Zen Cart is an open source shopping cart software. Unfortunately, Zen Cart has had some difficulties in the past sending authenticated SMTP email from a website. Here is how to let Zen Cart send email over an encrypted TLS connection, when the following condition is met: StartTLS is required. Since Zen Cart v1.5.2 StartTLS support is available.

Upon investigating why Zen Cart couldn’t send authenticated SMTP over a TLS secured connection using StartTLS, I noticed two problems: …

1. When set, tls:// is put in front of the SMTP server hostname. This makes tls://smtp.vevida.com for example, which doesn’t always work. 2. StartTLS is missing in the SMTP class…

Of course we can use a newer PHPMailer version for Zen Cart, but then we have to change the whole code because of different class- and function calls. It’s easier to just add StartTLS support to class.smtp.php. Futher, we need to disable the addition of tls:// to our SMTP host because this might cause problems with some PHP setups.

Add StartTLS support to Zen Cart

You want to add StartTLS support to your Zen Cart e-commerce website? You can make the above described changes in the class.smtp.php file. Open it in your favorite editor, I use Notepad++ as text and code editor of choice on Windows.

This may interest you:   SMTP over Hidden Services with postfix

Make the following changes:

includes\classes\class.smtp.php (line 118)

if($this->Protocol != '') $host = $this->Protocol."://".$host;

becomes:

// if($this->Protocol != '')   $host = $this->Protocol."://".$host;

includes\classes\class.smtp.php
Around lines 158 – 185, add:

/**
  * Initiate a TLS (encrypted) session.
  * @access public
  * @return bool
  */
 public function startTLS()
 {
     if(fputs($this->smtp_conn,"STARTTLS" . $this->CRLF))
     {
       $rply =  $this->get_lines();
       $code = substr($rply,0,3);
          if($code != 220) {
            $this->error =
            array("error" => "STARTTLS from server",
            "smtp_code" => $code,
            "smtp_msg" => substr($rply,4));
            return false;
          }
          if (!stream_socket_enable_crypto($this->smtp_conn,true, STREAM_CRYPTO_METHOD_TLS_CLIENT))
          {
            return false;
          }
          return true;
        }
    }

I chose to add this function directly above the function Authenticate(), on line 158.

In the file includes\classes\class.phpmailer.php
Around line 572, add:

$this->smtp->startTLS();

use_tls_for_smtp.php

I’m not sure if you still have to tell Zen Cart to use TLS with the following content in a file called use_tls_for_smtp.php, in two locations:

  • includes\extra_datafiles\use_tls_for_smtp.php
  • renamed_admin_folder\includes\extra_datafiles\use_tls_for_smtp.php
<?php
define('SMTPAUTH_EMAIL_PROTOCOL', 'tls');

This was tested with Zen Cart 1.5.1, \includes\classes\class.smtp.php was called smtp.class.php in previous versions.