diff --git a/application/helpers/frontend_helper.php b/application/helpers/frontend_helper.php
index ce1b2ec2a27..159602c04b5 100644
--- a/application/helpers/frontend_helper.php
+++ b/application/helpers/frontend_helper.php
@@ -381,6 +381,9 @@ function submittokens($quotaexit = false)
 
     // check how many uses the token has left
     $token = Token::model($surveyid)->findByAttributes(array('token' => $clienttoken));
+    if (!$token) {
+        throw new CHttpException(403, gT("Invalid access code"));
+    }
     $token->scenario = 'FinalSubmit'; // Do not XSS filter token data
 
     if ($quotaexit == true) {