function run($action = 'main', $layout = 'layout') {
$db = new Db(DB_HOST, DB_USERNAME, DB_PASSWORD, DB_NAME);
if(substr($action, -1) == '/') { // remove last slash if exists
$action = substr($action, 0, -1);
}
$action = str_replace('/', '_', $action);
$controller = WWW_ROOT . '/controllers/' . $action . '.php';
if(strcmp(realpath($controller), $_SERVER['DOCUMENT_WWW_ROOT'])) {
$view = new View($action, $layout);
if(isset($_SESSION['user'])) {
$user = $_SESSION['user'];
$view->set('user', $user);
}
if(is_file($controller)) {
include($controller);
} else {
$view->changeAction('404');
}
$view->set('user', $user);
$view->display();
} else {
trigger_error('Hacker attack from IP:' . $_SERVER['REMOTE_ADDR']);
die();
}
}
