package org.owasp.webgoat.plugin.crosssitescripting;

import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import org.owasp.webgoat.plugin.GoatHillsFinancial.DefaultLessonAction;
import org.owasp.webgoat.plugin.GoatHillsFinancial.Employee;
import org.owasp.webgoat.plugin.GoatHillsFinancial.GoatHillsFinancial;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.UnauthenticatedException;
import org.owasp.webgoat.session.UnauthorizedException;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/cross-site-scripting-1.0.jar:org/owasp/webgoat/plugin/crosssitescripting/EditProfileCrossSiteScripting.class */
public class EditProfileCrossSiteScripting extends DefaultLessonAction {
    public EditProfileCrossSiteScripting(GoatHillsFinancial goatHillsFinancial, String str, String str2) {
        super(goatHillsFinancial, str, str2);
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.DefaultLessonAction, org.owasp.webgoat.plugin.GoatHillsFinancial.LessonAction
    public void handleRequest(WebSession webSession) throws ParameterNotFoundException, UnauthenticatedException, UnauthorizedException {
        getLesson().setCurrentAction(webSession, getActionName());
        if (!isAuthenticated(webSession)) {
            throw new UnauthenticatedException();
        }
        setSessionAttribute(webSession, getLessonName() + "." + GoatHillsFinancial.EMPLOYEE_ATTRIBUTE_KEY, getEmployeeProfile(webSession, getUserId(webSession), webSession.getParser().getIntParameter(GoatHillsFinancial.EMPLOYEE_ID)));
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.DefaultLessonAction, org.owasp.webgoat.plugin.GoatHillsFinancial.LessonAction
    public String getNextPage(WebSession webSession) {
        return GoatHillsFinancial.EDITPROFILE_ACTION;
    }

    public Employee getEmployeeProfile(WebSession webSession, int i, int i2) throws UnauthorizedException {
        Employee employee = null;
        try {
            try {
                PreparedStatement prepareStatement = WebSession.getConnection(webSession).prepareStatement("SELECT * FROM employee WHERE userid = ?", 1004, 1007);
                prepareStatement.setInt(1, i2);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    employee = new Employee(executeQuery.getInt("userid"), executeQuery.getString("first_name"), executeQuery.getString("last_name"), executeQuery.getString(GoatHillsFinancial.SSN), executeQuery.getString("title"), executeQuery.getString("phone"), executeQuery.getString(GoatHillsFinancial.ADDRESS1), executeQuery.getString(GoatHillsFinancial.ADDRESS2), executeQuery.getInt("manager"), executeQuery.getString("start_date"), executeQuery.getInt(GoatHillsFinancial.SALARY), executeQuery.getString(GoatHillsFinancial.CCN), executeQuery.getInt("ccn_limit"), executeQuery.getString("disciplined_date"), executeQuery.getString("disciplined_notes"), executeQuery.getString("personal_description"));
                }
            } catch (SQLException e) {
                webSession.setMessage("Error getting employee profile");
                e.printStackTrace();
            }
        } catch (Exception e2) {
            webSession.setMessage("Error getting employee profile");
            e2.printStackTrace();
        }
        return employee;
    }

    public Employee getEmployeeProfile_BACKUP(WebSession webSession, int i, int i2) throws UnauthorizedException {
        Employee employee = null;
        try {
            try {
                PreparedStatement prepareStatement = WebSession.getConnection(webSession).prepareStatement("SELECT * FROM employee WHERE userid = ?", 1004, 1007);
                prepareStatement.setInt(1, i2);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    employee = new Employee(executeQuery.getInt("userid"), executeQuery.getString("first_name"), executeQuery.getString("last_name"), executeQuery.getString(GoatHillsFinancial.SSN), executeQuery.getString("title"), executeQuery.getString("phone"), executeQuery.getString(GoatHillsFinancial.ADDRESS1), executeQuery.getString(GoatHillsFinancial.ADDRESS2), executeQuery.getInt("manager"), executeQuery.getString("start_date"), executeQuery.getInt(GoatHillsFinancial.SALARY), executeQuery.getString(GoatHillsFinancial.CCN), executeQuery.getInt("ccn_limit"), executeQuery.getString("disciplined_date"), executeQuery.getString("disciplined_notes"), executeQuery.getString("personal_description"));
                }
            } catch (SQLException e) {
                webSession.setMessage("Error getting employee profile");
                e.printStackTrace();
            }
        } catch (Exception e2) {
            webSession.setMessage("Error getting employee profile");
            e2.printStackTrace();
        }
        return employee;
    }
}
