FTP program that needs pin to access

nothing out of the box will do this.. you will have to roll your own.

Crap...I'm not a programmer so I may be screwed.  :(

A bit of an odd request. Are you trying to do two factor authentication for some sort of compliance?

Yes for a legal client.

Citrix Sharefile is probably what you're looking for.

My client uses this site:  https://www.tlo.com/  and they have it in place so he wants it.

How access to files is made?

Yes we need an FTP program, that we host, that has the two stage verification.

My guess is Tlo.com is using it for their website's "user login"
This would be much easier to implement for http (web authentication) than I suspect it will be for FTP

Just my opinion though

SmartFTP and Serv-U are two products that support two factor if you use SFTP.

You could also try to make use of OpenOTP and integrate it, but I figure somehow that above options would be easier.

I dont see how one could keep user partially authenticated until he receives mail.
https://tools.ietf.org/html/rfc2821#section-4.5.4.1

Can you share formal requirement?
What you describe is OTP (implemented in least secure way possible) keys generated by server software.

Look at e.g. goole or battle.net authenticators for examples of OTP

Wait....

When you say "FTP" are you looking to use this for traditional FTP (FTP client reqired)?

OR

file uploads from a webpage? (Like uploading a picture on facebook)?

It seems to me that *email* isn't a particularly good way to meet the objective.
But then, I'm no expert on this.....
Perhaps others will comment.

[It seems to me that *email* isn't a particularly good way to meet the objective]

I'd be more concerned if the emailed password was permanent

The password here appear to be single use, sent to the users email address
(I'm assuming on file) once used it's (again I'm assuming) deleted until a new password is generated on the next login

I think the issue is the *state* of the login while awaiting email to arrive.
That seems an awkward implementation.

Agreed, but that would depend on if the term "FTP" is being used correctly by the OP

If these are HTTP events then after account authentication, the user would simply be at a screen prompting for a "PIN" before he/she could continue

I see this being much easier to implement with HTTP "FTP/SFTP"

Setting this up so clients can log in and view their surveillance videos and download them.  Passwords would be changed every 30 days.  So that site I listed has it so when you key in your user name and password it then asks for a pin that changes each time you log in....they e-mail or text you the pin each time.