Good things to keep in mind: length + complexity.
At least one lower case
At least one upper case
At least one special character
At least x characters (8 sounds sufficient) excluding spaces
No repeating characters (3x characters or numbers in a row; I'd let them get away with 2x, but I don't think there's any "word" that conatains 3x).
There are many more other things that can be done. No dictionary words, no "like" word replacements (and = &, to = 2, etc, late = l8). Password phrases would be easy: minimum characters: 25.
Average users will not appreciate the pass phrases. Despite being a lot better and typically much easier to remember.
OO would only benefit by writing wrappers. So the ruleset can be refined by adding more filters to perform a specific task to check. Procedural can do that as well with functions. But the OO implementation is the same basic logic flow as that of the procedural code.
header('HTTP/1.1 420 Enhance Your Calm');