How do I block a users Ip address for a stipulated time limit if the uer fails to validate multiple times (15~20) . This is to be implemented for protection against brute force attacks .

I have to implement this in yii . I tried implementing using php header function in controller but it did not work out . Also what about setting a time limit , how can I set a time limit on the block ?