What you need to do is store an "expiry date" in your DB along with the password. When the user signs or changes his password up you set it to the current date plus the validity period - 3 months in this case.
When the user logs in, you check the expiry date, and behave appropriately.
But ... it may be a very poor idea to bother adding this feature as it provides no significant increase in security, and can actually lower real security while falsely raising the impression of security:
Time for Password Expiration to Die | SANS Security Awareness[
^]
Much more important is how you store a password than how long it lasts!