Subsequent fixes after major changes for PDO

submit.php

@@ -132,15 +132,16 @@ if (isset($_POST['add'])) {
             break;
 
         case ("assetclassgroup") :
-            $name = sanitize($_POST['assetclassgroup_name']);
-            $color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color'])));
+            $name = sanitize($_POST['acg_name']);
+            $color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color'])));
+            $desc = sanitize($_POST['acg_description']);
 
             $sql = "INSERT INTO assetclassgroup
-                        (assetclassgroup_name, assetclassgroup_color)
+                        (assetclassgroup_name, assetclassgroup_color, assetclassgroup_description)
                     VALUE
-                        (?, ?)";
+                        (?, ?, ?)";
             $sth = $dbh->prepare($sql);
-            $sth->execute([$name, $color]);
+            $sth->execute([$name, $color, $desc]);
 
             header_location("assetclassgroupview.php?assetclassgroup_id=" . $dbh->lastInsertId());
             break;
@@ -554,17 +555,18 @@ if (isset($_POST['edit'])) {
             break;
 
         case ("assetclassgroup") :
-            $assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
-            $assetclassgroup_name = sanitize($_POST['assetclassgroup_name']);
-            $assetclassgroup_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color'])));
+            $acg_id = sanitize($_POST['acg_id']);
+            $acg_name = sanitize($_POST['acg_name']);
+            $acg_desc = sanitize($_POST['acg_description']);
+            $acg_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color'])));
 
             $sql = "UPDATE assetclassgroup SET
-                        assetclassgroup_name=?, assetclassgroup_color=?
+                        assetclassgroup_name=?, assetclassgroup_color=?, assetclassgroup_description=?
                     WHERE assetclassgroup_id=?";
             $sth = $dbh->prepare($sql);
-            $sth->execute([$assetclassgroup_name, $assetclassgroup_color, $assetclassgroup_id]);
+            $sth->execute([$acg_name, $acg_color, $acg_desc, $acg_id]);
 
-            header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id);
+            header_location("assetclassgroupview.php?assetclassgroup_id=" . $acg_id);
             break;
 
         case ("location") :
@@ -672,10 +674,11 @@ if (isset($_POST['edit'])) {
 
             $userpass = $sth->fetchColumn();;
 
-            if (!strcmp(md5($currentpass), $userpass)) {
-                if (!strcmp($user_newpass1, $user_newpass2)) {
+            if (password_verify($currentpass, $userpass)) {
+                if (!strcmp($newpass1, $newpass2)) {
                     $sth = $dbh->prepare("UPDATE user SET user_pass=? WHERE user_id=?");
-                    $sth->execute([md5($user_newpass1), $user_id]);
+                    $newhash = password_hash($newpass1, PASSWORD_BCRYPT);
+                    $sth->execute([$newhash, $user_id]);
                     header_location("options.php");
                 }
             }