Do you have php's error_reporting set to E_ALL and display_errors set to ON (preferably in the php.ini on your development system), so that php will help you by reporting and displaying all the errors it detects? You will save a ton of time.
Next, this code is all over the place, using both mysql and mysqli statements, two different database tables, cryptic single-character variable names, all kinds of extra variables and unused variables/cookies, an error message that doesn't match what the logic is doing, and several more...
Starting with your login code, get the code to do the following basic tasks, and verify that the code works, before adding any other features to the code -
1) Start the session.
2) If the current visitor is already logged in, prevent the processing of the login form data. You would also not display the login form is the visitor is already logged in.
3) Detect that a form was submitted before referencing the form data.
4) Validate the submitted data before using it and output descriptive validation error messages when you re-display the form. Your current code is validating the hash of the password, which will never be an empty string, so someone could have submitted an empty password and your code won't tell them and it will use the hash of an empty string to try and log the user in.
5) If there are no validation errors, use the submitted email to query for the user's row in the database table.
6) Detect that the user was found in the table/that there was a row to fetch, before using the data from the sql query. Your code isn't even doing this now, just comparing the passwords.
7) Use php's password_hash() and password_verify() functions for you password hashing, rather than the md5() hash.
8) If the password verifies, store the user id in a session variable to identify who the logged in user is. You would use this session variable to determine if the current user is logged in and to query for any user data when needed. All the other values you are storing in session variables and cookies are either not needed, are not secure, and are just cluttering up the code. KISS (Keep It Simple.)
Note: you should use prepared queries to supply data values to the sql query statement. This will actually simplify the code (there's no need to have escape_string() function calls everywhere) and it makes the code more secure (if the character encoding that php is using for the escape_string() function calls is not the same as your database table's character encoding, sql injection is possible, while if you use true prepared queries, sql injection is not possible.) The php PDO extension is more straight forward and more constant to use than the mysqli extension, especially when using prepared queries. If you can, you should switch to the PDO extension.
Edit: you should also have error handling for all database statements. The easiest way of doing this, without adding logic at each statement, is to use exceptions and let php catch the exception and use the php error_reporting/display_errors/log_errors settings to control what happens with the actual error information.