A couple of issues

[CodesInChaos]

IV

Y coodinate's SHA256 hash will be the 256 bit IV for the AES256 block cipher.

1. AES-256 has 128 bit blocks, so the IV is at most 128 bits. Rijndael supports 256 bit blocks, but that's no longer AES. So either you're not using AES, or you're not using a 256 bit IV.
2. Using the Y coordinate of the shared secret is a bit annoying, sometimes it's convenient to only compute the X coordinate. IVs aren't secret either, so you can just as easily choose a random one and store it in front of the message
3. You don't need an IV in the first place if you have single-use 256 bit keys.

   Unspecified mode

You also forgot to specify which mode you use for encryption. ECB, CBC, CTR etc.

No MAC

Without a MAC, your data isn't protected against an active attacker. This is surprisingly dangerous, for example it enables padding oracle attacks.

Use a MAC, either as part of an existing authenticated encryption scheme, or as part of an encrypt-then-mac scheme (not the other way round!). MAC verification must be constant time, else you'll enable timing attacks.

[LaySoft]

Thanks for your comments!

Sorry, i don't know the AES-256 and Rijndael-256 is not the same. I choose Rijndael-256 because it is strong enough, and supported in PHP mcrypt extension. Because the keys only use once, i will rewrite the code without using IV, as you mentioned.

The block cipher mode is CTR, as you see in the code. I will indicate it in the documentation.

Now i'm using SHA-512 algorithm for hashing the message. You suggest me simply change this to HMAC SHA-512? What will be the secret key for the HMAC function? And how can i know this secret key on the verification side?