Ok I am doing security upgrade for my site and I have few questions,
What I want to do is limit users to be allowed to create usernames only including letters A-Z a-z and numbers 0-9. Is this good idea or should I allow more (like - and _ and whitespace in between (using trim to strip from beginning and end)). I was thinking about using preg_match but I don't know how to write regular expressions.
Also what illegal characters should be used for passwords (if any). Right now I'm just stripping ' , but I will do md5 or custom encryption so there could be any char there...but what would be most logical you guys let me know. Also, should I really do md5 (no way to re-send passwords only reset) or should I rather do some other custom encryption?
And lastly, is there any quick way to validate email pattern (universal for all email types) using preg_match?