EP Password Reset
EP Password Reset adds a “Forgot your password?” flow to PageMotor’s admin login. The admin enters their email, gets a tokenised reset link, clicks it, sets a new password. Token is single-use and time-limited.
Published by ElmsPark Studio.
Overview
Section titled “Overview”PageMotor core has no built-in password reset for admin accounts. If an admin forgets their password, they need database access to reset it. This plugin adds the email-based flow users expect from any modern system.
Flow:
- Admin clicks Forgot your password? on the login page.
- Enters their email address.
- Plugin generates a single-use token, stores it, sends a reset link via EP Email.
- Admin clicks the link (must be within the expiry window, 1 hour by default).
- Admin sets a new password. Token is invalidated.
- Admin can now log in with the new password.
Requirements
Section titled “Requirements”- PageMotor 0.8.2b or later
- EP Email (required for the reset email)
- EP Suite base class
Installation
Section titled “Installation”Not currently available for install. EP Password Reset depends on a PageMotor core change that has not yet shipped. Installation steps will be published here once the core change lands.
Settings
Section titled “Settings”- Token expiry. Minutes before a reset link becomes invalid. Default 60.
- Email template. Subject and body of the reset email. Supports the
{reset_link}placeholder.
Security
Section titled “Security”- Single-use tokens. After a successful reset, the token is invalidated. Trying to reuse it fails.
- Time-limited. Tokens expire after the configured window.
- Cryptographically random. 32 bytes from a secure random source.
- Email-only delivery. The token is only ever sent to the admin’s registered email.
- Generic success message. The plugin says “if that email is registered, a link has been sent” whether or not the email exists, so attackers can’t enumerate valid admin emails.
Troubleshooting
Section titled “Troubleshooting”“Reset email doesn’t arrive”
Section titled ““Reset email doesn’t arrive””EP Email handles delivery. Check EP Email’s log. Common causes: SMTP config wrong, email in spam folder, admin’s email address is outdated in the PageMotor user record.
“Reset link says ‘expired’ despite clicking quickly”
Section titled ““Reset link says ‘expired’ despite clicking quickly””Token expiry default is 1 hour. If the admin forwarded the email to another account or clicked in a delayed session, more than 60 minutes may have passed. Request a new reset.
“Link says ‘already used’”
Section titled ““Link says ‘already used’””Single-use tokens. If the admin clicked twice (once to set password, once accidentally), the second click fails. Request a new reset if the password wasn’t actually set.
“Reset flow works but admin still can’t log in”
Section titled ““Reset flow works but admin still can’t log in””After reset, the admin is logged out of any existing sessions. Close all browser tabs, start fresh at the login page, use the new password.
Feedback and corrections
Section titled “Feedback and corrections”For a quick question about this plugin, EP Support inside your admin is the fastest option. The chat widget sits on every EP plugin settings page and knows which one you’re on, with starter questions and links preloaded for that exact screen.
For anything bigger — a bug report, a feature request, or a “how do I…” that needs a real reply — open a ticket at help.elmspark.com. A real person, helped by AI, writes the reply. Usually within a few hours. Tickets don’t disappear into the void.