package instructor;

import java.sql.PreparedStatement;
import java.sql.SQLException;
import org.owasp.webgoat.plugin.GoatHillsFinancial.GoatHillsFinancial;
import org.owasp.webgoat.plugin.GoatHillsFinancial.LessonAction;
import org.owasp.webgoat.plugin.sqlinjection.LoginSqlInjection;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/sql-injection-1.0.jar:instructor/Login_i.class */
public class Login_i extends LoginSqlInjection {
    public Login_i(GoatHillsFinancial goatHillsFinancial, String str, String str2, LessonAction lessonAction) {
        super(goatHillsFinancial, str, str2, lessonAction);
    }

    @Override // org.owasp.webgoat.plugin.sqlinjection.LoginSqlInjection
    public boolean login(WebSession webSession, String str, String str2) {
        boolean z = false;
        try {
            try {
                PreparedStatement prepareStatement = WebSession.getConnection(webSession).prepareStatement("SELECT * FROM employee WHERE userid = ? and password = ?", 1004, 1007);
                prepareStatement.setString(1, str);
                prepareStatement.setString(2, str2);
                if (prepareStatement.executeQuery().first()) {
                    setSessionAttribute(webSession, getLessonName() + ".isAuthenticated", Boolean.TRUE);
                    setSessionAttribute(webSession, getLessonName() + "." + GoatHillsFinancial.USER_ID, str);
                    z = true;
                }
            } catch (SQLException e) {
                webSession.setMessage("Error logging in");
                e.printStackTrace();
            }
        } catch (Exception e2) {
            webSession.setMessage("Error logging in");
            e2.printStackTrace();
        }
        return z;
    }
}
