|
@@ -288,4 +288,35 @@ if ($db_type == "pgsql") {
|
|
|
$domain_uuid = uuid();
|
|
$domain_uuid = uuid();
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+//check the domain cidr range
|
|
|
|
|
+ if (is_array($_SESSION['domain']["cidr"])) {
|
|
|
|
|
+ $found = false;
|
|
|
|
|
+ foreach($_SESSION['domain']["cidr"] as $cidr) {
|
|
|
|
|
+ if (check_cidr($cidr, $_SERVER['REMOTE_ADDR'])) {
|
|
|
|
|
+ $found = true;
|
|
|
|
|
+ break;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ if (!$found) {
|
|
|
|
|
+ echo "access denied";
|
|
|
|
|
+ exit;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+//check the api cidr range
|
|
|
|
|
+ if (is_array($_SESSION['api']["cidr"])) {
|
|
|
|
|
+ $found = false;
|
|
|
|
|
+ foreach($_SESSION['api']["cidr"] as $cidr) {
|
|
|
|
|
+ if (check_cidr($cidr, $_SERVER['REMOTE_ADDR'])) {
|
|
|
|
|
+ $found = true;
|
|
|
|
|
+ break;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ if (!$found) {
|
|
|
|
|
+ unset ($_REQUEST['key']);
|
|
|
|
|
+ unset ($_POST['key']);
|
|
|
|
|
+ unset ($_GET['key']);
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
?>
|
|
?>
|
Mark Crane