How to force user password expiration every x months

Hello all, below you will find a “how to” about forcing user password expiration every x months
FYI this was tested on shared host and on 7.6.4 and on 7.7.4 versions.

It is written in a way that:

    • Does not affect admin user with id=1
    • Does not affect inactive users
    • Does not affect newly created users that hadn’t login for the first time.

Now create a new text file,name it “passexp.php” and paste the following:

//Process to force the expiration of the passwords. Used In Schedulers.
include ('/var/www/vhosts/<your-suitecrm-folder>/config.php'); 

if (isset($_GET['m']) && ($_GET['m']!='') && ($_GET['m']>0)){
	$days=30*$_GET['m']; //30 days per month
	$query="update users set
			where ( (datediff(curdate(),pwd_last_changed)>".$days.") 
			and (id<>1) and (status='Active') and (system_generated_password=0) );";
	$conn = new mysqli ($sugar_config['dbconfig']['db_host_name'],$sugar_config['dbconfig']['db_user_name'],$sugar_config['dbconfig']['db_password'],$sugar_config['dbconfig']['db_name']);    //connect
	$result=$conn->query($query);  //run query

WARNING!: The include path might be different in your enviroment. Please change at will. :slight_smile:

Save the file and upload it to your suitecrm installation.

Login with admin user and go to Admin->Scheduler.
Create a new Scheduler and configure it like below.
Name= Password Expiration
Job= URL
Advance Oprions CHECKED
Interval min=0, hrs=0, date=, mo=, day=*
Status= Active

Last at Job URL write http:///passexp.php?m=

For example if your domain is and you want passwords to expire every 6 months you will write

Save the Scheduler and you are ready to go.

1 Like


Thanks for sharing!

Someone will certainly make good use of this :wink: