Heh, I was doing more digging around and I'm using this for my encryption

md5(sha1($password));

Good luck cracking that shit LOL. While looking around, I found that people were even going all kinds of crazy by having it re-encrypt itself like 100 times over. Kind of extreme.

But as for making the user data available to the pages & scripts, I'm not seeing any other way then to define each of the needed variables as a SESSION variable.

One way I'm thinking of doing it is like this:
On login success, the data entry updates itself with a fresh session ID code and then all that would be stored in SESSION is that ID. And then on every page (in the header) having the information loaded in to an array by polling the database for an entry with the matching SESSION ID.

My only gripe with that method is it seems like I have to do a database query on every page, which may be fine for now, but I'm thinking scalability. When I have like 1000s of pages being loaded a second by different people, is it gonna hurt my database to be running a query at the top of every page like that?

It seems like it'd be easier to just load up the basic info (user name, shopping cart contents, and avatar url)

Thoughts? I really appreciate everyone's input and help.