If your project is going to require users to log in with a Princeton netid, you should use CAS, which has the great advantage that the user's password is sent only to a trusted third party (i.e., not you) that determines securely whether it is a valid Princeton netid and does not return to your code unless it is.
Your system might display a welcome page like this one, with a login link that points to the authentication page. After a successful call to CASClient's Authenticate(), the authentication page would set a session cookie indicating successful login and redirect to a page inside the site.
Here is a PHP version:
The PHP client code is here and the PHP test script is here.
Here is a Python version:
The Python client code is here, the Python CGI script is here, and the test program is here.
Here is a Java version:
The Java client code is here, the Java CGI script is here, and the test program is here.
All of the files have been collected a tar file called CAS.tar.
The PHP version is by Alex Halderman '03, with contributions from Avi Flamholz '07 and Scott Karlin *03; thanks to all of them. The Python version is bwk's transliteration from the PHP. The Java version is by Bob Dondero, as is the corrected PHP version; many thanks to him as well. Andrew Timmes of CS Staff fixed up the Java version in 2015; thanks.
A pretty cryptic description of the underlying system is found at this OIT site.