requinix

Exactly what does "won't allow" mean? Do you see one of your error messages? Which one?

No. Stop thinking that. Restricting people from typing certain things is not security. In fact it's the opposite of security because now you've told the rest of the internet that you have a very specific vulnerability when it comes to rendering certain user-provided values in your website. Doesn't matter. You could be storing the username in a database, or a text file, or you could even be emailing yourself a copy of their registration. Does not matter.

Characters are unsafe according to how you (mis)use them. Preventing people from using < > because it would mess up your HTML is absolutely the wrong solution. If you want to prevent people from using < > because you don't think usernames should contain those kinds of symbols, that's something entirely different.

What do you see happening and what is it that you expected to see? In detail.

I take it you're not familiar with that syntax? https://www.php.net/manual/en/function.echo.php

The header/content/footer style is at least 10 years out of date. Templating is better. Approaches vary, but the point is that you have a single file containing the entire template for the page, and you insert content in the places it needs to go. <!doctype html> <html> <head> <title><?= $title ?></title> etc. </head> <body> <?= $body ?> </body> </html> If you don't want to render your output to strings, things like $title and $body can instead be functions that are called and output what they want directly.

Looks like a prepared statement, which is good and would avoid the SQL problems. Have you turned on whatever "debug" support this class offers? Checked error logs?

HTML 4? mail() function? Where are you getting this from?

No, there is no way for you to access or control that sort of information.

Not being able to share any code is going to be a problem. Surely you can post a few lines from some select locations? The most likely culprit is an improper SQL statement that let the data somehow corrupt the query, causing it to fail. For example, if it contains apostrophes and quotation marks. Knowing what data is not being inserted would be nice so that you could look for a pattern in what does and doesn't work.

I like answering with questions because often that encourages the person, in trying to answer that question, to start heading down the right mental pathway towards finding the answer - if not find the answer itself. Here, the answer to my question is something like "well the setting page says it's a path to PHP". Logically, then, if it's "the path to a PHP executable" then yeah, the answer probably is as simple as copying the php.validate.executablePath you have above it. Because the thing to remember here - and this might help dispel some confusion - is that despite the similarity between the two configuration names, they belong to two different extensions: the "php.validate.executablePath" is used by the built-in PHP extension while the "php.debug.executablePath" comes from PHP Debug.

I don't understand why this is a question. Do you know what that setting is for?

There's whitespace around the URLs. <loc> http://enginery.freecluster.eu/index.php </loc> It's a minor thing but could be a problem.

Maybe content "with media"? Or maybe "supporting uploads", because you'd need to do that for images to be possible. But there aren't really any special words. Because supporting images and deleting posts/articles and such are simply the normal features you'd find in most CMSes. Not especially. There are definitely special terms for many different things, like I mentioned "roles" earlier, but that doesn't mean everything has special terms. Like "allowing users to register accounts" isn't a term. It's a description. And "inserting images and videos into posts" is also a description.

These are very broad questions that do not have a single answer. What you can do varies a lot. The word you need is "role", as in a user login system where each user can have a different role (ie, user role or admin role). That just sounds like a CMS. Use PHPMailer or Swift Mailer to send the emails. You configure them with your email server information, like if you want to use a Gmail account, and they do the rest of the work.

Finding out the actual truth instead of guessing is probably a good idea. For Apache, SSL_PROTOCOL is available if you enable that. https://httpd.apache.org/docs/current/mod/mod_ssl.html For nginx, I believe you can get $ssl_protocol as a variable, but you would need to pass that as an environment/CGI variable to php-fpm in the server/site config. https://nginx.org/en/docs/http/ngx_http_ssl_module.html

So let's take a step back. Are you using Apache or nginx? mod_php or FPM? What is the server setup?

An optional parameter would be like public static function render($post, $withPost = true) { which will default to true if not provided. You would then use $withPost to decide whether to do that ->push or not.

Because it's apples and oranges. Just running on the same server doesn't mean anything - PHP could no more see what nginx is doing than nginx see what PHP is doing. If gw1500se is right then what I said may already be in place for you. So print out the contents of $_SERVER and see if there's an SSL_PROTOCOL or similar you can reference (and what its value is).

PHP doesn't have access to that kind of information - it's all handled by the webserver automatically. As it should be. But you can potentially have the server inject the information into your runtime environment. For example, nginx has a $ssl_cipher variable that you could pass into the PHP environment.

Odds are the versions of openssl and/or libssh installed on your system are out of date. Update them.

One or more of those, yes. Impossible to say just with your description. Depends. No.

Oh dear. If you've got the money to buy Windows Server Datacenter then you've got the money to hire an IT person whose job it would be to deal with these matters.

Don't use a redirect. Half of the point of a 404 page is that it returns a 404, and using a redirect makes it do something different. Why not just change the 404.php to be this new page? Wouldn't that be easier?

Is your custom 404 page on some other site?