diff --git a/model/PFASmarty.php b/model/PFASmarty.php
index da8d35dc..adfe0d07 100644
--- a/model/PFASmarty.php
+++ b/model/PFASmarty.php
@@ -58,6 +58,20 @@ class PFASmarty
         $this->configureTheme('');// default to something.
     }
 
+
+    /**
+     * get relative path to css etc. based on permissions (user vs. admin)
+     * Note: this function only works after login
+     */
+    public function getRelPath()
+    {
+        if (authentication_has_role('user')) {
+            return '../';
+        } else {
+            return '';
+        }
+    }
+
     /**
      * @param string $rel_path - relative path for referenced css etc dependencies - e.g. users/edit.php needs '../' else, it's ''.
      */
diff --git a/public/users/app-passwords.php b/public/users/app-passwords.php
index f46d596e..f5fbe2d1 100644
--- a/public/users/app-passwords.php
+++ b/public/users/app-passwords.php
@@ -29,7 +29,7 @@
 require_once('../common.php');
 
 $smarty = PFASmarty::getInstance();
-$smarty->configureTheme('../');
+$smarty->configureTheme($smarty->getRelPath());
 
 $username = authentication_get_username();
 $pPassword_text = "";
diff --git a/public/users/totp-exceptions.php b/public/users/totp-exceptions.php
index fe690ddf..db56864c 100644
--- a/public/users/totp-exceptions.php
+++ b/public/users/totp-exceptions.php
@@ -30,7 +30,7 @@
 require_once(__DIR__ . '/../common.php');
 
 $smarty = PFASmarty::getInstance();
-$smarty->configureTheme('../');
+$smarty->configureTheme($smarty->getRelPath());
 
 $username = authentication_get_username();
 list($local_part, $domain) = explode('@', $username);
diff --git a/public/users/totp.php b/public/users/totp.php
index 22df77f7..e2c6188e 100644
--- a/public/users/totp.php
+++ b/public/users/totp.php
@@ -27,7 +27,7 @@
 require_once('../common.php');
 
 $smarty = PFASmarty::getInstance();
-$smarty->configureTheme('../');
+$smarty->configureTheme($smarty->getRelPath());
 
 $username = authentication_get_username();
 $pPassword_password_current_text = "";