diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 231007a..ee8d8e7 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -40,6 +40,7 @@ class UsersController < ApplicationController
 	end
 
 	def update
+		params[:user][:login].downcase!
 		raise AccessDenied.new unless (params[:user][:login] == @user.login)
 		raise AccessDenied.new unless (params[:user][:admin].nil? or @current_user.admin?)
 		@user.admin = !params[:user][:admin].nil?
@@ -67,6 +68,7 @@ class UsersController < ApplicationController
 	def signup
 		if request.post?
 			begin
+				@user.login.downcase!
 				@user.last_seen = Time.now.utc
 				@user.save!
 				setup_session(@user)
@@ -81,6 +83,7 @@ class UsersController < ApplicationController
 	def settings
 		@user = @current_user
 		if request.post?
+			params[:user][:login].downcase!
 			@user.attributes = params[:user]
 			@user.save!
 			@color = @user.pref_color
@@ -91,6 +94,7 @@ class UsersController < ApplicationController
 
 	def login
 		if request.post?
+			params[:user][:login].downcase!
 			@user = User.find_by_login_and_pass(params[:user][:login], params[:user][:password])
 			if !@user.nil?
 				setup_session(@user, (params[:remember_me] == "1"))
diff --git a/app/models/user.rb b/app/models/user.rb
index c462d47..7ce121c 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -27,7 +27,9 @@ class User < ActiveRecord::Base
 	validates_presence_of     :login, :email, :display_name
 	validates_uniqueness_of   :login, :email, :display_name
 
+	validates_format_of :login, :with => /^[^0-9]/
 	validates_format_of :display_name, :with => /^[^0-9]/
+
 	validates_format_of :email,
 			:with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i