--- cacti-0.8.6b/auth_changepassword.php	2004-10-06 22:20:35.000000000 -0400
+++ cacti-0.8.6b-new/auth_changepassword.php	2004-11-27 21:51:43.000000000 -0500
@@ -44,6 +44,11 @@
 		
 		/* ok, at the point the user has been sucessfully authenticated; so we must
 		decide what to do next */
+
+		/* if no console permissions show graphs otherwise, pay attention to user setting */
+		$realm_id = $user_auth_realm_filenames["index.php"];
+
+		if (sizeof(db_fetch_assoc("select user_auth_realm.realm_id from user_auth_realm where user_auth_realm.user_id = '" . $_SESSION["sess_user_id"] . "' and user_auth_realm.realm_id = '" . $realm_id . "'")) > 0) {
 		switch ($user["login_opts"]) {
 			case '1': /* referer */
 				header("Location: " . $_POST["ref"]); break;
@@ -52,8 +57,11 @@
 			case '3': /* default graph page */
 				header("Location: graph_view.php"); break;
 		}
-		
+		}else{
+			header("Location: graph_view.php"); 
+		}
 		exit;
+
 	}else{
 		$bad_password = true;
 	}