How to reset Admin password with Toolbox Discuz! X5.0

admin

  There's a small tip for webmaster to use Toolbox.
+ By default, install/index.php will redirect us to Installation Wizard.
+ If we rename index.php to tool.php and we'll browse: https://yourdicuz-forum.com/install/tool.php

  That's the way we reach Discuz! Toolbox for :
- reset founder password: the fastest way to reset admin root password
- update cache: when you need apply changes to the website
- Restore database: to rollback website to most stable database backup version.
- directory detection: check which files, folders are not matched with origional one.

Demo: Discuz! X 5.0 English Package Installation Wizard

admin

For security reason, we'll add a very simple authentication process to access install/index.php or install/tool.php

1. // After line: define('IN_DISCUZ', true);
   
2. 
   
3. // Tool mode authentication
   
4. define('TOOL_MODE_PASSWORD', 'your_strong_password_here'); // Change this!
   
5. 
   
6. $request_uri = $_SERVER['REQUEST_URI'];
   
7. if (basename($request_uri) != 'index.php') {
   
8.     // This is tool mode, require authentication
   
9.     session_start();
   
10.    
    
11.     // Check if already authenticated
    
12.     if (!isset($_SESSION['tool_auth']) || $_SESSION['tool_auth'] !== true) {
    
13.         // Handle login form submission
    
14.         if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['tool_password'])) {
    
15.             if ($_POST['tool_password'] === TOOL_MODE_PASSWORD) {
    
16.                 $_SESSION['tool_auth'] = true;
    
17.                 // Redirect to remove POST data
    
18.                 header('Location: ' . $_SERVER['REQUEST_URI']);
    
19.                 exit;
    
20.             } else {
    
21.                 $error = 'Invalid password!';
    
22.             }
    
23.         }
    
24.         
    
25.         // Show login form
    
26.         header('HTTP/1.0 403 Forbidden');
    
27.         echo '<!DOCTYPE html>
    
28.         <html>
    
29.         <head>
    
30.             <title>Tool Mode Authentication</title>
    
31.             <meta charset="utf-8">
    
32.             <style>
    
33.                 body { font-family: Arial, sans-serif; background: #f0f0f0; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; }
    
34.                 .login-box { background: white; padding: 30px; border-radius: 8px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); width: 300px; }
    
35.                 h2 { margin-top: 0; color: #333; }
    
36.                 input { width: 100%; padding: 10px; margin: 10px 0; border: 1px solid #ddd; border-radius: 4px; box-sizing: border-box; }
    
37.                 button { width: 100%; padding: 10px; background: #007bff; color: white; border: none; border-radius: 4px; cursor: pointer; }
    
38.                 button:hover { background: #0056b3; }
    
39.                 .error { color: red; margin-bottom: 10px; font-size: 14px; }
    
40.             </style>
    
41.         </head>
    
42.         <body>
    
43.             <div class="login-box">
    
44.                 <h2>Tool Mode Access</h2>
    
45.                 ' . (isset($error) ? '<div class="error">' . htmlspecialchars($error) . '</div>' : '') . '
    
46.                 <form method="post">
    
47.                     <input type="password" name="tool_password" placeholder="Enter tool password" autofocus>
    
48.                     <button type="submit">Authenticate</button>
    
49.                 </form>
    
50.             </div>
    
51.         </body>
    
52.         </html>';
    
53.         exit;
    
54.     }
    
55. }

Copy Code

That'll protect your tool from black hat hackers