fixed csrf token check for a few pages where it mightve been broken
session manager now can be bound to base user class and used, like in login
logout now pushes you to login regardless, no longer has param to push to custom url
fixed validate client, hijacking sessions no longer works
* Now an array to disable with granularity
* Fixed all CSRF tokens back to 1 min
* Added CSRF protection for unlock account
* Unified error message for all csrf tokens
* Fixed a few issues with last commit
* Allow to redirect to referrer page when access is denied
* Logout user and point towards login, add redirect
* Logout user as usual but added save redirects
* Adjusted templates and page codes
This will remove any template content related to the trade currency if
that one is left empty in the configuration.
While going through the templates I also cleaned up the PHP Warnings
left. The code and templates should now process without throwing any PHP
warnings.
Fixes#305 and further addresses #301
