* error can be due to bad user or password
* added login/logout and related private functions
* handle case when userLogin fails, current code returns PHP error for and API throw is not called
* formatting
* converted login params to POST, removed user=&pass= for other APIs
* formatting
* add auth check back but leave out login/out
* fixes to make it work across zmN, postman and curl
* added back enabled check
* Allow API authentication using the `auth` query parameter containing an auth. hash.
Fixes#1827
The same auth. hash for zms is used here. This allows consumers to use the API without sending the password in the query string and not require forging logins via the login form.
* Move logger.php's global Debug function to Logger::Debug to avoid polluting globals
This avoids a conflict with CakePHP when logger.php gets included indrectly from API code.
* Protect action=login when ZM_ENABLE_CSRF_MAGIC is enabled
