Improve channel, user and api_key models with basic scopes, correct references and protect attributes.

Simplify channels & user controllers and models, moving code to the models.
Remove catch-all route and ensure all actions are specified, fixing url paths.
Change clone to dup in feed_controller as using clone seems to affect the cloned object (problem only in ruby 1.9.3?)

app/views/users/_login.html.erb

@@ -1,4 +1,4 @@
-<%= form_for (@user_session = UserSession.new), :url => user_session_path, :html => { :id => 'loginform' } do |f| %>
+<%= form_for @user_session, :url => user_session_path, :html => { :id => 'loginform' } do |f| %>
 	<input name='userlogin' class='userlogin' />
 	<%= f.hidden_field :remember_me, :value => false %>
 	<table id="login" class="round">
@@ -21,7 +21,7 @@
 		</tr>
 		<tr>
 			<td></td>
-			<td><%= link_to t(:forgot), forgot_password_path, :id => 'forgot_password' %></td>
+			<td><%= link_to t(:forgot), forgot_password_users_path, :id => 'forgot_password' %></td>
 		</tr>
 		<tr>
 			<td></td>

app/views/users/forgot_password.html.erb

@@ -1,7 +1,7 @@
 <h2><%= t(:password_forgot) %></h2>
 <%= t(:password_forgot_message) %>
 <br /><br />
-<%= form_for @user, :url => { :controller => 'mailer', :action => 'resetpassword' } do |f| %>
+<%= form_for :user, :url => resetpassword_path do |f| %>
 	<input name='userlogin' class='userlogin' />
 	<%= f.text_field :login %>
 	<%= f.submit t(:submit) %>

app/views/users/reset_password.html.erb

@@ -1,6 +1,6 @@
 <% if @valid_link %>
 	<h2><%= t(:password_new) %></h2>
-	<%= form_for @user, :url => { :controller => 'users', :action => 'change_password', :id => @user.id } do |f| %>
+	<%= form_for @user, :url => change_password_user_path(@user) do |f| %>
 		<%= error_messages_for 'user', :header_message => t(:try_again), :message => t(:password_new_error) %>
 		<input name='userlogin' class='userlogin' />
 		<table class="bigtable">