diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index 9b2098b878..d023c616ac 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,12 @@
+2008-10-14  Esteban Sanchez  <estebans@artica.es>
+
+	* operation/reporting/reporting_viewer.php,
+	operation/reporting/custom_reporting.php: Fixed checking of private
+	reports.
+
+	* operation/reporting/custom_reporting.php: Do not show reports that
+	user can not see.
+
 2008-10-13  Sancho Lerena  <slerena@artica.es>
 	
 	* agent_disk_conf_editor.php: Now load enterprise code
diff --git a/pandora_console/operation/reporting/custom_reporting.php b/pandora_console/operation/reporting/custom_reporting.php
index d934e999d9..ba1e088102 100644
--- a/pandora_console/operation/reporting/custom_reporting.php
+++ b/pandora_console/operation/reporting/custom_reporting.php
@@ -53,6 +53,10 @@ $table->align[3] = 'center';
 $table->data = array ();
 
 foreach ($reports as $report) {
+	if ($report['private'] && ($report['id_user'] != $config['id_user'] && ! dame_admin ($config['id_user']))) {
+		continue;
+	}
+	
 	$data = array ();
 	
 	$data[0] = $report['name'];
diff --git a/pandora_console/operation/reporting/reporting_viewer.php b/pandora_console/operation/reporting/reporting_viewer.php
index ea4ed22a6b..268840d077 100644
--- a/pandora_console/operation/reporting/reporting_viewer.php
+++ b/pandora_console/operation/reporting/reporting_viewer.php
@@ -42,7 +42,8 @@ if (! give_acl ($config['id_user'], $report['id_group'], "AR")) {
 require ("include/functions_reporting.php");
 
 /* Check if the user can see the graph */
-if ($report['id_user'] != $config['id_user'] && ! dame_admin ($config['id_user']) && ! $report['private']) {
+if ($report['private'] && ($report['id_user'] != $config['id_user'] && ! dame_admin ($config['id_user']))) {
+	include ("general/noaccess.php");
 	return;
 }
 
diff --git a/pandora_console/operation/reporting/reporting_xml.php b/pandora_console/operation/reporting/reporting_xml.php
index 015028d1d0..2ec6e02eff 100644
--- a/pandora_console/operation/reporting/reporting_xml.php
+++ b/pandora_console/operation/reporting/reporting_xml.php
@@ -59,39 +59,37 @@ if (isset ($_GET["direct"]))  {
 	
 	$nick = get_parameter ("nick");
 	$pass = get_parameter ("pass");
-        
-	// Connect to Database
-        $sql = sprintf("SELECT `id_usuario`, `password` FROM `tusuario` WHERE `id_usuario` = '%s'",$nick);
-        $row = get_db_row_sql ($sql);
-                        
-        // For every registry
-        if ($row !== false) {
-                if ($row["password"] == md5 ($pass)) {
-                        // Login OK
-                        // Nick could be uppercase or lowercase (select in MySQL
-                        // is not case sensitive)
-                        // We get DB nick to put in PHP Session variable,
-                        // to avoid problems with case-sensitive usernames.
-                        // Thanks to David Muñiz for Bug discovery :)
-                        $nick = $row["id_usuario"];
-                        update_user_contact ($nick);
-                        $_SESSION['id_usuario'] = $nick;
-                        $config['id_user'] = $nick;
-                        unset ($_GET['pass'], $pass);
-                } else {
-                        // Login failed (bad password) 
-                        echo "Logon failed";
-                        audit_db ($nick, $_SERVER['REMOTE_ADDR'], "Logon Failed",
-                                  "Incorrect password: " . $nick);
-                        exit;
-                }
-        } else {
-                // User not known
-                echo "Logon failed";
-                audit_db ($nick, $_SERVER['REMOTE_ADDR'], "Logon Failed",
-                          "Invalid username: " . $nick);
-                exit;
-        }
+	
+	$sql = sprintf("SELECT `id_usuario`, `password` FROM `tusuario` WHERE `id_usuario` = '%s'",$nick);
+	$row = get_db_row_sql ($sql);
+	
+	// For every registry
+	if ($row !== false) {
+		if ($row["password"] == md5 ($pass)) {
+			// Login OK
+			// Nick could be uppercase or lowercase (select in MySQL
+			// is not case sensitive)
+			// We get DB nick to put in PHP Session variable,
+			// to avoid problems with case-sensitive usernames.
+			// Thanks to David Muñiz for Bug discovery :)
+			$nick = $row["id_usuario"];
+			update_user_contact ($nick);
+			$_SESSION['id_usuario'] = $nick;
+			$config['id_user'] = $nick;
+			unset ($_GET['pass'], $pass);
+		} else {
+			// Login failed (bad password) 
+			echo "Logon failed";
+			audit_db ($nick, $_SERVER['REMOTE_ADDR'], "Logon Failed",
+					  "Incorrect password: " . $nick);
+			exit;
+		}
+	} else {
+		// User not known
+		echo "Logon failed";
+		audit_db ($nick, $_SERVER['REMOTE_ADDR'], "Logon Failed", "Invalid username: " . $nick);
+		exit;
+	}
 
 } else {
 	require_once ("include/config.php");
@@ -118,7 +116,7 @@ if (! give_acl ($config['id_user'], $report['id_group'], "AR")) {
 }
 
 /* Check if the user can see the graph */
-if ($report['id_user'] != $config['id_user'] && ! dame_admin ($config['id_user']) && ! $report['private']) {
+if ($report['private'] && ($report['id_user'] != $config['id_user'] && ! dame_admin ($config['id_user']))) {
 	return;
 }