The easiest way I could think of is to actually perform the upload on the first submit, sending it to your own temp folder. Call it up on the preview page, and if they click "Continue" or what have you, it renames the file to what they wanted and moves it to the appropriate folder.
Far as security goes on this...you COULD create a database/cron system that would check for uploaded pictures, see if their created/mod'd time was longer than <blank> minutes ago, and delete that.
My two cents.
