Add a check for domain and api cidr

resources/pdo.php

@@ -288,4 +288,35 @@ if ($db_type == "pgsql") {
 		$domain_uuid = uuid();
 	}
 
+//check the domain cidr range
+	if (is_array($_SESSION['domain']["cidr"])) {
+		$found = false;
+		foreach($_SESSION['domain']["cidr"] as $cidr) {
+			if (check_cidr($cidr, $_SERVER['REMOTE_ADDR'])) {
+				$found = true;
+				break;
+			}
+		}
+		if (!$found) {
+			echo "access denied";
+			exit;
+		}
+	}
+
+//check the api cidr range
+	if (is_array($_SESSION['api']["cidr"])) {
+		$found = false;
+		foreach($_SESSION['api']["cidr"] as $cidr) {
+			if (check_cidr($cidr, $_SERVER['REMOTE_ADDR'])) {
+				$found = true;
+				break;
+			}
+		}
+		if (!$found) {
+			unset ($_REQUEST['key']);
+			unset ($_POST['key']);
+			unset ($_GET['key']);
+		}
+	}
+
 ?>