It seems that the URL is "broken" because of the special characters (eg =). Inside file "include/class.staff.php" there is the variable $token. I've change the value from Misc::randCode(48) to Misc::randCode(10). The URL now is only 10 characters long and when it is sent, there is a good chance not to be broken.
Unfortunately, after filling in my username and pressing the "Login" button, the pwreset.php page is loading again without the token, prompting for username again.
