Merge branch 'ent-4953-local-admin-nunca-prueba-remotos-meta' into 'develop'

Force try remote before falling back to local if admin user

See merge request artica/pandorafms!3715

pandora_console/include/auth/mysql.php

@@ -68,28 +68,38 @@ $config['admin_can_make_admin'] = true;
 
 
 /**
- * process_user_login accepts $login and $pass and handles it according to current authentication scheme
+ * Process_user_login accepts $login and $pass and handles it according to
+ * current authentication scheme.
  *
- * @param string  $login
- * @param string  $pass
- * @param boolean $api
+ * @param string  $login Login.
+ * @param string  $pass  Pass.
+ * @param boolean $api   Api.
  *
- * @return mixed False in case of error or invalid credentials, the username in case it's correct.
+ * @return mixed False in case of error or invalid credentials, the username in
+ * case it's correct.
  */
 function process_user_login($login, $pass, $api=false)
 {
-    global $config, $mysql_cache;
+    global $config;
 
-    // Always authenticate admins against the local database
-    if (strtolower($config['auth']) == 'mysql' || is_user_admin($login)) {
+    // 1. Try remote.
+    if (strtolower($config['auth']) != 'mysql') {
+        $login_remote = process_user_login_remote(
+            $login,
+            io_safe_output($pass),
+            $api
+        );
+    } else {
+        $login_remote = false;
+    }
+
+    // 2. Try local.
+    if ($login_remote === false
+        && ($config['fallback_local_auth'] || is_user_admin($login))
+    ) {
         return process_user_login_local($login, $pass, $api);
     } else {
-        $login_remote = process_user_login_remote($login, io_safe_output($pass), $api);
-        if ($login_remote == false && $config['fallback_local_auth']) {
-            return process_user_login_local($login, $pass, $api);
-        } else {
-            return $login_remote;
-        }
+        return $login_remote;
     }
 
     return false;