$_REQUEST
contains content of $_GET, $_POST, and $_COOKIE.
So basically you are reading the method name passed from client and checking if it exists in particular context / class.
If function is present, code is executing the function and if not found its returning 404.
However, this is vulnerable as it exposes methods and any user may invoke them remotely.