alert.php and letter.php can be abused for spamruns, no
fix yet. Remove them from your site!
verify.php has a privacy leak.
$verify_query = mysql_query("SELECT * FROM phPetition
WHERE ID=$ID");
and
$update=mysql_query("UPDATE phPetition SET
Verified='yes', confirmDate = SYSDATE() WHERE
ID='$ID'",$db);
should be changed into:
$verify_query = mysql_query("SELECT * FROM phPetition
WHERE ID=$ID AND Verified='$Verified'");
and
$update=mysql_query("UPDATE phPetition SET
Verified='yes', confirmDate = SYSDATE() WHERE ID='$ID'
AND Verified='$Verified'",$db);
otherwise people can guess an id and obtain the private
info of other subscribers. (and verify for them of course)
Logged In: NO
As is, this projet is unworkable, unreliable and unsafe. If
you like a chalange this for you, otherwise run from this
package.