8.9.1-Unable to change Password

[andertow]

Issue

This problem has been present on my installation for some time. I upgraded from 8.7.1 to 8.9.1 and the problem persists. I can't change my password after logging in.

Strange how only my installation is affected. Hope it helps someone with the same problem.

Possible Fix

Fix:
Remove 'Location:' from SugarApplication::redirect() in legacy/modules/Users/User.php
Line 697:

        #return SugarApplication::redirect('Location: index.php?action=Error&module=Users');
        return SugarApplication::redirect('index.php?action=Error&module=Users');

Line 735:
#SugarApplication::redirect("Location: index.php?action=EditView&module=Users&record=" . $_POST['record']);
SugarApplication::redirect("index.php?action=EditView&module=Users&record=" . $_POST['record']);

Line 739:
#SugarApplication::redirect("Location: index.php?action=ChangePassword&module=Users&record=" . $_POST['record']);
SugarApplication::redirect("index.php?action=ChangePassword&module=Users&record=" . $_POST['record']);

Firefox has an additional error message (not in Chrome):
[php:warn] [REDACTED] PHP Warning: Undefined array key "ut" in /REDACTED/legacy/modules/Users/User.php on line 944, referer: https://REDACTED/legacy/index.php?module=Users&action=EditView&record=REDACTED

Fix:
Comment out line 941
#$ut = $_POST['ut'] ?? '0';

Edit 944:
#if (isset($ut)) {
if (isset($_POST['ut'])) {

Result:
Password changed and no errors in the browser console.

Steps to Reproduce the Issue

**Use case (Firefox and Chrome):**
- Turn off ModSecurity
- User or admin logs in
- Edit Profile > Password
- Enter old password
- Enter new password twice (in my case 15 chars with special chars)
- Save

Context

Just trying to change my password.

2 errors:

1. POST ERROR in Browser network console (Location Location:):

scheme
https
host
REDACTED
filename
/crm/REDACTED/legacy/index.php
Proxy Address
REDACTED
Status
301
Moved Permanently
Proxy Status
200
Connection
VersionHTTP/1.1
Proxy VersionHTTP/1.1
Transferred14.03 kB (0 B size)
Referrer Policystrict-origin-when-cross-origin
DNS ResolutionDNS over HTTPS

Location
Location: index.php?action=EditView&module=Users&record=REDACTED
Server
Apache
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0

2. Form error (only in Firefox):

[php:warn] [REDACTED] PHP Warning: Undefined array key "ut" in /REDACTED/legacy/modules/Users/User.php on line 944, referer: https://REDACTED/legacy/index.php?module=Users&action=EditView&record=REDACTED

Version

8.9.1

What browser are you currently using?

Chrome

Browser Version

Chrome 142.0.7444.135 (Offizieller Build) (64-Bit), Firefox 144.0.2 (64-bit)

Environment Information

mysql Ver 8.0.43-0ubuntu0.22.04.2 for Linux on aarch64 ((Ubuntu)), PHP 8.2.29 (cli) (built: Jul 3 2025 13:07:49) (NTS)

Operating System and Version

Ubuntu 22.04

[johnM2401]

Hey!
Thank you for getting in touch with this

I've so far been unable to replicate this issue myself
I was wondering if you had any further information on this?

Such as:

• Are you able to change passwords if you use a password with no special characters?
• Do you have any specific Password Requirements set in the Admin->Password Management->Password Security panel?
  (and does your target password meet all of these?)
• As Admin, are you able to change other users' passwords, or does this also fail?
• Do you see any other errors in the log files that are relevant? (ie: /logs/legacy/suitecrm.log , /logs/prod/prod.log, or the PHP error logs)

Thank you for your time!

[andertow]

Hi there, there were no special characters or special setting in the admin console (all set to default). The setup is quite fresh and doesn't have much data yet (still under evaluation). I did upgrade to the laI forgot my password and resetting the password failed to process due to errors. The error was displayed in the browser's console. WHen I patched the code, I could set a password.

I do have a German server and a German browser but I didn't usa any German characters in the password.