I'm trying to create a login system where multiple applications are able to login using the same web service. This "web service" is just a web page written in php. Ideally, the applications could sed up the username and password to the web service, which would check the values against the encrypted database values, and then return either true or false for logged in (more than that, but you get it).
However, as you read that, you probably instantly noticed I said "send password to the web service", which is really really bad if you don't do it correctly. I don't want to send a decrypted password over get/post for obviously security reasons.
The standard and secure way is to send data over an
HTTPS connection, for that you'll need to install an
ssl certificate on your domain. SSL certificates used to cost money but in our days you can get them free at https://letsencrypt.org/