HashOver 2.0

Required Setup

To use HashOver you first need to change a few settings that control important features, such as email notifications, data encryption, and admin comment moderation. To do this you need to edit the /hashover/backend/classes/secrets.php file and fill in the following information...

$notificationEmail: An email address. HashOver will send email notifications to this email address whenever users post comments on your website and when the users reply to each other. This should be an email address you want to send new comment notifications to.
$noreplyEmail: A noreply email address. When users reply to each other HashOver will send an email notification to the email address stored in the comment being replied to. This setting controls what email address you want set as the Reply-To address in reply email notifications sent to normal users. This should be an e-mail address that is not monitored, where the mail is potentially not even stored. This can be set to the same address as the $notificationEmail instead, allowing the user to reply to you by replying to the email notification. However, this would expose your email address to everyone who receives an email notification, which is something you might not want.
$encryptionKey: An encryption key, for encrypting and decrypting sensitive user data in comments such as email addresses and passwords. It can contain text of any length, but its best to keep the value alphanumeric. This setting is case-sensitive. You should think of this as a password, make it something hard to guess but easy for you to remember, in case the secrets.php file gets replaced with the default at some point, for example when updating HashOver to a newer version.
$adminName: The name for the Admin user. This does not need to be a user that exists on your server, it is completely HashOver-specific. This setting is case-sensitive. Anyone who uses this name with the correct password when they login will gain Admin rights, they will be able to moderate the comments, edit, delete, and approve pending comments.
$adminPassword: The password for the Admin user. This setting is case-sensitive.

SQL Setup

The following settings are optional, but required if you plan to store comments in a MySQL database or any other SQL server supported by PDO that uses MySQL compatible statement syntax. Below is the information you need to fill in before HashOver will connect to your database.

$databaseType: This setting specifies what kind of SQL database HashOver stores the comments in, either sqlite or mysql. Other databases might work as well, but they are not officially supported or tested.
$databaseName: This setting specifies different things based on the database type. For SQLite it serves as the name of the database file stored under /hashover/comments, for MySQL it serves as the name of an existing database in the server.
$databaseHost: This setting specifies where to find the SQL server. It is a regular host, either a local hostname or an IP address, normally localhost, but it can be a remote host as well. This setting is not used for SQLite.
$databasePort: This setting specifies which port the SQL server is running on. For MySQL this is normally 3306, but it can be any port and is normally unique to a specific SQL server. This setting is not used for SQLite.
$databaseUser: This setting specifies which user to connect to the SQL server as. Unlike the Admin user, this setting needs to be a user that exists on the SQL server, often this is the root user as they have permission to write to any database. Connecting to the SQL server as root is not recommended, as it is a security vulnerability. Instead, if you can, you should create a new user to use with HashOver, one that has their own unique password and permission to write to the database. This setting is not used for SQLite.
$databasePassword: This setting specifies the password for the SQL server user described above. This setting is not used for SQLite.
$databaseCharset: The character set of the comments being stored in the database.

SMTP Setup

The following settings are optional, but required if you plan to send email notifications through an SMTP server, such as Gmail. By default, HashOver uses the built-in email support in PHP, which uses sendmail on GNU/Linux and Mac OS. This may cause problems with some Internet Service Providers (ISP), hosting providers, and certain server configurations. When this happens you may need to send email notifications through an SMTP server. Below is the information you need to fill in before you can send email notifications through an SMTP server.

On Windows, PHP's sendmail uses SMTP by default, so the following settings should not need to be changed on Windows, but if you encounter problems, you might try using HashOver SMTP instead of sendmail.

$smtpHost: This setting specifies the SMTP server, for example smtp.gmail.com.
$smtpPort: This setting specifies the SMTP server port number, commonly 465. The port number depends on the type of encryption being used, but it can be anything. Please consult your SMTP server host for proper configuration.
$smtpCrypto: This setting specifies the type of encryption to use when connecting to the SMTP server. The SMTP server must support the specified encryption. The most common encryption type is ssl. Please consult your SMTP server host for proper configuration.
$smtpAuth: This setting specifies whether the SMTP connection is encrypted, which is commonly the case.
$smtpUser: This setting specifies the user to connect to the SMTP server as. Unlike the Admin user, this setting needs to be a user that exists on the SMTP server. For example, if you're sending email through the Gmail SMTP server, this setting would be your Gmail account username.
$smtpPassword: This setting specifies the password for the SMTP server user described above.

Troubleshooting

To begin with, at the bare minimum you want to ensure your server has PHP installed, since HashOver is written in the PHP scripting language. PHP has a long history with many versions, but HashOver is written with backward compatibility in mind, so the minimum PHP version supported is 5.3.3. HashOver does not need to be installed like normal software, the files can be downloaded and used as-is. HashOver does not require any specific server configuration changes. With this in mind, there are very few ways a setup can go wrong.

File permissions

HashOver needs to write various data to various files and directories, so all of the HashOver files should be owned by the user your server is running as, normally this is the www-data user. It is particularly important that the directories /hashover/config and /hashover/comments be owned by this user. Alternatively, these directories can be given permissions 0777 which grants full read and write access to all users. This is generally seen as a security vulnerability, so you should avoid doing this if at all possible.

Required modules/compilation

HashOver does not depend on any third-party libraries or frameworks, especially not any other PHP-based software. Although most PHP installations include everything HashOver requires by default, depending on your setup you may need to install some modules/extensions and/or ensure PHP was compiled with support for the following modules.

Feature	Module name(s)	Debian/Ubuntu package name(s)
Date and Time	date	part of PHP core
Document Object Model	dom	part of PHP core
Regular Expressions	pcre	part of PHP core
User information encryption	openssl	part of PHP core
Multi-byte character support	mbstring	php-mbstring
Internationalization	intl	php-intl
XML data storage format support	xml, libxml, SimpleXML	php-xml
JSON data support	json	php-json

If you want to use an SQLite or MySQL database, than the following modules are also required...

Feature	Module name(s)	Debian/Ubuntu package name(s)
PHP Data Objects	PDO	part of PHP core
SQLite support	pdo_sqlite, sqlite3	php-sqlite3
MySQL support	pdo_mysql	php-mysql

Checking for required modules

On UNIX (GNU, BSD, etc) you may list installed modules with this command:

php -m

On Windows the command to list installed modules is:

php.exe -m

Like what you see?

Please consider donating to support the continued development of my software. You can help ensure there is always a central place to download my software and read the latest news & updates.

Donate via PayPal

This work is licensed under the terms of the Attribution-ShareAlike International License as published by Creative Commons, either version 4.0 of the License, or (at your option) any later version.