Validate inputs

Nothing should ever have unprintable characters (such as control characters). Except for passwords and urls, nothing should have :/\| (the first three cause problems in directory names; the pipe is suspicious for shell stuff). We need to sanitize everything that goes into the database (including uploaded files' names) for SQL injection, but that's in #30.

Here are the inputs we need to validate:

Register:

• Usernames should be only word characters ([a-zA-Z0-9_-]); no whitespace; less than 20 characters
• All three names (first, middle, last) should be only word characters except numbers and underscore, plus apostrophes, plus accented characters, plus spaces (only single spaces)
• Phone number should be a phone number (there's libraries for this — see validator on npm, and this might even be in standard html or javascript)
• Password can have anything except unprintable characters
• It would be a nice feature if when the user puts in their github and linkedin usernames, we query those websites to see if that user exists. But don't do this right now; just look at github and linkedin's register pages for their restrictions on usernames and copy that
• Team code should be only capital letters and numbers
• Team names should be only word characters plus single spaces (no tabs or any fancy spaces); less than 40 characters

Login only has username and password. Do the same validation as above.

Admin portal:

• Section titles should contain only word characters and spaces
• Section bodies are more difficult. I want admins to be able to put HTML in there (e.g. if they want an image or bold text or something), so we'll use DOMPurify on the frontend and backend for that.

If there's anything else you can think of, make a comment.