add csrf check

templates/admin/users/edit.tmpl

@@ -12,6 +12,7 @@
             	<br/>
 				<form action="/admin/users/{{.User.Id}}" method="post" class="form-horizontal">
 				    {{if .IsSuccess}}<p class="alert alert-success">Account profile has been successfully updated.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}}
+				    {{.CsrfTokenHtml}}
                 	<input type="hidden" value="{{.User.Id}}" name="userId"/>
 					<div class="form-group">
 						<label class="col-md-3 control-label">Username: </label>

templates/admin/users/new.tmpl

@@ -11,6 +11,7 @@
             <div class="panel-body">
             	<br/>
 				<form action="/admin/users/new" method="post" class="form-horizontal">
+					{{.CsrfTokenHtml}}
 				    <div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
 					<div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}">
 						<label class="col-md-3 control-label">Username: </label>