Do you write php? I ask because you are going to have to maintain it eventually as PHP changes and security needs arise. Also - when was this particular script written and what version was it produced for? These are things that can impact you, especially as newer PHP versions come out. I'm not an expert by any means, but I would certainly think about these things if I was buying somebody's work effort.
What database interface does it use? Not MySQL_* I hope, since that is outdated and soon to be removed.
How does it handle injection attacks, if it does at all? Does it use prepared queries?
How many sites have you put in before that you can recognize this stranger's appl to be everything you need? Is it documented at all (the technical stuff, that is) so that you can make the inevitable enhancements/improvements that every appl/site requires?
I'm sure there are many more question you can come up or other posters here will add, but these are some important ones that I've thought of in just 5 mins.