diff --git a/modules/user.module b/modules/user.module
index 151afd2c6815c6d184e35aa5acdf816c87292dd9..242dcb4b4702a55937d8a7f35635b9f75ea64552 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -214,6 +214,17 @@ function user_validate_name($name) {
   if (substr($name, -1) == ' ') return t('The username cannot end with a space.');
   if (ereg('  ', $name)) return t('The username cannot contain multiple spaces in a row.');
   if (ereg("[^\x80-\xF7 [:alnum:]@_.-]", $name)) return t('The username contains an illegal character.');
+  if (preg_match('/[\x{80}-\x{A0}'.          // Non-printable ISO-8859-1 + NBSP
+                   '\x{AD}'.                 // Soft-hyphen
+                   '\x{2000}-\x{200F}'.      // Various space characters
+                   '\x{2028}-\x{202F}'.      // Bidirectional text overrides
+                   '\x{205F}-\x{206F}'.      // Various text hinting characters
+                   '\x{FEFF}'.               // Byte order mark
+                   '\x{FF01}-\x{FF60}'.      // Full-width latin
+                   '\x{FFF9}-\x{FFFD}]/u',   // Replacement characters
+                   $name)) {
+    return t('The username contains an illegal character.');
+  }
   if (ereg('@', $name) && !eregi('@([0-9a-z](-?[0-9a-z])*.)+[a-z]{2}([zmuvtg]|fo|me)?$', $name)) return t('The username is not a valid authentication ID.');
   if (strlen($name) > 56) return t('The username %name is too long: it must be less than 56 characters.', array('%name' => theme('placeholder', $name)));
 }
diff --git a/modules/user/user.module b/modules/user/user.module
index 151afd2c6815c6d184e35aa5acdf816c87292dd9..242dcb4b4702a55937d8a7f35635b9f75ea64552 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -214,6 +214,17 @@ function user_validate_name($name) {
   if (substr($name, -1) == ' ') return t('The username cannot end with a space.');
   if (ereg('  ', $name)) return t('The username cannot contain multiple spaces in a row.');
   if (ereg("[^\x80-\xF7 [:alnum:]@_.-]", $name)) return t('The username contains an illegal character.');
+  if (preg_match('/[\x{80}-\x{A0}'.          // Non-printable ISO-8859-1 + NBSP
+                   '\x{AD}'.                 // Soft-hyphen
+                   '\x{2000}-\x{200F}'.      // Various space characters
+                   '\x{2028}-\x{202F}'.      // Bidirectional text overrides
+                   '\x{205F}-\x{206F}'.      // Various text hinting characters
+                   '\x{FEFF}'.               // Byte order mark
+                   '\x{FF01}-\x{FF60}'.      // Full-width latin
+                   '\x{FFF9}-\x{FFFD}]/u',   // Replacement characters
+                   $name)) {
+    return t('The username contains an illegal character.');
+  }
   if (ereg('@', $name) && !eregi('@([0-9a-z](-?[0-9a-z])*.)+[a-z]{2}([zmuvtg]|fo|me)?$', $name)) return t('The username is not a valid authentication ID.');
   if (strlen($name) > 56) return t('The username %name is too long: it must be less than 56 characters.', array('%name' => theme('placeholder', $name)));
 }