MD5 is a hashing routine and is not encryption, base64 however is. This means that an attacker can extremely easily decrypt the base64 string, he can not decrypt the MD5 string. What’s usually done with MD5 is either rainbow table lookup, or brute force.
Rainbow tables
Your code is atm vulnerable to this. Online you can find huge rainbow tables (terrabytes of data) with hash:plaintext combinations. An attacker could search these for your MD5 hash and potentially get a match
Brute force
An attacker could calculate MD5 hashes and look for a match. For comparison: a correctly set up Bcrypt hash would let the attacker calculate 1-4 hashes/s. With MD5 this number is more like 900.000.000 hashes/s
Just thought it would be good to know the reasoning behind it 
[hr]
If you want to get more secure with MD5 then change it to be like this:
add to config:
[php]$pepper = ‘321809Q853P6281435O74C082QjbQ59g77ECNi1i06D3Y689b36N4e32OtO82H87WEy3h3k4335G1PbXl1HY15TM25V0aPYh2Hde’;[/php]
user table, add salt column
[php]id | username | email | salt | password[/php]
when inserting users, create a random salt, ie: L6Q2n0d7OA5YZeTkXvvd
logging in:
[php]$user = db-query(‘SELECT * FROM user WHERE email = ?’);
if (!$user) {
throw new Exception(‘Invalid user’);
}
if (MD5($pepper, $user->salt, $_POST[‘submittedPassword’]) == $user->password) {
// logged in
} else {
// wrong password
}[/php]
Of course you need to save the hash using the same data, so on registration you do
[php]$password = MD5($pepper, $salt, $_POST[‘submittedPassword’]);
// save $password to db when saving user[/php]
password abc123 might be saved as
MD5(321809Q853P6281435O74C082QjbQ59g77ECNi1i06D3Y689b36N4e32OtO82H87WEy3h3k4335G1PbXl1HY15TM25V0aPYh2HdeL6Q2n0d7OA5YZeTkXvvdabc123)[/code]=[code]9c1770bdca6e1038646df278afcb71f0
[hr]
Since you’re doing a web service which requires authentication (at least for parts) we can assume the user will submit his/her username/password with the requests. Just check if the username/password is valid before running the protected functions/methods.