If _SERVER{REQUEST_URI} does not start with a leading slash, add one. This
will ensure that the redirect URL offered after a successful login will
be to an absolute url rather than an implied relative one.

Fixes osTicket/osTicket-1.7#858

Also include
  * username validation -- no spaces or weird chars
  * no longer base64 encoded sha1-hex hash for CSRF token
  * refresh login page every two hours to keep session active

Uses a seven step procedure:
  1. (user) Fails to login twice or more
  2. Clicks the 'Forgot my password' link on the login form
  3. Submits the username or email address and triggers a password-reset
     email
  4. Clicks the link in the email and is directed back to the reset page
  5. Enters the username or email again and is logged in
  6. Password change is forced, but current password is not required
  7. Password is updated, user can continue the session without
     authenticating again

Use the actual error message set in Staff::login instead of boring "Authentication Required";

Protect againts cross-site request forgery attacks by requiring a special
form-field or header to be sent with requests that modify ticket system
data.

This meant a slight change to the AJAX ticket locking mechanism. It was
defined to lock with a GET request; however, GET requests are defined as
safe methods and should not modify backend data (such as a lock
acquisition). Therefore, the the lock acquire AJAX method was changed to
require a POST method.

Also remove old, no-longer-used staff panel include files

And correct several undefined function errors from several source files. So
while function names in PHP are considered case-insensitive, it still makes
sense to use consistent camel casing for both defining and calling methods.
The lint test searches the code base for method calls, and then searches the
code base again looking for a function definition matching the name of the
function invoked. It's not failsafe, because it doesn't detect the class
from which the method should belong, so it's likely to have false negatives.
Furthermore, it won't work well for PHP 5 where several classes are built
into PHP (and aren't searchable in the osTicket code base).

Remove the include/staff/api.inc.php as it no longer appears to be used (and
contains references to undefined methods).