View Issue Details

IDProjectCategoryView StatusLast Update
0008897phplist applicationAll Otherpublic18-02-08 14:08
Reporterhola 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.10.4 
Target Version2.10.7Fixed in Version2.10.5 
Summary0008897: Incorrrect count in users.php when owner role applied
DescriptionWhen you have an admin who has owner rights on the users role and,
has more than one mailing list that they own and,
has a subscriber in more than one of the admins owned lists.

The users total search count will count the subscriber more than once. For example if subscriber@domain.com belongs to two mailing lists owned by the admin and the admin has owner rights on the users functions subscriber@domain will e counted twice in the results.
TagsNo tags attached.

Relationships

related to 0003721 closed phplist 2.10.x 

Activities

hola

11-01-07 01:03

reporter   ~0022425

Offending code below - this is quite urgent as it is reporting wrong results to my clients

case "owner":
      $table_list = $tables["user"].','.$tables["listuser"].','.$tables["list"].$findtables;
      $subselect = "{$tables["user"]}.id = {$tables["listuser"]}.userid and {$tables["listuser"]}.listid = {$tables["list"]}.id and {$tables["list"]}.owner = ".$_SESSION["logindetails"]["id"];
      if ($find) {
        $listquery = "select {$tables["user"]}.email,{$tables["user"]}.id,$findfield,confirmed from ".$table_list." where $subselect and $findbyselect";
        $count = Sql_query("SELECT count({$tables["user"]}.id) FROM ".$table_list ." where $subselect and $findbyselect");
        $unconfirmedcount = Sql_query("SELECT count({$tables["user"]}.id) FROM ".$table_list ." where $subselect and !confirmed and $findbyselect");
      } else {
        $listquery = "select {$tables["user"]}.email,{$tables["user"]}.id,$findfield,confirmed from ".$table_list." where $subselect";
        $count = Sql_query("SELECT count({$tables["user"]}.id) FROM ".$table_list ." where $subselect");
        $unconfirmedcount = Sql_query("SELECT count({$tables["user"]}.id) FROM ".$table_list ." where !confirmed and $subselect");
      }
      if ($_GET["unconfirmed"])
        $listquery .= ' and !confirmed ';
      if ($_GET["blacklisted"])
        $listquery .= ' and blacklisted ';
      break;

yan

06-04-07 06:45

reporter   ~0025517

Another way to describe the issue is this: a superadmin will have the correct tally of 'all users'. Any restricted admin won't, as users will be counted differently: theyt are counted based on the lists the admin owns. If one user is on 3 lists owned by a restricted admin, the email will be counted 3 times.
To count users correctly, you'd have to look at the ownership of lists and then at the user membership of those lists, and then at the users. Currently, the user handling keeps it simple, by just checking the user table, where "admin ownership" isn't known.

user1822

23-08-07 19:56

  ~0030989

Added DISTINCT to sql queries