diff --git a/engine/class/0005.user.php b/engine/class/0005.user.php
index 53ef70b..af85cf3 100644
--- a/engine/class/0005.user.php
+++ b/engine/class/0005.user.php
@@ -74,11 +74,11 @@
 				return false;
 
 			$until = time() + self::$tokenLifetime;
-			$hash = hash('sha256', $login.'|'.$password.'|'.$until.'|'.self::$secret);
+			$hash = hash('sha256', $login.'|'.$user->password.'|'.$until.'|'.self::$secret);
 
 			self::updateOnline($login);
 
-			return implode('|', rtrim(strtr(base64_encode($login.'|'.$password.'|'.$until.'|'.$hash), '+/', '-_'), '='));
+			return rtrim(strtr(base64_encode($login.'|'.$user->password.'|'.$until.'|'.$hash), '+/', '-_'), '=');
 		}
 
 		public static function get($login) {