PHP

Is it safe to send passwords to the server?

Hello. The bottom line is that the project is without a budget at all (I am a team leader, a designer and a programmer, and a little bit more an artist :) ) so the budget does not allow buying an ssl certificate) I use the usual http 1.0.
Sending a password goes like this:
Client part:
We get the password from the input, then immediately create the sha512 hash
Then I send the password hash and login with Ajax.
On the server side I do something like this

$data->post_gson('data');
$json = $data->result();
$login    = $json->login;
$password = $json->pass;

$pass = new pass;
$salt = $pass->salt();
$data = $password.$login.$salt.$password;
$password = $pass->sha512($data);
$password = $pass->gost($password);
$password = $pass->joaat($password);
$password = $pass->ripemd320($password);
$password = $pass->tiger192_4($password);
$password = $pass->whirlpool($password);
$password = $pass->crc32b($password);

Here, in fact, I get json, decode it and split the info into $login and $password variables
Then I generate a salt with 30 characters
Available characters

qazxswedcvfrtgbnhyujmkiolp%^*()_+-=/\][{}1234567$890QAZXSWEDCVFRTGBNHYUJMKIOLP

And I’m already salting the hash and making a hash of a different type from it :) (if they intercept the hash of the password, it’s still not as bad as an open password, and if the database is merged, they will suffer for a very long time with passwords)
Then, when authorizing, I think to do a triple hash of the login line ,id,date_reg,HTTP_USER_AGENT
then I will wrap this hash in xxtea, and then I will encode what comes out with Anubis, wrap it in base64 and write down the cookie.
What is nonsense in my decision, and what is not?