diff --git a/server/boot/story.js b/server/boot/story.js
index 1f93fb8c12..8839cf7e4a 100755
--- a/server/boot/story.js
+++ b/server/boot/story.js
@@ -9,6 +9,7 @@ var Rx = require('rx'),
     saveUser = require('../utils/rx').saveUser,
     saveInstance = require('../utils/rx').saveInstance,
     MongoClient = mongodb.MongoClient,
+    validator = require('validator'),
     secrets = require('../../config/secrets');
 
 var foundationDate = 1413298800000;
@@ -262,9 +263,8 @@ module.exports = function(app) {
       return next(new Error('Must be logged in'));
     }
     var url = req.body.data.url;
-    var cleanURL = cleanData(url);
 
-    if (cleanURL !== url) {
+    if (!validator.isURL(url)) {
       req.flash('errors', {
         msg: "The URL you submitted doesn't appear valid"
       });
diff --git a/server/boot/user.js b/server/boot/user.js
index 1d9327ded2..f2a91552d9 100644
--- a/server/boot/user.js
+++ b/server/boot/user.js
@@ -426,7 +426,7 @@ module.exports = function(app) {
       {
         where: {
           resetPasswordToken: req.params.token,
-          resetPasswordExpires: Date.now()
+          resetPasswordExpires: { gte: Date.now() }
         }
       },
       function(err, user) {
@@ -463,7 +463,7 @@ module.exports = function(app) {
           {
             where: {
               resetPasswordToken: req.params.token,
-              resetPasswordExpires: Date.now()
+              resetPasswordExpires: { gte: Date.now() }
             }
           },
           function(err, user) {