Comment

htdocs/core/lib/security.lib.php

@@ -109,6 +109,7 @@ function dolGetRandomBytes($length)
 /**
  *	Encode a string with a symetric encryption. Used to encrypt sensitive data into database.
  *  Note: If a backup is restored onto another instance with a different $dolibarr_main_instance_unique_id, then decoded value will differ.
+ *  This function is called for example by dol_set_const() when saving a sensible data into database configuration table llx_const.
  *
  *	@param   string		$chain		string to encode
  *	@param   string		$key		If '', we use $dolibarr_main_instance_unique_id

htdocs/core/login/functions_openid.php

@@ -20,6 +20,9 @@
  *      \file       htdocs/core/login/functions_openid.php
  *      \ingroup    core
  *      \brief      Authentication functions for OpenId mode
+ *
+ *     This authentication method is based on "OpenID v2" and is deprecated.
+ *     Use instead the method "OpenID Connect".
  */
 
 include_once DOL_DOCUMENT_ROOT.'/core/class/openid.class.php';

htdocs/core/login/functions_openid_connect.php

@@ -96,6 +96,7 @@ function check_user_password_openid_connect($usertotest, $passwordtotest, $entit
 				if ($resql) {
 					$obj = $db->fetch_object($resql);
 					if ($obj) {
+						// TODO I think we can remove this because this is done now natively by core after calling check_user_password_openid_connect()
 						$now = dol_now();
 						if ($obj->datestartvalidity && $db->jdate($obj->datestartvalidity) > $now) {
 							// Load translation files required by the page