diff --git a/oauth/index.php b/oauth/index.php
index 9a7e804..03db224 100644
--- a/oauth/index.php
+++ b/oauth/index.php
@@ -51,6 +51,22 @@ function messageShow($html_template, $message = 'No Msg') {
         $user=strtolower(strip_tags(htmlspecialchars(trim($_POST['user']))));
         $password=$_POST['password'];
 
+        // Sherwin Ldap-escape
+        if (!filter_var($user, FILTER_VALIDATE_EMAIL)) {
+            messageShow($prompt_template, 'Username contains invalid charecters.');
+            exit();
+        }
+        
+        if (!function_exists('ldap_escape')) {
+            function ldap_escape($value) {
+                return preg_replace_callback('/[\\x00-\\x1F\\x7F\\(\\)\\\\\\*\\0]/', function ($matches) {
+                    return '\\' . str_pad(dechex(ord($matches[0])), 2, '0', STR_PAD_LEFT);
+                }, $value);
+            }
+        }
+        $user = ldap_escape($user);
+        // Sherwin Ldap-escape
+
         // Open a LDAP connection
         $ldap = new LDAP($ldap_host,$ldap_port,$ldap_version,$ldap_start_tls);