diff --git a/ProjectLighthouse/Pages/PasswordResetPage.cshtml b/ProjectLighthouse/Pages/PasswordResetPage.cshtml
index a9acf1b4..d7b3ca36 100644
--- a/ProjectLighthouse/Pages/PasswordResetPage.cshtml
+++ b/ProjectLighthouse/Pages/PasswordResetPage.cshtml
@@ -19,8 +19,20 @@
         return true;
     }
 </script>
+                                    
+@if (!string.IsNullOrWhiteSpace(Model.Error))
+{
+    <div class="ui negative message">
+        <div class="header">
+            Uh oh!
+        </div>    
+        <p>@Model.Error</p>
+    </div>
+}
+
+<form onsubmit="return onSubmit(this)" method="post">
+    @Html.AntiForgeryToken()
 
-<form onsubmit="return onSubmit(this)">
     <div class="ui left labeled input">
         <label for="password" class="ui blue label">Password: </label>
         <input type="password" name="password" id="password">
diff --git a/ProjectLighthouse/Pages/PasswordResetPage.cshtml.cs b/ProjectLighthouse/Pages/PasswordResetPage.cshtml.cs
index e0c473d3..1b1e893a 100644
--- a/ProjectLighthouse/Pages/PasswordResetPage.cshtml.cs
+++ b/ProjectLighthouse/Pages/PasswordResetPage.cshtml.cs
@@ -1,5 +1,6 @@
 #nullable enable
 using System.Threading.Tasks;
+using JetBrains.Annotations;
 using LBPUnion.ProjectLighthouse.Helpers;
 using LBPUnion.ProjectLighthouse.Pages.Layouts;
 using LBPUnion.ProjectLighthouse.Types;
@@ -12,26 +13,40 @@ namespace LBPUnion.ProjectLighthouse.Pages
         public PasswordResetPage(Database database) : base(database)
         {}
 
-        public bool WasResetRequest { get; private set; }
-        public async Task<IActionResult> OnGet([FromQuery] string password, [FromQuery] string confirmPassword)
+
+        public string Error { get; private set; }
+
+        [UsedImplicitly]
+        public async Task<IActionResult> OnPost(string password, string confirmPassword)
         {
             User? user = this.Database.UserFromWebRequest(this.Request);
             if (user == null) return this.Redirect("~/login");
 
-            this.WasResetRequest = !string.IsNullOrEmpty(password) && !string.IsNullOrEmpty(confirmPassword);
-
-            if (this.WasResetRequest)
+            if (string.IsNullOrWhiteSpace(password))
             {
-                if (password != confirmPassword) return this.BadRequest();
-
-                user.Password = HashHelper.BCryptHash(password);
-                user.PasswordResetRequired = false;
-
-                await this.Database.SaveChangesAsync();
-
-                return this.Redirect("~/");
+                this.Error = "The password field is required.";
+                return this.Page();
             }
 
+            if (password != confirmPassword)
+            {
+                this.Error = "Passwords do not match!";
+                return this.Page();
+            }
+
+            user.Password = HashHelper.BCryptHash(password);
+            user.PasswordResetRequired = false;
+
+            await this.Database.SaveChangesAsync();
+
+            return this.Redirect("~/");
+        }
+
+        [UsedImplicitly]
+        public IActionResult OnGet()
+        {
+            User? user = this.Database.UserFromWebRequest(this.Request);
+            if (user == null) return this.Redirect("~/login");
             return this.Page();
         }
     }