A small comment management system in PHP with data backup as XML files protected by HTACCESS.

This system allows users to leave a comment on a website. A password-protected private administration interface allows you to manage the registered comments and access some options.

The classic management features are available:

  • Send a comment
  • Validate a comment received
  • Edit a comment
  • Delete comment

This script is distributed for sharing purposes and should not be used in production without understanding how it works.


  • Anti-robot protection type CAPTCHA (basic system with random code and token)
  • Automatic pagination (the number of comments per page can be modified in the administration)
  • Private administration (several administrators possible)



This script does not require any database installation. Just copy the contents of the directory to the desired location.
To ensure the security of your administrator data and passwords, make sure that the HTACCESS protection of the "db" data directory is working. Use a unique password for your site.

Reset data

The data is saved as XML files. To reset the data, delete the contents of the XML files in the "db" directory.

Change the password of an administrator

It is possible to change the password of the administrator directly in the administration interface, by following "Options"> "Account options"
Administrator information is stored in the "db / adms.xml" file. Each node / line of this file corresponds to a different administrator.
The "na" attribute corresponds to the "username / login", the "rna" attribute corresponds to the first name (may correspond to "na"), the "pw" attribute corresponds to the password.
The string of the "pw" attribute must be a hash of the desired password made with the SHA-256 hash algorithm.
Note: The login / password used in the downloadable script are: login "admin", password "admin".

Change HTACCESS password

The data storage directory "db" must be inaccessible from the web, so it is important to keep it protected by HTACCESS with the most difficult password to find.


This program is free software, released without any warrantee or licenses. Feel free to use, modify, redistribute like you want.


Creative Commons License

This document by Christophe Leblanc is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.