I've seen a few threads around lately saying stuff like "How do I decrypt MD5?", and the answer is always the same:

You can't

MD5, SHA, etc. are all hashing. They are not encrypted, they can not be decrypted. The reason you would use such a thing is so that hackers (in the event they get into your databases), cannot simply decrypt your user's passwords with some simple online tool. Granted there are some brute force ways of finding simple passwords hashed with stuff like MD5 (there is even a full website with thousands of hashes and their real values), but that would take forever, and with the use of a salt, impossible. A salt is basically some random letters and numbers added to the front and end of the password.

Now when you want your user to log in, all you have to do is simply salt the password, then hash it with the same formula you used in the registration process. If the two hashes are the same, the password MUST be correct. So you can now let the user in.

But say your user has forgotten their password. If I ever click that button that will help me get a new password, and it sends my actual password to my email address, I leave that service forever. They do not know what they are doing. What they should be doing is hashing my password and storing that in the database. Not encrypting it or, worse, storing it in plain text. As for the password reset function, you should generate a unique value and store that in your users row. Then send an email with a link to that unique key and on the password reset page, if they provide a correct key, username, and email, the user must be the actual user. From there all you have to do is ask for a password and store that into the database (with salting and hashing of course).