function run($action = 'main', $layout = 'layout') { $db = new Db(DB_HOST, DB_USERNAME, DB_PASSWORD, DB_NAME); if(substr($action, -1) == '/') { // remove last slash if exists $action = substr($action, 0, -1); } $action = str_replace('/', '_', $action); $controller = WWW_ROOT . '/controllers/' . $action . '.php'; if(strcmp(realpath($controller), $_SERVER['DOCUMENT_WWW_ROOT'])) { $view = new View($action, $layout); if(isset($_SESSION['user'])) { $user = $_SESSION['user']; $view->set('user', $user); } if(is_file($controller)) { include($controller); } else { $view->changeAction('404'); } $view->set('user', $user); $view->display(); } else { trigger_error('Hacker attack from IP:' . $_SERVER['REMOTE_ADDR']); die(); } }