Yeah I know that. But if I send them a new password, I will have had to update it in the database so they can login with it in order to change it back to something they like.

The problem is though, anyone could enter another users email and then that users password would be changed without them wanting it to be.