Security fix: unauthorized access (#10091)

* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)

Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input

* git mv html/includes/ includes/html
git mv html/pages/ includes/html/

includes/init.php

@@ -72,10 +72,10 @@ if (module_selected('mocksnmp', $init_modules)) {
 require_once $install_dir . '/includes/services.inc.php';
 require_once $install_dir . '/includes/functions.php';
 require_once $install_dir . '/includes/rewrites.php';
+require_once $install_dir . '/includes/device-groups.inc.php';
 
 if (module_selected('web', $init_modules)) {
-    chdir($install_dir . '/html');
-    require_once $install_dir . '/html/includes/functions.inc.php';
+    require_once $install_dir . '/includes/html/functions.inc.php';
 }
 
 if (module_selected('discovery', $init_modules)) {
@@ -83,12 +83,10 @@ if (module_selected('discovery', $init_modules)) {
 }
 
 if (module_selected('polling', $init_modules)) {
-    require_once $install_dir . '/includes/device-groups.inc.php';
     require_once $install_dir . '/includes/polling/functions.inc.php';
 }
 
 if (module_selected('alerts', $init_modules)) {
-    require_once $install_dir . '/includes/device-groups.inc.php';
     require_once $install_dir . '/includes/alerts.inc.php';
 }
 
@@ -153,7 +151,7 @@ if (module_selected('web', $init_modules)) {
     if (!isset($config['title_image'])) {
         $config['title_image'] = 'images/librenms_logo_'.$config['site_style'].'.svg';
     }
-    require $install_dir . '/html/includes/vars.inc.php';
+    require $install_dir . '/includes/html/vars.inc.php';
 }
 
 $console_color = new Console_Color2();