need to focus it back...

To answer your question on validation Client side or Server Side? Depends on what it is. Password matching is too important to trust JavaScript with, so you need to validate it both with Javascript and a server side language. Someone says "Why use Javascript if your going to validate it with a SSL?" Well the answer is people who have JS enabled will enjoy the benefits of a quick site, while people without will have to reload the page.