<?php
$secret = '3f36327e6351b1fdac5fcf74cbffa2a8';
$headers = getallheaders();

if (($headers['Authorization'] ?? '') !== $secret) {
    http_response_code(401);
    echo json_encode(['success' => false, 'message' => 'Unauthorized']);
    exit;
}

$data = json_decode(file_get_contents('php://input'), true);
error_log("[{$data['platform']}] TrxID: {$data['trx_id']} | ৳{$data['amount']} from {$data['sender']}");

// process payment - save to DB, verify order, etc.

echo json_encode(['success' => true, 'message' => 'Payment received']);