<?php
/**
 * Web Publication System Setup Script
 * This script will set up the database and create necessary configuration files
 */

// Prevent direct access if already installed
if (file_exists('../includes/config.php')) {
    die("System appears to be already installed. Please remove includes/config.php to reinstall.");
}

// Database configuration form handling
$db_host = 'localhost';
$db_name = 'webpub';
$db_user = '';
$db_pass = '';
$site_title = 'Web Publication System';
$admin_username = 'admin';
$admin_password = '';
$admin_email = '';

// Language configuration
$default_language = 'en';

// LDAP configuration
$ldap_enabled = false;
$ldap_host = '';
$ldap_port = '389';
$ldap_base_dn = '';
$ldap_user_filter = '(uid={username})';
$ldap_bind_dn = '';
$ldap_bind_password = '';
$ldap_email_attribute = 'mail';
$ldap_name_attribute = 'cn';

$errors = [];
$success = false;

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Validate and sanitize input
    $db_host = trim($_POST['db_host'] ?? 'localhost');
    $db_name = trim($_POST['db_name'] ?? 'webpub');
    $db_user = trim($_POST['db_user'] ?? '');
    $db_pass = trim($_POST['db_pass'] ?? '');
    $site_title = trim($_POST['site_title'] ?? 'Web Publication System');
    $admin_username = trim($_POST['admin_username'] ?? 'admin');
    $admin_password = trim($_POST['admin_password'] ?? '');
    $admin_email = trim($_POST['admin_email'] ?? '');
    $default_language = trim($_POST['default_language'] ?? 'en');
    
    // LDAP configuration
    $ldap_enabled = isset($_POST['ldap_enabled']);
    $ldap_host = trim($_POST['ldap_host'] ?? '');
    $ldap_port = trim($_POST['ldap_port'] ?? '389');
    $ldap_base_dn = trim($_POST['ldap_base_dn'] ?? '');
    $ldap_user_filter = trim($_POST['ldap_user_filter'] ?? '(uid={username})');
    $ldap_bind_dn = trim($_POST['ldap_bind_dn'] ?? '');
    $ldap_bind_password = trim($_POST['ldap_bind_password'] ?? '');
    $ldap_email_attribute = trim($_POST['ldap_email_attribute'] ?? 'mail');
    $ldap_name_attribute = trim($_POST['ldap_name_attribute'] ?? 'cn');

    // Validation
    if (empty($db_user)) $errors[] = 'Database username is required';
    if (empty($admin_email)) $errors[] = 'Admin email is required';
    if (!filter_var($admin_email, FILTER_VALIDATE_EMAIL)) $errors[] = 'Invalid email format';
    
    // Language validation
    if (!in_array($default_language, ['en', 'fi'])) {
        $errors[] = 'Invalid language selection';
        $default_language = 'en';
    }
    
    // If LDAP is disabled, require admin password
    if (!$ldap_enabled && empty($admin_password)) {
        $errors[] = 'Admin password is required when LDAP is disabled';
    }
    
    // LDAP validation
    if ($ldap_enabled) {
        if (empty($ldap_host)) $errors[] = 'LDAP host is required when LDAP is enabled';
        if (empty($ldap_base_dn)) $errors[] = 'LDAP base DN is required when LDAP is enabled';
    }

    if (empty($errors)) {
        try {
            // Test database connection
            $pdo = new PDO("mysql:host=$db_host", $db_user, $db_pass);
            $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

            // Create database if it doesn't exist
            $pdo->exec("CREATE DATABASE IF NOT EXISTS `$db_name` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci");
            $pdo->exec("USE `$db_name`");

            // Import SQL schema
            $sql = file_get_contents('database.sql');
            $pdo->exec($sql);

            // Update admin user with provided credentials
            if ($ldap_enabled) {
                // For LDAP, don't require local password
                $stmt = $pdo->prepare("UPDATE users SET username = ?, email = ?, auth_type = 'ldap' WHERE username = 'admin'");
                $stmt->execute([$admin_username, $admin_email]);
            } else {
                $hashed_password = password_hash($admin_password, PASSWORD_DEFAULT);
                $stmt = $pdo->prepare("UPDATE users SET username = ?, password = ?, email = ?, auth_type = 'local' WHERE username = 'admin'");
                $stmt->execute([$admin_username, $hashed_password, $admin_email]);
            }

            // Create configuration file
            $config_content = "<?php\n";
            $config_content .= "// Database configuration\n";
            $config_content .= "define('DB_HOST', '$db_host');\n";
            $config_content .= "define('DB_NAME', '$db_name');\n";
            $config_content .= "define('DB_USER', '$db_user');\n";
            $config_content .= "define('DB_PASS', '$db_pass');\n\n";
            $config_content .= "// Site configuration\n";
            $config_content .= "define('SITE_TITLE', '$site_title');\n";
            $config_content .= "define('SITE_URL', '" . ($_SERVER['HTTPS'] ? 'https' : 'http') . "://{$_SERVER['HTTP_HOST']}" . dirname($_SERVER['PHP_SELF']) . "/../');\n";
            $config_content .= "define('ADMIN_EMAIL', '$admin_email');\n\n";
            $config_content .= "// Language configuration\n";
            $config_content .= "define('DEFAULT_LANGUAGE', '$default_language');\n\n";
            $config_content .= "// LDAP configuration\n";
            $config_content .= "define('LDAP_ENABLED', " . ($ldap_enabled ? 'true' : 'false') . ");\n";
            $config_content .= "define('LDAP_HOST', '$ldap_host');\n";
            $config_content .= "define('LDAP_PORT', '$ldap_port');\n";
            $config_content .= "define('LDAP_BASE_DN', '$ldap_base_dn');\n";
            $config_content .= "define('LDAP_USER_FILTER', '$ldap_user_filter');\n";
            $config_content .= "define('LDAP_BIND_DN', '$ldap_bind_dn');\n";
            $config_content .= "define('LDAP_BIND_PASSWORD', '$ldap_bind_password');\n";
            $config_content .= "define('LDAP_EMAIL_ATTRIBUTE', '$ldap_email_attribute');\n";
            $config_content .= "define('LDAP_NAME_ATTRIBUTE', '$ldap_name_attribute');\n";

            if (file_put_contents('../includes/config.php', $config_content)) {
                $success = true;
            } else {
                $errors[] = 'Failed to create configuration file. Check file permissions.';
            }

        } catch (PDOException $e) {
            $errors[] = 'Database error: ' . $e->getMessage();
        }
    }
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Web Publication System Setup</title>
    <link rel="stylesheet" href="../css/style.css">
</head>
<body>
    <div class="container">
        <h1>Web Publication System Setup</h1>
        
        <?php if ($success): ?>
            <div class="alert alert-success">
                <h3>Installation Complete!</h3>
                <p>The system has been successfully installed. You can now:</p>
                <ul>
                    <li><a href="../admin/">Access the admin panel</a></li>
                    <li><a href="../public/">View the public site</a></li>
                </ul>
                <p><strong>Important:</strong> Delete the setup directory for security.</p>
            </div>
        <?php else: ?>
            <?php if (!empty($errors)): ?>
                <div class="alert alert-error">
                    <?php foreach ($errors as $error): ?>
                        <p><?php echo htmlspecialchars($error); ?></p>
                    <?php endforeach; ?>
                </div>
            <?php endif; ?>

            <form method="post" class="setup-form">
                <h2>Database Configuration</h2>
                
                <div class="form-group">
                    <label for="db_host">Database Host:</label>
                    <input type="text" id="db_host" name="db_host" value="<?php echo htmlspecialchars($db_host); ?>" required>
                </div>

                <div class="form-group">
                    <label for="db_name">Database Name:</label>
                    <input type="text" id="db_name" name="db_name" value="<?php echo htmlspecialchars($db_name); ?>" required>
                </div>

                <div class="form-group">
                    <label for="db_user">Database Username:</label>
                    <input type="text" id="db_user" name="db_user" value="<?php echo htmlspecialchars($db_user); ?>" required>
                </div>

                <div class="form-group">
                    <label for="db_pass">Database Password:</label>
                    <input type="password" id="db_pass" name="db_pass">
                </div>

                <h2>Site Configuration</h2>

                <div class="form-group">
                    <label for="site_title">Site Title:</label>
                    <input type="text" id="site_title" name="site_title" value="<?php echo htmlspecialchars($site_title); ?>" required>
                </div>

                <div class="form-group">
                    <label for="default_language">Default Language:</label>
                    <select id="default_language" name="default_language">
                        <option value="en" <?php echo $default_language === 'en' ? 'selected' : ''; ?>>English</option>
                        <option value="fi" <?php echo $default_language === 'fi' ? 'selected' : ''; ?>>Finnish</option>
                    </select>
                </div>

                <h2>Authentication Configuration</h2>
                
                <div class="form-group">
                    <label>
                        <input type="checkbox" id="ldap_enabled" name="ldap_enabled" <?php echo $ldap_enabled ? 'checked' : ''; ?> onchange="toggleLdapFields()">
                        Enable LDAP Authentication
                    </label>
                    <p class="help-text">When enabled, users will authenticate against LDAP directory instead of local database.</p>
                </div>

                <div id="ldap_fields" style="display: <?php echo $ldap_enabled ? 'block' : 'none'; ?>;">
                    <h3>LDAP Configuration</h3>
                    
                    <div class="form-group">
                        <label for="ldap_host">LDAP Server Host:</label>
                        <input type="text" id="ldap_host" name="ldap_host" value="<?php echo htmlspecialchars($ldap_host); ?>" <?php echo $ldap_enabled ? 'required' : ''; ?>>
                    </div>

                    <div class="form-group">
                        <label for="ldap_port">LDAP Port:</label>
                        <input type="text" id="ldap_port" name="ldap_port" value="<?php echo htmlspecialchars($ldap_port); ?>">
                    </div>

                    <div class="form-group">
                        <label for="ldap_base_dn">LDAP Base DN:</label>
                        <input type="text" id="ldap_base_dn" name="ldap_base_dn" value="<?php echo htmlspecialchars($ldap_base_dn); ?>" <?php echo $ldap_enabled ? 'required' : ''; ?> placeholder="Example: dc=example,dc=com">
                    </div>

                    <div class="form-group">
                        <label for="ldap_user_filter">User Search Filter:</label>
                        <input type="text" id="ldap_user_filter" name="ldap_user_filter" value="<?php echo htmlspecialchars($ldap_user_filter); ?>" placeholder="Example: (uid={username})">
                    </div>

                    <div class="form-group">
                        <label for="ldap_bind_dn">Bind DN (optional):</label>
                        <input type="text" id="ldap_bind_dn" name="ldap_bind_dn" value="<?php echo htmlspecialchars($ldap_bind_dn); ?>" placeholder="Leave empty for anonymous bind">
                    </div>

                    <div class="form-group">
                        <label for="ldap_bind_password">Bind Password (optional):</label>
                        <input type="password" id="ldap_bind_password" name="ldap_bind_password" value="<?php echo htmlspecialchars($ldap_bind_password); ?>">
                    </div>

                    <div class="form-group">
                        <label for="ldap_email_attribute">Email Attribute:</label>
                        <input type="text" id="ldap_email_attribute" name="ldap_email_attribute" value="<?php echo htmlspecialchars($ldap_email_attribute); ?>">
                    </div>

                    <div class="form-group">
                        <label for="ldap_name_attribute">Name Attribute:</label>
                        <input type="text" id="ldap_name_attribute" name="ldap_name_attribute" value="<?php echo htmlspecialchars($ldap_name_attribute); ?>">
                    </div>
                </div>

                <div id="local_auth_fields" style="display: <?php echo $ldap_enabled ? 'none' : 'block'; ?>;">
                    <h3>Local Administrator Account</h3>

                    <div class="form-group">
                        <label for="admin_username">Admin Username:</label>
                        <input type="text" id="admin_username" name="admin_username" value="<?php echo htmlspecialchars($admin_username); ?>" <?php echo !$ldap_enabled ? 'required' : ''; ?>>
                    </div>

                    <div class="form-group">
                        <label for="admin_password">Admin Password:</label>
                        <input type="password" id="admin_password" name="admin_password" <?php echo !$ldap_enabled ? 'required' : ''; ?>>
                    </div>
                </div>

                <div class="form-group">
                    <label for="admin_email">Admin Email:</label>
                    <input type="email" id="admin_email" name="admin_email" value="<?php echo htmlspecialchars($admin_email); ?>" required>
                </div>

                <button type="submit" class="btn btn-primary">Install System</button>
            </form>
        <?php endif; ?>
    </div>
    <script>
        function toggleLdapFields() {
            const ldapEnabled = document.getElementById('ldap_enabled').checked;
            const ldapFields = document.getElementById('ldap_fields');
            const localAuthFields = document.getElementById('local_auth_fields');
            const adminUsername = document.getElementById('admin_username');
            const adminPassword = document.getElementById('admin_password');
            const ldapHost = document.getElementById('ldap_host');
            const ldapBaseDn = document.getElementById('ldap_base_dn');
            
            if (ldapEnabled) {
                ldapFields.style.display = 'block';
                localAuthFields.style.display = 'none';
                adminUsername.removeAttribute('required');
                adminPassword.removeAttribute('required');
                ldapHost.setAttribute('required', 'required');
                ldapBaseDn.setAttribute('required', 'required');
            } else {
                ldapFields.style.display = 'none';
                localAuthFields.style.display = 'block';
                adminUsername.setAttribute('required', 'required');
                adminPassword.setAttribute('required', 'required');
                ldapHost.removeAttribute('required');
                ldapBaseDn.removeAttribute('required');
            }
        }
    </script>
</body>
</html>