$cidrs = array(
  '192.168.1.20/27', 
  '192.168.0.10/32'
  );

function cidr_match($ip, $range)
{
    list ($subnet, $bits) = explode('/', $range);
    $ip = ip2long($ip);
    $subnet = ip2long($subnet);
    $mask = -1 << (32 - $bits);
    $subnet &= $mask;
    return ($ip & $mask) == $subnet;
}

$user_ip = $_SERVER['REMOTE_ADDR'];

$validaddr = false;
foreach ($cidrs as $addr)
  if (cidr_match($user_ip, $addr)) {
    $validaddr = true;
    break;
    } 

if ($validaddr) {
  echo "CORRECT IP ADDRESS";
  }
else {
  echo "INCORRECT IP ADDRESS";
  }