diff --git a/abrechenbarkeit.lua b/abrechenbarkeit.lua
index 165681c..d4eacc3 100755
--- a/abrechenbarkeit.lua
+++ b/abrechenbarkeit.lua
@@ -427,7 +427,8 @@ end
 
 local function r_create_user()
     local username = query.create_user
-    if username:match("^([%w_ -]+)$") == nil then
+	-- gsub to remove whitespace. disallows username made up entirely of whitespace
+    if username:gsub("%s+", ""):match("^([%w_ -]+)$") == nil then
         return respond_error("invalid username " .. username)
     end
     return redirect(string.format("/%s", urlencode(username)))