From df884cd852749126710d026e6e78827529b11a43 Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Sat, 7 Jun 2008 15:41:25 +0000
Subject: [PATCH] MDL-15098 dml auth conversion

---
 auth/cas/auth.php                  | 219 ++++++++++++++---------------
 auth/cas/cas_ldap_sync_users.php   |   2 +-
 auth/db/auth.php                   |   5 +-
 auth/ldap/auth.php                 | 185 +++++++++---------------
 auth/ldap/auth_ldap_sync_users.php |   2 +-
 5 files changed, 178 insertions(+), 235 deletions(-)

diff --git a/auth/cas/auth.php b/auth/cas/auth.php
index bc6a2015f0f..fb42870df0b 100644
--- a/auth/cas/auth.php
+++ b/auth/cas/auth.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * @author Martin Dougiamas
  * @authro Jerome GUTIERREZ
@@ -43,7 +44,7 @@ class auth_plugin_cas extends auth_plugin_base {
         //hack prefix to objectclass
         if (empty($this->config->objectclass)) {        // Can't send empty filter
             $this->config->objectclass='objectClass=*';
-        } else if (strpos($this->config->objectclass, 'objectClass=') !== 0) {
+        } else if (stripos($this->config->objectclass, 'objectClass=') !== 0) {
             $this->config->objectclass = 'objectClass='.$this->config->objectclass;
         }
     }
@@ -361,10 +362,13 @@ if ( !is_object($PHPCAS_CLIENT) ) {
     function get_userinfo($username) {
         $textlib = textlib_get_instance();
         $extusername = $textlib->convert($username, 'utf-8', $this->config->ldapencoding);
+
         $ldapconnection = $this->ldap_connect();
         $attrmap = $this->ldap_attributes();
+
         $result = array();
         $search_attribs = array();
+
         foreach ($attrmap as $key=>$values) {
             if (!is_array($values)) {
                 $values = array($values);
@@ -388,7 +392,7 @@ if ( !is_object($PHPCAS_CLIENT) ) {
                 $values = array($values);
             }
             $ldapval = NULL;
-           foreach ($values as $value) {
+            foreach ($values as $value) {
                 if ($value == 'dn') {
                     $result[$key] = $user_dn;
                 }
@@ -562,11 +566,11 @@ if ( !is_object($PHPCAS_CLIENT) ) {
     /**
      * checks if user exists on external db
      *
-     * @param string $username (with system magic quotes)
+     * @param string $username
      */
     function user_exists($username) {
         $textlib = textlib_get_instance();
-        $extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->ldapencoding);
+        $extusername = $textlib->convert($username, 'utf-8', $this->config->ldapencoding);
         //returns true if given username exist on ldap
         $users = $this->ldap_get_userlist("({$this->config->user_attribute}=".$this->filter_addslashes($extusername).")");
         return count($users);
@@ -579,81 +583,55 @@ if ( !is_object($PHPCAS_CLIENT) ) {
      * Syncing users removes or suspends users that dont exists anymore in external db.
      * Creates new users and updates coursecreator status of users.
      *
-     * @param int $bulk_insert_records will insert $bulkinsert_records per insert statement
-     *                         valid only with $unsafe. increase to a couple thousand for
-     *                         blinding fast inserts -- but test it: you may hit mysqld's
-     *                         max_allowed_packet limit.
      * @param bool $do_updates will do pull in data updates from ldap if relevant
      */
-    function sync_users ($bulk_insert_records = 1000, $do_updates = true) {
-        global $CFG;
+    function sync_users ($do_updates = true) {
+
+        global $CFG, $DB;
+
         $textlib = textlib_get_instance();
-        $droptablesql = array(); /// sql commands to drop the table (because session scope could be a problem for
-                                 /// some persistent drivers like ODBTP (mssql) or if this function is invoked
-                                 /// from within a PHP application using persistent connections
-        // configure a temp table
+        $dbman = $DB->get_manager();
 
-/// TODO: move this to sql generators
-error('fix temporary table code in CAS');
+    /// Define table user to be created
+        $table = new xmldb_table('tmp_extuser');
+        $table->add_field('id', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, XMLDB_SEQUENCE, null, null, null);
+        $table->add_field('username', XMLDB_TYPE_CHAR, '100', null, XMLDB_NOTNULL, null, null, null, null);
+        $table->add_key('primary', XMLDB_KEY_PRIMARY, array('id'));
+        $table->add_index('username', XMLDB_INDEX_UNIQUE, array('mnethostid', 'username'));
 
-        print "Configuring temp table\n";
-        switch (strtolower($CFG->dbfamily)) {
-            case 'mysql':
-                $temptable = $CFG->prefix . 'extuser';
-                $droptablesql[] = 'DROP TEMPORARY TABLE ' . $temptable; // sql command to drop the table (because session scope could be a problem)
-                execute_sql_arr($droptablesql, true, false); /// Drop temp table to avoid persistence problems later
-                echo "Creating temp table $temptable\n";
-                execute_sql('CREATE TEMPORARY TABLE ' . $temptable . ' (username VARCHAR(64), PRIMARY KEY (username)) TYPE=MyISAM', false);
-                break;
-            case 'postgres':
-                $temptable = $CFG->prefix . 'extuser';
-                $droptablesql[] = 'DROP TABLE ' . $temptable; // sql command to drop the table (because session scope could be a problem)
-                execute_sql_arr($droptablesql, true, false); /// Drop temp table to avoid persistence problems later
-                echo "Creating temp table $temptable\n";
-                $bulk_insert_records = 1; // no support for multiple sets of values
-                execute_sql('CREATE TEMPORARY TABLE '. $temptable . ' (username VARCHAR(64), PRIMARY KEY (username))', false);
-                break;
-            case 'mssql':
-                $temptable = '#'.$CFG->prefix . 'extuser'; /// MSSQL temp tables begin with #
-                $droptablesql[] = 'DROP TABLE ' . $temptable; // sql command to drop the table (because session scope could be a problem)
-                execute_sql_arr($droptablesql, true, false); /// Drop temp table to avoid persistence problems later
-                echo "Creating temp table $temptable\n";
-                $bulk_insert_records = 1; // no support for multiple sets of values
-                execute_sql('CREATE TABLE ' . $temptable . ' (username VARCHAR(64), PRIMARY KEY (username))', false);
-                break;
-            case 'oracle':
-                $temptable = $CFG->prefix . 'extuser';
-                $droptablesql[] = 'TRUNCATE TABLE ' . $temptable; // oracle requires truncate before being able to drop a temp table
-                $droptablesql[] = 'DROP TABLE ' . $temptable; // sql command to drop the table (because session scope could be a problem)
-                execute_sql_arr($droptablesql, true, false); /// Drop temp table to avoid persistence problems later
-                echo "Creating temp table $temptable\n";
-                $bulk_insert_records = 1; // no support for multiple sets of values
-                execute_sql('CREATE GLOBAL TEMPORARY TABLE '.$temptable.' (username VARCHAR(64), PRIMARY KEY (username)) ON COMMIT PRESERVE ROWS', false);
-                break;
+        echo "Creating temp table $temptable\n";
+        if (!$dbman->create_temp_table($table)) {
+            print  "Failed to create temporary users table - aborting\n";
+            exit;
         }
+
         print "Connecting to ldap...\n";
         $ldapconnection = $this->ldap_connect();
+
         if (!$ldapconnection) {
             @ldap_close($ldapconnection);
             print get_string('auth_ldap_noconnect','auth',$this->config->host_url);
             exit;
         }
+
         ////
         //// get user's list from ldap to sql in a scalable fashion
         ////
         // prepare some data we'll need
         $filter = "(&(".$this->config->user_attribute."=*)(".$this->config->objectclass."))";
+
         $contexts = explode(";",$this->config->contexts);
+
         if (!empty($this->config->create_context)) {
               array_push($contexts, $this->config->create_context);
         }
+
         $fresult = array();
         foreach ($contexts as $context) {
             $context = trim($context);
             if (empty($context)) {
                 continue;
             }
-            begin_sql();
             if ($this->config->search_sub) {
                 //use ldap_search to find first user from subtree
                 $ldap_result = ldap_search($ldapconnection, $context,
@@ -665,49 +643,44 @@ error('fix temporary table code in CAS');
                                          $filter,
                                          array($this->config->user_attribute));
             }
+
             if ($entry = ldap_first_entry($ldapconnection, $ldap_result)) {
                 do {
                     $value = ldap_get_values_len($ldapconnection, $entry, $this->config->user_attribute);
                     $value = $textlib->convert($value[0], $this->config->ldapencoding, 'utf-8');
-                    array_push($fresult, $value);
-                    if (count($fresult) >= $bulk_insert_records) {
-                        $this->ldap_bulk_insert($fresult, $temptable);
-                        $fresult = array();
-                    }
+                    $this->ldap_bulk_insert($value);
                 } while ($entry = ldap_next_entry($ldapconnection, $entry));
             }
             unset($ldap_result); // free mem
-            // insert any remaining users and release mem
-            if (count($fresult)) {
-                $this->ldap_bulk_insert($fresult, $temptable);
-                $fresult = array();
-            }
-            commit_sql();
         }
+
         /// preserve our user database
         /// if the temp table is empty, it probably means that something went wrong, exit
         /// so as to avoid mass deletion of users; which is hard to undo
-        $count = get_record_sql('SELECT COUNT(username) AS count, 1 FROM ' . $temptable);
-        $count = $count->{'count'};
+        $count = $DB->count_records_sql('SELECT COUNT(username) AS count, 1 FROM {tmp_extuser}');
         if ($count < 1) {
             print "Did not get any users from LDAP -- error? -- exiting\n";
             exit;
         } else {
             print "Got $count records from LDAP\n\n";
         }
+
+
 /// User removal
         // find users in DB that aren't in ldap -- to be removed!
         // this is still not as scalable (but how often do we mass delete?)
         if (!empty($this->config->removeuser)) {
-            $sql = "SELECT u.id, u.username, u.email, u.auth
-                    FROM {$CFG->prefix}user u
-                        LEFT JOIN $temptable e ON u.username = e.username
-                    WHERE u.auth='cas'
-                        AND u.deleted=0
-                        AND e.username IS NULL";
-            $remove_users = get_records_sql($sql);
+            $sql = "SELECT u.id, u.username, u.email, u.auth 
+                      FROM {user} u
+                      LEFT JOIN {tmp_extuser} e ON (u.username = e.username AND u.mnethostid = ?)
+                     WHERE u.auth='cas'
+                           AND u.deleted=0
+                           AND e.username IS NULL";
+            $remove_users = $DB->get_records_sql($sql, array($CFG->mnet_localhost_id));
+
             if (!empty($remove_users)) {
                 print "User entries to remove: ". count($remove_users) . "\n";
+
                 foreach ($remove_users as $user) {
                     if ($this->config->removeuser == AUTH_REMOVEUSER_FULLDELETE) {
                         if (delete_user($user)) {
@@ -719,7 +692,7 @@ error('fix temporary table code in CAS');
                         $updateuser = new object();
                         $updateuser->id = $user->id;
                         $updateuser->auth = 'nologin';
-                        if (update_record('user', $updateuser)) {
+                        if ($DB->update_record('user', $updateuser)) {
                             echo "\t"; print_string('auth_dbsuspenduser', 'auth', array($user->username, $user->id)); echo "\n";
                         } else {
                             echo "\t"; print_string('auth_dbsuspendusererror', 'auth', $user->username); echo "\n";
@@ -731,32 +704,36 @@ error('fix temporary table code in CAS');
             }
             unset($remove_users); // free mem!
         }
+
 /// Revive suspended users
         if (!empty($this->config->removeuser) and $this->config->removeuser == AUTH_REMOVEUSER_SUSPEND) {
             $sql = "SELECT u.id, u.username
-                    FROM $temptable e, {$CFG->prefix}user u
-                    WHERE e.username=u.username
-                        AND u.auth='nologin'";
-            $revive_users = get_records_sql($sql);
+                      FROM {user} u
+                      JOIN {tmp_extuser} e ON (u.username = e.username AND u.mnethostid = ?)
+                     WHERE u.auth='nologin' AND u.deleted=0";
+            $revive_users = $DB->get_records_sql($sql, array($CFG->mnet_localhost_id));
+
             if (!empty($revive_users)) {
                 print "User entries to be revived: ". count($revive_users) . "\n";
-                begin_sql();
+
                 foreach ($revive_users as $user) {
                     $updateuser = new object();
                     $updateuser->id = $user->id;
-                    $updateuser->auth = 'cas';
-                    if (update_record('user', $updateuser)) {
+                    $updateuser->auth = 'ldap';
+                    if ($DB->pdate_record('user', $updateuser)) {
                         echo "\t"; print_string('auth_dbreviveser', 'auth', array($user->username, $user->id)); echo "\n";
                     } else {
                         echo "\t"; print_string('auth_dbreviveusererror', 'auth', $user->username); echo "\n";
                     }
                 }
-                commit_sql();
             } else {
                 print "No user entries to be revived\n";
             }
+
             unset($revive_users);
         }
+
+
 /// User Updates - time-consuming (optional)
         if ($do_updates) {
             // narrow down what fields we need to update
@@ -775,15 +752,17 @@ error('fix temporary table code in CAS');
             }
             // print_r($all_keys); print_r($updatekeys);
             unset($all_keys); unset($key);
+
         } else {
             print "No updates to be done\n";
         }
         if ( $do_updates and !empty($updatekeys) ) { // run updates only if relevant
-            $users = get_records_sql("SELECT u.username, u.id
-                                      FROM {$CFG->prefix}user u
-                                      WHERE u.deleted=0 AND u.auth='cas'");
+            $users = $DB->get_records_sql("SELECT u.username, u.id
+                                             FROM {user} u
+                                            WHERE u.deleted=0 AND u.auth='cas' AND u.mnethostid = ?", array($CFG->mnet_localhost_id));
             if (!empty($users)) {
                 print "User entries to update: ". count($users). "\n";
+
                 $sitecontext = get_context_instance(CONTEXT_SYSTEM);
                 if (!empty($this->config->creators) and !empty($this->config->memberattribute)
                   and $roles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) {
@@ -791,9 +770,11 @@ error('fix temporary table code in CAS');
                 } else {
                     $creatorrole = false;
                 }
-                begin_sql();
+
+                $DB->begin_sql();
                 $xcount = 0;
                 $maxxcount = 100;
+
                 foreach ($users as $user) {
                     echo "\t"; print_string('auth_dbupdatinguser', 'auth', array($user->username, $user->id));
                     if (!$this->update_user_record($user->username, $updatekeys)) {
@@ -801,6 +782,7 @@ error('fix temporary table code in CAS');
                     }
                     echo "\n";
                     $xcount++;
+
                     // update course creators if needed
                     if ($creatorrole !== false) {
                         if ($this->iscreator($user->username)) {
@@ -809,13 +791,14 @@ error('fix temporary table code in CAS');
                             role_unassign($creatorrole->id, $user->id, 0, $sitecontext->id, 'cas');
                         }
                     }
+
                     if ($xcount++ > $maxxcount) {
-                        commit_sql();
-                        begin_sql();
+                        $DB->commit_sql();
+                        $DB->begin_sql();
                         $xcount = 0;
                     }
                 }
-                commit_sql();
+                $DB->commit_sql();
                 unset($users); // free mem
             }
         } else { // end do updates
@@ -823,15 +806,18 @@ error('fix temporary table code in CAS');
         }
 /// User Additions
         // find users missing in DB that are in LDAP
-        // note that get_records_sql wants at least 2 fields returned,
         // and gives me a nifty object I don't want.
         // note: we do not care about deleted accounts anymore, this feature was replaced by suspending to nologin auth plugin
-        $sql = "SELECT e.username, e.username
-                FROM $temptable e LEFT JOIN {$CFG->prefix}user u ON e.username = u.username
-                WHERE u.id IS NULL";
-        $add_users = get_records_sql($sql); // get rid of the fat
+        // mnetid not used here in join because we can not add users with the same username
+        $sql = "SELECT e.id, e.username
+                  FROM {user} u
+                  LEFT JOIN {tmp_extuser} e ON u.username = e.username
+                 WHERE u.id IS NULL";
+        $add_users = $DB->get_records_sql($sql); // get rid of the fat
+
         if (!empty($add_users)) {
             print "User entries to add: ". count($add_users). "\n";
+
             $sitecontext = get_context_instance(CONTEXT_SYSTEM);
             if (!empty($this->config->creators) and !empty($this->config->memberattribute)
               and $roles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) {
@@ -839,9 +825,11 @@ error('fix temporary table code in CAS');
             } else {
                 $creatorrole = false;
             }
-            begin_sql();
+
+            $DB->begin_sql();
             foreach ($add_users as $user) {
-                $user = $this->get_userinfo_asobj(addslashes($user->username));
+                $user = $this->get_userinfo_asobj($user->username);
+
                 // prep a few params
                 $user->modified   = time();
                 $user->confirmed  = 1;
@@ -850,9 +838,9 @@ error('fix temporary table code in CAS');
                 if (empty($user->lang)) {
                     $user->lang = $CFG->lang;
                 }
-                $user = addslashes_recursive($user);
-                if ($id = insert_record('user',$user)) {
-                    echo "\t"; print_string('auth_dbinsertuser', 'auth', array(stripslashes($user->username), $id)); echo "\n";
+
+                if ($id = $DB->insert_record('user', $user)) {
+                    echo "\t"; print_string('auth_dbinsertuser', 'auth', array($user->username, $id)); echo "\n";
                     $userobj = $this->update_user_record($user->username);
                     if (!empty($this->config->forcechangepassword)) {
                         set_user_preference('auth_forcepasswordchange', 1, $userobj->id);
@@ -860,18 +848,23 @@ error('fix temporary table code in CAS');
                 } else {
                     echo "\t"; print_string('auth_dbinsertusererror', 'auth', $user->username); echo "\n";
                 }
+
                 // add course creators if needed
-                if ($creatorrole !== false and $this->iscreator(stripslashes($user->username))) {
+                if ($creatorrole !== false and $this->iscreator($user->username)) {
                     role_assign($creatorrole->id, $user->id, 0, $sitecontext->id, 0, 0, 0, 'cas');
                 }
             }
-            commit_sql();
+            $DB->commit_sql();
             unset($add_users); // free mem
         } else {
             print "No users to be added\n";
         }
+
+        $dbman->drop_temp_table($table);
+
         return true;
     }
+
     /**
      * Update a local user record from an external source.
      * This is a lighter version of the one in moodlelib -- won't do
@@ -883,30 +876,36 @@ error('fix temporary table code in CAS');
      * @param string $username username
      */
     function update_user_record($username, $updatekeys = false) {
-        global $CFG, $DB;
+        global $CFG;
 
         //just in case check text case
         $username = trim(moodle_strtolower($username));
+
         // get the current user record
         $user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id));
         if (empty($user)) { // trouble
-            error_log("Cannot update non-existent user: ".stripslashes($username));
-            print_error('auth_dbusernotexist','auth',$username);
+            error_log("Cannot update non-existent user: ".$username);
+            print_error('auth_dbusernotexist','auth','',$username);
             die;
         }
+
         // Protect the userid from being overwritten
         $userid = $user->id;
+
         if ($newinfo = $this->get_userinfo($username)) {
             $newinfo = truncate_userinfo($newinfo);
+
             if (empty($updatekeys)) { // all keys? this does not support removing values
                 $updatekeys = array_keys($newinfo);
             }
+
             foreach ($updatekeys as $key) {
                 if (isset($newinfo[$key])) {
                     $value = $newinfo[$key];
                 } else {
                     $value = '';
                 }
+
                 if (!empty($this->config->{'field_updatelocal_' . $key})) {
                     if ($user->{$key} != $value) { // only update if it's changed
                         $DB->set_field('user', $key, $value, array('id'=>$userid));
@@ -920,17 +919,13 @@ error('fix temporary table code in CAS');
     }
     /**
      * Bulk insert in SQL's temp table
-     * @param array $users is an array of usernames
      */
-    function ldap_bulk_insert($users, $temptable) {
-        // bulk insert -- superfast with $bulk_insert_records
-        $sql = 'INSERT INTO ' . $temptable . ' (username) VALUES ';
-        // make those values safe
-        $users = addslashes_recursive($users);
-        // join and quote the whole lot
-        $sql = $sql . "('" . implode("'),('", $users) . "')";
-        print "\t+ " . count($users) . " users\n";
-        execute_sql($sql, false);
+    function ldap_bulk_insert($username) {
+        global $DB;
+
+        $username = moodle_strtolower($username); // usernames are __always__ lowercase.
+        $DB->insert_record_raw('tmp_extuser', array('username'=>$username), false, true);
+        print ".";
     }
     /**
      * Returns true if user should be coursecreator.
diff --git a/auth/cas/cas_ldap_sync_users.php b/auth/cas/cas_ldap_sync_users.php
index e4caec4b45d..e1cc5acd4c2 100644
--- a/auth/cas/cas_ldap_sync_users.php
+++ b/auth/cas/cas_ldap_sync_users.php
@@ -43,6 +43,6 @@ if (!is_enabled_auth('cas')) {
 }
 
 $casauth = get_auth_plugin('cas');
-$casauth->sync_users(1000, true);
+$casauth->sync_users(true);
 
 ?>
\ No newline at end of file
diff --git a/auth/db/auth.php b/auth/db/auth.php
index 702e2d40fa8..c6398d4a266 100644
--- a/auth/db/auth.php
+++ b/auth/db/auth.php
@@ -342,7 +342,7 @@ class auth_plugin_db extends auth_plugin_base {
 
         if (!empty($add_users)) {
             print_string('auth_dbuserstoadd','auth',count($add_users)); echo "\n";
-            begin_sql();
+            $DB->begin_sql();
             foreach($add_users as $user) {
                 $username = $user;
                 $user = $this->get_userinfo_asobj($user);
@@ -357,7 +357,6 @@ class auth_plugin_db extends auth_plugin_base {
                     $user->lang = $CFG->lang;
                 }
 
-                $user = addslashes_object($user);
                 // maybe the user has been deleted before
                 if ($old_user = $DB->get_record('user', array('username'=>$user->username, 'deleted'=>1, 'mnethostid'=>$user->mnethostid))) {
                     $user->id = $old_user->id;
@@ -374,7 +373,7 @@ class auth_plugin_db extends auth_plugin_base {
                     echo "\t"; print_string('auth_dbinsertusererror', 'auth', $user->username); echo "\n";
                 }
             }
-            commit_sql();
+            $DB->commit_sql();
             unset($add_users); // free mem
         }
         return true;
diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php
index a47b7162627..5ea3f315e8f 100644
--- a/auth/ldap/auth.php
+++ b/auth/ldap/auth.php
@@ -254,12 +254,12 @@ class auth_plugin_ldap extends auth_plugin_base {
     /**
      * checks if user exists on external db
      *
-     * @param string $username (with system magic quotes)
+     * @param string $username
      */
     function user_exists($username) {
 
         $textlib = textlib_get_instance();
-        $extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->ldapencoding);
+        $extusername = $textlib->convert($username, 'utf-8', $this->config->ldapencoding);
 
         //returns true if given username exist on ldap
         $users = $this->ldap_get_userlist("({$this->config->user_attribute}=".$this->filter_addslashes($extusername).")");
@@ -271,13 +271,13 @@ class auth_plugin_ldap extends auth_plugin_base {
      * By using information in userobject
      * Use user_exists to prevent dublicate usernames
      *
-     * @param mixed $userobject  Moodle userobject  (with system magic quotes)
-     * @param mixed $plainpass   Plaintext password (with system magic quotes)
+     * @param mixed $userobject  Moodle userobject
+     * @param mixed $plainpass   Plaintext password
      */
     function user_create($userobject, $plainpass) {
         $textlib = textlib_get_instance();
-        $extusername = $textlib->convert(stripslashes($userobject->username), 'utf-8', $this->config->ldapencoding);
-        $extpassword = $textlib->convert(stripslashes($plainpass), 'utf-8', $this->config->ldapencoding);
+        $extusername = $textlib->convert($userobject->username, 'utf-8', $this->config->ldapencoding);
+        $extpassword = $textlib->convert($plainpass, 'utf-8', $this->config->ldapencoding);
 
         switch ($this->config->passtype) {
             case 'md5':
@@ -302,7 +302,7 @@ class auth_plugin_ldap extends auth_plugin_base {
             }
             foreach ($values as $value) {
                 if (!empty($userobject->$key) ) {
-                    $newuser[$value] = $textlib->convert(stripslashes($userobject->$key), 'utf-8', $this->config->ldapencoding);
+                    $newuser[$value] = $textlib->convert($userobject->$key, 'utf-8', $this->config->ldapencoding);
                 }
             }
         }
@@ -437,6 +437,8 @@ class auth_plugin_ldap extends auth_plugin_base {
      * @param string $confirmsecret
      */
     function user_confirm($username, $confirmsecret) {
+        global $DB;
+
         $user = get_complete_user_data('username', $username);
 
         if (!empty($user)) {
@@ -450,10 +452,10 @@ class auth_plugin_ldap extends auth_plugin_base {
                 if (!$this->user_activate($username)) {
                     return AUTH_CONFIRM_FAIL;
                 }
-                if (!set_field("user", "confirmed", 1, "id", $user->id)) {
+                if (!$DB->set_field("user", "confirmed", 1, array("id"=>$user->id))) {
                     return AUTH_CONFIRM_FAIL;
                 }
-                if (!set_field("user", "firstaccess", time(), "id", $user->id)) {
+                if (!$DB->set_field("user", "firstaccess", time(), array("id"=>$user->id))) {
                     return AUTH_CONFIRM_FAIL;
                 }
                 return AUTH_CONFIRM_OK;
@@ -469,14 +471,14 @@ class auth_plugin_ldap extends auth_plugin_base {
      * If userpassword does not expire it should return 0. If password is already expired
      * it should return negative value.
      *
-     * @param mixed $username username (with system magic quotes)
+     * @param mixed $username username
      * @return integer
      */
     function password_expire($username) {
         $result = 0;
 
         $textlib = textlib_get_instance();
-        $extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->ldapencoding);
+        $extusername = $textlib->convert($username, 'utf-8', $this->config->ldapencoding);
 
         $ldapconnection = $this->ldap_connect();
         $user_dn = $this->ldap_find_userdn($ldapconnection, $extusername);
@@ -512,57 +514,23 @@ class auth_plugin_ldap extends auth_plugin_base {
      * Syncing users removes or suspends users that dont exists anymore in external db.
      * Creates new users and updates coursecreator status of users.
      *
-     * @param int $bulk_insert_records will insert $bulkinsert_records per insert statement
-     *                         valid only with $unsafe. increase to a couple thousand for
-     *                         blinding fast inserts -- but test it: you may hit mysqld's
-     *                         max_allowed_packet limit.
      * @param bool $do_updates will do pull in data updates from ldap if relevant
      */
-    function sync_users ($bulk_insert_records = 1000, $do_updates = true) {
-
-        global $CFG;
+    function sync_users($do_updates=true) {
+        global $CFG, $DB;
 
         $textlib = textlib_get_instance();
+        $dbman = $DB->get_manager();
 
-        $droptablesql = array(); /// sql commands to drop the table (because session scope could be a problem for
-                                 /// some persistent drivers like ODBTP (mssql) or if this function is invoked
-                                 /// from within a PHP application using persistent connections
-        $temptable = $CFG->prefix . 'extuser';
-        $createtemptablesql = '';
+    /// Define table user to be created
+        $table = new xmldb_table('tmp_extuser');
+        $table->add_field('id', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, XMLDB_SEQUENCE, null, null, null);
+        $table->add_field('username', XMLDB_TYPE_CHAR, '100', null, XMLDB_NOTNULL, null, null, null, null);
+        $table->add_key('primary', XMLDB_KEY_PRIMARY, array('id'));
+        $table->add_index('username', XMLDB_INDEX_UNIQUE, array('mnethostid', 'username'));
 
-        // configure a temp table
-        print "Configuring temp table\n";
-error('fix temporary table code in CAS'); // use sql generator
-        switch (strtolower($CFG->dbfamily)) {
-            case 'mysql':
-                $droptablesql[] = 'DROP TEMPORARY TABLE ' . $temptable; // sql command to drop the table (because session scope could be a problem)
-                $createtemptablesql = 'CREATE TEMPORARY TABLE ' . $temptable . ' (username VARCHAR(64), PRIMARY KEY (username)) TYPE=MyISAM';
-                break;
-            case 'postgres':
-                $droptablesql[] = 'DROP TABLE ' . $temptable; // sql command to drop the table (because session scope could be a problem)
-                $bulk_insert_records = 1; // no support for multiple sets of values
-                $createtemptablesql = 'CREATE TEMPORARY TABLE '. $temptable . ' (username VARCHAR(64), PRIMARY KEY (username))';
-                break;
-            case 'mssql':
-                $temptable = '#'. $temptable; /// MSSQL temp tables begin with #
-                $droptablesql[] = 'DROP TABLE ' . $temptable; // sql command to drop the table (because session scope could be a problem)
-                $bulk_insert_records = 1; // no support for multiple sets of values
-                $createtemptablesql = 'CREATE TABLE ' . $temptable . ' (username VARCHAR(64), PRIMARY KEY (username))';
-                break;
-            case 'oracle':
-                $droptablesql[] = 'TRUNCATE TABLE ' . $temptable; // oracle requires truncate before being able to drop a temp table
-                $droptablesql[] = 'DROP TABLE ' . $temptable; // sql command to drop the table (because session scope could be a problem)
-                $bulk_insert_records = 1; // no support for multiple sets of values
-                $createtemptablesql = 'CREATE GLOBAL TEMPORARY TABLE '.$temptable.' (username VARCHAR(64), PRIMARY KEY (username)) ON COMMIT PRESERVE ROWS';
-                break;
-        }
-
-/// TODO: remove these ugly hacks
-error('fix temporary table code in CAS');
-
-        execute_sql_arr($droptablesql, true, false); /// Drop temp table to avoid persistence problems later
         echo "Creating temp table $temptable\n";
-        if(! execute_sql($createtemptablesql, false) ){
+        if (!$dbman->create_temp_table($table)) {
             print  "Failed to create temporary users table - aborting\n";
             exit;
         }
@@ -594,7 +562,6 @@ error('fix temporary table code in CAS');
             if (empty($context)) {
                 continue;
             }
-            begin_sql();
             if ($this->config->search_sub) {
                 //use ldap_search to find first user from subtree
                 $ldap_result = ldap_search($ldapconnection, $context,
@@ -611,29 +578,16 @@ error('fix temporary table code in CAS');
                 do {
                     $value = ldap_get_values_len($ldapconnection, $entry, $this->config->user_attribute);
                     $value = $textlib->convert($value[0], $this->config->ldapencoding, 'utf-8');
-                    // usernames are __always__ lowercase.
-                    array_push($fresult, moodle_strtolower($value));
-                    if (count($fresult) >= $bulk_insert_records) {
-                        $this->ldap_bulk_insert($fresult, $temptable);
-                        $fresult = array();
-                    }
+                    $this->ldap_bulk_insert($value);
                 } while ($entry = ldap_next_entry($ldapconnection, $entry));
             }
             unset($ldap_result); // free mem
-
-            // insert any remaining users and release mem
-            if (count($fresult)) {
-                $this->ldap_bulk_insert($fresult, $temptable);
-                $fresult = array();
-            }
-            commit_sql();
         }
 
         /// preserve our user database
         /// if the temp table is empty, it probably means that something went wrong, exit
         /// so as to avoid mass deletion of users; which is hard to undo
-        $count = get_record_sql('SELECT COUNT(username) AS count, 1 FROM ' . $temptable);
-        $count = $count->{'count'};
+        $count = $DB->count_records_sql('SELECT COUNT(username) AS count, 1 FROM {tmp_extuser}');
         if ($count < 1) {
             print "Did not get any users from LDAP -- error? -- exiting\n";
             exit;
@@ -647,12 +601,12 @@ error('fix temporary table code in CAS');
         // this is still not as scalable (but how often do we mass delete?)
         if (!empty($this->config->removeuser)) {
             $sql = "SELECT u.id, u.username, u.email, u.auth 
-                    FROM {$CFG->prefix}user u
-                        LEFT JOIN $temptable e ON u.username = e.username
-                    WHERE u.auth='ldap'
-                        AND u.deleted=0
-                        AND e.username IS NULL";
-            $remove_users = get_records_sql($sql);
+                      FROM {user} u
+                      LEFT JOIN {tmp_extuser} e ON (u.username = e.username AND u.mnethostid = ?)
+                     WHERE u.auth='ldap'
+                           AND u.deleted=0
+                           AND e.username IS NULL";
+            $remove_users = $DB->get_records_sql($sql, array($CFG->mnet_localhost_id));
 
             if (!empty($remove_users)) {
                 print "User entries to remove: ". count($remove_users) . "\n";
@@ -668,7 +622,7 @@ error('fix temporary table code in CAS');
                         $updateuser = new object();
                         $updateuser->id = $user->id;
                         $updateuser->auth = 'nologin';
-                        if (update_record('user', $updateuser)) {
+                        if ($DB->update_record('user', $updateuser)) {
                             echo "\t"; print_string('auth_dbsuspenduser', 'auth', array($user->username, $user->id)); echo "\n";
                         } else {
                             echo "\t"; print_string('auth_dbsuspendusererror', 'auth', $user->username); echo "\n";
@@ -684,26 +638,24 @@ error('fix temporary table code in CAS');
 /// Revive suspended users
         if (!empty($this->config->removeuser) and $this->config->removeuser == AUTH_REMOVEUSER_SUSPEND) {
             $sql = "SELECT u.id, u.username
-                    FROM $temptable e, {$CFG->prefix}user u
-                    WHERE e.username=u.username
-                        AND u.auth='nologin'";
-            $revive_users = get_records_sql($sql);
+                      FROM {user} u
+                      JOIN {tmp_extuser} e ON (u.username = e.username AND u.mnethostid = ?)
+                     WHERE u.auth='nologin' AND u.deleted=0";
+            $revive_users = $DB->get_records_sql($sql, array($CFG->mnet_localhost_id));
 
             if (!empty($revive_users)) {
                 print "User entries to be revived: ". count($revive_users) . "\n";
 
-                begin_sql();
                 foreach ($revive_users as $user) {
                     $updateuser = new object();
                     $updateuser->id = $user->id;
                     $updateuser->auth = 'ldap';
-                    if (update_record('user', $updateuser)) {
+                    if ($DB->pdate_record('user', $updateuser)) {
                         echo "\t"; print_string('auth_dbreviveser', 'auth', array($user->username, $user->id)); echo "\n";
                     } else {
                         echo "\t"; print_string('auth_dbreviveusererror', 'auth', $user->username); echo "\n";
                     }
                 }
-                commit_sql();
             } else {
                 print "No user entries to be revived\n";
             }
@@ -735,9 +687,9 @@ error('fix temporary table code in CAS');
             print "No updates to be done\n";
         }
         if ( $do_updates and !empty($updatekeys) ) { // run updates only if relevant
-            $users = get_records_sql("SELECT u.username, u.id
-                                      FROM {$CFG->prefix}user u
-                                      WHERE u.deleted=0 AND u.auth='ldap'");
+            $users = $DB->get_records_sql("SELECT u.username, u.id
+                                             FROM {user} u
+                                            WHERE u.deleted=0 AND u.auth='ldap' AND u.mnethostid = ?", array($CFG->mnet_localhost_id));
             if (!empty($users)) {
                 print "User entries to update: ". count($users). "\n";
 
@@ -749,7 +701,7 @@ error('fix temporary table code in CAS');
                     $creatorrole = false;
                 }
 
-                begin_sql();
+                $DB->begin_sql();
                 $xcount = 0;
                 $maxxcount = 100;
 
@@ -771,12 +723,12 @@ error('fix temporary table code in CAS');
                     }
 
                     if ($xcount++ > $maxxcount) {
-                        commit_sql();
-                        begin_sql();
+                        $DB->commit_sql();
+                        $DB->begin_sql();
                         $xcount = 0;
                     }
                 }
-                commit_sql();
+                $DB->commit_sql();
                 unset($users); // free mem
             }
         } else { // end do updates
@@ -785,13 +737,14 @@ error('fix temporary table code in CAS');
 
 /// User Additions
         // find users missing in DB that are in LDAP
-        // note that get_records_sql wants at least 2 fields returned,
         // and gives me a nifty object I don't want.
         // note: we do not care about deleted accounts anymore, this feature was replaced by suspending to nologin auth plugin
-        $sql = "SELECT e.username, e.username
-                FROM $temptable e LEFT JOIN {$CFG->prefix}user u ON e.username = u.username
-                WHERE u.id IS NULL";
-        $add_users = get_records_sql($sql); // get rid of the fat
+        // mnetid not used here in join because we can not add users with the same username
+        $sql = "SELECT e.id, e.username
+                  FROM {user} u
+                  LEFT JOIN {tmp_extuser} e ON u.username = e.username
+                 WHERE u.id IS NULL";
+        $add_users = $DB->get_records_sql($sql); // get rid of the fat
 
         if (!empty($add_users)) {
             print "User entries to add: ". count($add_users). "\n";
@@ -804,9 +757,9 @@ error('fix temporary table code in CAS');
                 $creatorrole = false;
             }
 
-            begin_sql();
+            $DB->begin_sql();
             foreach ($add_users as $user) {
-                $user = $this->get_userinfo_asobj(addslashes($user->username));
+                $user = $this->get_userinfo_asobj($user->username);
 
                 // prep a few params
                 $user->modified   = time();
@@ -817,10 +770,8 @@ error('fix temporary table code in CAS');
                     $user->lang = $CFG->lang;
                 }
 
-                $user = addslashes_recursive($user);
-
-                if ($id = insert_record('user',$user)) {
-                    echo "\t"; print_string('auth_dbinsertuser', 'auth', array(stripslashes($user->username), $id)); echo "\n";
+                if ($id = $DB->insert_record('user', $user)) {
+                    echo "\t"; print_string('auth_dbinsertuser', 'auth', array($user->username, $id)); echo "\n";
                     $userobj = $this->update_user_record($user->username);
                     if (!empty($this->config->forcechangepassword)) {
                         set_user_preference('auth_forcepasswordchange', 1, $userobj->id);
@@ -830,15 +781,18 @@ error('fix temporary table code in CAS');
                 }
 
                 // add course creators if needed
-                if ($creatorrole !== false and $this->iscreator(stripslashes($user->username))) {
+                if ($creatorrole !== false and $this->iscreator($user->username)) {
                     role_assign($creatorrole->id, $user->id, 0, $sitecontext->id, 0, 0, 0, 'ldap');
                 }
             }
-            commit_sql();
+            $DB->commit_sql();
             unset($add_users); // free mem
         } else {
             print "No users to be added\n";
         }
+
+        $dbman->drop_temp_table($table);
+
         return true;
     }
 
@@ -897,30 +851,25 @@ error('fix temporary table code in CAS');
 
     /**
      * Bulk insert in SQL's temp table
-     * @param array $users is an array of usernames
      */
-    function ldap_bulk_insert($users, $temptable) {
+    function ldap_bulk_insert($username) {
+        global $DB;
 
-        // bulk insert -- superfast with $bulk_insert_records
-        $sql = 'INSERT INTO ' . $temptable . ' (username) VALUES ';
-        // make those values safe
-        $users = addslashes_recursive($users);
-        // join and quote the whole lot
-        $sql = $sql . "('" . implode("'),('", $users) . "')";
-        print "\t+ " . count($users) . " users\n";
-        execute_sql($sql, false);
+        $username = moodle_strtolower($username); // usernames are __always__ lowercase.
+        $DB->insert_record_raw('tmp_extuser', array('username'=>$username), false, true);
+        print ".";
     }
 
 
     /**
      * Activates (enables) user in external db so user can login to external db
      *
-     * @param mixed $username    username (with system magic quotes)
+     * @param mixed $username
      * @return boolen result
      */
     function user_activate($username) {
         $textlib = textlib_get_instance();
-        $extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->ldapencoding);
+        $extusername = $textlib->convert($username, 'utf-8', $this->config->ldapencoding);
 
         $ldapconnection = $this->ldap_connect();
 
@@ -955,7 +904,7 @@ error('fix temporary table code in CAS');
      */
 /*    function user_disable($username) {
         $textlib = textlib_get_instance();
-        $extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->ldapencoding);
+        $extusername = $textlib->convert($username, 'utf-8', $this->config->ldapencoding);
 
         $ldapconnection = $this->ldap_connect();
 
diff --git a/auth/ldap/auth_ldap_sync_users.php b/auth/ldap/auth_ldap_sync_users.php
index 2e29140b68a..8b764242c75 100755
--- a/auth/ldap/auth_ldap_sync_users.php
+++ b/auth/ldap/auth_ldap_sync_users.php
@@ -41,6 +41,6 @@ if (!is_enabled_auth('ldap')) {
 }
 
 $ldapauth = get_auth_plugin('ldap');
-$ldapauth->sync_users(1000, true);
+$ldapauth->sync_users(true);
 
 ?>