Sanitize user input during the login flow.

[mrhappyasthma]

The current code doesn't really do any checking at all. We should enforce username and password length limits, restrict their characters (e.g. exclude spaces), and protect against malicious inputs (e.g. trying to manipulate the SQL query based on their input.)

[TeoTwawki]

the connect server does prevent injection attacks (in a not very optimal way) but the loader still lets you pass anything you want atm. the connect server then decides wtf to do with it without any feedback to the user - so we should edit the loader to have some sort of error when an invalid account name is given.