diff --git a/public/include/classes/token.class.php b/public/include/classes/token.class.php
index 3b649713..ac60a371 100644
--- a/public/include/classes/token.class.php
+++ b/public/include/classes/token.class.php
@@ -38,7 +38,7 @@ class Token Extends Base {
    * @param type int Type of token
    * @return int 0 or 1
    */
-  public function isTokenValid($account_id, $token, $type) {
+  public function isTokenValid($account_id, $token, $type, $checkTimeExplicitly=false) {
     if (!is_int($account_id) || !is_int($type)) {
       $this->setErrorMessage("Invalid token");
       return 0;
@@ -47,15 +47,15 @@ class Token Extends Base {
     $ctimedata = new DateTime($this->getCreationTime($token));
     $checktime = $ctimedata->getTimestamp() + $expiretime;
     $now = time();
-    // if start + checktime is LATER than now, ie valid
-    if ($checktime >= $now) {
-      $stmt = $this->mysqli->prepare("SELECT * FROM $this->table WHERE account_id = ? AND token = ? AND type = ? AND UNIX_TIMESTAMP(time) < UNIX_TIMESTAMP(NOW()) LIMIT 1");
-
-    } else {
+    if ($checktime >= $now && $checkTimeExplicitly || !$checkTimeExplicitly) {
+      $stmt = $this->mysqli->prepare("SELECT * FROM $this->table WHERE account_id = ? AND token = ? AND type = ? LIMIT 1");
       if ($stmt && $stmt->bind_param('isi', $account_id, $token, $type) && $stmt->execute())
         $res = $stmt->get_result();
         return $res->num_rows;
       return $this->sqlError();
+    } else {
+      $this->setErrorMessage("Token has expired or is invalid");
+      return 0;
     }
   }
   
diff --git a/public/include/pages/account/edit.inc.php b/public/include/pages/account/edit.inc.php
index 27203ef0..7cea67aa 100644
--- a/public/include/pages/account/edit.inc.php
+++ b/public/include/pages/account/edit.inc.php
@@ -50,6 +50,14 @@ if ($user->isAuthenticated()) {
       $ptc++;
     }
     $_SESSION['POPUP'][] = array('CONTENT' => $popupmsg, 'TYPE' => 'info');
+    // show our token status
+    /*$ea_status = array($ea_sent, $ea_editable);   $statuses = array(0 => 'no', 1 => 'yes');
+    $cp_status = array($cp_sent, $cp_editable);   $messages = array('Edit Account : ','Change Password : ', 'Withdraw Funds : ');
+    $wf_status = array($wf_sent, $ewf_editable);   $alltokens = array($ea_status,$cp_status,$wf_status);
+    $tokennum = 0; $tokenpopupmsg = "";
+    foreach ($alltokens as $atoken) {
+      $tokenpopupmsg = $message[$messages[$tokennum]]." ".$ea_status[0];
+    }*/
   }
   
   if (isset($_POST['do']) && $_POST['do'] == 'genPin') {
@@ -86,11 +94,6 @@ if ($user->isAuthenticated()) {
           }
         }
       } else {
-        // 2fa - when submitting we want the old token, otherwise we'll take what we can $_GET ... B^)
-        $ea_token = $updating ? $oldtoken_ea : @$_GET['ea_token'];
-        $wf_token = $updating ? $oldtoken_wf : @$_GET['wf_token'];
-        $cp_token = $updating ? $oldtoken_cp : @$_GET['cp_token'];
-        
         switch (@$_POST['do']) {
           case 'cashOut':
         	if ($setting->getValue('disable_payouts') == 1 || $setting->getValue('disable_manual_payouts') == 1) {