diff --git a/scribeengine/controllers/account.py b/scribeengine/controllers/account.py
index 9306051..f8b330e 100644
--- a/scribeengine/controllers/account.py
+++ b/scribeengine/controllers/account.py
@@ -25,6 +25,8 @@ import string
 import random
 from datetime import datetime
 
+from formencode.validators import Int
+
 from scribeengine.lib.base import *
 from scribeengine.lib.validation.client import JSString, JSEmail
 from scribeengine.lib.validation.server import UnicodeString, Email, FieldsMatch
@@ -163,7 +165,7 @@ class AccountController(BaseController):
             h.flash.set_message(u'An e-mail has been sent to your e-mail address. '
                 u'Please reset your password by clicking on the link in your '
                 u'e-mail.', u'success')
-        h.redirect_to('/account/reset')
+        h.redirect_to('/account/login')
 
     def password(self, id=None):
         if not id or not request.GET.get(u'code'):
@@ -173,6 +175,9 @@ class AccountController(BaseController):
         if not c.user:
             h.flash.set_message(u'There was a problem with your account, please reset your password again.', u'error')
             h.redirect_to(h.url_for(controller=u'account', action=u'login'))
+        if c.user.activation_key != request.GET.get(u'code'):
+            h.flash.set_message(u'There was a problem with your activation code, please reset your password again.', u'error')
+            h.redirect_to(h.url_for(controller=u'account', action=u'login'))
         c.page_title = u'Change Password'
         return render(u'/account/password.mako')
 
@@ -185,17 +190,17 @@ class AccountController(BaseController):
 
     def password_schema(self):
         return {
-            'user_id': Int(),
             'password-password': UnicodeString(not_empty=True, messages={'empty': u'You haven\'t typed in a password.'}),
             'confirm-password': [FieldsMatch('password-password', 'password-confirm', messages={'invalid': u'Your passwords don\'t match.'})]
         }
 
-    def password_POST(self):
-        user = Session.query(User).get(c.form_values[u'user_id'])
+    def password_POST(self, id=None):
+        user = Session.query(User).get(id)
         if not user:
             h.flash.set_message(u'There was a problem with your account, please reset your password again.', u'error')
             h.redirect_to(h.url_for(controller=u'account', action=u'login'))
         user.password = utils.hash_password(c.form_values[u'password-password'])
+        user.activation_key = None
         user.modified = datetime.now()
         Session.add(user)
         Session.commit()
diff --git a/scribeengine/templates/account/password.mako b/scribeengine/templates/account/password.mako
index 12ccff5..3eaa03e 100644
--- a/scribeengine/templates/account/password.mako
+++ b/scribeengine/templates/account/password.mako
@@ -3,7 +3,7 @@
         <div class="post">
             <h2 class="title">New password</h2>
             <%include file="/errors.mako"/>
-            <form id="account-password" action="${h.url_for(controller=u'account', action=u'password')}" method="post">
+            <form id="account-password" action="${h.url_for(controller=u'account', action=u'password', id=c.user.id)}" method="post">
               <fieldset>
                 <div class="form-item">
                   <label for="password-password">Password:</label>