We do use BCrypt. Trying to figure out if implementing an extra layer of sending an email with a link to reset password has advantages over just sending a one time changed password.
Why don't you just send a link that includes your one time password? This will allow the user to choose a new one just clicking on the link and setting the new password, instead of going to your page, logging in and changing the password after that.
2) Don't just hash. Use bcrypt, since it's probably got a library for you to use in your language (or database) of choice: http://codahale.com/how-to-safely-store-a-password/