I have a surprise with which I can not cope.
Here is the code:

global $supersecret_hash_padding;
$hash = md5($_POST['new_email'].$supersecret_hash_padding);
$email = $_POST['new_email'];
$user_name = strtolower($_COOKIE['user_name']);
$password1 = $_POST['password1'];
$crypt_pass = md5($password1);
$db = new mysqli('#*$!', '#*$!', '#*$!', '#*$!');
$stmt = $db->stmt_init();
if($stmt->prepare("UPDATE `database` SET `confirm_hash` = ?, `is_confirmed` = ?, `email` = ? WHERE `password` = ? AND `user_name` = ?")) {
$stmt->bind_param('sdsss', $i, $j, $k, $l, $m);
$i = "$hash";
$j = "0";
$k = "$email";
$l = "$crypt_pass";
$m = "$user_name";
$stmt->execute();
if($stmt) { 
$encoded_email = urlencode($_POST['new_email']);
$adres1 = "$some_email";
$adres2 = "$some_email2";
$all_adresses = "$adres1, $adres2";
$subject = "Some subject";
$body = "http://mywebsite/mypage/confirm.php?hash=$hash&email=$encoded_email";
$extra_header_str = "MIME-Version: 1.0\r\n"."Content-type: text/html; charset=iso-8859-2\r\n"."From: email@test.com";
mail($all_adresses, $subject, $body, $extra_header_str);
}} else {
echo '<div style="font-family:Arial, Helvetica, sans-serif; font-size:13px; border: 1px solid; margin: 10px 10px 10px 10px; padding:15px 10px 15px 10px; background-repeat: no-repeat; background-position: 10px center; color: #D8000C; background-color: #FFBABA;">ERROR: Auth fail</div>';
printf("%s\n", $db->error);
}

The best part is that the script does not verify my password.
Whatever I type the password, script shoot an email.
In the database, e-mail address does not change.

As soon as I type the real password in the form - changes also occur in the database.
E-mail is also sent.

A little bit I do not understand, after all it is a condition where:

if($stmt) { 
// release the e-mail
} else { // when something goes wrong
// Display error message

Can somebody give me some advices what I'm doing wrong?
Thanks.