<%@ page contentType="text/html; charset=ISO-8859-1" language="java" import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl" errorPage="" %> <% Employee employee = (Employee) session.getAttribute("RoleBasedAccessControl." + RoleBasedAccessControl.EMPLOYEE_ATTRIBUTE_KEY); WebSession webSession = ((WebSession)session.getAttribute("websession")); // int myUserId = getIntSessionAttribute(webSession, "RoleBasedAccessControl." + RoleBasedAccessControl.USER_ID); %>
Welcome Back <%=webSession.getUserNameInLesson()%> - View Profile Page
First Name: <%=employee.getFirstName()%> Last Name: <%=employee.getLastName()%>
Street: <%=employee.getAddress1()%> City/State: <%=employee.getAddress2()%>
Phone: <%=employee.getPhoneNumber()%> Start Date: <%=employee.getStartDate()%>
SSN: <%=employee.getSsn()%> Salary: <%=employee.getSalary()%>
Credit Card: <%=employee.getCcn()%> Credit Card Limit: <%=employee.getCcnLimit()%>
Comments: <%=employee.getPersonalDescription()%>
Disciplinary Explanation: Disc. Dates: <%=employee.getDisciplinaryActionDate()%>
<%=employee.getDisciplinaryActionNotes()%>
Manager: <%=employee.getManager()%>
<% if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.LISTSTAFF_ACTION)) { %>
<% }%> 		<% if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.EDITPROFILE_ACTION)) { %>
<% } %> 		<% if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.DELETEPROFILE_ACTION)) { %>
<% } %>