Previously only admins and department managers could show assigned tickets
on open queue -even- when the feature is disabled globally. This pull
request extends the same previlege to all agents.

Join to staff/user tables to get current name when fetching thread entries.

Also allow an administrator to lift the force password change flag without
specifying a new password.

If something fishy, like an Array is received into the password reset system
or any part of the Staff management system, it should be rejected.

References:
http://osticket.com/forum/discussion/76003/sql-attack

Reafactor logOut to use the piggyback on auth backend

 - This is necessary so we'll have a name on record - even on user deletion.

Pass the user id (uid) to ticket create instead of unpacked data.

Add ability for backends to set authorization key (authkey) specific to the backend.
The authkey is tagged with the "id" of the backend that generated it.

This is necessary to force downstream classes to implement key required
functions.

And install initial data in target language. Also configure help tip
popovers to be in the configured, default system language.

This might happen when the user is being authenticated externally e.g LDAP.

This includes the initial concept of pluggable authentication along with the
initial concept for a plugin management system.

Process inline attachments in thread entry and support inline images in
piped emails

Support inline images across the system, with draft support

Migrate to a single attachment table
    That way we don't need a new table for everything we need to attach an
    inline image to (like a signature, for instance)

Add richtext support for internal notes

Implement images on site pages

* Image paste in Redactor
* Make non-local images optional
* Placeholder for non-local images
* Fix local image download hover
* Don't re-attach inline images

When an admin logs in to upgrade to 1.7.1 and further from a version
pervious to 1.7.1, the system will attempt to clear password reset tokens
from the config table, which hasn't been upgraded yet to the namespaced
version from 1.7.1

When an admin logs in to upgrade to 1.7.1 and further from a version
pervious to 1.7.1, the system will attempt to clear password reset tokens
from the config table, which hasn't been upgraded yet to the namespaced
version from 1.7.1

Also include
  * username validation -- no spaces or weird chars
  * no longer base64 encoded sha1-hex hash for CSRF token
  * refresh login page every two hours to keep session active

Fixes #588

Uses a seven step procedure:
  1. (user) Fails to login twice or more
  2. Clicks the 'Forgot my password' link on the login form
  3. Submits the username or email address and triggers a password-reset
     email
  4. Clicks the link in the email and is directed back to the reset page
  5. Enters the username or email again and is logged in
  6. Password change is forced, but current password is not required
  7. Password is updated, user can continue the session without
     authenticating again

Previously, username and password were required. With this patch, the
email address can be used to authenticate the user with the password

Spelling, grammar and readability in upgrader documents
  - Tweaked spelling, grammar and wording to make the text of the upgrader
    pages more readable.
Fixed spelling regression
  - Higly —> Highly
Spelling and readability fixes for /include/class.* files
  - Fixed some spelling mistakes
A couple more spelling/readability fixes.
  - More fixes

1) Ability to limit who can post a reply
2) Expanded staff's stats view.

Example use case %staff.name  %team.name ... etc.

* Auto rehash MD5 based passwords

- Move access to it's own table.
- Refactor what department membership means in relation to group access