<?php
class WebSecurityMonitor {
    private $suspiciousPatterns = [
        'SQL injection' => '/(\%27)|(\')|(\-\-)|(%23)|(#)/',
        'XSS' => '/((\%3C)|<)((\%2F)|\/)*[a-z0-9\%]+((\%3E)|>)/',
        'File inclusion' => '/((\.\.\/)|(%2e%2e%2f))/',
        'Command injection' => '/(&)|(\|)|(\;)/'
    ];
 
    private $logFile = 'security.log';
 
    public function monitorRequest() {
        // Monitor GET and POST separately since $_REQUEST might not be available
        $this->checkArray($_GET, 'GET');
        $this->checkArray($_POST, 'POST');
 
        $this->checkServerVariables();
        $this->logAccess();
 
        echo "Security check completed.\n";
    }
 
    private function checkArray($array, $type) {
        foreach ($array as $key => $value) {
            $this->checkInput($key, $value, $type);
        }
    }
 
    private function checkInput($key, $value, $type) {
        if (is_array($value)) {
            foreach ($value as $subKey => $subValue) {
                $this->checkInput($key . '[' . $subKey . ']', $subValue, $type);
            }
            return;
        }
 
        foreach ($this->suspiciousPatterns as $attack => $pattern) {
            if (preg_match($pattern, $value)) {
                $this->logAttack($attack, "$type: $key", $value);
                $this->blockRequest();
            }
        }
    }
 
    private function checkServerVariables() {
        $importantes = ['HTTP_USER_AGENT', 'HTTP_REFERER', 'REQUEST_METHOD'];
        foreach ($importantes as $header) {
            if (isset($_SERVER[$header])) {
                $this->checkInput($header, $_SERVER[$header], 'SERVER');
            }
        }
    }
 
    private function logAttack($type, $input, $value) {
        $log = sprintf(
            "[%s] Attack detected: %s, Input: %s, Value: %s\n",
            date('Y-m-d H:i:s'),
            $type,
            $input,
            $value
        );
        error_log($log);  // Write to error log instead of file
        echo $log;  // Also output to console for testing
    }
 
    private function logAccess() {
        $log = sprintf(
            "[%s] Access logged - IP: %s, Method: %s, URI: %s\n",
            date('Y-m-d H:i:s'),
            $_SERVER['REMOTE_ADDR'] ?? 'unknown',
            $_SERVER['REQUEST_METHOD'] ?? 'unknown',
            $_SERVER['REQUEST_URI'] ?? 'unknown'
        );
        error_log($log);
        echo $log;
    }
 
    private function blockRequest() {
        echo "Access Denied - Suspicious activity detected\n";
        exit();
    }
}
 
// Test the monitor
$monitor = new WebSecurityMonitor();
 
// Simulate some requests for testing
$_GET['test1'] = 'normal input';
$_GET['test2'] = "'; DROP TABLE users; --";  // SQL injection attempt
$_POST['test3'] = '<script>alert("xss")</script>';  // XSS attempt
 
$monitor->monitorRequest();
?>

PD9waHAKY2xhc3MgV2ViU2VjdXJpdHlNb25pdG9yIHsKICAgIHByaXZhdGUgJHN1c3BpY2lvdXNQYXR0ZXJucyA9IFsKICAgICAgICAnU1FMIGluamVjdGlvbicgPT4gJy8oXCUyNyl8KFwnKXwoXC1cLSl8KCUyMyl8KCMpLycsCiAgICAgICAgJ1hTUycgPT4gJy8oKFwlM0MpfDwpKChcJTJGKXxcLykqW2EtejAtOVwlXSsoKFwlM0UpfD4pLycsCiAgICAgICAgJ0ZpbGUgaW5jbHVzaW9uJyA9PiAnLygoXC5cLlwvKXwoJTJlJTJlJTJmKSkvJywKICAgICAgICAnQ29tbWFuZCBpbmplY3Rpb24nID0+ICcvKCYpfChcfCl8KFw7KS8nCiAgICBdOwogICAgCiAgICBwcml2YXRlICRsb2dGaWxlID0gJ3NlY3VyaXR5LmxvZyc7CiAgICAKICAgIHB1YmxpYyBmdW5jdGlvbiBtb25pdG9yUmVxdWVzdCgpIHsKICAgICAgICAvLyBNb25pdG9yIEdFVCBhbmQgUE9TVCBzZXBhcmF0ZWx5IHNpbmNlICRfUkVRVUVTVCBtaWdodCBub3QgYmUgYXZhaWxhYmxlCiAgICAgICAgJHRoaXMtPmNoZWNrQXJyYXkoJF9HRVQsICdHRVQnKTsKICAgICAgICAkdGhpcy0+Y2hlY2tBcnJheSgkX1BPU1QsICdQT1NUJyk7CiAgICAgICAgCiAgICAgICAgJHRoaXMtPmNoZWNrU2VydmVyVmFyaWFibGVzKCk7CiAgICAgICAgJHRoaXMtPmxvZ0FjY2VzcygpOwogICAgICAgIAogICAgICAgIGVjaG8gIlNlY3VyaXR5IGNoZWNrIGNvbXBsZXRlZC5cbiI7CiAgICB9CiAgICAKICAgIHByaXZhdGUgZnVuY3Rpb24gY2hlY2tBcnJheSgkYXJyYXksICR0eXBlKSB7CiAgICAgICAgZm9yZWFjaCAoJGFycmF5IGFzICRrZXkgPT4gJHZhbHVlKSB7CiAgICAgICAgICAgICR0aGlzLT5jaGVja0lucHV0KCRrZXksICR2YWx1ZSwgJHR5cGUpOwogICAgICAgIH0KICAgIH0KICAgIAogICAgcHJpdmF0ZSBmdW5jdGlvbiBjaGVja0lucHV0KCRrZXksICR2YWx1ZSwgJHR5cGUpIHsKICAgICAgICBpZiAoaXNfYXJyYXkoJHZhbHVlKSkgewogICAgICAgICAgICBmb3JlYWNoICgkdmFsdWUgYXMgJHN1YktleSA9PiAkc3ViVmFsdWUpIHsKICAgICAgICAgICAgICAgICR0aGlzLT5jaGVja0lucHV0KCRrZXkgLiAnWycgLiAkc3ViS2V5IC4gJ10nLCAkc3ViVmFsdWUsICR0eXBlKTsKICAgICAgICAgICAgfQogICAgICAgICAgICByZXR1cm47CiAgICAgICAgfQogICAgICAgIAogICAgICAgIGZvcmVhY2ggKCR0aGlzLT5zdXNwaWNpb3VzUGF0dGVybnMgYXMgJGF0dGFjayA9PiAkcGF0dGVybikgewogICAgICAgICAgICBpZiAocHJlZ19tYXRjaCgkcGF0dGVybiwgJHZhbHVlKSkgewogICAgICAgICAgICAgICAgJHRoaXMtPmxvZ0F0dGFjaygkYXR0YWNrLCAiJHR5cGU6ICRrZXkiLCAkdmFsdWUpOwogICAgICAgICAgICAgICAgJHRoaXMtPmJsb2NrUmVxdWVzdCgpOwogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQogICAgCiAgICBwcml2YXRlIGZ1bmN0aW9uIGNoZWNrU2VydmVyVmFyaWFibGVzKCkgewogICAgICAgICRpbXBvcnRhbnRlcyA9IFsnSFRUUF9VU0VSX0FHRU5UJywgJ0hUVFBfUkVGRVJFUicsICdSRVFVRVNUX01FVEhPRCddOwogICAgICAgIGZvcmVhY2ggKCRpbXBvcnRhbnRlcyBhcyAkaGVhZGVyKSB7CiAgICAgICAgICAgIGlmIChpc3NldCgkX1NFUlZFUlskaGVhZGVyXSkpIHsKICAgICAgICAgICAgICAgICR0aGlzLT5jaGVja0lucHV0KCRoZWFkZXIsICRfU0VSVkVSWyRoZWFkZXJdLCAnU0VSVkVSJyk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CiAgICAKICAgIHByaXZhdGUgZnVuY3Rpb24gbG9nQXR0YWNrKCR0eXBlLCAkaW5wdXQsICR2YWx1ZSkgewogICAgICAgICRsb2cgPSBzcHJpbnRmKAogICAgICAgICAgICAiWyVzXSBBdHRhY2sgZGV0ZWN0ZWQ6ICVzLCBJbnB1dDogJXMsIFZhbHVlOiAlc1xuIiwKICAgICAgICAgICAgZGF0ZSgnWS1tLWQgSDppOnMnKSwKICAgICAgICAgICAgJHR5cGUsCiAgICAgICAgICAgICRpbnB1dCwKICAgICAgICAgICAgJHZhbHVlCiAgICAgICAgKTsKICAgICAgICBlcnJvcl9sb2coJGxvZyk7ICAvLyBXcml0ZSB0byBlcnJvciBsb2cgaW5zdGVhZCBvZiBmaWxlCiAgICAgICAgZWNobyAkbG9nOyAgLy8gQWxzbyBvdXRwdXQgdG8gY29uc29sZSBmb3IgdGVzdGluZwogICAgfQogICAgCiAgICBwcml2YXRlIGZ1bmN0aW9uIGxvZ0FjY2VzcygpIHsKICAgICAgICAkbG9nID0gc3ByaW50ZigKICAgICAgICAgICAgIlslc10gQWNjZXNzIGxvZ2dlZCAtIElQOiAlcywgTWV0aG9kOiAlcywgVVJJOiAlc1xuIiwKICAgICAgICAgICAgZGF0ZSgnWS1tLWQgSDppOnMnKSwKICAgICAgICAgICAgJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10gPz8gJ3Vua25vd24nLAogICAgICAgICAgICAkX1NFUlZFUlsnUkVRVUVTVF9NRVRIT0QnXSA/PyAndW5rbm93bicsCiAgICAgICAgICAgICRfU0VSVkVSWydSRVFVRVNUX1VSSSddID8/ICd1bmtub3duJwogICAgICAgICk7CiAgICAgICAgZXJyb3JfbG9nKCRsb2cpOwogICAgICAgIGVjaG8gJGxvZzsKICAgIH0KICAgIAogICAgcHJpdmF0ZSBmdW5jdGlvbiBibG9ja1JlcXVlc3QoKSB7CiAgICAgICAgZWNobyAiQWNjZXNzIERlbmllZCAtIFN1c3BpY2lvdXMgYWN0aXZpdHkgZGV0ZWN0ZWRcbiI7CiAgICAgICAgZXhpdCgpOwogICAgfQp9CgovLyBUZXN0IHRoZSBtb25pdG9yCiRtb25pdG9yID0gbmV3IFdlYlNlY3VyaXR5TW9uaXRvcigpOwoKLy8gU2ltdWxhdGUgc29tZSByZXF1ZXN0cyBmb3IgdGVzdGluZwokX0dFVFsndGVzdDEnXSA9ICdub3JtYWwgaW5wdXQnOwokX0dFVFsndGVzdDInXSA9ICInOyBEUk9QIFRBQkxFIHVzZXJzOyAtLSI7ICAvLyBTUUwgaW5qZWN0aW9uIGF0dGVtcHQKJF9QT1NUWyd0ZXN0MyddID0gJzxzY3JpcHQ+YWxlcnQoInhzcyIpPC9zY3JpcHQ+JzsgIC8vIFhTUyBhdHRlbXB0CgokbW9uaXRvci0+bW9uaXRvclJlcXVlc3QoKTsKPz4=