I've done (not saying it's the most elegant solution, but it works :P):
Send email with url like http://mysite.com/resetpwd.php?code=1234&email=hello@hi.com, with code being a hash of the user's current email and hashed password.
User clicks link, code verifies that "1234" is the hash of "hello@hi.com" and the hashed password, then shows the password reset page, making sure to add "1234" and "hello@hi.com" as parameters in the form passed to the next page. When they click enter, it sends to like http://mysite.com/resetpwd.php?code=1234&email=hello@hi.com&newpass=hellothere123
Resetpwd.php checks for $_GET['newpass'], and if found verifies again that 1234 is the hash of the user's hashed password and hello@hi.com, then resets the password.
Edit: oh, I see, you don't want to pass the verification code again...ignore this then, unless I come up with a better solution :)