The PHP server code trips the leading zero of the hex representation of A. That is compatible with how the JS client code handles A. The PHP client code isn't conforming. This means that there is a 1/16 chance of a password proof from a PHP client failing.
Issue #22 new