From e99d25cf875876a34fb2de7e9de2d7ab8f80552d Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 13 Apr 2023 23:21:05 +0200
Subject: [PATCH] Comment

---
 htdocs/core/lib/security.lib.php               | 1 +
 htdocs/core/login/functions_openid.php         | 3 +++
 htdocs/core/login/functions_openid_connect.php | 1 +
 3 files changed, 5 insertions(+)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 3c9ca5e34d9..023f8ebafba 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -109,6 +109,7 @@ function dolGetRandomBytes($length)
 /**
  *	Encode a string with a symetric encryption. Used to encrypt sensitive data into database.
  *  Note: If a backup is restored onto another instance with a different $dolibarr_main_instance_unique_id, then decoded value will differ.
+ *  This function is called for example by dol_set_const() when saving a sensible data into database configuration table llx_const.
  *
  *	@param   string		$chain		string to encode
  *	@param   string		$key		If '', we use $dolibarr_main_instance_unique_id
diff --git a/htdocs/core/login/functions_openid.php b/htdocs/core/login/functions_openid.php
index 4ff7576e934..d45819cf039 100644
--- a/htdocs/core/login/functions_openid.php
+++ b/htdocs/core/login/functions_openid.php
@@ -20,6 +20,9 @@
  *      \file       htdocs/core/login/functions_openid.php
  *      \ingroup    core
  *      \brief      Authentication functions for OpenId mode
+ *
+ *     This authentication method is based on "OpenID v2" and is deprecated.
+ *     Use instead the method "OpenID Connect".
  */
 
 include_once DOL_DOCUMENT_ROOT.'/core/class/openid.class.php';
diff --git a/htdocs/core/login/functions_openid_connect.php b/htdocs/core/login/functions_openid_connect.php
index 0db79a506ea..b1980b3419f 100644
--- a/htdocs/core/login/functions_openid_connect.php
+++ b/htdocs/core/login/functions_openid_connect.php
@@ -96,6 +96,7 @@ function check_user_password_openid_connect($usertotest, $passwordtotest, $entit
 				if ($resql) {
 					$obj = $db->fetch_object($resql);
 					if ($obj) {
+						// TODO I think we can remove this because this is done now natively by core after calling check_user_password_openid_connect()
 						$now = dol_now();
 						if ($obj->datestartvalidity && $db->jdate($obj->datestartvalidity) > $now) {
 							// Load translation files required by the page