To use HashOver you first need to change a few settings that control important
features, such as email notifications, data encryption, and admin comment
moderation. To do this you need to edit the
file and fill in the following information...
- An email address. HashOver will send email notifications to this email address whenever users post comments on your website and when the users reply to each other. This should be an email address you want to send new comment notifications to.
A noreply email address. When users reply to each other HashOver will send an
email notification to the email address stored in the comment being replied to.
This setting controls what email address you want set as the
Reply-Toaddress in reply email notifications sent to normal users. This should be an e-mail address that is not monitored, where the mail is potentially not even stored. This can be set to the same address as the
$notificationEmailinstead, allowing the user to reply to you by replying to the email notification. However, this would expose your email address to everyone who receives an email notification, which is something you might not want.
An encryption key, for encrypting and decrypting sensitive user data in comments
such as email addresses and passwords. It can contain text of any length, but
its best to keep the value alphanumeric. This setting is case-sensitive. You
should think of this as a password, make it something hard to guess but easy for
you to remember, in case the
secrets.phpfile gets replaced with the default at some point, for example when updating HashOver to a newer version.
- The name for the Admin user. This does not need to be a user that exists on your server, it is completely HashOver-specific. This setting is case-sensitive. Anyone who uses this name with the correct password when they login will gain Admin rights, they will be able to moderate the comments, edit, delete, and approve pending comments.
- The password for the Admin user. This setting is case-sensitive.
The following settings are optional, but required if you plan to store comments in a MySQL database or any other SQL server supported by PDO that uses MySQL compatible statement syntax. Below is the information you need to fill in before HashOver will connect to your database.
This setting specifies what kind of SQL database HashOver stores the comments
mysql. Other databases might work as well, but they are not officially supported or tested.
This setting specifies different things based on the database type. For SQLite
it serves as the name of the database file stored under
/hashover/comments, for MySQL it serves as the name of an existing database in the server.
This setting specifies where to find the SQL server. It is a regular host,
either a local hostname or an IP address, normally
localhost, but it can be a remote host as well. This setting is not used for SQLite.
This setting specifies which port the SQL server is running on. For MySQL this
3306, but it can be any port and is normally unique to a specific SQL server. This setting is not used for SQLite.
This setting specifies which user to connect to the SQL server as. Unlike the
Admin user, this setting needs to be a user that exists on the SQL server, often
this is the
rootuser as they have permission to write to any database. Connecting to the SQL server as
rootis not recommended, as it is a security vulnerability. Instead, if you can, you should create a new user to use with HashOver, one that has their own unique password and permission to write to the database. This setting is not used for SQLite.
- This setting specifies the password for the SQL server user described above. This setting is not used for SQLite.
- The character set of the comments being stored in the database.
The following settings are optional, but required if you plan to send email notifications through an SMTP server, such as Gmail. By default, HashOver uses the built-in email support in PHP, which uses sendmail on GNU/Linux and Mac OS. This may cause problems with some Internet Service Providers (ISP), hosting providers, and certain server configurations. When this happens you may need to send email notifications through an SMTP server. Below is the information you need to fill in before you can send email notifications through an SMTP server.
On Windows, PHP's sendmail uses SMTP by default, so the following settings should not need to be changed on Windows, but if you encounter problems, you might try using HashOver SMTP instead of sendmail.
This setting specifies the SMTP server, for example
This setting specifies the SMTP server port number, commonly
465. The port number depends on the type of encryption being used, but it can be anything. Please consult your SMTP server host for proper configuration.
This setting specifies the type of encryption to use when connecting to the SMTP
server. The SMTP server must support the specified encryption. The most common
encryption type is
ssl. Please consult your SMTP server host for proper configuration.
- This setting specifies whether the SMTP connection is encrypted, which is commonly the case.
- This setting specifies the user to connect to the SMTP server as. Unlike the Admin user, this setting needs to be a user that exists on the SMTP server. For example, if you're sending email through the Gmail SMTP server, this setting would be your Gmail account username.
- This setting specifies the password for the SMTP server user described above.
To begin with, at the bare minimum you want to ensure your server has PHP installed, since HashOver is written in the PHP scripting language. PHP has a long history with many versions, but HashOver is written with backward compatibility in mind, so the minimum PHP version supported is 5.3.3. HashOver does not need to be installed like normal software, the files can be downloaded and used as-is. HashOver does not require any specific server configuration changes. With this in mind, there are very few ways a setup can go wrong.
HashOver needs to write various data to various files and directories, so all of
the HashOver files should be owned by the user your server is running as,
normally this is the
user. It is particularly important that the directories
be owned by this user. Alternatively, these directories can be given
which grants full read and write access to all users. This is generally seen as
a security vulnerability, so you should avoid doing this if at all possible.
HashOver does not depend on any third-party libraries or frameworks, especially not any other PHP-based software. Although most PHP installations include everything HashOver requires by default, depending on your setup you may need to install some modules/extensions and/or ensure PHP was compiled with support for the following modules.
|Feature||Module name(s)||Debian/Ubuntu package name(s)|
|Date and Time||date||part of PHP core|
|Document Object Model||dom||part of PHP core|
|Regular Expressions||pcre||part of PHP core|
|User information encryption||openssl||part of PHP core|
|Multi-byte character support||mbstring||php-mbstring|
|XML data storage format support||xml, libxml, SimpleXML||php-xml|
|JSON data support||json||php-json|
If you want to use an SQLite or MySQL database, than the following modules are also required...
|Feature||Module name(s)||Debian/Ubuntu package name(s)|
|PHP Data Objects||PDO||part of PHP core|
|SQLite support||pdo_sqlite, sqlite3||php-sqlite3|
Checking for required modules
On UNIX (GNU, BSD, etc) you may list installed modules with this command:
On Windows the command to list installed modules is: