You're not suppose to be able to reverse the md5 encryption. It's meant for one way encryption. The only thing you can do is assign a new password. I guess the hard part is how to make this process a secure process.
I'd do it like this: The user requests a new password (because the user forgot their password) by giving their username. An email is sent to the email address of the username that was given, saying "Someone has requested a new password for _username_. To continue, go to: http://website.tld/forgot.php?code=3d4fke" The 3d4fke code is saved, so that when the user comes to the site again with that code (which is already in the url), a new password will finally be issued. There. Simple and secure.