This is how I would let a user login again, after she lost her password:

If it is you, who requested your password to be reset, click this link <yoursite.com/forgotten/3ttnjwnt32t> to reset it. The "3ttnjwnt32t" string is only mentioned in the letter, you save

password resets: