php client code doesn't trim leading hex zeros

The PHP server code trips the leading zero of the hex representation of A. That is compatible with how the JS client code handles A. The PHP client code isn't conforming. This means that there is a 1/16 chance of a password proof from a PHP client failing.