All these checks:

if(inet_pton($ip) < (int) inet_pton($subnet)) {
// ...
}

if(! (inet_pton($ip) < inet_pton($bcast))) {
// ...
}

if($ip == $backend) {
// ...
}

can be bypassed by using IP address with the last part starts with 0: 192.168.112.02. The file_get_contents function will normalize the IP into 192.168.112.2 and fetch the content.