## Qwen3-14B's Fine-Tuning Test

official
> ref: https://docs.unsloth.ai/models/qwen3-how-to-run-and-fine-tune#fine-tuning-qwen3-with-unsloth
> ref: https://colab.research.google.com/github/unslothai/notebooks/blob/main/nb/Qwen3_(14B)-Reasoning-Conversational.ipynb

note
> ref: https://note.com/sachi2222/n/na7b1d91ffb5d

In [1]:
# imports
## LLM
from unsloth import FastLanguageModel, is_bfloat16_supported
from trl import SFTTrainer, SFTConfig

import torch
from transformers import TrainingArguments

## Dataset
from datasets import load_dataset, Dataset
from unsloth import to_sharegpt
import re

ü¶• Unsloth: Will patch your computer to enable 2x faster free finetuning.
ü¶• Unsloth Zoo will now patch everything to make training faster!


## Load & Setting Model

In [2]:
# model loading
model, tokenizer = FastLanguageModel.from_pretrained(
    model_name="unsloth/Qwen3-14B",
    max_seq_length=40960, # context length
    load_in_4bit=True, # less mem mode
    load_in_8bit=False, # more mem mode
    full_finetuning=False # if u need full-FT
)

==((====))==  Unsloth 2025.9.11: Fast Qwen3 patching. Transformers: 4.56.2.
   \\   /|    NVIDIA RTX A6000. Num GPUs = 1. Max memory: 47.431 GB. Platform: Linux.
O^O/ \_/ \    Torch: 2.8.0+cu128. CUDA: 8.6. CUDA Toolkit: 12.8. Triton: 3.4.0
\        /    Bfloat16 = TRUE. FA [Xformers = 0.0.32.post2. FA2 = False]
 "-____-"     Free license: http://github.com/unslothai/unsloth
Unsloth: Fast downloading is enabled - ignore downloading bars which are red colored!


Loading checkpoint shards:   0%|          | 0/3 [00:00<?, ?it/s]

In [3]:
# select LoRA option
model = FastLanguageModel.get_peft_model(
    model,
    r=32, # Choose any num like 8, 16, 32, 64, 128
    target_modules=["q_proj", "k_proj", "v_proj", "o_proj", "gate_proj", "up_proj", "down_proj",],
    lora_alpha=32, # alpha = r | r*2
    lora_dropout=0, # 0 is optimized
    bias="none", # "none" is optimized
    use_gradient_checkpointing="unsloth", # True | "unsloth", for too-long context
    random_state=3407,
    use_rslora=False, # under here, optical
    loftq_config=None
)

Unsloth 2025.9.11 patched 40 layers with 40 QKV layers, 40 O layers and 40 MLP layers.


## Convert Datasets

In [4]:
# make Datasets
# load json
raw_data = load_dataset("json", data_files="./jvn_results_wordpress202304_randConv.json")

# convert hugginface-style
huggingface_data = Dataset.from_list(raw_data['train'])

# convert share_gpt-style
# Three dialogue sessions are preferred
share_data = to_sharegpt(huggingface_data,
                        merged_prompt="{instruction}",
                        merged_column_name="instruction",
                        output_column_name="output",
                        conversation_extension=3)


Merging columns:   0%|          | 0/9742 [00:00<?, ? examples/s]

Converting to ShareGPT:   0%|          | 0/9742 [00:00<?, ? examples/s]

Flattening the indices:   0%|          | 0/9742 [00:00<?, ? examples/s]

Flattening the indices:   0%|          | 0/9742 [00:00<?, ? examples/s]

Flattening the indices:   0%|          | 0/9742 [00:00<?, ? examples/s]

Extending conversations:   0%|          | 0/9742 [00:00<?, ? examples/s]

In [5]:
# Minor format changes
converted_share_data = [[{
            "role": "user" if message["from"] == "human" else "assistant",
            "content": re.sub(r"\('(.+?)',\)", r"\1", message["value"])
        }
        for message in item["conversations"]
    ]
    for item in share_data
]

In [6]:
converted_share_data[0]

[{'role': 'user', 'content': '„Éï„Ç°„Ç§„É´Âêç„ÇÑ„Éë„ÇπÂêç„ÅÆÂ§ñÈÉ®Âà∂Âæ°„Å´Èñ¢„Åô„ÇãËÑÜÂº±ÊÄß„ÅÆ‰æã„ÇíÊïô„Åà„Å¶'},
 {'role': 'assistant',
  'content': 'eMagicOne „ÅÆ WordPress Áî® eMagicOne Store Manager for WooCommerce „Å´„Åä„Åë„Çã„Éï„Ç°„Ç§„É´Âêç„ÇÑ„Éë„ÇπÂêç„ÅÆÂ§ñÈÉ®Âà∂Âæ°„Å´Èñ¢„Åô„ÇãËÑÜÂº±ÊÄßÁ≠â„Åå„ÅÇ„Çä„Åæ„Åô„ÄÇThe eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This is only exploitable by unauthenticated attackers in default configurations where the the default password is left as 1:1, or where the attacker gains access to the credentials. „Åì„ÅÆÂïèÈ°å„ÅÆÂØæË±°„Å®„Å™„Çã„Éê„Éº„Ç∏„Éß„É≥„ÅØeMagicOne\neMagicOne Store Manager 

In [7]:
# Addition of <\llm_start\>, etc
conversations = tokenizer.apply_chat_template(
    converted_share_data,
    tokenize = False,
)

In [8]:
# Converted to Hugging Face format

targetdataset = Dataset.from_dict({"text": conversations})

## Train settings

In [9]:
# Train
trainer = SFTTrainer(
    model=model,
    tokenizer=tokenizer,
    train_dataset=targetdataset,
    eval_dataset=None, # test Datasets
    args=SFTConfig(
        dataset_text_field="text",
        per_device_train_batch_size=4,
        gradient_accumulation_steps=4,
        warmup_steps=5,
        # num_train_epochs=2,
        max_steps=120,
        learning_rate=2e-5,
        logging_steps=1,
        optim="adamw_8bit",
        weight_decay=0.001,
        lr_scheduler_type="linear",
        seed=3407,
        report_to="none"
    ),
)

Unsloth: Tokenizing ["text"] (num_proc=24):   0%|          | 0/9742 [00:00<?, ? examples/s]

## Start FT

In [10]:
trainer_stats = trainer.train()

The tokenizer has new PAD/BOS/EOS tokens that differ from the model config and generation config. The model config and generation config were aligned accordingly, being updated with the tokenizer's values. Updated tokens: {'bos_token_id': None}.
==((====))==  Unsloth - 2x faster free finetuning | Num GPUs used = 1
   \\   /|    Num examples = 9,742 | Num Epochs = 1 | Total steps = 120
O^O/ \_/ \    Batch size per device = 2 | Gradient accumulation steps = 4
\        /    Data Parallel GPUs = 1 | Total batch size (2 x 4 x 1) = 8
 "-____-"     Trainable parameters = 128,450,560 of 14,896,757,760 (0.86% trained)


Unsloth: Will smartly offload gradients to save VRAM!


Step,Training Loss
1,2.4425
2,2.5317
3,2.4719
4,2.4262
5,2.4116
6,2.5363
7,2.3866
8,2.4674
9,2.3737
10,2.4488


## Inference

In [11]:
# Inference test
prompt="""
Please provide examples of vulnerabilities related to external control of filenames or pathnames.
"""

messages = [{"role" : "user", "content" : prompt}]

text = tokenizer.apply_chat_template(
    messages,
    tokenize = False,
    add_generation_prompt = True, # Must add for generation
    enable_thinking = False, # Disable thinking
)

from transformers import TextStreamer
_ = model.generate(
    **tokenizer(text, return_tensors = "pt").to("cuda"),
    max_new_tokens = 2048, # Increase for longer outputs!
    temperature = 0.7, top_p = 0.8, top_k = 20, # For non thinking
    streamer = TextStreamer(tokenizer, skip_prompt = True),
)


Vulnerabilities related to **external control of filenames or pathnames** occur when an application uses user-supplied input to construct file paths or filenames without proper validation or sanitization. This can lead to serious security issues such as **Path Traversal**, **File Inclusion**, **Local File Inclusion (LFI)**, **Remote File Inclusion (RFI)**, and **Directory Traversal** attacks.

Here are some **examples of vulnerabilities** and how they can be exploited:

---

### üîß 1. **Path Traversal (File Inclusion) Vulnerability**

#### Example:
```php
<?php
$file = $_GET['page'] . ".php";
include($file);
?>
```

#### Vulnerability:
If the `page` parameter is not sanitized, an attacker can include arbitrary files by using path traversal characters (`../`).

#### Exploit:
```
http://example.com/index.php?page=../../etc/passwd
```

This would attempt to include the `/etc/passwd` file, which can reveal sensitive system information.

---

### üîß 2. **Local File Inclusion (LFI)**

##

In [21]:
# Inference test2
prompt="""
You are a white hat hacker tasked with discovering vulnerabilities in the provided source code.
Perform the following three actions on the source code below:
1. Identify the vulnerability
2. Present the risks of leaving it unaddressed
3. Provide a solution to eliminate the vulnerability

Ensure your output adheres to the following three points:
1. Output in Japanese
2. Be clear and concise
3. Use Markdown format

The source code is shown below:
---
---
<?php
// php_d100_roller.php
session_start();

// Keep roll history in session (max 100 entries)
if (!isset($_SESSION['d100_history'])) {
    $_SESSION['d100_history'] = [];
}

$errors = [];
$results = [];
$total = 0;
$count = 1;

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Get roll count (clamped between 1‚Äì100)
    $count = isset($_POST['count']) ? intval($_POST['count']) : 1;
    if ($count < 1) $count = 1;
    if ($count > 100) $count = 100;

    // Optional label
    $label = isset($_POST['label']) ? trim($_POST['label']) : '';

    // Perform rolls
    for ($i = 0; $i < $count; $i++) {
        $roll = random_int(1, 100);
        $results[] = $roll;
        $total += $roll;
    }

    // Add to history (newest first)
    $entry = [
        'time' => date('Y-m-d H:i:s'),
        'count' => $count,
        'label' => $label,
        'results' => $results,
        'total' => $total,
    ];

    array_unshift($_SESSION['d100_history'], $entry);
    if (count($_SESSION['d100_history']) > 100) {
        $_SESSION['d100_history'] = array_slice($_SESSION['d100_history'], 0, 100);
    }
}

$history = $_SESSION['d100_history'];
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>100-sided Dice Roller</title>
<style>
    body { font-family: system-ui, -apple-system, "Segoe UI", Roboto, "Helvetica Neue", Arial; padding: 20px; }
    .box { max-width: 820px; margin: 0 auto; }
    input[type="number"] { width: 80px; }
    .badge { display:inline-block; padding:6px 10px; margin:4px; border-radius:6px; background:#eee; }
    .roll { font-weight:700; }
    .history { margin-top:20px; }
    .card { padding:12px; border:1px solid #ddd; border-radius:8px; margin-bottom:12px; }
    .muted { color:#666; font-size:0.9rem; }
</style>
</head>
<body>
<div class="box">
    <h1>100-sided Dice Roller</h1>
    <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>">
    <label>Number of rolls (1‚Äì100): <input type="number" name="count" value="<?php echo htmlspecialchars($count); ?>" min="1" max="100"></label>
    &nbsp;
    <label>Label (optional): <input type="text" name="label" value=""></label>
    &nbsp;
    <button type="submit">Roll</button>
    </form>

    <?php if (!empty($results)): ?>
    <div class="card">
        <div class="muted">Timestamp: <?php echo htmlspecialchars($entry['time']); ?></div>
        <h2>Results</h2>
        <div>
        <?php foreach ($results as $i => $r): ?>
            <span class="badge roll">#<?php echo $i+1; ?>: <?php echo $r; ?></span>
        <?php endforeach; ?>
        </div>
        <p>Total: <strong><?php echo $total; ?></strong> / Average: <strong><?php echo count($results) ? round($total / count($results), 2) : 0; ?></strong></p>
        <?php if ($entry['label'] !== ''): ?><p>Label: <?php echo htmlspecialchars($entry['label']); ?></p><?php endif; ?>
    </div>
    <?php endif; ?>

    <div class="history">
    <h2>History (last <?php echo count($history); ?> rolls)</h2>
    <?php if (empty($history)): ?>
        <p class="muted">No rolls yet.</p>
    <?php else: ?>
        <?php foreach ($history as $idx => $h): ?>
        <div class="card">
            <div class="muted"><?php echo htmlspecialchars($h['time']); ?> ‚Äî Rolls: <?php echo $h['count']; ?><?php if ($h['label'] !== ''): ?> ‚Äî Label: <?php echo htmlspecialchars($h['label']); ?><?php endif; ?></div>
            <div style="margin-top:8px;">
            <?php foreach ($h['results'] as $i => $r): ?>
                <span class="badge"><?php echo $r; ?></span>
            <?php endforeach; ?>
            </div>
            <p style="margin-top:8px;">Total: <?php echo $h['total']; ?> / Average: <?php echo count($h['results']) ? round($h['total'] / count($h['results']), 2) : 0; ?></p>
        </div>
        <?php endforeach; ?>
    <?php endif; ?>
    </div>

    <div style="margin-top:20px;" class="muted">
    <p>Note: Uses <code>random_int(1, 100)</code> for cryptographically secure random number generation. The session keeps up to 100 history entries.</p>
    </div>
</div>
</body>
</html>
"""

messages = [{"role" : "user", "content" : prompt}]

text = tokenizer.apply_chat_template(
    messages,
    tokenize = False,
    add_generation_prompt = True, # Must add for generation
    enable_thinking = False, # Disable thinking
)

from transformers import TextStreamer
_ = model.generate(
    **tokenizer(text, return_tensors = "pt").to("cuda"),
    max_new_tokens = 4096, # Increase for longer outputs!
    temperature = 0.7, top_p = 0.8, top_k = 20, # For non thinking
    streamer = TextStreamer(tokenizer, skip_prompt = True),
)


# „Éê„ÉÉ„Éï„Ç°„Ç™„Éº„Éê„Éº„Éï„É≠„ÉºËÑÜÂº±ÊÄß„ÅÆÂàÜÊûê„Å®ÂØæÁ≠ñ

## 1. ËÑÜÂº±ÊÄß„ÅÆÁâπÂÆö  
„Åì„ÅÆ„Ç≥„Éº„Éâ„Å´„ÅØ**„Çª„ÉÉ„Ç∑„Éß„É≥„ÅÆ„Éí„Çπ„Éà„É™„Éá„Éº„Çø„ÅÆÈÅéÂâ∞„Å™‰øùÂ≠ò**„Å®„ÅÑ„ÅÜÂïèÈ°å„Åå„ÅÇ„Çä„Åæ„Åô„ÄÇ  
`$_SESSION['d100_history']`„ÅØÊúÄÂ§ß100‰ª∂„Åæ„Åß‰øùÂ≠ò„Åï„Çå„Çã„Çà„ÅÜ„Å´Ë®≠Ë®à„Åï„Çå„Å¶„ÅÑ„Åæ„Åô„Åå„ÄÅ„Åì„ÅÆ„Ç≥„Éº„Éâ„Åß„ÅØ`array_unshift()`„Çí‰Ωø„Å£„Å¶ÈÖçÂàó„ÅÆÂÖàÈ†≠„Å´„Éá„Éº„Çø„ÇíËøΩÂä†„Åô„Çã„Åü„ÇÅ„ÄÅ„Éí„Çπ„Éà„É™„ÅÆÂÖàÈ†≠„Å´Êñ∞„Åó„ÅÑ„Éá„Éº„Çø„ÅåÊåøÂÖ•„Åï„Çå„ÄÅÂè§„ÅÑ„Éá„Éº„Çø„ÅåÂâäÈô§„Åï„Çå„Çã‰ªïÁµÑ„Åø„Å®„Å™„Å£„Å¶„ÅÑ„Åæ„Åô„ÄÇ  
„Åó„Åã„Åó„ÄÅ„Åì„ÅÆ„Ç≥„Éº„Éâ„Åß„ÅØ**„Çª„ÉÉ„Ç∑„Éß„É≥„ÅÆ„Çµ„Ç§„Ç∫„Åå100‰ª∂„ÇíË∂Ö„Åà„ÇãÂ†¥Âêà„Å´„ÅÆ„Åø**„ÄÅÂè§„ÅÑ„Éá„Éº„Çø„ÇíÂâäÈô§„Åô„ÇãÂá¶ÁêÜ„ÅåË°å„Çè„Çå„Å¶„ÅÑ„Åæ„Åô„ÄÇ  
„Å§„Åæ„Çä„ÄÅ**„Çª„ÉÉ„Ç∑„Éß„É≥„ÅÆ„Çµ„Ç§„Ç∫„Åå100‰ª∂Êú™Ê∫Ä„ÅÆ„Å®„Åç„Å´„Éá„Éº„Çø„ÅåËøΩÂä†„Åï„Çå„Å¶„ÇÇ„ÄÅÂâäÈô§„Åï„Çå„Å™„ÅÑ**„Åü„ÇÅ„ÄÅ**„Çª„ÉÉ„Ç∑„Éß„É≥„ÅÆ„Çµ„Ç§„Ç∫„ÅåÁÑ°Èôê„Å´Â¢óÂä†„Åô„ÇãÂèØËÉΩÊÄß„Åå„ÅÇ„Çã**ËÑÜÂº±ÊÄß„Åå„ÅÇ„Çä„Åæ„Åô„ÄÇ

---

## 2. Êú™ÂØæÂøúÊôÇ„ÅÆ„É™„Çπ„ÇØ  
- **„Çª„ÉÉ„Ç∑„Éß„É≥„

In [26]:
# Inference test3
prompt="""
You are a white hat hacker tasked with discovering vulnerabilities in the provided source code.
Perform the following three actions on the source code below:
1. Identify the vulnerability
2. Present the risks of leaving it unaddressed
3. Provide a solution to eliminate the vulnerability

Ensure your output adheres to the following three points:
1. Output in Japanese
2. Be clear and concise
3. Use Markdown format

The source code is shown below:
--- index.php
<?php
// index.php
session_start();

// load maze data
$mazes = include __DIR__ . '/maze_data.php';

// choose maze id (Âõ∫ÂÆö„Åß sample1 „Çí‰Ωø„ÅÜ„Åå„ÄÅÈÅ∏ÊäûUI„ÇíÂæå„ÅßËøΩÂä†ÂèØËÉΩ)
$maze_id = 'sample1';

if (!isset($mazes[$maze_id])) {
    echo "Maze not found.";
    exit;
}

$maze = $mazes[$maze_id];

// initialize session if new or restart requested
if (!isset($_SESSION['maze']) || ($_SESSION['maze_id'] ?? '') !== $maze_id || isset($_GET['restart'])) {
    // store maze as array of strings
    $_SESSION['maze'] = $maze;
    $_SESSION['maze_id'] = $maze_id;
    $_SESSION['steps'] = 0;
    $_SESSION['start_time'] = time();
    // find start position S
    $start = null;
    foreach ($_SESSION['maze'] as $r => $row) {
        $c = strpos($row, 'S');
        if ($c !== false) {
            $start = ['r' => $r, 'c' => $c];
            // replace 'S' with space in stored maze so server treats it as open cell
            $_SESSION['maze'][$r] = substr_replace($_SESSION['maze'][$r], ' ', $c, 1);
            break;
        }
    }
    if (!$start) {
        echo "Start position not found in maze data.";
        exit;
    }
    $_SESSION['player'] = $start;
    // find goal (for convenience)
    $goal = null;
    foreach ($_SESSION['maze'] as $r => $row) {
        $c = strpos($row, 'G');
        if ($c !== false) {
            $goal = ['r' => $r, 'c' => $c];
            // replace 'G' with 'G' left (we keep it for rendering)
            break;
        }
    }
    $_SESSION['goal'] = $goal;
}

// JSON-encode maze for client-side rendering
$maze_json = json_encode($_SESSION['maze'], JSON_HEX_TAG|JSON_HEX_APOS|JSON_HEX_QUOT|JSON_HEX_AMP);
$player_json = json_encode($_SESSION['player']);
$goal_json = json_encode($_SESSION['goal']);
$start_time = $_SESSION['start_time'];
$steps = $_SESSION['steps'];
?>
<!doctype html>
<html lang="ja">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>PHP 2D Ëø∑Ë∑Ø„Ç≤„Éº„É†</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="container">
  <h1>2D Ëø∑Ë∑Ø„Ç≤„Éº„É†</h1>
  <div class="controls">
    <button id="up">‚Üë</button>
    <div>
      <button id="left">‚Üê</button>
      <button id="down">‚Üì</button>
      <button id="right">‚Üí</button>
    </div>
    <button id="restart">Restart</button>
  </div>

  <div id="status">
    <span>„Çπ„ÉÜ„ÉÉ„Éó: <span id="steps"><?php echo htmlspecialchars($steps, ENT_QUOTES); ?></span></span>
    <span>ÁµåÈÅé: <span id="elapsed">0s</span></span>
  </div>

  <div id="maze"></div>

  <div id="message" class="message"></div>
</div>

<script>
const maze = <?php echo $maze_json; ?>;
let player = <?php echo $player_json; ?>;
const goal = <?php echo $goal_json; ?>;
let startTime = <?php echo json_encode($start_time); ?>;
let steps = <?php echo json_encode($steps); ?>;

const mazeEl = document.getElementById('maze');
const messageEl = document.getElementById('message');
const stepsEl = document.getElementById('steps');
const elapsedEl = document.getElementById('elapsed');

function renderMaze() {
  // create grid
  mazeEl.innerHTML = '';
  const rows = maze.length;
  const cols = maze[0].length;
  const table = document.createElement('div');
  table.className = 'grid';
  table.style.gridTemplateColumns = `repeat(${cols}, 32px)`;
  for (let r = 0; r < rows; r++) {
    for (let c = 0; c < cols; c++) {
      const ch = maze[r].charAt(c);
      const cell = document.createElement('div');
      cell.className = 'cell';
      if (ch === '#') {
        cell.classList.add('wall');
      } else if (r === goal.r && c === goal.c) {
        cell.classList.add('goal');
        cell.textContent = 'G';
      } else {
        // empty
      }
      if (r === player.r && c === player.c) {
        const p = document.createElement('div');
        p.className = 'player';
        p.textContent = 'P';
        cell.appendChild(p);
      }
      table.appendChild(cell);
    }
  }
  mazeEl.appendChild(table);
}

function setMessage(msg, isError = false) {
  messageEl.textContent = msg;
  messageEl.className = isError ? 'message error' : 'message';
}

// ask server to move; server returns updated player pos and status
async function sendMove(direction) {
  try {
    const res = await fetch('move.php', {
      method: 'POST',
      headers: {'Content-Type': 'application/json'},
      body: JSON.stringify({dir: direction})
    });
    if (!res.ok) {
      setMessage('ÈÄö‰ø°„Ç®„É©„Éº: ' + res.status, true);
      return;
    }
    const data = await res.json();
    if (data.error) {
      setMessage('„Ç®„É©„Éº: ' + data.error, true);
      return;
    }
    // update local state
    player = data.player;
    steps = data.steps;
    stepsEl.textContent = steps;
    renderMaze();
    if (data.cleared) {
      const sec = data.elapsed;
      setMessage(`„ÇØ„É™„Ç¢ÔºÅ „Çπ„ÉÜ„ÉÉ„Éó ${steps}„ÄÅÁµåÈÅéÊôÇÈñì ${sec} Áßí`);
    } else {
      setMessage('');
    }
  } catch (e) {
    setMessage('‰æãÂ§ñ: ' + e.message, true);
  }
}

// keyboard control
window.addEventListener('keydown', (ev) => {
  if (ev.key === 'ArrowUp') { ev.preventDefault(); sendMove('up'); }
  if (ev.key === 'ArrowDown') { ev.preventDefault(); sendMove('down'); }
  if (ev.key === 'ArrowLeft') { ev.preventDefault(); sendMove('left'); }
  if (ev.key === 'ArrowRight') { ev.preventDefault(); sendMove('right'); }
});

// buttons
document.getElementById('up').addEventListener('click', () => sendMove('up'));
document.getElementById('down').addEventListener('click', () => sendMove('down'));
document.getElementById('left').addEventListener('click', () => sendMove('left'));
document.getElementById('right').addEventListener('click', () => sendMove('right'));

document.getElementById('restart').addEventListener('click', () => {
  // reload with restart param to reset session
  window.location.href = window.location.pathname + '?restart=1';
});

// elapsed timer
function updateElapsed() {
  const now = Math.floor(Date.now() / 1000);
  const elapsed = now - startTime;
  elapsedEl.textContent = elapsed + 's';
}
setInterval(updateElapsed, 1000);

// initial render
renderMaze();
updateElapsed();
</script>
</body>
</html>

--- move.php
<?php
// move.php
session_start();
header('Content-Type: application/json; charset=utf-8');

// helper to respond
function json_err($msg, $code = 400) {
    http_response_code($code);
    echo json_encode(['error' => $msg]);
    exit;
}

// validate session
if (!isset($_SESSION['maze']) || !isset($_SESSION['player']) || !isset($_SESSION['goal'])) {
    json_err('„Çª„ÉÉ„Ç∑„Éß„É≥ÊÉÖÂ†±„Åå„ÅÇ„Çä„Åæ„Åõ„Çì„ÄÇ„Ç≤„Éº„É†„ÇíÂÜçÈñã„Åó„Å¶„Åè„Å†„Åï„ÅÑ„ÄÇ', 440);
}

// parse input
$raw = file_get_contents('php://input');
$data = json_decode($raw, true);
if (!is_array($data) || !isset($data['dir'])) {
    json_err('ÁÑ°Âäπ„Å™„É™„ÇØ„Ç®„Çπ„Éà„ÄÇ', 400);
}

$dir = $data['dir'];
$allowed = ['up','down','left','right'];
if (!in_array($dir, $allowed, true)) {
    json_err('ÁÑ°Âäπ„Å™ÊñπÂêëÊåáÂÆö„ÄÇ', 400);
}

// current state
$maze = $_SESSION['maze'];
$player = $_SESSION['player'];
$rows = count($maze);
$cols = strlen($maze[0]);

$dr = 0; $dc = 0;
switch ($dir) {
    case 'up': $dr = -1; break;
    case 'down': $dr = 1; break;
    case 'left': $dc = -1; break;
    case 'right': $dc = 1; break;
}

// target
$nr = $player['r'] + $dr;
$nc = $player['c'] + $dc;

// bounds check
if ($nr < 0 || $nr >= $rows || $nc < 0 || $nc >= $cols) {
    // invalid move: ignore
    echo json_encode([
        'player' => $player,
        'steps' => $_SESSION['steps'],
        'cleared' => false,
        'message' => 'Â¢ÉÁïåÂ§ñ„ÅÆÁßªÂãï',
    ]);
    exit;
}

// check wall
$ch = $maze[$nr][$nc] ?? '#';
if ($ch === '#') {
    // wall: ignore move
    echo json_encode([
        'player' => $player,
        'steps' => $_SESSION['steps'],
        'cleared' => false,
        'message' => 'Â£Å„Åß„Åô',
    ]);
    exit;
}

// move allowed
$_SESSION['player'] = ['r' => $nr, 'c' => $nc];
$_SESSION['steps'] = ($_SESSION['steps'] ?? 0) + 1;

// goal check (maze cell might contain 'G')
$cleared = false;
$goal = $_SESSION['goal'];
if ($nr === $goal['r'] && $nc === $goal['c']) {
    $cleared = true;
}

$now = time();
$elapsed = $now - ($_SESSION['start_time'] ?? $now);

echo json_encode([
    'player' => $_SESSION['player'],
    'steps' => $_SESSION['steps'],
    'cleared' => $cleared,
    'elapsed' => $elapsed,
]);
exit;

---  maze_data.php
<?php
// Ëø∑Ë∑Ø„Éá„Éº„Çø„ÇíÈÖçÂàó„ÅßËøî„ÅôÔºàÂèÇÁÖß / include „Åó„Å¶‰Ωø„ÅÜÔºâ
// ÊñáÂ≠ó: '#' Â£Å, ' ' ÈÄöË∑Ø, 'S' „Çπ„Çø„Éº„Éà, 'G' „Ç¥„Éº„É´

return [
    // maze id => array of rows (strings)
    'sample1' => [
        "#############",
        "#S    #     #",
        "# ##  # ### #",
        "#    ##   # #",
        "#### ###  # #",
        "#      #   G#",
        "# ###### ####",
        "#          ##",
        "#############"
    ],
];
"""

messages = [{"role" : "user", "content" : prompt}]

text = tokenizer.apply_chat_template(
    messages,
    tokenize = False,
    add_generation_prompt = True, # Must add for generation
    enable_thinking = False, # Disable thinking
)

from transformers import TextStreamer
_ = model.generate(
    **tokenizer(text, return_tensors = "pt").to("cuda"),
    max_new_tokens = 4096, # Increase for longer outputs!
    temperature = 0.7, top_p = 0.8, top_k = 20, # For non thinking
    streamer = TextStreamer(tokenizer, skip_prompt = True),
)


# ÊºèÊ¥©ËÑÜÂº±ÊÄß„ÅÆÂàÜÊûê„Å®ÂØæÂøúÁ≠ñ

## 1. ÊºèÊ¥©ËÑÜÂº±ÊÄß„ÅÆÁâπÂÆö
`index.php` „ÅÆ‰ª•‰∏ãÈÉ®ÂàÜ„Å´„Çª„ÉÉ„Ç∑„Éß„É≥ÊÉÖÂ†±„ÅÆÊºèÊ¥©ËÑÜÂº±ÊÄß„Åå„ÅÇ„Çä„Åæ„Åô„ÄÇ

```php
$maze_json = json_encode($_SESSION['maze'], JSON_HEX_TAG|JSON_HEX_APOS|JSON_HEX_QUOT|JSON_HEX_AMP);
$player_json = json_encode($_SESSION['player']);
$goal_json = json_encode($_SESSION['goal']);
```

„Åì„ÅÆ„Ç≥„Éº„Éâ„ÅØ„Çª„ÉÉ„Ç∑„Éß„É≥„Å´‰øùÂ≠ò„Åï„Çå„Åü `$_SESSION['maze']`„ÄÅ`$_SESSION['player']`„ÄÅ`$_SESSION['goal']` „ÅÆÊÉÖÂ†±„ÇíJavaScript„Å´Áõ¥Êé•Âá∫Âäõ„Åó„Å¶„ÅÑ„Åæ„Åô„ÄÇ„Åì„Çå„Å´„Çà„Çä„ÄÅ„Çª„ÉÉ„Ç∑„Éß„É≥ÊÉÖÂ†±„ÇíÂèñÂæó„Åß„Åç„ÇãÂèØËÉΩÊÄß„Åå„ÅÇ„Çä„Åæ„Åô„ÄÇ

## 2. ÊºèÊ¥©ËÑÜÂº±ÊÄß„ÅÆ„É™„Çπ„ÇØ
- „Çª„ÉÉ„Ç∑„Éß„É≥ÊÉÖÂ†±„ÅÆÊºèÊ¥©„Å´„Çà„Çä„ÄÅ‰ªñ„ÅÆ„É¶„Éº„Ç∂„Éº„ÅÆ„Ç≤„Éº„É†Áä∂ÊÖã„ÅåÂèñÂæóÂèØËÉΩ„Å´„Å™„Çã
- „Ç≤„Éº„É†„ÅÆ„Çπ„ÉÜ„ÉÉ„ÉóÊï∞„ÇÑÁµåÈÅéÊôÇÈñì„ÅåÂÅΩË£Ö„Åï„Çå„ÇãÂèØËÉΩÊÄß„Åå„ÅÇ„Çã
- „Ç≤„Éº„É†„ÅÆÂÖ¨Âπ≥ÊÄß„ÅåÊêç„Å™„Çè„Çå„Çã
- „Çª„ÉÉ„Ç∑„Éß„É≥„Éè„ÉÉ„Ç≠„É≥„Ç∞„ÅÆ„É™„Çπ„ÇØ„ÅåÈ´ò„Åæ„Çã

## 3. ËÑÜÂº±ÊÄß„ÅÆ‰øÆÊ≠£ÊñπÊ≥ï
„Çª„ÉÉ„Ç∑„Éß„É≥ÊÉÖÂ†±„Çí

## Save LoRA/Model

In [None]:
# save LoRA
model.save_pretrained("Vulnerability_Detection_Wordpress")
tokenizer.save_pretrained("Vulnerability_Detection_Wordpress")

In [None]:
# save ALL-MODEL
model.save_pretrained_merged("Vulnerability_Detection_Wordpress", tokenizer, save_method="merged_16bit")

In [None]:
# save ALL-MODEL as .gguf
model.save_pretrained_merged("Vulnerability_Detection_Wordpress", tokenizer)

## Upload LoRA/Model

In [None]:
# upload
