I would first forget about even thinking about making a mobile app. Just focus on developing a website that is mobile friendly. That will be much easier than trying to learn and create the app software for both android and IOS. You could then look at something like phonegap to do the heavy lifting of making the mobile app.
Learning programming languages, IMO, isn't terribly hard. They are fairly similar (at least within paradigms).
Single page apps (SPAs) are the hot stuff right now. So I would recommend brushing up on javascript and some of the libraries/frameworks available. In particular, angular and react are two of the more "hyped" frameworks and libraries out there. Angular is more of an "everything you need is in the framework" while react is more of a "grab the stuff you need when you need them" sort of work flow. Angular just recently released a complete rewrite in the form of Angular 2, however, angular 1 has been around for quite a while now.
For backend stuff. You'll see a pretty large following of people that are pushing for javascript everywhere. Expect to see a lot of people recommending javascript in the frontend as a framework and the backend as a nodejs server. Personally, I still like a good statically typed language for my backend. Due to my current employment, I currently favor a Java Rest backend (ole reliable). Java was practically built to be a server and it fits that role really well. Other languages that might tickle your fancy include C#, F#, Scala, Go, or Dart.
IMO, PHP is on its way out of the web dev environment. It is pretty much only around now because of inertia and not because it has any technical merits that make it great for that sort of thing. Python, Ruby, or Javascript would, IMO, fill that role better.
For an SQL server. Postgres is the hot stuff right now. MySQL lost a lot of favor when it was bought by Oracle. There are several No-SQL databases out there, but I don't think they should be considered. The only exception to that is if you are looking at a host like Google's App engine and you want to use their solution (DataStore) or the similar on the various app hosting service providers (microsoft, Amazon, DigitalOcean, etc).
Speaking of javascript. I would really strongly suggest looking at getting a build setup going. Javascript has advanced much quicker than the browsers have, as a result you pretty much need to have some ES6->ES5 translation layer going on (Babel is the hot stuff for this right now). Popular systems are Gulp and Webpack. However, Jspm is an up and coming manager that I quite fancy (it is especially nice for React SPAs. It has a very pleasing development experience). It pretty much is a "get out of your way" sort of package management system.
If you don't want to do a javascript SPA, which is totally acceptable (though, perhaps not trendy at this point). There are several frameworks for just about every language out there. Everything from Cake, ruby on rails, Flask, Django, and Play for Java. It just depends on what you want to do.
I would strongly recommend learning how to do security correctly before starting. It is really easy in any language to introduce security vulnerabilities unknowingly. OWASP provides some good training around there on what to do and what not to do. I would strongly suggest looking into it before starting. As well, user authentication is very tricky to get right, I would strongly suggest that you instead use an oath2 service from Google/Facebook/Microsoft/twitter (or all 4). Let the big guns figure out how to correctly authenticate and store passwords. After all, you don't want to be another news clipping of "service xyz leaked out 100000 passwords today". You really need to get authentication right from the start, it is really hard to reverse course it if you get it wrong.
Finally, make sure you know how to database correctly . Read up on data normalization and structuring. Learn about indexes, what they are, how they work, when to apply them. You'll also want to understand what SQL injection is and how to avoid it.
And sorry if I've overwhelmed you a little. There is a lot that goes into setting up modern webapps correctly and there is a lot that could go wrong. If you are going to store and present user credentials, you want to be extra vigilant about how that is stored and access. You owe it to your users to treat their data as if it were sacred.