$msg"; } exit(1); } require_once $configFile; // Connect to database try { $dsn = "mysql:host={$mysql_host};dbname={$mysql_db};charset=utf8mb4"; $pdo = new PDO($dsn, $mysql_user, $mysql_passwd, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); } catch (PDOException $e) { $msg = "DATABASE ERROR: " . $e->getMessage() . "\n"; if ($isCli) { echo $msg; } else { echo "

$msg

"; } exit(1); } $prefix = isset($mysql_prefix) ? $mysql_prefix : ''; // Handle form submission (web) or interactive (CLI) $message = ''; $success = false; if (!$isCli && $_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['user_id'], $_POST['new_password'])) { $userId = (int) $_POST['user_id']; $newPass = $_POST['new_password']; if (strlen($newPass) < 4) { $message = 'Password must be at least 4 characters.'; } else { // Determine which column holds the password $passCol = 'passwd'; try { $cols = $pdo->query("SHOW COLUMNS FROM `{$prefix}user`")->fetchAll(); $colNames = array_column($cols, 'Field'); if (in_array('pass', $colNames) && !in_array('passwd', $colNames)) { $passCol = 'pass'; } } catch (Exception $e) {} $hash = password_hash($newPass, PASSWORD_BCRYPT, ['cost' => 12]); $stmt = $pdo->prepare("UPDATE `{$prefix}user` SET `{$passCol}` = ? WHERE `id` = ?"); $stmt->execute([$hash, $userId]); if ($stmt->rowCount() > 0) { $message = "Password updated successfully for user ID $userId! You can now log in."; $success = true; } else { $message = "No rows updated. Check that user ID $userId exists."; } } } // Get admin users $passCol = 'passwd'; try { $cols = $pdo->query("SHOW COLUMNS FROM `{$prefix}user`")->fetchAll(); $colNames = array_column($cols, 'Field'); if (in_array('pass', $colNames) && !in_array('passwd', $colNames)) { $passCol = 'pass'; } } catch (Exception $e) {} // Detect which columns exist in the user table $hasName = in_array('name', $colNames); $hasLevel = in_array('level', $colNames); $hasUser = in_array('user', $colNames); $hasUsername = in_array('username', $colNames); $userCol = $hasUser ? 'user' : ($hasUsername ? 'username' : 'id'); $selectCols = "`id`, `{$userCol}` AS `user`"; if ($hasName) $selectCols .= ", `name`"; if ($hasLevel) $selectCols .= ", `level`"; $selectCols .= ", `{$passCol}` AS pass_hash"; $orderBy = $hasLevel ? "`level` ASC, `{$userCol}` ASC" : "`{$userCol}` ASC"; try { $stmt = $pdo->query("SELECT {$selectCols} FROM `{$prefix}user` ORDER BY {$orderBy}"); $users = $stmt->fetchAll(); // Ensure name and level keys exist for display foreach ($users as &$u) { if (!isset($u['name'])) $u['name'] = ''; if (!isset($u['level'])) $u['level'] = '?'; } unset($u); } catch (Exception $e) { $users = []; $message = "Error reading users: " . $e->getMessage(); } // Identify hash type function detect_hash_type($hash) { if (empty($hash)) return 'EMPTY'; if (strpos($hash, '$2y$') === 0 || strpos($hash, '$2a$') === 0 || strpos($hash, '$2b$') === 0) return 'bcrypt (modern)'; if (strlen($hash) === 41 && $hash[0] === '*') return 'MySQL PASSWORD()'; if (strlen($hash) === 16 && ctype_xdigit($hash)) return 'MySQL OLD_PASSWORD()'; if (strlen($hash) === 32 && ctype_xdigit($hash)) return 'MD5'; if (strlen($hash) === 40 && ctype_xdigit($hash)) return 'SHA1'; if (strlen($hash) < 30 && !ctype_xdigit($hash) && $hash[0] !== '$') return 'PLAIN TEXT (insecure!)'; return 'unknown (' . strlen($hash) . ' chars)'; } function level_name($level) { $names = [0 => 'Super Admin', 1 => 'Admin', 2 => 'Dispatcher', 3 => 'Read-Only', 4 => 'Unit', 5 => 'Stats']; return isset($names[$level]) ? $names[$level] : "Level $level"; } // CLI mode if ($isCli) { echo "=== TicketsCAD Admin Password Reset ===\n\n"; if (empty($users)) { echo "No users found in the database.\n"; exit(1); } echo "Users found:\n"; echo str_pad('ID', 5) . str_pad('Username', 20) . str_pad('Level', 20) . str_pad('Hash Type', 15) . "\n"; echo str_repeat('-', 60) . "\n"; foreach ($users as $u) { echo str_pad($u['id'], 5) . str_pad($u['user'], 20) . str_pad(level_name((int)$u['level']), 20) . str_pad(detect_hash_type($u['pass_hash']), 15) . "\n"; } echo "\nTo reset a password, run:\n"; echo " php tools/reset-admin-password.php \n\n"; // Check if arguments provided if (isset($argv[1]) && isset($argv[2])) { $userId = (int) $argv[1]; $newPass = $argv[2]; $hash = password_hash($newPass, PASSWORD_BCRYPT, ['cost' => 12]); $stmt = $pdo->prepare("UPDATE `{$prefix}user` SET `{$passCol}` = ? WHERE `id` = ?"); $stmt->execute([$hash, $userId]); if ($stmt->rowCount() > 0) { echo "Password updated for user ID $userId.\n"; echo "New hash type: bcrypt\n"; echo "\nIMPORTANT: Delete this file after use!\n"; } else { echo "ERROR: No rows updated for user ID $userId.\n"; } } exit(0); } // Web mode ?> TicketsCAD - Admin Password Reset

TicketsCAD — Admin Password Reset

User Accounts

No users found in the database.

ID	Username	Name	Level	Hash	Reset

Security Notice: Delete this file immediately after resetting your password!
Path: tickets/tools/reset-admin-password.php