<%@ page contentType="text/html; charset=ISO-8859-1" language="java" import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl" errorPage="" %> <% WebSession webSession = ((WebSession)session.getAttribute("websession")); Employee employee = (Employee) session.getAttribute("RoleBasedAccessControl." + RoleBasedAccessControl.EMPLOYEE_ATTRIBUTE_KEY); //int myUserId = webSession.getUserIdInLesson(); %>
Welcome Back <%=webSession.getUserNameInLesson()%> - View Profile Page
First Name: <%=(employee == null ? "unknown" : employee.getFirstName())%> Last Name: <%=(employee == null ? "unknown" : employee.getLastName())%>
Street: <%=(employee == null ? "unknown" : employee.getAddress1())%> City/State: <%=(employee == null ? "unknown" : employee.getAddress2())%>
Phone: <%=(employee == null ? "unknown" : employee.getPhoneNumber())%> Start Date: <%=(employee == null ? "unknown" : employee.getStartDate())%>
SSN: <%=(employee == null ? "unknown" : employee.getSsn())%> Salary: <%=(employee == null ? "unknown" : employee.getSalary())%>
Credit Card: <%=(employee == null ? "unknown" : employee.getCcn())%> Credit Card Limit: <%=(employee == null ? "unknown" : employee.getCcnLimit())%>
Comments: <%=(employee == null ? "unknown" : employee.getPersonalDescription())%>
Disciplinary Explanation: Disc. Dates: <%=(employee == null ? "unknown" : employee.getDisciplinaryActionDate())%>
<%=(employee == null ? "unknown" : employee.getDisciplinaryActionNotes())%>
Manager: <%=(employee == null ? "unknown" : employee.getManager())%>
<% if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.LISTSTAFF_ACTION)) { %>
">
<% }%> 		<% if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.EDITPROFILE_ACTION)) { %>
">
<% } %> 		<% if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.DELETEPROFILE_ACTION)) { %>
">
<% } %>