diff --git a/public/takeconfirm.php b/public/takeconfirm.php
index aecbd393..c186e3fb 100644
--- a/public/takeconfirm.php
+++ b/public/takeconfirm.php
@@ -5,6 +5,8 @@ require_once(get_langfile_path());
 loggedinorreturn();
 $id =  isset($_POST['id']) ? intval($_POST['id']) : (isset($_GET['id']) ? intval($_GET['id']) : die());
 int_check($id,true);
+if (($CURUSER['id'] != $id && !user_can('viewinvite')) || !is_valid_id($id))
+    stderr($lang_functions['std_sorry'],$lang_functions['std_permission_denied'], true, false);
 $email = unesc(htmlspecialchars(trim($_POST["email"])));
 if(!empty($_POST['conusr'])) {
 //    sql_query("UPDATE users SET status = 'confirmed', editsecret = '' WHERE id IN (" . implode(", ", $_POST['conusr']) . ") AND status='pending'");