You're not going to be able to overflow EIP. That's a CPU register, and doesn't have a memory address the way variables do. As for the hack...
You now know that gets is susceptible to buffer overflows. You need to understand where your different structures/variables lie in memory and how much space they take up. The space thing is pretty easy, since a char is 1 byte and user_name has 20 of them, as does password. users has 2*20*4 of them, but it's more important to realize that you have something like (it's making me use code tags).
Code:
user_name: {" "}
password: {" "}
users:
{'r', 'o', 'o', 't', '\0'...'9', '8', '7', '6', '5', '\0'...}
{'m', 'o', 'i', '\0'...}
...
user_name comes first in memory, then password, then users. Thus, extra stuff that you type into the user_name prompt will overflow into password, then into the users table. Any extra stuff you type into password would only overflow into users. The idea is that you put a carefully crafted string into user_name, that will ultimately write different info into users (giving you a "valid" users entry of, say "1337", "hax0r" as a login & password). Remember that gets is going to put a null character at the end of your input.
I had a bit of a gap between the end of password and the beginning of users, but that may vary for you due to different architectures, compilers, compiler optimizations, etc. You may need to run this through a debugger or throw in some printf("%p", ...) statements to get the exact addresses of user_name, password and users to know exactly how long to make your bogus user name and password.