Rather than correct your script, it might help if you explain exactly what you are trying to do.
What is the user name? Is that a login account name or one that you create on your own.
What is the password. There's not FileMaker function for revealing the password so you must again be creating a password somewhere.
Playing with this a bit I take it to mean
* you have a table of usernames and passwords.
* You want to accept the user entry for username and password, look that up in the table, and if found allow access to another pat of the database.
* This works for you now *If* the user enters username and password correctly.
* It, however fails (grants un-approved access) if the user provides only user name *or* password.
* This is because the find for username without password returns 1 (instead of zero) username/password records.
* The fundamental solution is to include "==" (no quotes) in front of the user input for both username and password fields.
* Your current solution would also fail if the user just entered the first few characters of the username or password
I have a sample (incomplete in terms of full security, but enough to point the way) example I uploaded here:
I use global fields for user entry of username/password, then copy "==" & globals into the search fields
Best of luck,