Security fix: unauthorized access (#10091)

* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)

Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input

* git mv html/includes/ includes/html
git mv html/pages/ includes/html/

includes/html/graphs/application/unbound_operations.inc.php

@@ -0,0 +1,31 @@
+<?php
+
+require 'includes/html/graphs/common.inc.php';
+
+$i            = 0;
+$scale_min    = 0;
+$nototal      = 1;
+$unit_text    = 'Query/s';
+$rrd_filename = rrd_name($device['hostname'], array('app', 'unbound-operations', $app['app_id']));
+$array        = array(
+    'opcodeQuery',
+    'rcodeNOERROR',
+    'rcodeNXDOMAIN',
+    'rcodeNodata'
+);
+
+$colours      = 'mixed';
+$rrd_list     = array();
+
+if (rrdtool_check_rrd_exists($rrd_filename)) {
+    foreach ($array as $ds) {
+        $rrd_list[$i]['filename'] = $rrd_filename;
+        $rrd_list[$i]['descr']    = strtoupper($ds);
+        $rrd_list[$i]['ds']       = $ds;
+        $i++;
+    }
+} else {
+    echo "file missing: $rrd_filename";
+}
+
+require 'includes/html/graphs/generic_multi_line.inc.php';