diff --git a/lang.json b/lang.json
index 9abe1e7..037563b 100644
--- a/lang.json
+++ b/lang.json
@@ -291,6 +291,10 @@
         "en": "Failed adding the Nextcloud account in the local database.",
         "fr": "L'ajout du compte Nextcloud dans la base de données locale a échoué."
     },
+    "error_forwardregister_tokenparse": {
+        "en": "Failed parsing the admin token.",
+        "fr": "Échec lors de la lecture du token administrateur."
+    },
     "error_login_cookiepair": {
         "en": "Couldn't read cookies.",
         "fr": "Échec lors de la lecture de cookies."
diff --git a/src/forward.rs b/src/forward.rs
index ec02821..21a36ed 100644
--- a/src/forward.rs
+++ b/src/forward.rs
@@ -3,6 +3,7 @@ use actix_web::{http, web, HttpRequest, HttpResponse};
 use askama::Template;
 use chrono::Utc;
 use url::Url;
+use regex::Regex;
 
 use crate::account::*;
 use crate::config::PAYLOAD_LIMIT;
@@ -158,18 +159,30 @@ pub async fn forward_register(
 
     // if the user has already generated an admin token, redirect too
     if let Some(token) = has_admintoken(&req) {
-        let admin_token =
-            token.splitn(2, ';').collect::<Vec<&str>>()[0].replace("sncf_admin_token=", "");
-        // sanitize the token beforehand, cookies are unsafe
-        if check_token(&admin_token) {
-            return Ok(web_redir(&format!(
-                        "{}/admin/{}",
-                        CONFIG.sncf_url, &admin_token
-            )));
-        } else {
-            debug("Incorrect admin token given.");
-            return Err(crash(lang, "error_dirtyhacker"));
+        lazy_static! {
+            static ref RE: Regex = Regex::new(r#"sncf_admin_token=(?P<token>[0-9A-Za-z]*)"#).expect("Error while parsing the sncf_admin_token regex");
         }
+        let admin_token = RE.captures(&token)
+            .ok_or_else(|| {
+                eprintln!("error_forwardregister_tokenparse (no capture)");
+                crash(get_lang(&req), "error_forwardregister_tokenparse")
+            })?
+        .name("token")
+            .ok_or_else(|| {
+                eprintln!("error_forwardregister_tokenparse (no capture named token)");
+                crash(get_lang(&req), "error_forwardregister_tokenparse")
+            })?
+        .as_str();
+            // sanitize the token beforehand, cookies are unsafe
+            if check_token(&admin_token) {
+                return Ok(web_redir(&format!(
+                            "{}/admin/{}",
+                            CONFIG.sncf_url, &admin_token
+                )));
+            } else {
+                debug("Incorrect admin token given.");
+                return Err(crash(lang, "error_dirtyhacker"));
+            }
     }
 
     let nc_username = gen_name();
@@ -257,9 +270,9 @@ pub async fn index(req: HttpRequest) -> Result<HttpResponse, TrainCrash> {
                 lang: &get_lang(&req),
             }
             .render()
-    .map_err(|e| {
-        eprintln!("error_tplrender (TplIndex): {}", e);
-        crash(get_lang(&req), "error_tplrender")
-    })?,
+            .map_err(|e| {
+                eprintln!("error_tplrender (TplIndex): {}", e);
+                crash(get_lang(&req), "error_tplrender")
+            })?,
     ))
 }