package instructor;

import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import org.owasp.webgoat.plugin.GoatHillsFinancial.Employee;
import org.owasp.webgoat.plugin.GoatHillsFinancial.GoatHillsFinancial;
import org.owasp.webgoat.plugin.GoatHillsFinancial.ViewProfile;
import org.owasp.webgoat.session.UnauthorizedException;
import org.owasp.webgoat.session.WebSession;

/* JADX WARN: Classes with same name are omitted:
  input_file:WebGoat.war:plugin_lessons/cross-site-scripting-1.0.jar:instructor/ViewProfile_i.class
 */
/* loaded from: input_file:WebGoat.war:plugin_lessons/sql-injection-1.0.jar:instructor/ViewProfile_i.class */
public class ViewProfile_i extends ViewProfile {
    public ViewProfile_i(GoatHillsFinancial goatHillsFinancial, String str, String str2) {
        super(goatHillsFinancial, str, str2);
    }

    public Employee getEmployeeProfile(WebSession webSession, String str, String str2) throws UnauthorizedException {
        Employee employee = null;
        try {
            try {
                PreparedStatement prepareStatement = WebSession.getConnection(webSession).prepareStatement("SELECT employee.* FROM employee,ownership WHERE employee.userid = ownership.employee_id and ownership.employer_id = ? and ownership.employee_id = ?", 1004, 1007);
                prepareStatement.setInt(1, Integer.parseInt(str));
                prepareStatement.setInt(2, Integer.parseInt(str2));
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    employee = new Employee(executeQuery.getInt("userid"), executeQuery.getString("first_name"), executeQuery.getString("last_name"), executeQuery.getString(GoatHillsFinancial.SSN), executeQuery.getString("title"), executeQuery.getString("phone"), executeQuery.getString(GoatHillsFinancial.ADDRESS1), executeQuery.getString(GoatHillsFinancial.ADDRESS2), executeQuery.getInt("manager"), executeQuery.getString("start_date"), executeQuery.getInt(GoatHillsFinancial.SALARY), executeQuery.getString(GoatHillsFinancial.CCN), executeQuery.getInt("ccn_limit"), executeQuery.getString("disciplined_date"), executeQuery.getString("disciplined_notes"), executeQuery.getString("personal_description"));
                }
            } catch (SQLException e) {
                webSession.setMessage("Error getting employee profile");
                e.printStackTrace();
            }
        } catch (Exception e2) {
            webSession.setMessage("Error getting employee profile");
            e2.printStackTrace();
        }
        return employee;
    }
}
