As others have said, don't do that. It's no more secure than storing the passwords in plain text.
As Guido suggests, it's much better to send them a link where they can set a new password. Make sure the link can only be used once, and make it timeout after a while. E.g. at work, we time the link out after 3 hours (although I'd much prefer to do so after only 15 minutes).