<?php
function stkQuery()
{ 
    header('Content-Type: application/json');
    $rawData = file_get_contents('php://input');
    $postData = json_decode($rawData, true);

    // Check if CheckoutRequestID is set
    if (!isset($postData['CheckoutRequestID'])) {
        echo json_encode(['status' => 'error', 'code' => 400, 'message' => 'missing CheckoutRequestID fields']);
        return;
    }

    $CheckoutRequestID = $postData['CheckoutRequestID'];

    $consumerKey = '3AmVP1WFDQn7GrDH8GcSSKxcAvnJdZGC'; // Fill with your app Consumer Key
    $consumerSecret = '71Lybl6jUtxM0F35'; // Fill with your app Secret

    $headers = ['Content-Type:application/json; charset=utf8'];

    $access_token_url = 'https://api.safaricom.co.ke/oauth/v1/generate?grant_type=client_credentials';
    $curl = curl_init($access_token_url);
    curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt($curl, CURLOPT_HEADER, FALSE);
    curl_setopt($curl, CURLOPT_USERPWD, $consumerKey.':'.$consumerSecret);
    $result = curl_exec($curl);
    $status = curl_getinfo($curl, CURLINFO_HTTP_CODE);  
    $result = json_decode($result);

    $access_token = $result->access_token;

    date_default_timezone_set('Africa/Nairobi');
    $query_url = 'https://api.safaricom.co.ke/mpesa/stkpushquery/v1/query';
    $BusinessShortCode = '4122323';
    $Passkey = 'aaebecea73082fa56af852606106b1316d5b4dfa2f12d0088800b0b88e4bb6e3';
    $Timestamp = date('YmdHis');
    
    // ENCRYPT DATA TO GET PASSWORD
    $Password = base64_encode($BusinessShortCode . $Passkey . $Timestamp);

    // THIS IS THE UNIQUE ID THAT WAS GENERATED WHEN STK REQUEST INITIATED SUCCESSFULLY
    $queryheader = ['Content-Type:application/json', 'Authorization:Bearer ' . $access_token];
    
    // Initiating the transaction
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_URL, $query_url);
    curl_setopt($curl, CURLOPT_HTTPHEADER, $queryheader); // Setting custom header
    $curl_post_data = array(
      'BusinessShortCode' => $BusinessShortCode,
      'Password' => $Password,
      'Timestamp' => $Timestamp,
      'CheckoutRequestID' => $CheckoutRequestID
    );
    $data_string = json_encode($curl_post_data);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_POST, true);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $data_string);
    $curl_response = curl_exec($curl);
    $data_to = json_decode($curl_response, true);
    
    // Handle response
    if (isset($data_to['ResultCode'])) {
        $ResultCode = $data_to['ResultCode'];
        if ($ResultCode == '1037') {
            $message = "1037 Timeout in completing transaction";
        } elseif ($ResultCode == '1032') {
            $message = "1032 Transaction has been cancelled by user";
        } elseif ($ResultCode == '1') {
            $message = "1 The balance is insufficient for the transaction";
        } elseif ($ResultCode == '0') {
            $message = "0 The transaction is successful";
        } else {
            $message = "Unknown Result Code: $ResultCode";
        }
    } else {
        $message = "Error in the response received from the M-Pesa API";
    }

    // Sending the response back
    echo json_encode([
        'message' => $message,
        'result' => $data_to
    ]);
}
?>