Fixes #742

This is safe now, because the title is appropriately encoded in
class.thread.php/ThreadEntry::create()

Fixes #567, #718

Also include
  * username validation -- no spaces or weird chars
  * no longer base64 encoded sha1-hex hash for CSRF token
  * refresh login page every two hours to keep session active

Fixes #575

Incoming messages with empty body and an inline attachment might not have
parts - depending on encoding used.

* Use "-" tag for emails with empty body/message

  - Logo selection radio buttons not vertically centered (Firefox)
  - font-size value incorrect in login.css
  - Incorrect : placement in FAQ category edit
  - Incorrect block width declaration (700 vs 700px)
  - Browsers disagree on the placement of CSS3 outline properties
  - Correctly place check boxes and radio buttons

We should move initial data out of the install SQL file, which will make way
for a few things:

  * Internationalization -- which breaks the migrater model currently.
        Moving the data outside the install script makes it translatable
        without changing the SQL hash
  * Review -- Migrations which add more data don't highlight new features
        that need review to the adminsitrator

Uses a seven step procedure:
  1. (user) Fails to login twice or more
  2. Clicks the 'Forgot my password' link on the login form
  3. Submits the username or email address and triggers a password-reset
     email
  4. Clicks the link in the email and is directed back to the reset page
  5. Enters the username or email again and is logged in
  6. Password change is forced, but current password is not required
  7. Password is updated, user can continue the session without
     authenticating again

Administrators are allowed to upload one or more logos and then select from
the uploaded logos to set one for the client site. Logos can also be deleted
on settings->pages submission

The administrator can define pages in the admin panel defined as type
'other', and when set to active, those pages can be served from the
/pages/<page-name-slug> URL from the base of the helpdesk.

This is mocked up only against Apache

SLAs can be marked transient. When a ticket is assigned to a transient SLA
and it is transferred to a department or help topic having a default SLA,
the SLA will change to the SLA of the new department or help topic. This
process can continue as long as the ticket has a transient SLA assigned.
Once a non-transient SLA is assigned to the ticket, the SLA will no longer
change automatically. Thereafter, the SLA can only be manually changed.

on line 14 of settings-pages.inc.php the section: <a href="pages"> should read: <a href="pages.php">

 - Supported pages: landing, offline, thank-you and other

Change the config table from a column-based table to a key-value table
with namespacing. This allows several parts of osTicket to store their
respective configurations in the same table without requiring database
structure updates

'namespace' is reserved in PHP

Drop required usage of MyISAM tables, and drop fulltext indexes as they
are not used in the code currently anyway. Also, use a blob to store
session data so as not to waste space with UTF-8 encoding. Lastly, fix
session_id storage to use VARCHAR(255) which is required for versions
of MySQL < 5.0.3, and use ascii for the storage model for the
session_id as it will contain simple characters only.

Typo

Make sure ticket api controller enforces attachments settings (don't trust data parsers).

Don't show reply/response section on new ticket form if the staff can NOT post replies... also checked in Ticket::open().

Show assigned to column based on flag - which now factors in if assigned tickets are being shown on open queue.

 -> Open - only contains unasssined tickets if 'show assigned tickets' is off.