1) Why do you have a second invalid HEAD after BODY?
2) What makes your form tablular data?
3) where are your LABELs and FIELDSETs?
4) If you have multiple VAR in a row, you don't need to say VAR reach and every time.
5) If you have multiple checks doing the same thing, combine them.
6) your 'reset password' isnt' a form reset, it's a submit... so make it a submit and trap onsubmit instead of onclick on the input.
7) No doctype, IE is in "quirks mode"
8) If you have to use the X-UA compatible garbage, you've done something wrong.
9) You're using tags and attributes like BGCOLOR, BORDERCOLOR and FONT that have NO business on any website written after 1997. Even your use of the LANGUAGE attribute on SCRIPT is a decade and a half out of date... Much less attributes that never actually existed like TOOLBAR.
10) variable names that actually mean something might be handy.
11) Avoid making excess variables for nothing.
12) you don't even have an action for the form, so it doesn't work without JS; which there's no reason to do since you HAVE to re-check values server-side anyways otherwise any script-kiddy can instahack you... you are checking those values again server-side and re-issuing the form on error, right?
13) what the devil are you disabling the enter key for?!?
14) You seem to be trying to use window.open to do the submit, that's LOVELY what with that being blocked in many browsers as a security risk or just plain annoying to users. When you hit your send, does modern IE pop up a little warning box at the bottom saying "window blocked"? It would for me in Opera and FF...
15) much less sending the login as GET... Security, what's that?
16) You seem to be copying values with scripting to hidden inputs for christmas knows what reason... and using the same name on multiple inputs which is outright gibberish.
17) this also seems to be run inside a scripted window.open? JS for nothing just pissing away your accessibility -- meaning the entire site construction method is "questionable" and may need a good toss.
Really your scripting is ten times the size it should be, you're hooking the wrong element for testing a submit, and your markup is a oddball mix of outdated style and broken methdologies -- that it works in ANY browser is a bit surprising. Even how you're interfacing to your server-side code is just the wrong way of doing things... Just how long have you been on this code given that it should have stopped working over a decade ago, NOT that it was EVER good practice or the proper way of doing things...
Sorry if that seems harsh, but that's the truth of the matter on this one. I would HIGHLY recommend tossing that entire mess and at the very least drag it kicking and screaming up to 1998 style practices. I really have to wonder what the devil whoever wrote that was actually thinking...
This would be an example of dragging that markup into what it should have been as of 1998...
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
content="width=device-width; height=device-height; initial-scale=1.0"
<label for="prUsername">User Name:</label>
<label for="prDoB">Date of Birth (mm/dd/yyyy):</label>
<label for="prSSN">Last 4 digits of SSN:</label>
<label for="prPassword">New Password:</label>
<label for="prPasswordVerify">Re-Enter Password:</label>
Password must be at least 8 characters, contain at least 1 number, one upper case and one lower case letter, no repeating characters, symbols, first/last name or username and <br> cannot re-use the last 8 passwords.
<input type="submit" value="Reset Password" />
<input type="button" id="prCancel" value="Cancel" />
I'll see if I can port the scripting into something less of a wreck for you too -- everything else you were doing there belongs in the CSS, not the markup.
But even with those changes, good luck interfacing it to your back-end code because, well... if the front end is this jacked up...