Custom login page, invalid activation key

How are requests for wp-login.php getting to your page? If a redirect or rewrite, sometimes important data gets dropped during rewrites, either URL parameters and/or cookie data get lost. Both of which are required to validate the reset key.

If your goal is solely to customize the login form, replicating wp-login.php isn’t an optimal approach. The recommended way to customize the login page is to simply call wp_login_form() from a template. The form can be styled any way you like. It can be part of header or sidebar templates, or you could make a custom page template that outputs a dedicated login page. The related login functionality still passes through wp-login.php, but users rarely see its output. They normally only interact with your login form. See Make a Custom Login Page.

You can instead customize the default wp-login.php to some extent. In many cases this is adequate and more reliable than completely custom forms. Scroll up from the previous link destination to see the other customizing options available through the default login form.

Mainly I would like the login page to be embed in the whole template style so that it shows the header and footer as well. I took the wp-login.php and include the code related to all cases in my custom login page and substitute actions to point to the custom login page instead of wp-login.php so there should be no request to wp-login.php. (also overriding some functions like wp_login_url and wp_logout_url)
I went thought the wp_login_form() but I changed direction when I noticed there was some issue with that as well. I might get back to that possible solution but I’d still give a try to get why it generates wrong keys.

Thanks for your help!

When you say “overriding some functions like wp_login_url and wp_logout_url” — how is that accomplished? Editing general-template.php, or using the respective filter hooks? The former is a really bad idea, the latter is just fine.

You are still better off calling wp_login_form() from a page template and leaving the login code alone. That login page’s code is frequently tweaked for security reasons. When you make your own version, you either miss out on these improvements or you need to continually monitor changes so they can be applied to your version of the page. One is a bad idea and the other a PITA. Use the page template approach and you never need to fuss with it again if you don’t want to.

I’m not trying to tell you what to do, it’s your site after all. I’m merely passing along information applicable to your situation. Do with it as you please.

Hi, I appreciate your advices. I didn’t override core files, I never do that as when I customize I pay attention to the mainstream upgrades.
In that case saying “override” it’s not fully correct, as basically I rewrote in my theme wp_login_url and wp_logout_url (maybe I could’ve used filters, but I didn’t check if I could substitute wp-login.php with my custom page in the link) in something like my_login_url my_logout_url with the same code as the original but changing the redirect link.
I’ve used wp_login_form() as it’s the cleanest and better solution but I had some issues. As first when used it, clicking on the login would actually redirect me to the wp-login.php to do the login instead of trying to login itself. That I also tried rewriting part of wp-login.php (the part which handle the action parameter) so that in the custom page I could also register and request a password reset. But as I said I had some issues. At the end I ended up by just leaving things as they are and customize the wp-login.php.
But it was interesting to dig into it, to know a bit more about the internals. Maybe I’ll come back to it as soon as I have more free time.

waves