/** * Description of the Method * * @param s Description of the Parameter * @param user Description of the Parameter * @param method Description of the Parameter * @return Description of the Return Value * @exception Exception Description of the Exception */ protected Element makeUser(WebSession s, String user, String method) throws Exception { ElementContainer ec = new ElementContainer(); ec.addElement(new P().addElement("Welcome, " + user)); ec.addElement(new P().addElement("You have been authenticated with " + method)); ec.addElement(new P().addElement(ECSFactory.makeLink("Logout", LOGOUT, true))); ec.addElement(new P().addElement(ECSFactory.makeLink("Refresh", "", ""))); return (ec); }
/** * Description of the Method * * @param s Description of the Parameter * @return Description of the Return Value */ public Element makeList(WebSession s) { Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0); try { Connection connection = DatabaseUtilities.getConnection(s); // edit by Chuck Willis - Added logic to associate similar usernames // The idea is that users chuck-1, chuck-2, etc will see each other's messages // but not anyone elses. This allows users to try out XSS to grab another user's // cookies, but not get confused by other users scripts String query = "SELECT * FROM messages WHERE user_name LIKE ? and lesson_type = ?"; PreparedStatement statement = connection.prepareStatement( query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY); statement.setString(1, getNameroot(s.getUserName()) + "%"); statement.setString(2, getClass().getName()); ResultSet results = statement.executeQuery(); if ((results != null) && (results.first() == true)) { results.beforeFirst(); for (int i = 0; results.next(); i++) { A a = ECSFactory.makeLink(results.getString(TITLE_COL), NUMBER, results.getInt(NUM_COL)); TD td = new TD().addElement(a); TR tr = new TR().addElement(td); t.addElement(tr); } } } catch (Exception e) { s.setMessage(WebGoatI18N.get("ErrorGeneratingMessageList")); } ElementContainer ec = new ElementContainer(); ec.addElement(new H1(WebGoatI18N.get("MessageList"))); ec.addElement(t); return (ec); }