diff --git a/app/auth/models.py b/app/auth/models.py
index 8b359756..d71ecf3f 100644
--- a/app/auth/models.py
+++ b/app/auth/models.py
@@ -25,7 +25,7 @@ from app.scodoc.sco_roles_default import SCO_ROLES_DEFAULTS
 import app.scodoc.sco_utils as scu
 from app.scodoc import sco_etud  # a deplacer dans scu
 
-VALID_LOGIN_EXP = re.compile(r"^[a-zA-Z0-9@\\\-_\\\.]+$")
+VALID_LOGIN_EXP = re.compile(r"^[a-zA-Z0-9@\\\-_\.]+$")
 
 
 class User(UserMixin, db.Model):
diff --git a/app/scodoc/sco_utils.py b/app/scodoc/sco_utils.py
index 4862714c..eb453b56 100644
--- a/app/scodoc/sco_utils.py
+++ b/app/scodoc/sco_utils.py
@@ -477,6 +477,22 @@ def suppress_accents(s):
     return s  # may be int
 
 
+class PurgeChars:
+    """delete all chars except those belonging to the specified string"""
+
+    def __init__(self, allowed_chars=""):
+        self.allowed_chars_set = {ord(c) for c in allowed_chars}
+
+    def __getitem__(self, x):
+        if x not in self.allowed_chars_set:
+            return None
+        raise LookupError()
+
+
+def purge_chars(s, allowed_chars=""):
+    return s.translate(PurgeChars(allowed_chars=allowed_chars))
+
+
 def sanitize_string(s):
     """s is an ordinary string, encoding given by SCO_ENCODING"
     suppress accents and chars interpreted in XML
@@ -564,7 +580,9 @@ class ScoDocJSONEncoder(json.JSONEncoder):
 
 def sendJSON(data, attached=False):
     js = json.dumps(data, indent=1, cls=ScoDocJSONEncoder)
-    return send_file(js, filename="sco_data.json", mime=JSON_MIMETYPE, attached=attached)
+    return send_file(
+        js, filename="sco_data.json", mime=JSON_MIMETYPE, attached=attached
+    )
 
 
 def sendXML(data, tagname=None, force_outer_xml_tag=True, attached=False):
@@ -581,7 +599,12 @@ def sendResult(data, name=None, format=None, force_outer_xml_tag=True, attached=
     if (format is None) or (format == "html"):
         return data
     elif format == "xml":  # name is outer tagname
-        return sendXML(data, tagname=name, force_outer_xml_tag=force_outer_xml_tag, attached=attached)
+        return sendXML(
+            data,
+            tagname=name,
+            force_outer_xml_tag=force_outer_xml_tag,
+            attached=attached,
+        )
     elif format == "json":
         return sendJSON(data, attached=attached)
     else:
diff --git a/tools/import_scodoc7_user_db.py b/tools/import_scodoc7_user_db.py
index 199f23e2..91049ca9 100644
--- a/tools/import_scodoc7_user_db.py
+++ b/tools/import_scodoc7_user_db.py
@@ -27,6 +27,11 @@ def import_scodoc7_user_db(scodoc7_db="dbname=SCOUSERS"):
     cursor.execute("SELECT * FROM sco_users;")
     for u7 in cursor:
         user_name = scu.sanitize_string(u7["user_name"].strip())
+        # ensure that user_name will match VALID_LOGIN_EXP
+        user_name = scu.purge_chars(
+            user_name,
+            allowed_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ@\\-_.",
+        )
         if user_name != u7["user_name"]:
             msg = f"""Changing login '{u7["user_name"]}' to '{user_name}'"""
             current_app.logger.warning(msg)
@@ -83,4 +88,4 @@ def import_scodoc7_user_db(scodoc7_db="dbname=SCOUSERS"):
             db.session.add(u)
             current_app.logger.info("imported user {}".format(u))
     db.session.commit()
-    return messages
\ No newline at end of file
+    return messages