Security fixes for the services and the GWT interface. Minor other enhancements.

[calin-iorgulescu]

Security fixes:

• Now it is required for a user to be authenticated to access any method in services.py . Move unnecessary service method helpers to websutil.py. Currently, anyone (without being logged in) can call services.py/getAllGrades?courseId= and get all the usernames and all the grades.
• Use POST instead of GET in GWT interface when sending username & password.

Enhancements:

• Fix login form 'enter' not working issue in Firefox (possibly in other browsers too).
• More explicit error messages.
• If the services are not properly installed, an error is returned on the login screen. Until now, the app would just display a white page.

[valenting]

Awesome work!

[calin-iorgulescu]

Damn, you're right. I somehow hoped this wouldn't affect things, but it looks like the double session thing messes up the request (req).

The patch looks good to me, feel free to merge. However, I would suggest moving __getUserResults out of services.py into websutil.py. I think it's best if services.py only contains secured stubs.

Good catch!