diff --git a/htdocs/public/eventorganization/attendee_subscription.php b/htdocs/public/eventorganization/attendee_subscription.php
index 5c31c88c38a..4940f5965fe 100644
--- a/htdocs/public/eventorganization/attendee_subscription.php
+++ b/htdocs/public/eventorganization/attendee_subscription.php
@@ -106,7 +106,7 @@ if ($resultproject < 0) {
 $securekeyreceived = GETPOST('securekey', 'alpha');
 $securekeytocompare = dol_hash($conf->global->EVENTORGANIZATION_SECUREKEY.'conferenceorbooth'.$id, 2);
 
-// We check if the securekey collected is OK and if the id collected is the same than the id in the securekey
+// We check if the securekey collected is OK
 if ($securekeytocompare != $securekeyreceived) {
 	print $langs->trans('MissingOrBadSecureKey');
 	exit;
diff --git a/htdocs/public/project/index.php b/htdocs/public/project/index.php
index 03f26ed2f37..d1744db0b4e 100644
--- a/htdocs/public/project/index.php
+++ b/htdocs/public/project/index.php
@@ -78,7 +78,15 @@ $langs->loadLangs(array("main", "other", "dict", "bills", "companies", "errors",
 // No check on module enabled. Done later according to $validpaymentmethod
 
 $action = GETPOST('action', 'aZ09');
-$id = dol_decode(GETPOST('id'), $dolibarr_main_instance_unique_id);
+$encodedid = GETPOST('id');
+$id = dol_decode($encodedid, $dolibarr_main_instance_unique_id);
+$securekeyreceived = GETPOST("securekey");
+$securekeytocompare = dol_hash($conf->global->EVENTORGANIZATION_SECUREKEY.'conferenceorbooth'.$id, 2);
+
+if ($securekeytocompare != $securekeyreceived) {
+	print $langs->trans('MissingOrBadSecureKey');
+	exit;
+}
 
 // Define $urlwithroot
 //$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root));