diff --git a/core/lostpassword/index.php b/core/lostpassword/index.php
index da0428e3ced4738cd29fcb05cbde2ef13cd49ba2..9529c0c957c30daed02239ea92f7dd0f46082efc 100644
--- a/core/lostpassword/index.php
+++ b/core/lostpassword/index.php
@@ -12,7 +12,7 @@ require_once('../../lib/base.php');
 // Someone lost their password:
 if (isset($_POST['user'])) {
 	if (OC_User::userExists($_POST['user'])) {
-		$token = sha1($_POST['user']+uniqId());
+		$token = sha1($_POST['user'].uniqId());
 		OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
 		$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
 		if (!empty($email)) {