Preventing user enumeration: which logic is better?

Logic #1 is checking the returned value of the preg_match function with respect to 0 and with operator ===. That means the returned value of the preg_match function has to be (int) 0 or (string) 0. And after that it is checking if $_REQUEST['author'] is empty or not.

And in Logic #2 is checking the same thing above, but with !()(not) operator. And this method also additionally check the $_REQUEST['author'] is integer or not.

Checking the $_REQUEST['author'] data type actually makes Logic #2 better than above Logic #1, I think. Cause, though data type doesn’t matter in PHP (PHP is a loosely typed language) but it’s better to use them. It defines a concrete base for your application and ensures some core security as well as it’s the best practice.

Hope that answer satisfies your quest.

Related Posts:

  1. Basic auth WordPress REST API dilemma
  2. security+best practices: root or www-data on a wordpress content folder?
  3. Any reason to be concerned by a wave of “zombie” blog signups?
  4. How to change WordPress user ID?
  5. Setting WP Admin passwords to expire
  6. What do spammers gain by signing up as a user?
  7. How can I secure a WordPress blog using OpenID from a single provider?
  8. Force user to change their password on the frontend at the first login and password policy
  9. Should I encrypt the response that triggers an Ajax action? Is nonce sufficient?
  10. Are there mutiple ways to get usernames (as a hacker)
  11. Reset Password policy
  12. How do I protect user_activation_key?
  13. Failed login attempts
  14. Separate Out Real Users
  15. WordPress Password security related questions
  16. Force users to use password with specifications
  17. Iterating users while user iteration is suppressed
  18. Require confirmation of current user’s email before updating database and before send_email_change_email
  19. Securely log in a user without a password using a link?
  20. What techniques can a user employ to achieve a password rated “strong” in the WordPress password checker
  21. WordPress – Security Question at Login from User’s Meta Data
  22. (How) does WordPress protect direct access of user data?
  23. If the current user is an administrator or editor
  24. Getting a List of Currently Available Roles on a WordPress Site?
  25. Editor can create any new user except administrator
  26. How do I add a field on the Users profile? For example, country, age etc
  27. How do I display logged-in username IF logged-in?
  28. How to allow an user role to create a new user under a role which lower than his level only?
  29. user_login vs. user_nicename
  30. How to programatically change username (user_login)?
  31. Change the Author Slug from Username to Nickname
  32. Remove Ability for Other Users to View Administrator in User List?
  33. Difference between update_user_meta and update_user_option
  34. Make display name unique
  35. Make WooCommerce pages accessible for logged in users only
  36. Find out if logged in user is not subscriber
  37. WordPress usermeta scaling for thousands of users
  38. How to get WordPress Username in Array format
  39. Display user registration date
  40. Get multiple roles with get_users
  41. get_user_meta() doesn’t include user email?
  42. Confirmation required on email change
  43. How to Merge Two Authors Into One?
  44. Whats the best way to share user data across multiple WordPress websites?
  45. get_current_user_id() returns 0?
  46. How to get userid at wp_logout action hook?
  47. Groups of capabilities: users with multiple roles?
  48. Is there a way to merge two users?
  49. User-edit role setting distinct from wp_capabilities? [closed]
  50. List users by last name in WP_User_Query
  51. What’s the difference between the capability remove_users and delete_users?
  52. How to restrict access to uploaded files?
  53. Automatically delete inactive users after 2 months
  54. How to change user_login with wp-cli?
  55. Delete all subscribers from wp_users and wp_usermeta a few thousand at a time
  56. Email user when password is reset by admin
  57. Replacing the WordPress password validation
  58. Ban a user and end their session
  59. Allowing users to edit only their page and nobody else’s
  60. How can 2 blogs share the same users
  61. alphabetically order role drop-down selection in dashboard
  62. WordPress auto login after registration not working
  63. Change the author slug from nickname to ID
  64. Execute a function when admin changes the user role
  65. How to let contributors to create a new revision(draft) editing their published posts
  66. how to use joomla password format in wordpress?
  67. How to do get_users() with multiple meta_keys
  68. Disallowing Users of a Custom Role from Deleting or Adding Administrators?
  69. What the user_status column?
  70. How to limit users to one comment per post
  71. Different back-end language for different users?
  72. Is it safe to store a user setting you don’t want the user to ever modify as a user option?
  73. Hide Admin Menu for Specific User ID who has administrator Role
  74. Migrating WordPress users into Disqus
  75. Problem with Hebrew characters in username
  76. Is there an upper limit for users in WP?
  77. How to display the status of users (online – offline) in archive.php
  78. Remove email verification when new user register
  79. How to change user`s avatar?
  80. How to set up User email verification after Signup?
  81. Allow up to 5 Concurrent Login Sessions
  82. How to let user set password on registration
  83. How to hide media uploads by other users in the Media menu?
  84. Show admin bar only for some USERS roles
  85. How to display custom user meta from registration in backend?
  86. Allowing an email as the username?
  87. How to work around “that email address has already been used” error?
  88. Get the name of user who updated post
  89. Disable delete user
  90. Grouping users under parent user
  91. How to get the Gravityform entry ID from current user’s form submission? [closed]
  92. Retrieve all users from wordpress database via REST/JSON API
  93. Is there a way to set a user profile to Draft?
  94. Display edit link if post author is current user
  95. Check if specific username is logged in
  96. Best way to send users password?
  97. Limiting the number of users
  98. How can I get users email (and additional data) from the rest API?
  99. Force display name as full name
  100. Get users with atleast one post
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)