The way this now works is, if csrf is enabled:
* Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates
* Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
Since we are adding more security realted features, we drop the small
login in the header. It will need more workarounds than we'd like and is
already dropped when re-Captcha is enabled.
Security > Convenience :D
* Adds config options for disabling, timeout lead time, and forms
* Adds another salt in config that's used in the token
* Adds protection for login form by default
* Adjusted mmcfe-ng occurences in code
* Adjusted Database strucutre to only supply the full structure
* Adjusted default template to MPOS
Addresses #643
