I have quickly looked at the patch and found a few issues:
1/ it is most probably outdated, this would have to be master only I am afraid
2/ we have just discovered performance problems with large temp tables in PostgreSQL, would this be also affected?
3/ commit messages should not start with ":" after MDL issue
4/ I do not like the changes in user_login() at all, it needs a separate issue and it should not duplicate the current code - it would rquire unit tests
5/ mysql_escape_string() must not be used
6/ please use code checker (capital letters, ///, whitespace, etc.)
7/ if (delete_user($user)) - do not waste time checking result, it throws exception on error
8/ use new $trace->output()
9/ I am not sure we need to add so many new lang strings
10/ new validations such as if (!validate_email($user->email)) need separate discussion imo
11/ the username case is a tricky topic, forcing lowercase may break things badly, it needs a separate discussion - I personally think we should store the original value and only do the lowercasing on login and when adding manual accounts
Anyway thanks for the patch.