Is This Login Algoritm Secure For an MMO?

Hello, I am attempting to create a small online game in Unity much like minecraft which allows people to host their servers, but all validation is done on a central server. Since I'm struggling and don't know anything of PHP and HTTPS, I'm thinking of using a game build just as Authentification Server (with just a console) and then if everything is validated, it passes a token for the user to login in any playermade/gamemade servers (game build itself).

I'm thinking about sending information back and forth using ClientRPC/Commands using encryption. My algoritm right now is:

1. Player sends hashed user id

2. Server looks up if user exists, if so, it generates a SESSIONSALT, encrypts using hashed user password as key and sends it to user.

3. User sends hash user + hash(SESSIONSALT + hash (pass + salt)) and sends it to server

4. Server checks login and if successful sends a login token with: sessionTime, IP, Mac and hardwareSerials, username

What are the main vulnerabilities in such fashion? Is it acceptable security in an MMO?? In case not, can anyone point me somewhere to get me started in PHP (I tried multiple videos but none seems to be using secure methods)???