sub untaint_username {
   my $str = shift;
   $str =~ s/[\W_]//g;  # remove all non word characters (incl. underscore)
   if ( $str and length $str < 17 ) {   
      return $str;
   }
   else {
      return 'failure!';
   }
}