Preventing user enumeration: which logic is better?

Logic #1 is checking the returned value of the preg_match function with respect to 0 and with operator ===. That means the returned value of the preg_match function has to be (int) 0 or (string) 0. And after that it is checking if $_REQUEST['author'] is empty or not.

And in Logic #2 is checking the same thing above, but with !()(not) operator. And this method also additionally check the $_REQUEST['author'] is integer or not.

Checking the $_REQUEST['author'] data type actually makes Logic #2 better than above Logic #1, I think. Cause, though data type doesn’t matter in PHP (PHP is a loosely typed language) but it’s better to use them. It defines a concrete base for your application and ensures some core security as well as it’s the best practice.

Hope that answer satisfies your quest.

Related Posts:

  1. Basic auth WordPress REST API dilemma
  2. security+best practices: root or www-data on a wordpress content folder?
  3. Any reason to be concerned by a wave of “zombie” blog signups?
  4. How to change WordPress user ID?
  5. Setting WP Admin passwords to expire
  6. What do spammers gain by signing up as a user?
  7. How can I secure a WordPress blog using OpenID from a single provider?
  8. Force user to change their password on the frontend at the first login and password policy
  9. Should I encrypt the response that triggers an Ajax action? Is nonce sufficient?
  10. Are there mutiple ways to get usernames (as a hacker)
  11. Reset Password policy
  12. How do I protect user_activation_key?
  13. Failed login attempts
  14. Separate Out Real Users
  15. WordPress Password security related questions
  16. Force users to use password with specifications
  17. Iterating users while user iteration is suppressed
  18. Require confirmation of current user’s email before updating database and before send_email_change_email
  19. Securely log in a user without a password using a link?
  20. What techniques can a user employ to achieve a password rated “strong” in the WordPress password checker
  21. WordPress – Security Question at Login from User’s Meta Data
  22. How to allow an user role to create a new user under a role which lower than his level only?
  23. How to programatically change username (user_login)?
  24. How to get userid at wp_logout action hook?
  25. What’s the difference between the capability remove_users and delete_users?
  26. How to change user_login with wp-cli?
  27. Replacing the WordPress password validation
  28. alphabetically order role drop-down selection in dashboard
  29. WordPress auto login after registration not working
  30. How to hide media uploads by other users in the Media menu?
  31. Retrieve all users from wordpress database via REST/JSON API
  32. Get users with atleast one post
  33. edit profile validation refreshes all field if missing wordpress
  34. How to order users alphabetically by their last name?
  35. How to use hyperdb to separate and share a user dataset between wordpress installs?
  36. \WP_User Object | What’s the Difference Between {caps} and {allcaps}?
  37. pre_user_query meta_query admin user list
  38. Return ID of authors who have at least one post
  39. How to list users that have written custom post types and hide the ones that have not?
  40. Front end user meta options for users
  41. How to migrate wordpress users from one blog to another
  42. Drop down list in user profile page
  43. How can I link users across multiple subdomains?
  44. Importing Existing Users with Passwords
  45. Create not-activated user in code, wordpress
  46. How to add user meta for all users
  47. Is there any function available to echo current user’s profile url?
  48. How can I allow users to sign up but prevent them from accessing the WordPress backend?
  49. How to delete all post and attachments of a user when I delete it?
  50. Redirect user to login before viewing custom post
  51. Force user to change their password on first log in of site using shortcode
  52. How to export bbPress (forums, topics, replies) and all users?
  53. Display users in order by an “order” custom meta field
  54. Translate emails into the language of the user
  55. C# user_nicename and Display name blank
  56. WP users page doesn’t show users count by role
  57. Can I check which users ran which updates?
  58. Extend backend User search to custom user meta
  59. Move users and passwords from one wordpress site to another
  60. Bulk lock users without email address?
  61. How to implement friend system for WordPress?
  62. Delete user after Contact Form 7 submission [closed]
  63. Delete Users without a First and Last Name
  64. Specific way to allow WordPress users to view their current password? And edit it?
  65. How to do a task only once for logged in users
  66. How to add registration date and last login date to user list page
  67. Filter users in a search
  68. How to set all external links from a certain user to “nofollow”?
  69. Show WordPress users in grid with image and name
  70. How can i login with user’s password in WordPress being an admin?
  71. Redirect users after login
  72. How to hide some users to unlogged users [closed]
  73. List all users and current week entries
  74. How to get current user on a multi site that is using domain mapping?
  75. Use members from 1 site on another one
  76. Can I edit the database to change a login?
  77. User(s) already exists show error please provide a valid username
  78. User Meta stuff
  79. Is it possible to make specific posts editable by all authors?
  80. User can’t search himself on rest api
  81. How do I update user email from frontend input field?
  82. Cannot update newly added User field using wp_update_user
  83. Block editor completely gone for second of two super user
  84. How to prevent multiple user accounts with the same meta field?
  85. How do I set a maximum upload size for a specific user role (Editor)
  86. Create relationships between users or user roles
  87. User Permissions on custom post type
  88. update custom field user profile from front end form
  89. Insert user register into my own user table instead of wp own user
  90. throttle/limit a logged in user’s http requests to specific page on a per day basis
  91. I try to add informations to User profile
  92. Limit roles displayed in users.php depending on custom role
  93. Add a column before username in the users profile table
  94. Will mass deleting WP Users then reimporting CSV with the same userid break WP?
  95. Create a wordpress admin user and only let them edit and post blog posts?
  96. Shopping plugin with user groups [closed]
  97. determine active user browser at the same time
  98. get Discussion setting in wordpress
  99. Set a minimal number for next user_id
  100. Remove My Account Menu items in Woocommerce based on user roles
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)