Add a check for domain and api cidr

app/provision/index.php

@@ -103,8 +103,8 @@ require_once "resources/require.php";
 	$device_vendor = device::get_vendor($mac);
 
 //keep backwards compatibility
-	if (strlen($provision["cidr"]) > 0) {
+	if (strlen($_SESSION['provision']["cidr"]["text"]) > 0) {
-		$_SESSION['provision']["cidr"][] = $provision["cidr"];
+		$_SESSION['provision']["cidr"][] = $_SESSION['provision']["cidr"]["text"];
 	}
 
 //check the cidr range

resources/pdo.php

@@ -288,4 +288,35 @@ if ($db_type == "pgsql") {
 		$domain_uuid = uuid();
 	}
 
+//check the domain cidr range
+	if (is_array($_SESSION['domain']["cidr"])) {
+		$found = false;
+		foreach($_SESSION['domain']["cidr"] as $cidr) {
+			if (check_cidr($cidr, $_SERVER['REMOTE_ADDR'])) {
+				$found = true;
+				break;
+			}
+		}
+		if (!$found) {
+			echo "access denied";
+			exit;
+		}
+	}
+
+//check the api cidr range
+	if (is_array($_SESSION['api']["cidr"])) {
+		$found = false;
+		foreach($_SESSION['api']["cidr"] as $cidr) {
+			if (check_cidr($cidr, $_SERVER['REMOTE_ADDR'])) {
+				$found = true;
+				break;
+			}
+		}
+		if (!$found) {
+			unset ($_REQUEST['key']);
+			unset ($_POST['key']);
+			unset ($_GET['key']);
+		}
+	}
+
 ?>