Hi,
I read the comment following the code and I agree on the need to better structure the password's strength evaluation method.
Since it's easy to find on the Internet sites where collections of pre-decrypted passwords are made available, I think that your evaluation scale should take in account that dictionary-style attack possibility as a base reference.
So, mixing alphabet case chars, adding numbers and special chars should be only slightly better than not doing so, but if the mix results in a common word (in any language vocabulary) than its overall score should not be high.
Let's make an example with password "common":
common: 0 points
Common: 0-1 point
C0mm0n*: 1-2 points
C0mM0n*: same as above
They all will be cracked too easily and in no time.
I see as a better approach (so higher scores) a mix of password length (not less than 8 chars, 10 is better) and mispelled word (chomon is better then common, especially if chomon is not a word in any language other than English).
Another good option would be to use a passphrase instead of a password. This will be easier to recall for the average user and will surely be long enough to resist dictionary-based and brute-force attacks. And, additionally, if they mispell one or two words in the phrase..
Ok, that's for the user. Now for us. Since we will have to store passwords in their hashed form, there's no difference from our point of view between a password and a passphrase, so why not go with the latter?
udg