Sounds like you are setting their password to equal their userid but that the code used to do this is being executed after ADDT runs the query to see if the username and password combination are in the table. They aren't (because your code hasn't executed yet), then after ADDT's query comes back with invalid password, your code runs and the password is then set to your userid. Now when you click the second time, the password is set and it works.
Not sure why you would want someone to gain access only with a userid. This seems to be a security risk. Someone can put in anyone's userid (they are easy to figure out), and masquerade as that user.
If you are doing even minor things, like sending email messages, it could be embarassing if they log in as someone else.
in this case we want to keep the barrier as low as possible. Is there a way to get around the password field?
If the password field will never be used, just make it a hidden field and set the initial value to NULL, or some literal. Then in your database, set the default value of the field to be the same, NULL or some literal. They will always equal and you can automatically pass the password check. A literal may be easier. If you use NULL, be aware that the value actually sent by the screen in the transaction may be blank, not NULL.
You can display the value of the field by coding an echo statement followed by an exit statement in PHP and placing it in your code:
This will display the value on your screen and then halt any further processing, but you probably know all of this.