I ended up setting it up like this. You enter your username and email. If those both match the entry of a user, an email is sent with a randomly generated password and confirmation URL that are entered into a temp database. Once they click the confirmation URL from their email, the info from the temp database is put into the main one and the temp stuff is deleted. They can then login with the random pass they got, and edit it in their profile.