diff --git a/lib/PasswordReset.js b/lib/PasswordReset.js
index 31bd32d..71ab203 100644
--- a/lib/PasswordReset.js
+++ b/lib/PasswordReset.js
@@ -11,21 +11,28 @@ class PasswordReset {
 	nonce;
 	expires;
 
-	constructor(userId) {
+	constructor(userId, token) {
 		const sql = `
 			select
+				userId,
 				token,
 				nonce,
-				expires,
-				userId
+				UNIX_TIMESTAMP(expires) as expires
 			from passwordReset
 			where
-				userId = ?;
+				userId = ?
+				and token = ?;
 		`;
 
 		return (async () => {
 			const conn = await new DatabaseConnectionPool();
-			const record = await conn.runQuery(sql, [ userId ]);
+			const record = await conn.runQuery(sql, [
+				userId,
+				token
+			]);
+
+			if (!record.length)
+				throw new Error('No password reset found');
 
 			for (const [ k, v ] of Object.entries(record[0]))
 				this[k] = v;
@@ -85,7 +92,7 @@ class PasswordReset {
 			expires
 		]);
 
-		return new PasswordReset(u.id);
+		return new PasswordReset(u.id, token);
 	}
 }