I am not sure, how they are doing it. Different people can have different approaches. One strategy could be add another field in your users table as PASSWORD_UPDATED boolean. When the user registers for the first time mark it as false. Once the user updates his/her password mark it as true. If the user again tries to reset password you check that password_updated field is true you won't allow to update. Set it false again only when you are sending another mail to reset password.
This is just my thought, there might be better approaches.