Revolution 2.4.1-pl setup error: Class 'modAccessibleObject' not found

Hello. It's good to be here.


I'm trying to install ModX 2.4.1-pl on a test domain (assume address is dev-site.someothersite.com). This is a subdomain of someothersite.com, which houses some other site (I'm using their server because it's the same owner, but a different business). I assume that installing ModX to a subdomain isn't an issue (or, at the very least, wouldn't produce a PHP parsing error).

I uploaded the archive zip, ran unzip on it via SSH and renamed the resulting folder to /public. My structure is as follows:

/www/public/connectors
/www/public/core
/www/public/manager
/www/public/setup
/www/public/ht.access
/www/public/.htaccess
/www/public/config.core.php
/www/public/index.php

(the little extra .htaccess is because I have default "Order Deny, Allow" and then "Deny from All" on all upper directories to create a little bit of 'private space')

The domain dev-site.someothersite.com has its document root set up as /www/public


As I proceed through the setup process, everything seems to be just fine. I can select language, input and test my MySQL connection details, etc.

On the final confirmation page, every check shows up green. (I know for a fact that my max_execution_time is set to 30, though - hosted server, can't change it, putting it in .htaccess does nothing etc.) Please see linked image for a screenshot of the last step (client details redacted).




When I click "Install", originally I was greeted with nothing (blank page). When I enabled PHP errors (via .htaccess), I am now receiving this error:

Fatal error: Class 'modAccessibleObject' not found in ******/www/public/core/model/modx/modnamespace.class.php on line 17



I've first tried installing the Advanced package. When that failed, I tried the Traditional package next. No luck. I cleaned out the web root in each attempt and re-uploaded/extracted each instance to ensure a clean attempt.

I manually set file permissions to 644 and folder permissions to 755. Permissions are fine.

I've checked user privileges: user-owner of the files/directories is the same as the user running the Apache thread (ie. PHP/httpd privs = owner privs).

I've verified that I have mod_rewrite, and that I have all of the required libraries installed and enabled. Full list at the end of the post.



I would really prefer to use ModX (the latest version), because I will soon be migrating a client site from ModX Evolution - I was kind of hoping that I could at least export/import the existing content instead of having to inject each article/posting manually...

Flight Control? Please advise...?


HTTP: Apache 2.0 (Ubuntu)
MySQL: 5.5.43-MariaDB
PHP version: 5.3.29

Modules:

zlib: 1.2.3
json: 1.2.1
gd: 2.1.0-compatible
PDO drivers: sqlite, sqlite2, mysql, pgsql
ImageMagick: 3.1.2
SimpleXML: $Id: 02ab7893b36d51e9c59da77d7e287eb3b35e1e32 $
cURL: 7.15.5

(mbstring) Multibyte string engine: libmbfl

safe_mode: Off
register_globals: Off
magic_quotes_gpc: Off
memory_limit: 128M
max_execution_time: 30 (changing this is recommended as one of the first steps in 'if you get a blank screen', but alas - I cannot change this option in .htaccess)

I have no instance of eAccelerator installed (or at least it doesn't show up in phpinfo()).

Do you have anything showing up in your server's error logs?

Unfortunately, the server host offers only a few entries under "latest", and these are from 2min ago when I had already deleted the files (I cleared the whole public folder in preparation for any proposed fixes I would receive here). I can download the logs, but the latest one ends about 4 hours ago, and I'll have to wait for log rotation before I'll see new entries.

In essence, for the next few hours I won't see anything from the window between 13:00 and 15:30, GMT+01, which is when I was doing it. So I can't provide log entries at the moment. I will as soon as I have them. [ed. note: mellfotostudio last edited this post 8 years, 6 months ago.]

I have the logs.


ERROR LOG:

The error log shows a few entries like this:

[Wed Sep 30 12:50:15 2015] [error] [client AA.BB.CC.DD] client denied by server configuration: ***/www/public/setup/index.php, referer: http://dev-site.someothersite.com/setup/index.php?action=summary

but these were the result of me deleting the .htaccess file while I was clearing the directory (and thus having the config revert to "Deny from All").


Other than that (and an unrelated error refering to my test.php script), the error log is empty.

Summary: between 13:00 and 16:00 the Error Log does not show anything other than the results of me removing the .htaccess file.


ACCESS LOG:

This is where things are slightly more interesting, but not by much. At first, I was seeing a few of these:

AA.BB.CC.DD - - [30/Sep/2015:12:58:59 +0200] "GET /setup/index.php?action=install HTTP/1.0" 500 20 "http://dev-site.someothersite.com/setup/index.php?action=summary" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"

but these stopped showing up after 13:00. After 13:00, all entries refering to /setup/index.php are either HTTP 200 or HTTP 302.


Summary: between 13:00 and 16:00 the Access Log shows nothing of interest - all entries related to the ModX setup are either 200 OK or 302 Redirect (and these are all redirects from relative to absolute paths).



Bottom line: Apache access logs are of no help.

The current version of MODX requires PHP 5.3.3, so it's possible that that's your problem. You've eliminated pretty much every other possible cause.

I'm not sure how that would work - I would need to downgrade our host's PHP installation. They're running PHP 5.3.29 and as far as I can tell, our host doesn't let us specify PHP version down to the build version (ie. we have a choice between PHP 5.2 and 5.3, and that's it). I also don't believe they allow for downgrading to any earlier versions as per their security policies, anyway. And as for upgrading, PHP 5.3.29 is the final version of the 5.3 branch, so there's really nothing to upgrade to.


I don't quite understand the reply, actually. It is my current understanding that the software requirements page lists requirements that must be met or exceeded in order for MODX to work - the only exception to this rule being a specific MySQL server version.


/ edit /

I went over to the page, and the version requirement is stated explicitly as

- PHP 5.3.3 and above (prior to MODX 2.4: 5.1.2 and above, excluding 5.1.6 and 5.2.0)

Sorry, I was misreading your version. It should be fine, though it might be worth trying an upgrade to PHP 5.4, in case the server requirements are no longer correct.

Is this class file there and not empty or truncated (it's about 290 lines)?

core\model\modx\modaccessibleobject.class.php

The error message suggests that it's not being loaded.

Exactly 291 lines (finishes at a public method setPolicies()).

As an offhand attempt I slapped the file with a "echo 'modAccessibleObject loaded';" and it didn't get printed, so I agree that the issue is with the loading of the file - assuming that nothing along the way does anything fancy with output buffering or the like (IIRC unsent output buffers are discarded on fatal errors).

I will take the time during the weekend to try and debug class loading on my host. There's the possibility that some obvious requirement isn't met, but also isn't specified on the requirements page due to sanity reasons. And regardless, it may be a simple pathfinding issue - I don't receive any other (obvious) parse errors, so I suspect an auto-loader algorithm is the culprit (something along the lines of a scandir() populating the class list, and then a foreach() with a sanity check loading the files via require_once()) -- which would reduce the issue to a simple correction on the set_include_path side of things (or similar).

I do believe that the issue lies with the host we're using, since a major issue in the latest distro would probably have been corrected sometime between my multiple downloads, right?


In any case, I'll report what I find - if anything.

I'm fairly sure there's an autoloader, but I was unable to find it. In similar situations, I've been able to run the root index.php under the debugger and trace to the problem. It was difficult to set up, and really time-consuming to step through everything, but eventually you see what's happening.

I think your issue happens pretty early on, so it may not be that difficult to find.

Okay. So, over the weekend, I set out to pinpoint where the error happens, exactly.

The first thing I did was to create an accurate list of declared classes and dependencies within MODX php files. With that in hand, I collected every class that was referenced via extends and such, that was not in itself part of the MODX code. This yielded three classes: ArrayObject, SimpleXMLIterator and Exception. The first and last are part of PHP's core, and SimpleXMLIterator is part of the SimpleXML extension - but, just for kicks, I tested each one with a simple class_exists() and they check out. So, the issue is 100% not in non-existent prerequisites.


As long as the code is error-free (and I must assume that it is), any problems with non-existing functions would only have shown up later in the chain, and not resulted in a missing class exception which I was getting -- unless the MODX team is writing classes dependent on function existence, which I seriously doubt... So, this lead me to believe that the issue MUST lie in some inclusion code, somewhere. To my dismay however, I have found that MODX uses a custom class loader/parser wrapper. That made debugging the class loader a bit more tricky.

So, just like Joel Spolsky mentions on his blog (see http://www.joelonsoftware.com/articles/LeakyAbstractions.html and https://en.wikipedia.org/wiki/Leaky_abstraction to read more), the abstraction is leaky. The class loader is an abstraction designed to hide away the fact that PHP doesn't handle critical errors well - they can't be captured, and bubble up directly to the top, where they halt execution. The loader tries to abstract this away by providing a complex set of dependency-driven packages, and it works well... until the abstraction 'leaks' and I'm staring at a ClassNotFound fatal error, and - thanks to the custom loader - debugging this issue becomes a pain instead. But I digress...



In any case, modaccessibleobject.class.php is not being parsed no matter where I looked - the file is just not being processed (none of my debug showed up in the log). I've also learned how the class loader works, and modAccessibleObject is not part of the manifest for module packages - which means that by conventional wisdom, modAccessibleObject should be loaded before the class loader is tasked with loading the packages. But, insofar as the static prerequisites (like transport.xPDO and associates) are loaded manually and stated explicitly in the code, I found nothing like that for modAccessibleObject.



After fuxxing around with it some more, I decided to try to manually include the required files (I expected to use the $modx object, but it's not available within include scope). This finally enabled the setup to move forward, but in the process I've found additional classes that failed to load (which I had to "augment" in the same manner).

Ultimately, I managed to complete setup with a modified Traditional package, and then move the /core, /connectors and /manager to new locations. As such, the site - for now, at least - is live on the development server.

One key note, however: the issue may be with used passwords, because it stubbornly refused to connect to the database with a password that included a dollar sign and a backtick (whereas even the universally-loathed phpMyAdmin worked without a hiccup). NOTE: the Setup page connected to the database just fine (according to what it printed out) - it was just the actual setup process (ie. creating and populating tables) that failed. In the end, I used simple passwords like "SimplePass123" to do setup, and then changed them by hand later. I can't tell if that was the issue, though, because I didn't test this on a vanilla package. This may highlight two separate issues, and only a combination of the two allowed me to move forward.

I should also mention, I suppose, that I tried the CLI installer version along with the setup.xml file - no joy there, either, although it never printed any errors. It was only in the /logs directory where I found out that it had trouble connecting to the damn database. Shame...



Summary list of classes that failed to load during Setup:

modAccessibleObject
modAccessibleSimpleObject
modPrincipal
modElement
modElementPropertySet (suspected, because I went ahead and just manually did an include_once for it along with modElement while I were there)


Since I am no longer going to use these passwords, they're essentially free debug tools for the development team. If there's an issue with these passwords, maybe a notification should be displayed to the user? Also, if it's the passwords, would it be possible to find security holes within the setup process and how it handles passwords? Could I somehow attack other databases by providing a crafted password to someone's undeleted /setup/?

SQL password: #=-cK/VJw@NDLYD+4Rr$h%M'/J*.`dwe
Admin password: RxHt8LH*#VSFvZSy&XPL9Pz7Cgz_Tc2$





[ed. note: mellfotostudio last edited this post 8 years, 6 months ago.]