From 5c56d8350e2716944a3eb5af40d96d8bc6210501 Mon Sep 17 00:00:00 2001
From: Miguel Ribeiro <k.d.mintnick@gmail.com>
Date: Mon, 23 Sep 2024 22:42:42 +0200
Subject: [PATCH] bump version. add some more restrictions on demo mode

---
 endpoints/user/save_user.php |  8 +++++---
 includes/version.php         |  2 +-
 settings.php                 | 21 ++++++++++-----------
 3 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/endpoints/user/save_user.php b/endpoints/user/save_user.php
index 0931a9510..98d156dc9 100644
--- a/endpoints/user/save_user.php
+++ b/endpoints/user/save_user.php
@@ -90,6 +90,8 @@ function update_exchange_rate($db, $userId)
     }
 }
 
+$demoMode = getenv('DEMO_MODE');
+
 $query = "SELECT main_currency FROM user WHERE id = :userId";
 $stmt = $db->prepare($query);
 $stmt->bindParam(':userId', $userId, SQLITE3_INTEGER);
@@ -244,7 +246,7 @@ function resizeAndUploadAvatar($uploadedFile, $uploadDir, $name)
         $avatar = resizeAndUploadAvatar($_FILES['profile_pic'], '../../images/uploads/logos/avatars/', $name);
     }
 
-    if (isset($_POST['password']) && $_POST['password'] != "") {
+    if (isset($_POST['password']) && $_POST['password'] != "" && !$demoMode) {
         $password = $_POST['password'];
         if (isset($_POST['confirm_password'])) {
             $confirm = $_POST['confirm_password'];
@@ -266,7 +268,7 @@ function resizeAndUploadAvatar($uploadedFile, $uploadDir, $name)
         }
     }
 
-    if (isset($_POST['password']) && $_POST['password'] != "") {
+    if (isset($_POST['password']) && $_POST['password'] != "" && !$demoMode) {
         $sql = "UPDATE user SET avatar = :avatar, email = :email, password = :password, main_currency = :main_currency, language = :language WHERE id = :userId";
     } else {
         $sql = "UPDATE user SET avatar = :avatar, email = :email, main_currency = :main_currency, language = :language WHERE id = :userId";
@@ -279,7 +281,7 @@ function resizeAndUploadAvatar($uploadedFile, $uploadDir, $name)
     $stmt->bindParam(':language', $language, SQLITE3_TEXT);
     $stmt->bindParam(':userId', $userId, SQLITE3_INTEGER);
 
-    if (isset($_POST['password']) && $_POST['password'] != "") {
+    if (isset($_POST['password']) && $_POST['password'] != "" && !$demoMode) {
         $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
         $stmt->bindParam(':password', $hashedPassword, SQLITE3_TEXT);
     }
diff --git a/includes/version.php b/includes/version.php
index 71ad0c7f5..8baed2d45 100644
--- a/includes/version.php
+++ b/includes/version.php
@@ -1,3 +1,3 @@
 <?php
-$version = "v2.24.0";
+$version = "v2.24.1";
 ?>
\ No newline at end of file
diff --git a/settings.php b/settings.php
index f3695e03b..dc9132ffc 100644
--- a/settings.php
+++ b/settings.php
@@ -59,21 +59,19 @@ class="avatar-option" data-src="images/uploads/logos/avatars/<?= $image ?>">
                     <div class="grow">
                         <div class="form-group">
                             <label for="username"><?= translate('username', $i18n) ?>:</label>
-                            <input type="text" id="username" name="username" value="<?= $userData['username'] ?>"
-                                disabled>
+                            <input type="text" id="username" name="username" value="<?= $userData['username'] ?>" disabled>
                         </div>
                         <div class="form-group">
                             <label for="email"><?= translate('email', $i18n) ?>:</label>
-                            <input type="email" id="email" name="email" value="<?= $userData['email'] ?>" required
-                                <?= $demoMode ? 'disabled title="Not available on Demo Mode"' : '' ?>>
+                            <input type="email" id="email" name="email" value="<?= $userData['email'] ?>" required>
                         </div>
                         <div class="form-group">
                             <label for="password"><?= translate('password', $i18n) ?>:</label>
-                            <input type="password" id="password" name="password" <?= $demoMode ? 'disabled title="Not available on Demo Mode"' : '' ?>>
+                            <input type="password" id="password" name="password" <?= $demoMode && !$isAdmin ? 'disabled title="Not available on Demo Mode"' : '' ?>>
                         </div>
                         <div class="form-group">
                             <label for="confirm_password"><?= translate('confirm_password', $i18n) ?>:</label>
-                            <input type="password" id="confirm_password" name="confirm_password" <?= $demoMode ? 'disabled title="Not available on Demo Mode"' : '' ?>>
+                            <input type="password" id="confirm_password" name="confirm_password" <?= $demoMode && !$isAdmin ? 'disabled title="Not available on Demo Mode"' : '' ?>>
                         </div>
                         <?php
                         $currencies = array();
@@ -943,7 +941,8 @@ class="capitalize"><?= translate('request_method', $i18n) ?>:</label>
         <div class="account-fixer">
             <div class="form-group">
                 <input type="text" name="fixer-key" id="fixerKey" value="<?= $apiKey ?>"
-                    placeholder="<?= translate('api_key', $i18n) ?>">
+                    placeholder="<?= translate('api_key', $i18n) ?>"
+                    <?= $demoMode && !$isAdmin ? 'disabled title="Not available on Demo Mode"' : '' ?>>
             </div>
             <div class="form-group">
                 <label for="fixerProvider"><?= translate('provider', $i18n) ?>:</label>
@@ -1195,7 +1194,7 @@ class="color-picker fa-solid fa-eye-dropper">
                 </div>
             </div>
             <?php
-            if (!$demoMode) {
+            if (!$demoMode || $isAdmin) {
                 ?>
                 <div>
                     <h3><?= translate('custom_css', $i18n) ?></h3>
@@ -1234,7 +1233,7 @@ class="thin"><?= $settings['customCss'] ?? "" ?></textarea>
                         <?php
                         if ($settings['convert_currency'])
                             echo ' checked';
-                        if ($apiKey == "" || $demoMode)
+                        if ($apiKey == "")
                             echo ' disabled';
                         ?>>
                     <label for="convertcurrency"><?= translate('convert_prices', $i18n) ?></label>
@@ -1299,9 +1298,9 @@ class="thin"><?= $settings['customCss'] ?? "" ?></textarea>
                 <h3><?= translate('export_subscriptions', $i18n) ?></h3>
                 <div class="form-group-inline wrap">
                     <input type="button" value="<?= translate('export_as_json', $i18n) ?>" onClick="exportAsJson()"
-                        class="secondary-button thin mobile-grow" id="export-json" <?= $demoMode ? 'disabled title="Not available on Demo Mode"' : '' ?>>
+                        class="secondary-button thin mobile-grow" id="export-json" <?= $demoMode && !$isAdmin ? 'disabled title="Not available on Demo Mode"' : '' ?>>
                     <input type="button" value="<?= translate('export_as_csv', $i18n) ?>" onClick="exportAsCsv()"
-                        class="secondary-button thin mobile-grow" id="export-csv" <?= $demoMode ? 'disabled title="Not available on Demo Mode"' : '' ?>>
+                        class="secondary-button thin mobile-grow" id="export-csv" <?= $demoMode && !$isAdmin ? 'disabled title="Not available on Demo Mode"' : '' ?>>
                 </div>
             </div>
         </div>