Comment 5 for bug 42019

I changed a few bits and pieces (initialised password, put a db_go after the db_input for the mismatch question, moved the md5crypt call into the not-already-crypted else block), but otherwise this looks good and is holding up to tests. Uploaded, thanks!