Limit possible characters in a username heavily to combat abuse

forms.py

@@ -5,7 +5,9 @@ from validators import NoProfanity
 
 
 class RegistrationForm(FlaskForm):
-    username = StringField('Username', [validators.Length(min=4, max=25), NoProfanity()])
+    username = StringField('Username', [validators.Length(min=4, max=25),
+                                        validators.Regexp(r' ^[a-zA-Z0-9]+([._]?[a-zA-Z0-9]+)*$'),
+                                        NoProfanity()])
     name = StringField('Name', [validators.Length(min=2, max=35), NoProfanity()])
     password = PasswordField('New Password', [
         validators.DataRequired(),