#!/bin/bash
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH

: '
Copyright (C) 2022 - now  HaoZi Technology Co., Ltd.

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <https://www.gnu.org/licenses/>.
'

source <(curl -f -s --connect-timeout 10 --retry 3 https://dl.cdn.haozi.net/panel/public.sh)
if [ $? -ne 0 ]; then
    echo "下载 public.sh 失败，请检查网络或稍后重试。"
    echo "Download public.sh failed, please check the network or try again later."
    exit 1
fi

channel=${1}
version=${2}
php_path="${setup_path}/server/php/${channel}"
j=$(calculate_j)

# 安装依赖
if [ ${OS} == "rhel" ]; then
    dnf makecache
    dnf groupinstall "Development Tools" -y
    # openEuler 没有 libavif-devel，单独安装防止报错
    dnf install libavif-devel -y
    dnf install autoconf glibc-headers gdbm-devel gd gd-devel re2c systemd-devel perl oniguruma-devel libsodium-devel libxml2-devel sqlite-devel libzip-devel bzip2-devel xz-devel libpng-devel libjpeg-devel libwebp-devel freetype-devel gmp-devel openssl-devel readline-devel libxslt-devel libcurl-devel pkgconfig libedit-devel zlib-devel pcre-devel crontabs libicu libicu-devel c-ares -y
elif [ ${OS} == "debian" ] || [ ${OS} == "ubuntu" ]; then
    apt-get update
    apt-get install build-essential autoconf libc6-dev libgdbm-dev libgd-tools libgd-dev re2c libsystemd-dev perl libonig-dev libsodium-dev libxml2-dev libsqlite3-dev libzip-dev libbz2-dev liblzma-dev libpng-dev libjpeg-dev libwebp-dev libavif-dev libfreetype6-dev libgmp-dev libssl-dev libreadline-dev libxslt1-dev libcurl4-openssl-dev pkg-config libedit-dev zlib1g-dev libpcre3-dev cron libicu-dev libc-ares2 libc-ares-dev -y
else
    error "不支持的操作系统"
fi
if [ "$?" != "0" ]; then
    error "安装依赖软件失败"
fi

# 准备安装目录
rm -rf ${php_path}
mkdir -p ${php_path}
cd ${php_path}

# 下载源码
wget --retry-connrefused --retry-on-host-error -t 10 -T 120 -O ${php_path}/php-${version}.7z ${download_url}/php/php-${version}.7z
wget --retry-connrefused --retry-on-host-error -t 10 -T 120 -O ${php_path}/php-${version}.7z.sha256 ${download_url}/php/php-${version}.7z.sha256

if ! sha256sum --status -c php-${version}.7z.sha256; then
    rm -rf ${php_path}
    error "PHP-${channel} 校验失败"
fi

7z x php-${version}.7z
rm -f php-${version}.7z
rm -f php-${version}.7z.sha256
mv php-* src
chmod -R 700 src

# 配置
cd src

# PHP <= 80 openssl3 补丁
if [ ${channel} -le "80" ]; then
    wget --retry-connrefused --retry-on-host-error -t 10 -T 120 -O php-${channel}-openssl3.patch ${download_url}/php/php-${channel}-openssl3.patch
    wget --retry-connrefused --retry-on-host-error -t 10 -T 120 -O php-${channel}-openssl3.patch.sha256 ${download_url}/php/php-${channel}-openssl3.patch.sha256
    if ! sha256sum --status -c php-${channel}-openssl3.patch.sha256; then
        rm -rf ${php_path}
        error "PHP-${channel} openssl3 补丁校验失败"
    fi

    patch -p1 <php-${channel}-openssl3.patch
fi

# 个别系统可能没有libavif
WITH_AVIF=""
if pkg-config --exists libavif; then
    WITH_AVIF="--with-avif"
fi

# EOL 补丁版本中没有附带 configure 文件
if [ ! -f "configure" ]; then
    ./buildconf --force
fi

# 配置
if [ ${channel} -ge "81" ]; then
    ./configure --prefix=${php_path} --with-config-file-path=${php_path}/etc --enable-fpm --with-fpm-user=www --with-fpm-group=www --with-fpm-systemd --enable-mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-freetype --with-jpeg --with-zlib --enable-xml --disable-rpath --enable-bcmath --enable-shmop --with-curl --enable-mbregex --enable-mbstring --enable-pcntl --enable-ftp --enable-gd --with-openssl --with-mhash --enable-pcntl --enable-sockets --enable-soap --disable-fileinfo --enable-opcache --with-sodium --with-webp ${WITH_AVIF}
else
    ./configure --prefix=${php_path} --with-config-file-path=${php_path}/etc --enable-fpm --with-fpm-user=www --with-fpm-group=www --with-fpm-systemd --enable-mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-freetype --with-jpeg --with-zlib --enable-xml --disable-rpath --enable-bcmath --enable-shmop --with-curl --enable-mbregex --enable-mbstring --enable-pcntl --enable-ftp --enable-gd --with-openssl --with-mhash --enable-pcntl --enable-sockets --enable-soap --disable-fileinfo --enable-opcache --with-sodium --with-webp
fi

# RHEL 8 PHP 8.3+ 修复
# https://github.com/php/php-src/issues/12774
if [ ${OS} == "rhel" ] && [ $(rpm -E %{rhel}) == "8" ] && [ ${channel} -ge "83" ]; then
    sed -i 's|^CC = cc|CC = cc -fPIE -pie|g' Makefile
    sed -i 's|^BUILD_CC = cc|BUILD_CC = cc -fPIE -pie|g' Makefile
fi

# 编译安装
make "-j${j}"
make install
if [ ! -f "${php_path}/bin/php" ]; then
    rm -rf ${php_path}
    error "PHP-${channel} 安装失败"
fi

# 创建php配置
mkdir -p ${php_path}/etc
\cp php.ini-production ${php_path}/etc/php.ini

# 写入拓展标记位
echo ";下方面板标记位禁止删除，否则将无法安装PHP拓展！" >>${php_path}/etc/php.ini
echo ";The following panel flags are not allowed to be deleted, otherwise PHP extensions cannot be installed!" >>${php_path}/etc/php.ini
echo ";panel" >>${php_path}/etc/php.ini

# 安装 zip 拓展
cd ${php_path}/src/ext/zip
${php_path}/bin/phpize
./configure --with-php-config=${php_path}/bin/php-config
make "-j${j}"
make install
if [ "$?" != "0" ]; then
    rm -rf ${php_path}
    error "PHP-${channel} zip 拓展安装失败"
fi

echo "extension=zip" >>${php_path}/etc/php.ini
cd ${php_path}/src

# 设置软链接
if [ ! -f /usr/bin/php ]; then
    ln -sf ${php_path}/bin/php /usr/bin/php
fi
ln -sf ${php_path}/bin/php /usr/bin/php${channel}
ln -sf ${php_path}/bin/php /usr/bin/php-${channel}
ln -sf ${php_path}/bin/phpize /usr/bin/phpize
ln -sf ${php_path}/bin/pear /usr/bin/pear
ln -sf ${php_path}/bin/pecl /usr/bin/pecl
ln -sf ${php_path}/sbin/php-fpm /usr/bin/php-fpm-${channel}

# 设置fpm
cat >${php_path}/etc/php-fpm.conf <<EOF
[global]
pid = ${php_path}/var/run/php-fpm.pid
error_log = ${php_path}/var/log/php-fpm.log
log_level = notice

[www]
listen = /tmp/php-cgi-${channel}.sock
listen.backlog = -1
listen.allowed_clients = 127.0.0.1
listen.owner = www
listen.group = www
listen.mode = 0666
user = www
group = www
pm = dynamic
pm.max_children = 30
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pm.status_path = /phpfpm_status/${channel}
request_terminate_timeout = 100
request_slowlog_timeout = 30
slowlog = var/log/slow.log
EOF

# 设置PHP进程数
if [[ ${MEM} -gt 1024 && ${MEM} -le 2048 ]]; then
    sed -i "s#pm.max_children.*#pm.max_children = 50#" ${php_path}/etc/php-fpm.conf
    sed -i "s#pm.start_servers.*#pm.start_servers = 5#" ${php_path}/etc/php-fpm.conf
    sed -i "s#pm.min_spare_servers.*#pm.min_spare_servers = 5#" ${php_path}/etc/php-fpm.conf
    sed -i "s#pm.max_spare_servers.*#pm.max_spare_servers = 10#" ${php_path}/etc/php-fpm.conf
elif [[ ${MEM} -gt 2048 && ${MEM} -le 4096 ]]; then
    sed -i "s#pm.max_children.*#pm.max_children = 80#" ${php_path}/etc/php-fpm.conf
    sed -i "s#pm.start_servers.*#pm.start_servers = 5#" ${php_path}/etc/php-fpm.conf
    sed -i "s#pm.min_spare_servers.*#pm.min_spare_servers = 5#" ${php_path}/etc/php-fpm.conf
    sed -i "s#pm.max_spare_servers.*#pm.max_spare_servers = 20#" ${php_path}/etc/php-fpm.conf
elif [[ ${MEM} -gt 4096 && ${MEM} -le 8192 ]]; then
    sed -i "s#pm.max_children.*#pm.max_children = 150#" ${php_path}/etc/php-fpm.conf
    sed -i "s#pm.start_servers.*#pm.start_servers = 10#" ${php_path}/etc/php-fpm.conf
    sed -i "s#pm.min_spare_servers.*#pm.min_spare_servers = 10#" ${php_path}/etc/php-fpm.conf
    sed -i "s#pm.max_spare_servers.*#pm.max_spare_servers = 30#" ${php_path}/etc/php-fpm.conf
elif [[ ${MEM} -gt 8192 && ${MEM} -le 16384 ]]; then
    sed -i "s#pm.max_children.*#pm.max_children = 200#" ${php_path}/etc/php-fpm.conf
    sed -i "s#pm.start_servers.*#pm.start_servers = 15#" ${php_path}/etc/php-fpm.conf
    sed -i "s#pm.min_spare_servers.*#pm.min_spare_servers = 15#" ${php_path}/etc/php-fpm.conf
    sed -i "s#pm.max_spare_servers.*#pm.max_spare_servers = 30#" ${php_path}/etc/php-fpm.conf
elif [[ ${MEM} -gt 16384 ]]; then
    sed -i "s#pm.max_children.*#pm.max_children = 300#" ${php_path}/etc/php-fpm.conf
    sed -i "s#pm.start_servers.*#pm.start_servers = 20#" ${php_path}/etc/php-fpm.conf
    sed -i "s#pm.min_spare_servers.*#pm.min_spare_servers = 20#" ${php_path}/etc/php-fpm.conf
    sed -i "s#pm.max_spare_servers.*#pm.max_spare_servers = 50#" ${php_path}/etc/php-fpm.conf
fi
sed -i "s#listen.backlog.*#listen.backlog = 8192#" ${php_path}/etc/php-fpm.conf
# 最大上传限制100M
sed -i 's/post_max_size =.*/post_max_size = 100M/g' ${php_path}/etc/php.ini
sed -i 's/upload_max_filesize =.*/upload_max_filesize = 100M/g' ${php_path}/etc/php.ini
# 时区PRC
sed -i 's/;date.timezone =.*/date.timezone = PRC/g' ${php_path}/etc/php.ini
sed -i 's/short_open_tag =.*/short_open_tag = On/g' ${php_path}/etc/php.ini
sed -i 's/;cgi.fix_pathinfo=.*/cgi.fix_pathinfo=1/g' ${php_path}/etc/php.ini
# 最大运行时间
sed -i 's/max_execution_time =.*/max_execution_time = 300/g' ${php_path}/etc/php.ini
sed -i 's/;sendmail_path =.*/sendmail_path = \/usr\/sbin\/sendmail -t -i/g' ${php_path}/etc/php.ini
# 禁用函数
sed -i 's/disable_functions =.*/disable_functions = passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv/g' ${php_path}/etc/php.ini
sed -i 's/display_errors = Off/display_errors = On/g' ${php_path}/etc/php.ini
sed -i 's/error_reporting =.*/error_reporting = E_ALL \& \~E_NOTICE/g' ${php_path}/etc/php.ini

# 设置SSL根证书
#sed -i "s#;openssl.cafile=#openssl.cafile=/etc/pki/tls/certs/ca-bundle.crt#" ${php_path}/etc/php.ini
#sed -i "s#;curl.cainfo =#curl.cainfo = /etc/pki/tls/certs/ca-bundle.crt#" ${php_path}/etc/php.ini

# 关闭php外显
sed -i 's/expose_php = On/expose_php = Off/g' ${php_path}/etc/php.ini

# 写入nginx调用php配置文件
cat >${setup_path}/server/nginx/conf/enable-php-${channel}.conf <<EOF
location ~ \.php$ {
    try_files \$uri =404;
    fastcgi_pass unix:/tmp/php-cgi-${channel}.sock;
    fastcgi_index index.php;
    include fastcgi.conf;
    include pathinfo.conf;
}
EOF

# 添加php-fpm到服务
\cp ${php_path}/src/sapi/fpm/php-fpm.service /lib/systemd/system/php-fpm-${channel}.service
sed -i "/PrivateTmp/d" /lib/systemd/system/php-fpm-${channel}.service
systemctl daemon-reload

# 启动php
systemctl enable --now php-fpm-${channel}
if [ "$?" != "0" ]; then
    error "PHP-${channel} 启动失败"
fi

panel-cli app write php${channel} ${channel} ${version}

echo -e $HR
echo "安装完成"
echo -e $HR