Web page/MySQL: web page is used only for hosting MySQL with two tables (one for log sensor, one for log activity). You should prepare SQL statements to setup database, tables, secutrity.
ATmega(328): microcontroller reads every second thermal sensor, controls relay and LED. Data is saved (1s) on SD card and every minute copied on web server hosted (24/7). If user demands, ATmega can also connect to MySQL to get historical readings of sensor. I expect code for program to use ISP.
Mobile phone(Android 2.3+): has installed your application with information of thermal sensor received from ATmega. Though application user can switch on/off relay on ATmega and with bar set LED illumination. Code for installation file.
Communication (ATmega—MySQL): encrypted very secured Internet connection
Communication (ATmega—mobile phone): encrypted very secured Internet connection (using passwords and ID generated from phone serial number and confirmed latter in code of ATmega). Every time, when application is active, it automatically connects to ATmega microcontroller via Bluetooth, WiFi or Internet (in that order of availability).
ATmega checks every attempt to log onto it. If ID is confirmed, than it allows connection, otherwise denies it and saves ID in TXT file on SD card and later on MySQL. ID of mobile phone to be accepted, I have to enter ID into assembler and reprogram controller once again. There must ne no other way to log control microcontroller.