when a user tried to download a .php file that a user (him or another) upload - I want to deny this download.
to display an error message instead.
by the way I already managed to prevent users from uploading .php files in the first place.
what I want to achieve:
If you're doing that in a plugin, you should implement the function MYPLUGIN_pluginfile(...) in your plugin's lib.php, and control access there.
See https://docs.moodle.org/dev/File_API#Serving_files_to_users