From fd6a88f443a9351f210976751ce5f218d48321c0 Mon Sep 17 00:00:00 2001
From: nestict <icttechnest@gmail.com>
Date: Sat, 24 May 2025 12:32:45 +0200
Subject: [PATCH] Upload files to "system/mpesa"

Signed-off-by: nestict <icttechnest@gmail.com>
---
 system/mpesa/verifyPayment.php | 86 ++++++++++++++++++++++++++++++++++
 1 file changed, 86 insertions(+)
 create mode 100644 system/mpesa/verifyPayment.php

diff --git a/system/mpesa/verifyPayment.php b/system/mpesa/verifyPayment.php
new file mode 100644
index 0000000..6b7a4a9
--- /dev/null
+++ b/system/mpesa/verifyPayment.php
@@ -0,0 +1,86 @@
+<?php
+function stkQuery()
+{ 
+    header('Content-Type: application/json');
+    $rawData = file_get_contents('php://input');
+    $postData = json_decode($rawData, true);
+
+    // Check if CheckoutRequestID is set
+    if (!isset($postData['CheckoutRequestID'])) {
+        echo json_encode(['status' => 'error', 'code' => 400, 'message' => 'missing CheckoutRequestID fields']);
+        return;
+    }
+
+    $CheckoutRequestID = $postData['CheckoutRequestID'];
+
+    $consumerKey = '3AmVP1WFDQn7GrDH8GcSSKxcAvnJdZGC'; // Fill with your app Consumer Key
+    $consumerSecret = '71Lybl6jUtxM0F35'; // Fill with your app Secret
+
+    $headers = ['Content-Type:application/json; charset=utf8'];
+
+    $access_token_url = 'https://api.safaricom.co.ke/oauth/v1/generate?grant_type=client_credentials';
+    $curl = curl_init($access_token_url);
+    curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
+    curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
+    curl_setopt($curl, CURLOPT_HEADER, FALSE);
+    curl_setopt($curl, CURLOPT_USERPWD, $consumerKey.':'.$consumerSecret);
+    $result = curl_exec($curl);
+    $status = curl_getinfo($curl, CURLINFO_HTTP_CODE);  
+    $result = json_decode($result);
+
+    $access_token = $result->access_token;
+
+    date_default_timezone_set('Africa/Nairobi');
+    $query_url = 'https://api.safaricom.co.ke/mpesa/stkpushquery/v1/query';
+    $BusinessShortCode = '4122323';
+    $Passkey = 'aaebecea73082fa56af852606106b1316d5b4dfa2f12d0088800b0b88e4bb6e3';
+    $Timestamp = date('YmdHis');
+    
+    // ENCRYPT DATA TO GET PASSWORD
+    $Password = base64_encode($BusinessShortCode . $Passkey . $Timestamp);
+
+    // THIS IS THE UNIQUE ID THAT WAS GENERATED WHEN STK REQUEST INITIATED SUCCESSFULLY
+    $queryheader = ['Content-Type:application/json', 'Authorization:Bearer ' . $access_token];
+    
+    // Initiating the transaction
+    $curl = curl_init();
+    curl_setopt($curl, CURLOPT_URL, $query_url);
+    curl_setopt($curl, CURLOPT_HTTPHEADER, $queryheader); // Setting custom header
+    $curl_post_data = array(
+      'BusinessShortCode' => $BusinessShortCode,
+      'Password' => $Password,
+      'Timestamp' => $Timestamp,
+      'CheckoutRequestID' => $CheckoutRequestID
+    );
+    $data_string = json_encode($curl_post_data);
+    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+    curl_setopt($curl, CURLOPT_POST, true);
+    curl_setopt($curl, CURLOPT_POSTFIELDS, $data_string);
+    $curl_response = curl_exec($curl);
+    $data_to = json_decode($curl_response, true);
+    
+    // Handle response
+    if (isset($data_to['ResultCode'])) {
+        $ResultCode = $data_to['ResultCode'];
+        if ($ResultCode == '1037') {
+            $message = "1037 Timeout in completing transaction";
+        } elseif ($ResultCode == '1032') {
+            $message = "1032 Transaction has been cancelled by user";
+        } elseif ($ResultCode == '1') {
+            $message = "1 The balance is insufficient for the transaction";
+        } elseif ($ResultCode == '0') {
+            $message = "0 The transaction is successful";
+        } else {
+            $message = "Unknown Result Code: $ResultCode";
+        }
+    } else {
+        $message = "Error in the response received from the M-Pesa API";
+    }
+
+    // Sending the response back
+    echo json_encode([
+        'message' => $message,
+        'result' => $data_to
+    ]);
+}
+?>