjobs
    cp cronjoblist /etc/centminmod/cronjobs/cronjoblist-before-phpmyadmin-setup.txt
    echo "19 02 * * * /root/tools/phpmyadmin_update.sh >/dev/null 2>&1" >> cronjoblist
    cp cronjoblist /etc/centminmod/cronjobs/cronjoblist-after-phpmyadmin-setup.txt
    crontab cronjoblist
    rm -rf cronjoblist
    crontab -l
fi

fi

}

#################################################
myadminremove() {

if [[ ! -d "$UPDATEDIR" ]]; then
	mkdir -p "$UPDATEDIR"
fi

if [[ -f "/root/tools/phpmyadmin_uninstall.sh" || ! -f "/root/tools/phpmyadmin_uninstall.sh" ]]; then
cecho "---------------------------------------------------------------" "$boldyellow"
cecho "Create uninstall script:" "$boldgreen"
cecho "/root/tools/phpmyadmin_uninstall.sh" "$boldgreen"
cecho "---------------------------------------------------------------" "$boldyellow"

cat > "/root/tools/phpmyadmin_uninstall.sh" <<EOF
#!/bin/bash
DT=\$(date +"%d%m%y-%H%M%S")
##############################################
CENTMINLOGDIR='/root/centminlogs'

if [ ! -d "\$CENTMINLOGDIR" ]; then
mkdir "\$CENTMINLOGDIR"
fi
##############################################
starttime=\$(date +%s.%N)
{
echo "
rm -rf ${BASEDIR}/${DIRNAME}
rm -rf /root/tools/phpmyadmin_update.sh
rm -rf /usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf
rm -rf /usr/local/nginx/conf/php_${DIRNAME}.conf
rm -rf /usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf
rm -rf /usr/local/nginx/conf/htpassphpmyadmin
rm -rf /usr/local/nginx/conf/phpmyadmin_https.conf
rm -rf /usr/local/nginx/conf/phpmyadmin.conf
rm -rf /usr/local/nginx/conf/phpmyadmin_check"

rm -rf "${BASEDIR}/${DIRNAME}"
rm -rf /root/tools/phpmyadmin_update.sh
rm -rf /usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf
rm -rf "/usr/local/nginx/conf/php_${DIRNAME}.conf"
rm -rf /usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf
rm -rf /usr/local/nginx/conf/htpassphpmyadmin
rm -rf /usr/local/nginx/conf/phpmyadmin_https.conf
rm -rf /usr/local/nginx/conf/phpmyadmin.conf
rm -rf /usr/local/nginx/conf/phpmyadmin_check
sed -i '/include \/usr\/local\/nginx\/conf\/phpmyadmin.conf;'/d /usr/local/nginx/conf/conf.d/virtual.conf
rm -rf /etc/centminmod/cronjobs/cronjoblist-before-phpmyadmin-setup.txt
rm -rf /etc/centminmod/cronjobs/cronjoblist-after-phpmyadmin-setup.txt

systemctl restart nginx
systemctl restart php-fpm

} 2>&1 | tee "\${CENTMINLOGDIR}/centminmod_phpmyadmin_uninstall-\${DT}.log"

endtime=\$(date +%s.%N)

INSTALLTIME=\$(echo "scale=2;\$endtime - \$starttime"|bc )
echo "" >> "\${CENTMINLOGDIR}/centminmod_phpmyadmin_uninstall-\${DT}.log"
echo "Total phpmyadmin Update Time: \$INSTALLTIME seconds" >> "\${CENTMINLOGDIR}/centminmod_phpmyadmin_uninstall-\${DT}.log"
EOF

chmod 0700 /root/tools/phpmyadmin_uninstall.sh

fi

}

#################################################
myadminmsg() {

echo ""
cecho "---------------------------------------------------------------" "$boldyellow"
cecho "Password protected ${DIRNAME}" "$boldgreen"
cecho "at path ${BASEDIR}/${DIRNAME}" "$boldgreen"
cecho "config.inc.php at: ${BASEDIR}/${DIRNAME}/config.inc.php" "$boldgreen"
cecho "  WEB url: " "$boldgreen"
echo ""
cecho "  https://${SSLHNAME}/${DIRNAME}" "$boldwhite"
echo ""
echo "or"
echo ""
cecho "  https://${CNIP}/${DIRNAME}" "$boldwhite"
echo ""
cecho "Login with your MySQL root username / password" "$boldgreen"
cecho "---------------------------------------------------------------" "$boldyellow"
htpassdetails
cecho "phpmyadmin update script at: /root/tools/phpmyadmin_update.sh" "$boldgreen"
cecho "Add your own cron job to automatically run the update script i.e." "$boldgreen"
echo ""
cecho "  15 01 * * * /root/tools/phpmyadmin_update.sh" "$boldwhite"
echo ""
cecho "---------------------------------------------------------------" "$boldyellow"
cecho "phpmyadmin uninstall script at: /root/tools/phpmyadmin_uninstall.sh" "$boldgreen"
echo ""
cecho "  /root/tools/phpmyadmin_uninstall.sh" "$boldwhite"
echo ""
cecho "---------------------------------------------------------------" "$boldyellow"
cecho "SSL vhost: /usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf" "$boldgreen"
cecho "php-fpm includes: /usr/local/nginx/conf/php_${DIRNAME}.conf" "$boldgreen"
cecho "php-fpm pool conf: /usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf" "$boldgreen"
cecho "dedicated php-fpm pool user: ${USERNAME}" "$boldgreen"
cecho "dedicated php-fpm pool group: nginx" "$boldgreen"
cecho "dedicated php error log: /var/log/php_myadmin_error.log" "$boldgreen"
cecho "---------------------------------------------------------------" "$boldyellow"
cecho "SSL vhost access log: /var/log/nginx/localhost_ssl.access.log" "$boldgreen"
cecho "SSL vhost error log: /var/log/nginx/localhost_ssl.error.log" "$boldgreen"
cecho "---------------------------------------------------------------" "$boldyellow"
echo ""

echo "phpmyadmin_install='y'" > /usr/local/nginx/conf/phpmyadmin_check

}
#################################################
case "$1" in
install)
checkphpmyadmin
starttime=$(date +%s.%N)
{
	#backup csf.conf
	cp -a /etc/csf/csf.conf "/etc/csf/csf.conf-backup_beforephpmyadmin_${DT}"

	usercreate
	myadmininstall
	sslvhost
	myadminupdater
	myadminremove
	myadminmsg
} 2>&1 | tee "${CENTMINLOGDIR}/centminmod_phpmyadmin_install_${DT}.log"

endtime=$(date +%s.%N)

INSTALLTIME=$(echo "scale=2;$endtime - $starttime"|bc )
echo "" >> "${CENTMINLOGDIR}/centminmod_phpmyadmin_install_${DT}.log"
echo "Total phpmyadmin Install Time: $INSTALLTIME seconds" >> "${CENTMINLOGDIR}/centminmod_phpmyadmin_install_${DT}.log"

cecho "---------------------------------------------------------------" "$boldyellow"
cecho "Total phpmyadmin Install Time: $INSTALLTIME seconds" "$boldgreen"
cecho "phpmyadmin install log located at:" "$boldgreen"
cecho "${CENTMINLOGDIR}/centminmod_phpmyadmin_install_${DT}.log" "$boldgreen"
cecho "---------------------------------------------------------------" "$boldyellow"

;;
resetpwd)
cecho "---------------------------------------------------------------" "$boldyellow"
createpassword
htpassdetails
;;
*)
	echo "$0 install"
	echo "$0 resetpwd"
;;
esac
exit