how to write webservice which needs authentication - PHP

I want to write a hacking prote开发者_C百科cted web services for PHP. Can anyone give me a example how to write that? How to send the authentication headers and how to manage it in the web service?

Many Thanks,

Naveed

First. Never write your own authentication.

Second. Save yourself the pain and serve your service up using https. It opens a lot more options for authentication that are both simple and secure. OAuth 2, Client Side SSL Certificates and even plain old Basic HTTP authentication are options if you are enforcing https. Even if you're doing your own token passing, you'll probably want to do so over SSL.

If https isn't an option, you can consider earlier versions of OAuth that don't require SSL.

Personally, I use a web service to authenticate the user. This web service return the token (a randomized string).

Then the user can call other web services with their specific arguments + the token.

If the token is not valid / expired / ... => I return a message to authenticate else I return what should be returned :)

Hope this help...