}
# find password data by user name
- $userdir = 'profile/'.strtolower($inuser);
+ $userdir = 'profile/'.preg_replace('/[^a-z0-9]+/', '-', strtolower($inuser));
$pwfile = "$userdir/.passwd";
if (!file_exists($pwfile)) return;
$usertest = trim(file_get_contents($pwfile));