How to limit uploading photo?

You can check the HTTP_POST_FILES array for the actual file size and gracefully reject larger files. There is also a PHP setting max_upload_size which can limit the upload size with a maybe not so user-friendly error message.
The uploaded file can be converted with the GD image library. Or install ImageMagick and use a system() call for external conversion.

the uploaded file size can be limited like this

<?php
//Notice that 'uploaded' is the name of the upload HTML element
if ($HTTP_POST_FILES['uploaded']['size']<100000){
//do your stuff here, storing.. adding to some db.. or whatever
}
else{
//inform the user, basically whatever you want to happen if the file was over the limit
}
?>

about the resize.. I'm not sure how to get a final image with a specific size.. however you can resize the image to a specific width&height&quality.
Here's a function I've used on my CMS

<?php
function resizeImg( $pathToImage, $pathToSave, $f_name, $targetWidth)
{
  $img = imagecreatefromjpeg($pathToImage);
  $width = imagesx( $img );
  $height = imagesy( $img );
  $new_width = $targetWidth;
  $new_height = floor( $height * ( $targetWidth / $width ) );
  $tmp_img = imagecreatetruecolor( $new_width, $new_height );
  imagecopyresampled( $tmp_img, $img, 0, 0, 0, 0, $new_width, $new_height, $width, $height );
  $quality=98;
  imagejpeg( $tmp_img, $pathToSave.$f_name.".jpg", $quality );
  imagedestroy($img);
  imagedestroy($tmp_img);
?>

most of the variables are named to be understood easily, here is some explanation for the parameters:
$pathToImage: well no explanation needed.. just put the relative path to image you want to resize.
$pathToSave: the path you want to put the final image.
$targetWidth: the width you want your new image to be
$f_name: the file name you want to use (I've used it like this because I used to create random file names

<?php
//Generating random file name for the image
$hash=sha1(microtime());
$f_name=substr($hash, rand(1, 20), 10);
?>

In your form
use

<input type="hidden" name="MAX_FILE_SIZE" value="102400" />
<input type="file"   .......

this pervents uploads of bigger files on the client side
still need to check the size at the server side

see php site

Hey, thanks Gewalop and pzuurveen for the wonderful posting. It solved my problem. Just a last question. User must be upload a jpg file. how can i do this? thanks in advanced..

Okay, here's the thing about limiting files type.. there's no 100% working method.. with a little knowledge anyone can eventually upload any file that they want and trick the checking mechanism, however, the threat you want to neutralise is uploading executable scripts (.pl, .php, .py), now if someone managed to upload this kind of files you at least want them to be without that extension (99.999% they won't be executed)
having that said (and hopefully you've read it) here's the method I use

<?php
//First of all you need to know the extension of the file uploaded
$extension = pathinfo($_FILES['uploaded']['name']);
$extension = $extension[extension];
$extension = strtolower($extension);
//Now check
if ($extension == "jpg"&&($_FILES['uploaded']['type']=="image/jpeg"||$_FILES['uploaded']['type']=="image/pjpeg")){
//Every thing's okay, upload!
}
else{
//Some thing's wrong, abort!
}
?>

You might ask about the "image/pjpeg", what is that?
Well Internet Explorer have always had its special ****ed way of doing things, and this is the header it actually sends for JPG files, while all the other browsers send "image/jpeg"

Good luck!

Well Internet Explorer have always had its special ****ed way of doing things, and this is the header it actually sends for JPG files, while all the other browsers send "image/jpeg"

How does Internet Explorer send headers? For JPG or any other files? To whom?

How does Internet Explorer send headers? For JPG or any other files? To whom?

When uploading, the browser sends (to server, in this case it's the one executing the upload script) "content-type" which has the MIMETYPE of the uploaded files, most of the browsers send "image/jpeg" all the time for JPEG, however, IE sends "image/pjpeg" when it's a Progressive JPEG (and sometimes when it's a normal JPEG)

More on that:
http://www.zigpress.com/2010/01/14/non-standard-imagepjpeg-mimetype-on-ie/