requinix

There is no limit on arrays. Your problem is elsewhere.

Yes.

Also, if you submit the form and see the form data in the URL, that means it isn't being sent to the server the right way...

You should support both, because people will type the domain name without the "www", but you should enforce only one as the proper (canonical) domain. Which means redirect. So for yourself you'll want both hosts file entries, and Apache should have a configuration for both, but the non-www should redirect to the www one. You also have to make sure you never link to the non-www URL (another reason to not put the domain name in your URLs) because the redirect can mess with how stuff behaves.

Oh. And don't put the whole URL in your link. It's really unnecessary. All you need is the path portion, as in the stuff after the domain. So just /moviesite.php.

licksdev.com and www.licksdev.com are two different sites. Set up a redirect so that one of them always goes to the other. So the user (eg, you) won't get confused by the two sites.

Think. This is not a difficult question. I know you can find the answer.

Note the tracking URL for the services you want to support. Most of them use GET, some use POST, some use POST but actually support GET too. Then insert the tracking code in the right spot.

...which is why we're going down the "lax security measure" path. The lax security decision comes first. The .htaccess method is a way of implementing it.

The bot is the user. Their creators realized you're constructing predictable confirmation URLs so their bots don't have to wait for anything: submit form data, hit confirmation page, have working account. CAPTCHA, and don't use predictable confirmation URLs. You should be using some sort of random token instead.

You know, the regular user management system? You don't have to have open registration, but emails and passwords and all that.

A hardcoded username and/or password that I assume will be shared for all people who need to get in.

Not sarcasm. You only need something to share some pictures for a short while, not to secure nuclear launch codes. Log in screen doesn't care if you use a database or not. All you're doing is changing how it knows whether a login is valid. Given the lax security measures already being considered: no, not really. But personally I would probably still obfuscate it a little, like base 64-encoding. Yeah, sure.

Nah. It's not like the world will end if someone were to leak the password to 4chan or something.

1. Yes, if the fancy UI is important to you. 2. As with any other user authentication system, yes.

Bots. Use a CAPTCHA.

Do you have the rest of it built out? Because if not then I would suggest using one of the millions of existing services to do this. But an .htaccess with a username and password is a really quick way to do this. They go to the site, the browser pops up a little window asking for a username and password, they enter it, and they get in. And the browser can remember it like the login for any other website.

The so-called "PHP error" only means that when the browser tried to send the login data to process.php the server responded with some sort of error. Could be so, so many different things going wrong, only some of which are to do with PHP. There's not much you can do unless you can reproduce the problem yourself, or find something in your PHP or server error log.

The version of phpDoc you have needs PHP 7.2. If you are using an official Docker image from phpDoc then they did something wrong. If you are using a Docker image you created yourself then you need to create a new one that has PHP 7.2 and then add phpDoc to it.

Then don't put the files into subdirectories. What I'm trying to understand is why you want everything to look and act a certain way but weren't making it actually be that way.

This isn't good. Why do you have so many subdirectories? Why are you not using the correct URL?

Also confirm that there are, in fact, 1000 characters in there.

Because you cannot customize the "required" validation warning that the browser gives the user. Or "pattern", which is going to tell the user something cryptic they won't possibly understand.

Then your browser doesn't support replaceState or it doesn't implement it correctly.

If the file was uploaded in 2016 then I doubt you're running a current version of WordPress.