

Great — I can do this. Below I’ll do three practical things in one response so you can move immediately:
Recommend the best open-source PHP/MySQL options you can fork and why.
Give a concrete plan (features, tech choices, security, scaling).
Provide a ready-to-use minimal PHP + MySQL schema plus example PHP endpoints (create petition, sign petition, fetch counts) and a short frontend pattern (AJAX) you can drop into a site on wewant.com.au.
1) Best open-source PHP options to fork / start from
Top recommendation: CiviCRM (with Drupal or WordPress)
Why: Mature, battle-tested, PHP/MySQL, built-in CRM, email, verification, activity records and a Petitions component. Widely used by NGOs and campaigning groups. Good for audit trails, analytics, export, and anti-spam integrations.
Pros: Stable, features for campaigns, donor lists, APIs, permissioning, GDPR support.
Cons: Steeper learning curve; you’ll need to install Drupal or WordPress and configure CiviCRM.
Useful docs:
CiviCRM Petitions guide / setup. 
docs.civicrm.org
Secondary: OpenPetition / OpenPetitionPlatform (GitHub)
Why: An open-source petitions platform (PHP/Twig). May require work to modernise and secure, but closer to your target domain and lightweight compared to CiviCRM. Good if you want a petitions-first codebase.
Pros: Built specifically for petitions, PHP stack.
Cons: Project activity varies; expect to adapt and modernise.
Repo: OpenPetitionPlatform/OpenPetition. 
GitHub
+1
Other repos (in case you prefer alternate stacks)
Several Change.org clones exist on GitHub (MERN, Rails) — useful as feature reference or UX inspiration but not PHP. (Examples: Change-Org-Clone, Kardinal, d-otis). 
GitHub
+2
GitHub
+2
Recommendation summary
If you want fastest path with powerful features: Use CiviCRM + Drupal or WordPress and configure the Petitions component.
If you want a lighter, petition-only PHP app to fork and extend: Start from OpenPetition (fork and modernise).
If you want fully custom and minimal to own everything: Use the PHP/MySQL skeleton below and build out features module by module.
2) Practical plan (features, tech choices, security, scaling)
Core features (Change.org parity)
Create petition: title, description, image, category, target (official/MP), goal, tags, privacy settings.
Signing: name, email, optional comment; email verification (double opt-in).
Real-time signature count and progress bar.
Share buttons (Twitter, Facebook, LinkedIn), copy link.
Creator dashboard: edit petition, post updates, view signatories and analytics (daily signups).
Admin/moderator panel: view/approve/remove petitions, moderate signatures, ban users/IPs.
API for embedding petitions on other sites.
Abuse protection: rate limits, CAPTCHA, honeypot fields, domain email validation.
Export: CSV, PDF / OpenAPI / activity logs for audits.
Tech choices (for your brief)
Language: PHP 8.x.
Framework: Lightweight framework recommended (Laravel or Slim) — Laravel if you want speed & ecosystem. But the minimal code below uses plain PHP + PDO for portability.
DB: MySQL or MariaDB. Use InnoDB, utf8mb4.
Auth: JWT for API or session auth for web; bcrypt/argon2 for passwords. Email verification required.
Realtime: Simple polling (AJAX) is fine for MVP. For scale, add WebSockets (Pusher, Socket.IO via Node) or server-sent events.
Deploy: Linux/Apache or Nginx, PHP-FPM, Redis for caching and rate-limits, and Cloudflare in front for basic DDoS protection.
Security & compliance
Enforce email double opt-in for signers.
Rate limit sign submissions (per IP/email) and validate recaptcha / hCaptcha.
CSRF tokens on forms. Prepared statements (PDO) for SQL.
Input sanitisation and output escaping.
Data retention policy, privacy policy and opt-out. GDPR/Australian privacy compliance for personal data.
3) Minimal PHP + MySQL petition platform (schema + example endpoints)
Below is a minimal, working schema and example PHP endpoints (PDO) you can use as the skeleton for We Want (wewant.com.au). This gives you petition creation, signature submission (with email verification token), fetching counts, and a simple AJAX-ready endpoint.
Important: This is a minimal example for prototyping. For production you should add authentication libraries, email queueing, input validation libraries, CSRF protection, logging, and rate-limiting.












Next steps I can do for you (pick one or more) Fork and evaluate
OpenPetition or install CiviCRM on a sandbox and show you the petition
component configured for Australia. Build a small working prototype of
the above PHP skeleton (with email sending via SMTP, simple UI, and
admin panel) and push it to a GitHub repo for you to review. Produce a
full spec & task list to hand to a dev or agency (features, API, UX,
hosting, costs). Which would you like me to do next? If you want me to
start building a demo, tell me: (A) fork OpenPetition and prepare it for
Australia, (B) spin up the custom PHP skeleton and seed example
petitions, or (C) produce a developer-ready spec with story points and
hosting estimate.