zpanel · raiman264 · Jun 20, 2014
diff --git a/modules/mysql_databases/code/controller.ext.php b/modules/mysql_databases/code/controller.ext.php
@@ -187,7 +187,7 @@ static function ExecuteDeleteDatabase($my_id_pk)
 
     static function IsValidUserName($username)
     {
-        if (!preg_match('/^[a-z\d][a-z\d-]{0,62}$/i', $username) || preg_match('/-$/', $username)) {
+        if (!preg_match('/^[a-z\d][a-z\d-\_]{0,62}$/i', $username) || preg_match('/-$/', $username)) {
             return false;
         }
         return true;

diff --git a/modules/mysql_users/code/controller.ext.php b/modules/mysql_users/code/controller.ext.php
@@ -514,7 +514,7 @@ static function CheckPasswordForErrors($password)
 
     static function IsValidUserName($username)
     {
-        if (!preg_match('/^[a-z\d][a-z\d-]{0,62}$/i', $username) || preg_match('/-$/', $username)) {
+        if (!preg_match('/^[a-z\d][a-z\d-\_]{0,62}$/i', $username) || preg_match('/-$/', $username)) {
             return false;
         } else {
             if (strlen($username) < 17) {
@@ -527,7 +527,7 @@ static function IsValidUserName($username)
 
     static function IsValidPassword($password)
     {
-        if (!ctype_alnum($password)) {
+        if (!preg_match('/^[a-zA-Z0-9\*\&\.\-\_\?\!\%]+$/',$password)) {
             return false;
         }
         return true;