diff --git a/webadmin/newuser.php b/webadmin/newuser.php
index ba6b962a835696cc357d3d0cb57efe889257e9fd..edfdb77e51b69885c753319380f2948cc92d1ae6 100755
--- a/webadmin/newuser.php
+++ b/webadmin/newuser.php
@@ -7,13 +7,13 @@ $output_filename = "users.html";
 if (isset($_POST['submitnewuser'])) {
     $username = htmlspecialchars($_POST['username']);
 
-    if ((!preg_match('/[^a-z0-9]/', $username)) || (strlen($username)<4) || (strlen($username)>32)) {
+    if (!preg_match('/^[a-z\d_]{4,32}$/', $username)) {
         $output_filename = "new_user_invalid.html";
     }
     else {
         // Don't rely on php PRNG
         $newpassword = exec("openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c 10 ; echo -n ''");
-        if ((preg_match('/[^A-Za-z0-9]/', $newpassword)) && (strlen($newpassword)>9)) {
+        if ((preg_match('/^[a-z\d_]$/i', $newpassword)) && (strlen($newpassword)>9)) {
             $new_user_file = fopen(".new_user.txt", "w") or die("Unable to write to new_user file");
             fwrite($new_user_file, $username.",".$newpassword);
             fclose($new_user_file);