diff --git a/html/recovery.php b/html/recovery.php
index ecce93c73c5c77633610fb0c8e061a6c000ca659..0dd3ec50eec3310c21eb43ac93496fdfc495263d 100644
--- a/html/recovery.php
+++ b/html/recovery.php
@@ -1,7 +1,7 @@
 <?php
 /*
   This code is part of FusionDirectory (http://www.fusiondirectory.org/)
-  Copyright (C) 2011-2016  FusionDirectory
+  Copyright (C) 2011-2018  FusionDirectory
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -18,14 +18,8 @@
   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
 */
 
-require_once("../include/php_setup.inc");
-require_once("functions.inc");
-require_once("variables.inc");
+require_once('../include/php_setup.inc');
+require_once('functions.inc');
+require_once('variables.inc');
 
-$pwRecovery = new passwordRecovery();
-
-$pwRecovery->execute();
-
-$pwRecovery->displayPWchanger();
-
-?>
+passwordRecovery::run();
diff --git a/ihtml/themes/legacy/recovery.tpl b/ihtml/themes/legacy/recovery.tpl
index 0351c080f2be4114ddc8d277a650f430c9ebbce0..1f4da0945b3c225b7fc9a779f62d36ca4e2403d4 100644
--- a/ihtml/themes/legacy/recovery.tpl
+++ b/ihtml/themes/legacy/recovery.tpl
@@ -9,6 +9,7 @@
 <div id="window-div">
 
   <form action='recovery.php{$params}' method='post' name='mainform' onSubmit='js_check(this);return true;'>
+    <input type="hidden" name="CSRFtoken" value="{$CSRFtoken}"/>
 
   <div id="window-titlebar">
     <p>
diff --git a/include/class_passwordRecovery.inc b/include/class_passwordRecovery.inc
index 3d348de451e217755d7aa3a5603346891a97c441..c6dcddd4dfa91645a46ba0da337e78f5b177cbe5 100644
--- a/include/class_passwordRecovery.inc
+++ b/include/class_passwordRecovery.inc
@@ -66,7 +66,7 @@ class passwordRecovery extends standAlonePage {
     }
   }
 
-  function execute()
+  function save_object()
   {
     if (!$this->activated) {
       return;
@@ -98,8 +98,10 @@ class passwordRecovery extends standAlonePage {
     }
   }
 
-  function displayPWchanger()
+  function execute()
   {
+    $this->save_object();
+
     /* Do we need to show error messages? */
     if (count($this->message) != 0) {
       /* Show error message and continue editing */