Make a quick vote 🗳 ️How do you refer to SuiteCRM extensions: add-ons or plug-ins? Click here to have your say 👈

New User Notification Email Password does not match password used when user created. Users cannot login

When we create a user account in the Administration>User Management we are required to create a password. When we save the record a notification email is sent to the user. However, the password notified to the user does not match the password we used to create the user and therefore the user cannot login for the first time.

How can we solve this. We do not want to use system generated passwords at this time.

Any help appreciated as we try to get the basics working.


Really no one! This is such a fundamental issue. We cannot onboard users as the email sent to them does not contain the initial password we set when we created their account.

We have gone through all settings we can find for passwords and cannot see how this random password they are sent is created. If we have to put a password in on creation of the user record why is that password not being notified to the user in the Account Notification email?

Any help would be appreciated.


Do you see any difference if you use a really simple password, just letters, for example? As opposed to letters and numbers and weird symbols?

No. We tried with simple passwords. The email that gets sent contains a random password that does not match what was used to create the account.


Hi @sparticle , which version are you using now?
Do you see anything in the PHP error_log or suitecrm.log right after you hit save on the New User?

We have this spam in the apache error log generally. Hundreds of lines of it.

mod_fcgid: stderr: PHP Warning: A non-numeric value encountered in /home/mydomain/public_html/vendor/phpseclib/phpseclib/phpseclib/bootstrap.php on line 15, referer: https://mydomain.mydomain/

Here is the code in bootstrap.php


 * Bootstrapping File for phpseclib
 * composer isn't a requirement for phpseclib 2.0 but this file isn't really required
 * either. it's a bonus for those using composer but if you're not phpseclib will
 * still work
 * @license MIT License
if (extension_loaded('mbstring')) {
    // mbstring.func_overload is deprecated in php 7.2 and removed in php 8.0.
LINE 15 IS HERE ->   if (version_compare(PHP_VERSION, '8.0.0') < 0 && ini_get('mbstring.func_overload') & 2) {
        throw new UnexpectedValueException(
            'Overloading of string functions using mbstring.func_overload ' .
            'is not supported by phpseclib.'

The password being mailed out by suitecrm is 6 chars Upper Lower and numeric.