So story goes, Ive recently started hashing user passwords to protect access, but have come to a bit of a problem in that if a user forgets their password, Im unable to retrieve it for them, because all I have is the salted-md5 hash?
You need to understand that a salted hash is irreversible (without the original text and salt). Thats the point of it.
You either need to generate them a new password and send it to them or give them access to a reset password page on your site.
By the reset password page, I mean you need to send them a link with a unique code only for them. I also set a cookie with another random string and compare the two with the database entry. If they match then they put in their new password.