The C function validate_passwd_pbkdf2_sha256
in the file you pointed calls hex_to_rawdata (salt_str, salt, SHA256_DIGEST_LENGTH)
before it hashes the password. PHP equivalent would be hex2bin.
hash_pbkdf2(
'sha256',
'12345678',
hex2bin('9ee87caa42ed5b5fd3f62781d8df82af5e2d9e5e5250d22bf70336cc5e2fb060'),
10000,
64
);
produces the expected 478602208097c48b47042e25d026fec1b0363551a4f52aa2e2674f3093010215