-
- if (0 != strcmp($newpassword, $confirm)) {
- $this->show_form(_('Passwords don\'t match'));
+ $token = $this->arg('token');
+
+ if (!$token || $token != common_session_token()) {
+ $this->show_form(_('There was a problem with your session token. Try again, please.'));
+ return;
+ } else if (0 != strcmp($newpassword, $confirm)) {
+ $this->show_form(_('Passwords don\'t match.'));