You can have the user enter their own password so long as you can identify the user and confirm that they are updating their password.
When do you encrypt the password and what is the value in the email that you have for the password? If the user is entering the password then the unencrypted version should be in the posted password element. You can reference this value directly in the email or save it to a session variable first then reference it in the email.
You still want to ensure that you store the password in the db encrypted though. Post back with the pages in question if you have any further trouble with this.