Use PDO and prepared statements to prevent SQL injections. But if you plan to use mysql, ensure data security by using the required functions to sanitize data.
to rename files, that is trivial as you can assign names to the files during storage through the $_FILES. You just get the current files name and use strtolower
Just remember to never store passwords in plaintext and use salts - for security off course.