diff --git a/core/authentication/resources/classes/plugins/database.php b/core/authentication/resources/classes/plugins/database.php
index 1b161bc65..00f5dc124 100644
--- a/core/authentication/resources/classes/plugins/database.php
+++ b/core/authentication/resources/classes/plugins/database.php
@@ -55,6 +55,10 @@ class plugin_database {
 	 */
 	function database(authentication $auth, settings $settings) {
 
+		//add multi-lingual support
+		$language = new text;
+		$text     = $language->get(null, '/core/authentication');
+
 		//pre-process some settings
 		$theme_favicon             = $settings->get('theme', 'favicon', PROJECT_PATH . '/themes/default/favicon.ico');
 		$theme_logo                = $settings->get('theme', 'logo', PROJECT_PATH . '/themes/default/images/logo_login.png');
@@ -97,12 +101,8 @@ class plugin_database {
 			$domain_name  = $domain_array[0];
 
 			//create token
-			//$object = new token;
-			//$token = $object->create('login');
-
-			//add multi-lingual support
-			$language = new text;
-			$text     = $language->get(null, '/core/authentication');
+			$object = new token;
+			$token = $object->create('login');
 
 			//initialize a template object
 			$view               = new template();
@@ -164,8 +164,8 @@ class plugin_database {
 			$view->assign('messages', message::html(true, '		'));
 
 			//add the token name and hash to the view
-			//$view->assign("token_name", $token['name']);
-			//$view->assign("token_hash", $token['hash']);
+			$view->assign("token_name", $token['name']);
+			$view->assign("token_hash", $token['hash']);
 
 			//show the views
 			$content = $view->render('login.htm');
@@ -174,12 +174,12 @@ class plugin_database {
 		}
 
 		//validate the token
-		//$token = new token;
-		//if (!$token->validate($_SERVER['PHP_SELF'])) {
-		//	message::add($text['message-invalid_token'],'negative');
-		//	header('Location: domains.php');
-		//	exit;
-		//}
+		$token = new token;
+		if (!$token->validate('login')) {
+			message::add($text['message-invalid_token'],'negative');
+			header('Location: login.php');
+			exit;
+		}
 
 		//add the authentication details
 		if (isset($_REQUEST["username"])) {
diff --git a/core/authentication/resources/classes/plugins/email.php b/core/authentication/resources/classes/plugins/email.php
index faba15e48..6a020978b 100644
--- a/core/authentication/resources/classes/plugins/email.php
+++ b/core/authentication/resources/classes/plugins/email.php
@@ -65,6 +65,20 @@ class plugin_email {
 	 */
 	function email(authentication $auth, settings $settings) {
 
+		//add multi-lingual support
+		$language = new text;
+		$text     = $language->get(null, '/core/authentication');
+
+		//validate the token
+		if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+			$token = new token;
+			if (!$token->validate('login')) {
+				message::add($text['message-invalid_token'], 'negative');
+				header('Location: login.php');
+				exit;
+			}
+		}
+
 		//pre-process some settings
 		$theme_favicon           = $settings->get('theme', 'favicon', PROJECT_PATH . '/themes/default/favicon.ico');
 		$theme_logo              = $settings->get('theme', 'logo', PROJECT_PATH . '/themes/default/images/logo_login.png');
@@ -98,9 +112,9 @@ class plugin_email {
 		//request the username
 		if (!isset($_POST['username']) && !isset($_POST['authentication_code'])) {
 
-			//add multi-lingual support
-			$language = new text;
-			$text     = $language->get(null, '/core/authentication');
+			//create token
+			$object = new token;
+			$token = $object->create('login');
 
 			//initialize a template object
 			$view               = new template();
@@ -127,6 +141,10 @@ class plugin_email {
 			//messages
 			$view->assign('messages', message::html(true, '		'));
 
+			//add the token name and hash to the view
+			$view->assign("token_name", $token['name']);
+			$view->assign("token_hash", $token['hash']);
+
 			//show the views
 			$content = $view->render('username.htm');
 			echo $content;
@@ -331,12 +349,8 @@ class plugin_email {
 			$domain_name  = $domain_array[0];
 
 			//create token
-			//$object = new token;
-			//$token = $object->create('login');
-
-			//add multi-lingual support
-			$language = new text;
-			$text     = $language->get(null, '/core/authentication');
+			$object = new token;
+			$token = $object->create('login');
 
 			//initialize a template object
 			$view               = new template();
@@ -365,6 +379,10 @@ class plugin_email {
 			//messages
 			$view->assign('messages', message::html(true, '		'));
 
+			//add the token name and hash to the view
+			$view->assign("token_name", $token['name']);
+			$view->assign("token_hash", $token['hash']);
+
 			//show the views
 			$content = $view->render('email.htm');
 			echo $content;
diff --git a/core/authentication/resources/classes/plugins/totp.php b/core/authentication/resources/classes/plugins/totp.php
index c6d84c299..67d8ea66a 100644
--- a/core/authentication/resources/classes/plugins/totp.php
+++ b/core/authentication/resources/classes/plugins/totp.php
@@ -70,6 +70,20 @@ class plugin_totp {
 	 */
 	function totp(authentication $auth, settings $settings) {
 
+		//add multi-lingual support
+		$language = new text;
+		$text     = $language->get(null, '/core/authentication');
+
+		//validate the token
+		if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+			$token = new token;
+			if (!$token->validate('login')) {
+				message::add($text['message-invalid_token'], 'negative');
+				header('Location: login.php');
+				exit;
+			}
+		}
+
 		//pre-process some settings
 		$theme_favicon           = $settings->get('theme', 'favicon', PROJECT_PATH . '/themes/default/favicon.ico');
 		$theme_logo              = $settings->get('theme', 'logo', PROJECT_PATH . '/themes/default/images/logo_login.png');
@@ -107,12 +121,8 @@ class plugin_totp {
 			$domain_name  = $domain_array[0];
 
 			//create token
-			//$object = new token;
-			//$token = $object->create('login');
-
-			//add multi-lingual support
-			$language = new text;
-			$text     = $language->get(null, '/core/authentication');
+			$object = new token;
+			$token = $object->create('login');
 
 			//initialize a template object
 			$view               = new template();
@@ -139,6 +149,10 @@ class plugin_totp {
 			//messages
 			$view->assign('messages', message::html(true, '		'));
 
+			//add the token name and hash to the view
+			$view->assign("token_name", $token['name']);
+			$view->assign("token_hash", $token['hash']);
+
 			//show the views
 			$content = $view->render('username.htm');
 			echo $content;
@@ -210,12 +224,8 @@ class plugin_totp {
 			$domain_name  = $domain_array[0];
 
 			//create token
-			//$object = new token;
-			//$token = $object->create('login');
-
-			//add multi-lingual support
-			$language = new text;
-			$text     = $language->get(null, '/core/authentication');
+			$object = new token;
+			$token = $object->create('login');
 
 			//initialize a template object
 			$view               = new template();
@@ -241,6 +251,10 @@ class plugin_totp {
 				$view->assign("button_cancel", $text['button-cancel']);
 			}
 
+			//add the token name and hash to the view
+			$view->assign("token_name", $token['name']);
+			$view->assign("token_hash", $token['hash']);
+
 			//show the views
 			if (!empty($_SESSION['authentication']['plugin']['database']['authorized']) && empty($this->user_totp_secret)) {
 
diff --git a/core/authentication/resources/views/email.htm b/core/authentication/resources/views/email.htm
index 2f35985e7..6f6698619 100644
--- a/core/authentication/resources/views/email.htm
+++ b/core/authentication/resources/views/email.htm
@@ -82,6 +82,7 @@
 							<a class='login_link' href='{$project_path}/logout.php'>{$button_cancel}</a>
 						{/if}
 					</div>
+					<input type='hidden' name='{$token_name}' value='{$token_hash}'>
 				</form>
 			</div>
 		</div>
diff --git a/core/authentication/resources/views/login.htm b/core/authentication/resources/views/login.htm
index eb55b5d05..4ca16eb1a 100644
--- a/core/authentication/resources/views/login.htm
+++ b/core/authentication/resources/views/login.htm
@@ -118,6 +118,7 @@
 							{/foreach}
 						{/if}
 					</div>
+					<input type='hidden' name='{$token_name}' value='{$token_hash}'>
 				</form>
 			</div>
 		</div>
diff --git a/core/authentication/resources/views/totp.htm b/core/authentication/resources/views/totp.htm
index 6a8f13d3e..5b5dd9583 100644
--- a/core/authentication/resources/views/totp.htm
+++ b/core/authentication/resources/views/totp.htm
@@ -80,6 +80,7 @@
 						<br /><br />
 						<a class='login_link' href='{$project_path}/logout.php'>{$button_cancel}</a>
 					</div>
+					<input type='hidden' name='{$token_name}' value='{$token_hash}'>
 				</form>
 			</div>
 		</div>
diff --git a/core/authentication/resources/views/totp_secret.htm b/core/authentication/resources/views/totp_secret.htm
index 88d3ec230..11891ec78 100644
--- a/core/authentication/resources/views/totp_secret.htm
+++ b/core/authentication/resources/views/totp_secret.htm
@@ -29,6 +29,7 @@
 					<div>
 						<input type='submit' name='' class='btn' style='width: 100px; margin-top: 15px;' value='{$button_next}' />
 					</div>
+					<input type='hidden' name='{$token_name}' value='{$token_hash}'>
 				</form>
 			</div>
 		</div>
diff --git a/core/authentication/resources/views/username.htm b/core/authentication/resources/views/username.htm
index 4547cec60..28dbe7307 100644
--- a/core/authentication/resources/views/username.htm
+++ b/core/authentication/resources/views/username.htm
@@ -82,6 +82,7 @@
 					<div>
 						<input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='{$button_login}' />
 					</div>
+					<input type='hidden' name='{$token_name}' value='{$token_hash}'>
 				</form>
 			</div>
 		</div>