Free and Open Source PHP Comment System
There are a decent number of comment systems available today, few are free and open source, fewer are standalone systems not integrated with a content management system, even fewer are self-hosted, and even fewer allow anonymity.
What's wrong with existing comment systems?
Many third-party comment systems like Disqus, IntenseDebate, Livefyre, Facebook Comments and Google+ Comments, suffer from these problems and impose them and many restrictions onto their users, meaning you and your website's visitors. HashOver doesn't do this. HashOver is free and open source, and completely customizable, meaning you can make it do whatever you want it to, and it only does what you need it to.
How it works (the basics):
HashOver is self-hosted, as users post comments, individual
XML files are created in a subdirectory named after the page
URL under a specified directory in the
The first comment is named "1.xml", the second comment is named "2.xml", and so on. When a user replies to a comment, another file is created named with the parent comment's number dash the child comment number, so a reply to the second comment ("2.xml") creates a file named "2-1.xml", etc. When a comment is deleted a visitor will simply be deleting the corresponding file.
There are two methods of using HashOver, both methods require doing the following first:
Download this file: hashover.zip
Extract the archive files at or upload them to your website's highest level, typically "/"
Give (chmod) all the files permissions "0644" (readable by all and writable by owner)
Give directories and PHP files permissions "0755" (readable by all, writable by owner, executable by all)
Give "hashover/pages" directory permission "0777" (readable, writable and executable by all)
Alternatively, to avoid setting file permissions manually:
Download this file: hashover.tar
Extract its contents as root with the following command:
tar -pxf ./hashover.tar
The following actions are required before using HashOver.
Edit the file
hashover/scripts/secrets.phpand make the following changes.
Set a UNIQUE 8 to 32 character value for the
$notification_emailvariable to any valid e-mail address.
Set a UNIQUE value for the
Set a UNIQUE value for the
Once the files have successfully been downloaded, extracted, proper permissions set, and setup, all you need to do is copy the code to one of the two following implementation methods and paste it into your webpage(s):
var rows = "4"; // Sets "Comments" field height
var name_on = "no"; // Disables "Name" field
var passwd_on = "no"; // Disables "Password" field
var email_on = "no"; // Disables "E-mail" field
var sites_on = "no"; // Disables "Website" field
<?php $mode = 'php'; include('hashover.php'); ?>Optional:
In the file
hashover/scripts/php-mode.phpa list of variables nearly identical to the ones mentioned above will be found that allow specific input fields to be disabled.
Getting a Comment Count:
You may set the "count_link" query to display only a comment count linking to a specified page's comments. For example, the following code will display "9 Comments (11 counting replies)".
Give an HTML element the ID attribute "cmtcount"
<span id="cmtcount"></span> for
example, and that element will display a comment count. This
is useful in creating comment "widgets" / "buttons" that display
the comment count and link to the comment section. The
following code displays a link similar to the previous code:
In the file
settings for things such as language, default name, HTML
design template, avatar icons, "Popular Comments", spam
checking, default timezone, and more may be adjusted.
Styling the Comments:
To change how the comments look, use a Cascading Style Sheet (CSS.) HashOver comes with a default style sheet named "comments.css" under the "hashover" directory.
placed in the page when the comments are displayed. This is
not true for the PHP method. However, in both methods it is
recommended that the following
element be placed in the
of your website's webpage(s):
Alternatively, the following may be placed at the top of an existing style sheet:
Need more control over how the comments look?
Editing the file
allows you to move around the HTML elements of each comment,
meaning you may change where each commenter's avatar icon
and name appears, as well as where the date/permalinks,
"Reply", "Edit", "Like" and "Top of Thread" links appear.
However, rather than editing the
hashover/html-templates/default.html file, it
is recommended you edit a copy of that file, and then merely
$template variable in the
hashover/scripts/settings.php file. This way
your changes won't be lost when you upgrade HashOver, and
you will have a working fallback just in case.
HTML in comments:
Users may post comments with a limited number of allowed
HTML tags. These tags include
A user may also include an image in their posts using
The hyperlink tag
<a> is not allowed in
comments, instead users can post URLs as-is and they will
become links. This is done to help protect users against
scams and SPAM, since links can't say something different
than where they actually link to, thereby preventing
phishing, for example.
Use a canonical URL:
A canonical URL uses the canonical link element
<head> section of a webpage to
prevent the creation of multiple separate comment
directories for multiple page URLs that present the same
content. For example,
will have separate comment threads because the URLs are
different, even if both URLs return the same content.
In PHP adding a
$canon_url variable before the
include function will trigger the canonical URL behavior:
$mode = 'php';
$canon_url = 'http://example.com/page.html';
Need more control than a canonical URL offers?
If you need more fine tuned control over URL parsing, particularly what URL queries should be ignored, add unwanted URL queries, one per line, to a file named "ignore_queries.txt" under the "hashover" directory.
Adding a query name without a value will remove the query
from comment directory names no matter what its value is.
Adding a query name with a value (name=value) will only
remove that specific query with that specific value from
comment directory names. For example, add "lang" to the
"ignore_queries.txt" file and the URLs
will be treated as being the same page and thus display the
same comment thread.
Need to block an IP address?
$ip_addrs variable in the
hashover/scripts/settings.php file is set to
"yes", user IP addresses will be stored in their respective
comment file(s). Those IP addresses can be used to block
spamming, abusive, and/or obstructive users from posting and
interacting with the comments all together. Simply add them,
one per line, to a file named "blocklist.txt" in the
In addition to that, if the variable
whether or not a visitor's IP address is in the database of
spam server IP addresses maintained at
If a visitor's IP address is in the database the visitor is
most likely a spam server, and the script will exit with a
message saying "HashOver: You are blocked!" while
disallowing the visitor any interaction with the comments,
and thus successfully preventing spam.
The value of
$spam_IP_check determines in which
mode(s) visitor IP address spam checking will be enabled.
against some forms of spam attacks, such as basic automated
form filing, while PHP mode is not. If one is using PHP
mode, they should also set
however, this isn't necessary if spam isn't an issue in
"both" will enable spam checking in both modes, for those
who make use of both modes.