Sysadmins of the North
Share now!





Send authenticated email over TLS from Zen Cart

Zen Cart is an open source shopping cart software. Unfortunately, Zen Cart has had some difficulties in the past sending authenticated SMTP email from a website. Here is how to let Zen Cart send email over an encrypted TLS connection, when the following condition is met: StartTLS is required. Since Zen Cart v1.5.2 StartTLS support is available.

Upon investigating why Zen Cart couldn’t send authenticated SMTP over a TLS secured connection using StartTLS, I noticed two problems: …

1. When set, tls:// is put in front of the SMTP server hostname. This makes tls://smtp.vevida.com for example, which doesn’t always work. 2. StartTLS is missing in the SMTP class…

Of course we can use a newer PHPMailer version for Zen Cart, but then we have to change the whole code because of different class- and function calls. It’s easier to just add StartTLS support to class.smtp.php. Futher, we need to disable the addition of tls:// to our SMTP host because this might cause problems with some PHP setups.

Add StartTLS support to Zen Cart

You want to add StartTLS support to your Zen Cart e-commerce website? You can make the above described changes in the class.smtp.php file. Open it in your favorite editor, I use Notepad++ as text and code editor of choice on Windows.

This may interest you:   25 New SQLServer PowerShell cmdlets

Make the following changes:

includes\classes\class.smtp.php (line 118)

if($this->Protocol != '') $host = $this->Protocol."://".$host;

becomes:

// if($this->Protocol != '')   $host = $this->Protocol."://".$host;

includes\classes\class.smtp.php
Around lines 158 – 185, add:

/**
  * Initiate a TLS (encrypted) session.
  * @access public
  * @return bool
  */
 public function startTLS()
 {
     if(fputs($this->smtp_conn,"STARTTLS" . $this->CRLF))
     {
       $rply =  $this->get_lines();
       $code = substr($rply,0,3);
          if($code != 220) {
            $this->error =
            array("error" => "STARTTLS from server",
            "smtp_code" => $code,
            "smtp_msg" => substr($rply,4));
            return false;
          }
          if (!stream_socket_enable_crypto($this->smtp_conn,true, STREAM_CRYPTO_METHOD_TLS_CLIENT))
          {
            return false;
          }
          return true;
        }
    }

I chose to add this function directly above the function Authenticate(), on line 158.

In the file includes\classes\class.phpmailer.php
Around line 572, add:

$this->smtp->startTLS();

use_tls_for_smtp.php

I’m not sure if you still have to tell Zen Cart to use TLS with the following content in a file called use_tls_for_smtp.php, in two locations:

  • includes\extra_datafiles\use_tls_for_smtp.php
  • renamed_admin_folder\includes\extra_datafiles\use_tls_for_smtp.php
<?php
define('SMTPAUTH_EMAIL_PROTOCOL', 'tls');

This was tested with Zen Cart 1.5.1, \includes\classes\class.smtp.php was called smtp.class.php in previous versions.

About the Author Jan Reilink

My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, WordPress, websites & optimization. Want to support me and donate? Use this link: https://paypal.me/jreilink.

follow me on:


Thank you!

Leave a Comment:

Skip to content