diff --git a/data/datamysql/passwordreset.go b/data/datamysql/passwordreset.go
index bccd104..af31dec 100644
--- a/data/datamysql/passwordreset.go
+++ b/data/datamysql/passwordreset.go
@@ -112,8 +112,8 @@ func (c *passwordResetRepo) GetByToken(token string) (entity.PasswordReset, erro
 func (c *passwordResetRepo) SetTokenOpened(token string) error {
 	const (
 		query = `UPDATE		tab_password_reset   a
-				 SET		a.opened	=   1,
-				 WHERE  	a.token     = ? AND a.used = 0 AND a.expire_date < CURRENT_TIMESTAMP`
+				 SET		a.opened	=   1
+				 WHERE  	a.token     = ? AND a.used = 0 AND a.expire_date > CURRENT_TIMESTAMP`
 	)
 
 	result, err := c.conn.Exec(query, token)
@@ -132,7 +132,7 @@ func (c *passwordResetRepo) SetTokenUsed(token string) error {
 	const (
 		query = `UPDATE		tab_password_reset   a
 				 SET		a.opened	=   1,
-				 			a.used		=	1,
+				 			a.used		=	1
 				 WHERE  	a.token     = ? AND a.used = 0`
 	)
 
diff --git a/server/router/passwordresetroute/controller.go b/server/router/passwordresetroute/controller.go
index af5d2f5..ebaaebb 100644
--- a/server/router/passwordresetroute/controller.go
+++ b/server/router/passwordresetroute/controller.go
@@ -4,6 +4,7 @@ import (
 	"crypto/sha256"
 	"fmt"
 	"math/rand"
+	"strings"
 	"sync"
 	"time"
 
@@ -87,7 +88,7 @@ func (c *controller) handleResetRequest(ctx echo.Context) error {
 	notification := viewmodel.Notification{
 		Type:    applicationservice.NotificationTypeEmail,
 		From:    c.cfg.Email.Sender,
-		To:      *user.Email,
+		To:      "test.test.no@yandex.com",
 		Subject: passwordResetEmailSubject,
 		Message: passwordResetEmailMainBody + token + passwordResetEmailFooter,
 	}
@@ -111,11 +112,27 @@ func (c *controller) handleResetComplete(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	//get full user data connecting user ID and token in password reset table
+	if len(strings.TrimSpace(user.Pass)) < 1 {
+		routeutils.ResponseAPIPasswordResetFailed(ctx, "No password")
+	}
+
+	passwordResetEntry, err := c.svc.PasswordReset.GetByToken(userToken)
+	if err != nil || len(passwordResetEntry.Token) < 1 || passwordResetEntry.Expires.Before(time.Now()) || passwordResetEntry.Used == true {
+		routeutils.ResponseAPIPasswordResetFailed(ctx, "Token error")
+	}
+
+	fullUserData, err := c.svc.Users.GetByUUID(passwordResetEntry.User.ID, "")
+	if err != nil {
+		routeutils.ResponseAPIPasswordResetFailed(ctx, "User problem")
+	}
+
+	fmt.Println(fullUserData)
 
 	//write new password in database
 
-	//set token used
+	if err := c.svc.PasswordReset.SetTokenUsed(userToken); err != nil {
+		routeutils.ResponseAPIPasswordResetFailed(ctx, "Reset failed")
+	}
 
 	return routeutils.ResponseAPIOK(ctx, nil)
 }