In the file index.php I read
$result = mysql_query("select personid, pass from
syncit_person where email = '$email'");
==> this script is absolutely open for SQL
injections!!!! There is no single check for $email to
be valid! Please fix this as soon as possible!
