Create separate pages. Reset links(when users are not logged in) usually use a unique GET value. When the user asks for a link to be sent to them, a value is inserted into the database. When a person visits the reset page, the server will check the GET value entered into the URL. If the GET value matches a unique value that is in the database, then the person is given the opportunity to put in a new password. The unique values in databases are usually set to expire pretty quickly. This prevents people from using brute force to reset someone else's password.
You don't want to mix the above with a simple password change that is initiated when a user is logged in.