Fix User delete button (#1662)

* Fix User delete button

Fix #1652
This bug comes from the fact that @kiloutre edited how the form behave and instead of a GET request, do a POST one. However every POST request not in /api or /mod need a CSRF Token to work.

* Update userlist.jet.html

* Update index.jet.html

templates/admin/index.jet.html

@@ -1,4 +1,5 @@
 {{ extends "layouts/index_admin" }}
+{{ import "layouts/partials/helpers/csrf" }}
 {{ block title()}}{{ T("moderation_overview") }}{{end}}
  {{ block content_body()}}
 <div class="results box">
@@ -89,6 +90,7 @@
         </td>
         <td class="tr-size home-td">{{if .ID > 0}}
 		  <form method="POST" action="/user/{{.ID}}/{{.Username }}/delete" >
+		    {{ yield csrf_field()}}
 		    <button type="submit" class="form-input btn-red" onclick="if (!confirm('{{ T(" are_you_sure ") }}')) return false;"><i class="icon-trash"></i> {{  T("delete") }}</button>
 		  </form>
           {{end}}

templates/admin/userlist.jet.html

@@ -1,4 +1,5 @@
 {{ extends "layouts/index_admin" }}
+{{ import "layouts/partials/helpers/csrf" }}
 {{block title()}}{{ T("users_list") }}{{end}}
 {{ block content_body()}}
 <div class="results box">
@@ -19,6 +20,7 @@
         <td class="tr-actions home-td">
           {{if .ID > 0}}
 			  <form method="POST" action="/user/{{.ID}}/{{.Username }}/delete">
+				   {{ yield csrf_field()}}
 				  <button type="submit" class="form-input btn-red" onclick="if (!confirm('{{  T(" are_you_sure ") }}')) return false;"><i class="icon-trash"></i> {{  T("delete") }}</button>
 			  </form>
           {{end}}

templates/site/user/edit.jet.html

@@ -262,6 +262,7 @@
 {{ if User.CurrentOrAdmin(UserProfile.ID) }}
 <hr/>
 <form method="POST" action="/user/{{UserProfile.ID}}/{{UserProfile.Username}}/delete" >
+ {{ yield csrf_field()}}
   <button type="submit" class="form-input btn-red" onclick="if (!confirm('{{  T(" delete_account_confirm ") }}')) return false;" style="float:right">{{  T("delete_account") }}</button>
 </form>
 {{end}}