Ok so I have successfully set up a password reset script that when clicked on send the user a new password, now i want to expand the login system and force the user to set a new password on next login, how would i do this?

Store some sort of flag in the database for that user so the script will know that they must change their password. When a user requests a new password set it to 1. Once they update their password set it to 0. Without knowing more about your db structure it's hard to say exactly how you should create the flag (ie as a new column in the user table, as meta data, etc).

Normally, wouldn't such a script just generate a random string for the password, send it to the user, and then let the user reset it on their own if they choose to. Why do you want to force users to set a new password immediately?

Quote:

Normally, wouldn't such a script just generate a random string for the password, send it to the user, and then let the user reset it on their own if they choose to. Why do you want to force users to set a new password immediately?

From my own practice when I have had to do a password reset request, that is exactly what I do.

However to deal with the case where a script delivers a simple password to allow access and you want to give a "provide new password" page.

You could add another table with a structure of userID & password reset flag to the DB schema and check if the user is listed when they login.